2008-10-15 15:38:22 +00:00
#!/usr/bin/env python
"""
2012-07-12 18:38:03 +01:00
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
2010-10-14 23:18:29 +00:00
See the file ' doc/COPYING ' for copying permission
2008-10-15 15:38:22 +00:00
"""
2010-05-21 12:09:31 +00:00
import os
2012-07-01 01:19:54 +02:00
import re
2009-06-11 15:01:48 +00:00
import subprocess
2012-07-01 01:19:54 +02:00
import string
2008-10-15 15:38:22 +00:00
import sys
2011-01-15 15:14:22 +00:00
from lib . core . enums import DBMS
2012-02-16 09:32:47 +00:00
from lib . core . enums import DBMS_DIRECTORY_NAME
2010-10-19 08:55:14 +00:00
from lib . core . revision import getRevisionNumber
2008-10-15 15:38:22 +00:00
# sqlmap version and site
2011-04-30 13:20:05 +00:00
VERSION = " 1.0-dev "
REVISION = getRevisionNumber ( )
2012-07-03 13:06:52 +02:00
VERSION_STRING = " sqlmap/ %s %s " % ( VERSION , " - %s " % REVISION if REVISION else " " )
2011-04-30 13:20:05 +00:00
DESCRIPTION = " automatic SQL injection and database takeover tool "
2012-07-03 13:14:39 +01:00
SITE = " http://sqlmap.org "
2012-07-05 16:26:50 +01:00
ISSUES_PAGE = " https://github.com/sqlmapproject/sqlmap/issues/new "
2012-07-08 19:24:25 +02:00
GIT_REPOSITORY = " git://github.com/sqlmapproject/sqlmap.git "
2011-04-30 13:20:05 +00:00
ML = " sqlmap-users@lists.sourceforge.net "
2008-10-15 15:38:22 +00:00
2010-12-18 09:51:34 +00:00
# minimum distance of ratio from kb.matchRatio to result in True
2011-04-30 13:20:05 +00:00
DIFF_TOLERANCE = 0.05
CONSTANT_RATIO = 0.9
2010-11-09 22:32:05 +00:00
2011-01-03 08:32:06 +00:00
# lower and upper values for match ratio in case of stable page
LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98
2012-02-14 14:08:10 +00:00
# markers for special cases when parameter values contain html encoded characters
PARAMETER_AMP_MARKER = " __AMP__ "
PARAMETER_SEMICOLON_MARKER = " __SEMICOLON__ "
2012-02-17 14:22:48 +00:00
PARTIAL_VALUE_MARKER = " __PARTIAL__ "
2011-02-04 12:43:18 +00:00
URI_QUESTION_MARKER = " __QUESTION_MARK__ "
2011-04-30 13:20:05 +00:00
PAYLOAD_DELIMITER = " \x00 "
2010-12-10 11:32:46 +00:00
CHAR_INFERENCE_MARK = " %c "
2012-04-10 21:48:34 +00:00
PRINTABLE_CHAR_REGEX = r " [^ \ x00- \ x1f \ x7e- \ xff] "
2010-12-11 10:52:04 +00:00
2012-10-02 13:36:15 +02:00
# regular expression used for recognition of generic permission messages
PERMISSION_DENIED_REGEX = r " (command|permission|access) \ s*(was|is)? \ s*denied "
# regular expression used for recognition of generic maximum connection messages
MAX_CONNECTIONS_REGEX = r " max.+connections "
2012-02-20 10:02:19 +00:00
# regular expression used for extracting results from google search
2012-08-16 11:31:43 +02:00
GOOGLE_REGEX = r " url \ ? \ w+=(http[^>]+)&(sa=U|rct=j) "
2012-04-10 21:48:34 +00:00
# regular expression used for extracting content from "textual" tags
TEXT_TAG_REGEX = r " (?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h \ d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?! \ w).*?>(?P<result>[^<]+) "
2012-02-20 10:02:19 +00:00
2011-02-15 00:28:27 +00:00
# dumping characters used in GROUP_CONCAT MySQL technique
2011-04-30 13:20:05 +00:00
CONCAT_ROW_DELIMITER = ' , '
CONCAT_VALUE_DELIMITER = ' | '
2011-02-15 00:28:27 +00:00
2010-12-21 15:13:13 +00:00
# coefficient used for a time-based query delay checking (must be >= 7)
2011-08-12 17:19:19 +00:00
TIME_STDEV_COEFF = 7
2011-01-16 17:52:42 +00:00
2011-04-19 10:37:20 +00:00
# standard deviation after which a warning message should be displayed about connection lags
WARN_TIME_STDEV = 0.5
2011-03-31 09:35:09 +00:00
# minimum length of usable union injected response (quick defense against substr fields)
UNION_MIN_RESPONSE_CHARS = 10
2011-02-02 11:22:35 +00:00
# coefficient used for a union-based number of columns checking (must be >= 7)
UNION_STDEV_COEFF = 7
2011-01-16 17:52:42 +00:00
# length of queue for candidates for time delay adjustment
TIME_DELAY_CANDIDATES = 3
2012-07-23 14:14:22 +02:00
# default value for HTTP Accept header
2011-07-06 05:44:47 +00:00
HTTP_ACCEPT_HEADER_VALUE = " text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 "
2012-07-23 14:14:22 +02:00
# default value for HTTP Accept-Encoding header
HTTP_ACCEPT_ENCODING_HEADER_VALUE = " gzip,deflate "
2011-02-22 13:00:58 +00:00
# HTTP timeout in silent mode
HTTP_SILENT_TIMEOUT = 3
2010-12-21 15:26:23 +00:00
# maximum number of techniques used in inject.py/getValue() per one value
MAX_TECHNIQUES_PER_VALUE = 2
2010-12-21 15:24:14 +00:00
2010-12-11 22:13:19 +00:00
# suffix used for naming meta databases in DBMS(es) without explicit database name
2011-01-16 17:52:42 +00:00
METADB_SUFFIX = " _masterdb "
2010-12-11 22:13:19 +00:00
2010-12-11 10:52:04 +00:00
# minimum time response set needed for time-comparison based on standard deviation
2011-02-07 12:34:23 +00:00
MIN_TIME_RESPONSES = 10
2010-12-08 12:49:26 +00:00
2011-02-02 13:03:24 +00:00
# minimum comparison ratio set needed for searching valid union column number based on standard deviation
MIN_UNION_RESPONSES = 5
2010-12-11 10:52:04 +00:00
# after these number of blanks at the end inference should stop (just in case)
2012-01-30 10:19:03 +00:00
INFERENCE_BLANK_BREAK = 10
2010-12-11 10:52:04 +00:00
2011-01-17 10:15:19 +00:00
# use this replacement character for cases when inference is not able to retrieve the proper character value
INFERENCE_UNKNOWN_CHAR = ' ? '
2011-01-31 15:00:41 +00:00
# character used for operation "greater" in inference
INFERENCE_GREATER_CHAR = " > "
# character used for operation "equals" in inference
INFERENCE_EQUALS_CHAR = " = "
2011-01-31 16:07:23 +00:00
# character used for operation "not-equals" in inference
INFERENCE_NOT_EQUALS_CHAR = " != "
2010-12-21 15:13:13 +00:00
# string used for representation of unknown dbms version
UNKNOWN_DBMS_VERSION = " Unknown "
2010-12-24 11:06:57 +00:00
# dynamicity mark length used in dynamicity removal engine
DYNAMICITY_MARK_LENGTH = 32
2010-12-27 10:56:28 +00:00
# dummy user prefix used in dictionary attack
2011-01-17 10:23:37 +00:00
DUMMY_USER_PREFIX = " __dummy__ "
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1
DEFAULT_PAGE_ENCODING = " iso-8859-1 "
2010-12-27 10:56:28 +00:00
2009-04-22 11:48:07 +00:00
# System variables
2011-04-30 13:20:05 +00:00
IS_WIN = subprocess . mswindows
2010-05-21 12:09:31 +00:00
# The name of the operating system dependent module imported. The following
# names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce',
# 'java', 'riscos'
2011-04-30 13:20:05 +00:00
PLATFORM = os . name
PYVERSION = sys . version . split ( ) [ 0 ]
2009-04-22 11:48:07 +00:00
2010-03-18 17:20:54 +00:00
# Database management system specific variables
2011-06-16 13:56:17 +00:00
MSSQL_SYSTEM_DBS = ( " Northwind " , " master " , " model " , " msdb " , " pubs " , " tempdb " )
2011-04-30 13:20:05 +00:00
MYSQL_SYSTEM_DBS = ( " information_schema " , " mysql " ) # Before MySQL 5.0 only "mysql"
PGSQL_SYSTEM_DBS = ( " information_schema " , " pg_catalog " , " pg_toast " )
2011-05-25 10:55:47 +00:00
ORACLE_SYSTEM_DBS = ( " SYSTEM " , " SYSAUX " , " SYS " ) # These are TABLESPACE_NAME
2011-04-30 13:20:05 +00:00
SQLITE_SYSTEM_DBS = ( " sqlite_master " , " sqlite_temp_master " )
ACCESS_SYSTEM_DBS = ( " MSysAccessObjects " , " MSysACEs " , " MSysObjects " , " MSysQueries " , " MSysRelationships " , " MSysAccessStorage " , \
2010-03-18 17:20:54 +00:00
" MSysAccessXML " , " MSysModules " , " MSysModules2 " )
FIREBIRD_SYSTEM_DBS = ( " RDB$BACKUP_HISTORY " , " RDB$CHARACTER_SETS " , " RDB$CHECK_CONSTRAINTS " , " RDB$COLLATIONS " , " RDB$DATABASE " , \
" RDB$DEPENDENCIES " , " RDB$EXCEPTIONS " , " RDB$FIELDS " , " RDB$FIELD_DIMENSIONS " , " RDB$FILES " , " RDB$FILTERS " , \
" RDB$FORMATS " , " RDB$FUNCTIONS " , " RDB$FUNCTION_ARGUMENTS " , " RDB$GENERATORS " , " RDB$INDEX_SEGMENTS " , " RDB$INDICES " , \
" RDB$LOG_FILES " , " RDB$PAGES " , " RDB$PROCEDURES " , " RDB$PROCEDURE_PARAMETERS " , " RDB$REF_CONSTRAINTS " , " RDB$RELATIONS " , \
" RDB$RELATION_CONSTRAINTS " , " RDB$RELATION_FIELDS " , " RDB$ROLES " , " RDB$SECURITY_CLASSES " , " RDB$TRANSACTIONS " , " RDB$TRIGGERS " , \
" RDB$TRIGGER_MESSAGES " , " RDB$TYPES " , " RDB$USER_PRIVILEGES " , " RDB$VIEW_RELATIONS " )
2011-04-30 13:20:05 +00:00
MAXDB_SYSTEM_DBS = ( " SYSINFO " , " DOMAIN " )
SYBASE_SYSTEM_DBS = ( " master " , " model " , " sybsystemdb " , " sybsystemprocs " )
2011-06-25 09:44:24 +00:00
DB2_SYSTEM_DBS = ( " NULLID " , " SQLJ " , " SYSCAT " , " SYSFUN " , " SYSIBM " , " SYSIBMADM " , " SYSIBMINTERNAL " , " SYSIBMTS " , \
" SYSPROC " , " SYSPUBLIC " , " SYSSTAT " , " SYSTOOLS " )
2011-04-30 13:20:05 +00:00
2011-11-20 20:14:47 +00:00
MSSQL_ALIASES = ( " microsoft sql server " , " mssqlserver " , " mssql " , " ms " )
MYSQL_ALIASES = ( " mysql " , " my " )
PGSQL_ALIASES = ( " postgresql " , " postgres " , " pgsql " , " psql " , " pg " )
ORACLE_ALIASES = ( " oracle " , " orcl " , " ora " , " or " )
SQLITE_ALIASES = ( " sqlite " , " sqlite3 " )
ACCESS_ALIASES = ( " msaccess " , " access " , " jet " , " microsoft access " )
FIREBIRD_ALIASES = ( " firebird " , " mozilla firebird " , " interbase " , " ibase " , " fb " )
MAXDB_ALIASES = ( " maxdb " , " sap maxdb " , " sap db " )
SYBASE_ALIASES = ( " sybase " , " sybase sql server " )
DB2_ALIASES = ( " db2 " , " ibm db2 " , " ibmdb2 " )
2011-04-30 13:20:05 +00:00
2012-02-16 09:32:47 +00:00
DBMS_DIRECTORY_DICT = dict ( ( getattr ( DBMS , _ ) , getattr ( DBMS_DIRECTORY_NAME , _ ) ) for _ in dir ( DBMS ) if not _ . startswith ( " _ " ) )
2011-06-25 09:44:24 +00:00
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES
2011-04-30 13:20:05 +00:00
SUPPORTED_OS = ( " linux " , " windows " )
2009-02-09 10:28:03 +00:00
2011-04-30 13:20:05 +00:00
USER_AGENT_ALIASES = ( " ua " , " useragent " , " user-agent " )
2011-12-20 12:52:41 +00:00
REFERER_ALIASES = ( " ref " , " referer " , " referrer " )
HOST_ALIASES = ( " host " , )
2011-02-13 21:58:48 +00:00
2012-07-03 12:09:18 +02:00
# items displayed in basic help (-h) output
BASIC_HELP_ITEMS = (
" url " ,
" googleDork " ,
" data " ,
" cookie " ,
" randomAgent " ,
" proxy " ,
" testParameter " ,
" dbms " ,
" level " ,
" risk " ,
" tech " ,
" getBanner " ,
" getCurrentUser " ,
" getCurrentDb " ,
" getPasswordHashes " ,
" getTables " ,
" getColumns " ,
" getSchema " ,
" dumpTable " ,
" dumpAll " ,
" db " ,
" tbl " ,
" col " ,
" osShell " ,
" osPwn " ,
" batch " ,
" checkTor " ,
" flushSession " ,
" tor " ,
" wizard "
)
2012-02-07 10:46:55 +00:00
# string representation for NULL value
NULL = " NULL "
2012-03-14 13:52:23 +00:00
# string representation for blank ('') value
BLANK = " <blank> "
2012-02-16 14:42:28 +00:00
# string representation for current database
CURRENT_DB = " CD "
2011-03-29 12:08:07 +00:00
# Regular expressions used for parsing error messages (--parse-errors)
2012-02-22 10:40:11 +00:00
ERROR_PARSING_REGEXES = (
r " <b>[^<]*(fatal|error|warning|exception)[^<]*</b>:? \ s*(?P<result>.+?)<br \ s*/? \ s*> " ,
2012-06-17 22:48:23 +00:00
r " (?m)^(fatal|error|warning|exception):? \ s*(?P<result>.+?)$ " ,
2012-02-22 10:40:11 +00:00
r " <li>Error Type:<br>(?P<result>.+?)</li> " ,
2011-01-07 17:10:58 +00:00
r " error ' [0-9a-f] {8} ' ((<[^>]+>)| \ s)+(?P<result>[^<>]+) "
2010-12-25 10:16:20 +00:00
)
2011-01-04 15:49:20 +00:00
2011-03-29 12:08:07 +00:00
# Regular expression used for parsing charset info from meta html headers
2011-04-30 13:20:05 +00:00
META_CHARSET_REGEX = r ' <meta http-equiv= " ?content-type " ?[^>]+charset=(?P<result>[^ " >]+) '
2011-01-15 15:56:11 +00:00
2011-03-29 14:16:28 +00:00
# Regular expression used for parsing refresh info from meta html headers
2011-04-30 13:20:05 +00:00
META_REFRESH_REGEX = r ' <meta http-equiv= " ?refresh " ?[^>]+content= " ?[^ " >]+url=(?P<result>[^ " >]+) '
2011-03-29 14:16:28 +00:00
2011-03-29 12:08:07 +00:00
# Regular expression used for parsing empty fields in tested form data
2011-03-28 22:48:00 +00:00
EMPTY_FORM_FIELDS_REGEX = r ' (?P<result>[^=]+=(&| \ Z)) '
2011-04-17 22:37:00 +00:00
# Regular expression for soap message recognition
SOAP_REGEX = r " \ A(< \ ?xml[^>]+>)? \ s*<soap.+</soap "
2011-01-17 09:28:25 +00:00
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
2011-11-20 20:14:47 +00:00
COMMON_PASSWORD_SUFFIXES = ( " 1 " , " 123 " , " 2 " , " 12 " , " 3 " , " 13 " , " 7 " , " 11 " , " 5 " , " 22 " , " 23 " , " 01 " , " 4 " , " 07 " , " 21 " , " 14 " , " 10 " , " 06 " , " 08 " , " 8 " , " 15 " , " 69 " , " 16 " , " 6 " , " 18 " )
2011-01-17 09:28:25 +00:00
2011-01-15 15:56:11 +00:00
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
2011-11-20 20:14:47 +00:00
COMMON_PASSWORD_SUFFIXES + = ( " ! " , " . " , " * " , " !! " , " ? " , " ; " , " .. " , " !!! " , " , " , " @ " )
2011-01-20 16:07:08 +00:00
# Splitter used between requests in WebScarab log files
WEBSCARAB_SPLITTER = " ### Conversation "
# Splitter used between requests in BURP log files
2012-04-10 22:20:53 +00:00
BURP_REQUEST_REGEX = r " = { 10,} \ s+[^=]+= { 10,} \ s(.+?) \ s= { 10,} "
2011-01-27 16:55:58 +00:00
2011-01-30 11:36:03 +00:00
# Encoding used for Unicode data
UNICODE_ENCODING = " utf8 "
2011-01-31 12:41:39 +00:00
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = " URI "
2011-01-31 20:36:01 +00:00
# Uri format which could be injectable (e.g. www.site.com/id82)
2012-01-06 00:06:38 +00:00
URI_INJECTABLE_REGEX = r " //[^/]*/([^ \ .*?]+) \ Z "
2011-02-02 10:10:28 +00:00
2011-02-02 14:25:16 +00:00
# Regex used for masking sensitive data
2011-03-02 10:09:17 +00:00
SENSITIVE_DATA_REGEX = " ( \ s|=)(?P<result>[^ \ s=]* %s [^ \ s]*) \ s "
2011-02-02 14:25:16 +00:00
2011-02-02 10:10:28 +00:00
# Maximum number of threads (avoiding connection issues and/or DoS)
MAX_NUMBER_OF_THREADS = 10
2011-02-03 16:59:49 +00:00
# Minimum range between minimum and maximum of statistical set
MIN_STATISTICAL_RANGE = 0.01
2011-02-03 23:25:56 +00:00
# Minimum value for comparison ratio
MIN_RATIO = 0.0
# Maximum value for comparison ratio
MAX_RATIO = 1.0
2011-02-04 12:25:14 +00:00
2012-04-17 08:41:19 +00:00
# Character used for marking injectable position inside provided data
CUSTOM_INJECTION_MARK_CHAR = ' * '
2011-02-04 17:40:55 +00:00
# Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings
2011-02-08 16:23:33 +00:00
MYSQL_ERROR_CHUNK_LENGTH = 50
2011-02-06 22:32:44 +00:00
2011-05-03 13:25:20 +00:00
# Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
MSSQL_ERROR_CHUNK_LENGTH = 100
2011-02-07 00:33:54 +00:00
# Do not unescape the injected statement if it contains any of the following SQL words
2011-07-04 19:58:41 +00:00
EXCLUDE_UNESCAPE = ( " WAITFOR DELAY " , " INTO DUMPFILE " , " INTO OUTFILE " , " CREATE " , " BULK " , " EXEC " , " RECONFIGURE " , " DECLARE " , " ' %s ' " % CHAR_INFERENCE_MARK )
2011-02-24 16:52:46 +00:00
# Mark used for replacement of reflected values
2012-03-29 12:44:20 +00:00
REFLECTED_VALUE_MARKER = " __REFLECTED_VALUE__ "
2012-04-11 21:26:00 +00:00
# Regular expression used for replacing border non-alphanum characters
REFLECTED_BORDER_REGEX = r " [^A-Za-z]+ "
2012-03-28 19:27:12 +00:00
# Regular expression used for replacing non-alphanum characters
2012-03-29 12:44:20 +00:00
REFLECTED_REPLACEMENT_REGEX = r " .+? "
2011-03-09 09:36:56 +00:00
2011-07-12 23:21:15 +00:00
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
REFLECTED_MAX_REGEX_PARTS = 10
2011-04-13 11:25:42 +00:00
# Chars which can be used as a failsafe values in case of too long URL encoding value
2012-03-29 12:44:20 +00:00
URLENCODE_FAILSAFE_CHARS = " ()|, "
2011-03-09 09:36:56 +00:00
2011-04-13 11:25:42 +00:00
# Maximum length of urlencoded value after which failsafe procedure takes away
2011-04-10 22:57:17 +00:00
URLENCODE_CHAR_LIMIT = 2000
2011-03-27 07:58:15 +00:00
2011-04-13 11:25:42 +00:00
# Default schema for Microsoft SQL Server DBMS
2012-03-29 12:44:20 +00:00
DEFAULT_MSSQL_SCHEMA = " dbo "
2011-03-29 12:08:07 +00:00
2011-04-13 11:25:42 +00:00
# Display hash attack info every mod number of items
2011-11-02 06:53:43 +00:00
HASH_MOD_ITEM_DISPLAY = 11
2011-04-11 11:59:02 +00:00
2011-04-13 11:25:42 +00:00
# Maximum integer value
2011-04-11 11:59:02 +00:00
MAX_INT = sys . maxint
2011-04-13 19:01:02 +00:00
2011-04-14 12:58:03 +00:00
# Parameters to be ignored in detection phase (upper case)
2012-09-06 13:36:34 +02:00
IGNORE_PARAMETERS = ( " __VIEWSTATE " , " __VIEWSTATEENCRYPTED " , " __EVENTARGUMENT " , " __EVENTTARGET " , " __EVENTVALIDATION " , " ASPSESSIONID " , " ASP.NET_SESSIONID " , " JSESSIONID " , " CFID " , " CFTOKEN " )
2011-04-22 19:58:10 +00:00
# Turn off resume console info to avoid potential slowdowns
TURN_OFF_RESUME_INFO_LIMIT = 20
2011-05-15 22:21:38 +00:00
# Strftime format for results file used in multiple target mode
2012-03-29 12:44:20 +00:00
RESULTS_FILE_FORMAT = " results- % m %d % Y_ % I % M % p.csv "
2011-05-17 23:03:31 +00:00
# Official web page with the list of Python supported codecs
2012-03-29 12:44:20 +00:00
CODECS_LIST_PAGE = " http://docs.python.org/library/codecs.html#standard-encodings "
2011-05-19 16:45:05 +00:00
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)
SQL_SCALAR_REGEX = r " \ A(SELECT(?! \ s+DISTINCT \ (?))? \ s* \ w* \ ( "
2011-05-24 11:06:58 +00:00
# IP address of the localhost
LOCALHOST = " 127.0.0.1 "
2011-11-23 21:39:53 +00:00
# Default port used by Tor
DEFAULT_TOR_SOCKS_PORT = 9050
2011-05-26 20:48:18 +00:00
2011-12-14 10:19:45 +00:00
# Default ports used in Tor proxy bundles
DEFAULT_TOR_HTTP_PORTS = ( 8123 , 8118 )
2011-05-26 20:48:18 +00:00
# Percentage below which comparison engine could have problems
LOW_TEXT_PERCENT = 20
2011-05-28 17:34:43 +00:00
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
IGNORE_SPACE_AFFECTED_KEYWORDS = ( " CAST " , " COUNT " , " EXTRACT " , " GROUP_CONCAT " , " MAX " , " MID " , " MIN " , " SESSION_USER " , " SUBSTR " , " SUBSTRING " , " SUM " , " SYSTEM_USER " , " TRIM " )
2011-05-28 18:54:14 +00:00
2012-07-16 22:50:29 +01:00
LEGAL_DISCLAIMER = " Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user ' s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program "
2011-05-30 09:46:32 +00:00
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
REFLECTIVE_MISS_THRESHOLD = 20
2011-06-10 23:18:43 +00:00
# Regular expression used for extracting HTML title
HTML_TITLE_REGEX = " <title>(?P<result>[^<]+)</title> "
2011-06-17 22:04:25 +00:00
2011-11-20 19:10:46 +00:00
# Table used for Base64 conversion in WordPress hash cracking routine
2012-03-29 12:44:20 +00:00
ITOA64 = " ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "
2011-11-20 19:10:46 +00:00
2011-06-17 22:04:25 +00:00
# Chars used to quickly distinguish if the user provided tainted parameter values
2011-08-16 09:21:01 +00:00
DUMMY_SQL_INJECTION_CHARS = " ;() ' "
2011-06-20 22:41:38 +00:00
2012-01-07 17:16:14 +00:00
# Simple check against dummy users
2012-03-29 12:44:20 +00:00
DUMMY_USER_INJECTION = r " (?i)[^ \ w](AND|OR) \ s+[^ \ s]+[=><] "
2012-01-07 17:16:14 +00:00
2011-06-20 22:41:38 +00:00
# Extensions skipped by crawler
CRAWL_EXCLUDE_EXTENSIONS = ( " gif " , " jpg " , " jar " , " tif " , " bmp " , " war " , " ear " , " mpg " , " wmv " , " mpeg " , " scm " , " iso " , " dmp " , " dll " , " cab " , " so " , " avi " , " bin " , " exe " , " iso " , " tar " , " png " , " pdf " , " ps " , " mp3 " , " zip " , " rar " , " gz " )
2011-07-04 19:58:41 +00:00
# Template used for common table existence check
BRUTE_TABLE_EXISTS_TEMPLATE = " EXISTS(SELECT %d FROM %s ) "
# Template used for common column existence check
BRUTE_COLUMN_EXISTS_TEMPLATE = " EXISTS(SELECT %s FROM %s ) "
2011-07-06 05:44:47 +00:00
# Payload used for checking of existence of IDS/WAF (dummier the better)
IDS_WAF_CHECK_PAYLOAD = " AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables "
2011-07-15 13:24:13 +00:00
# Used for status representation in dictionary attack phase
ROTATING_CHARS = ( ' \\ ' , ' | ' , ' | ' , ' / ' , ' - ' )
2011-07-23 19:04:59 +00:00
2011-07-24 09:19:33 +00:00
# Chunk length (in items) used by BigArray objects (only last chunk and cached one are held in memory)
2011-07-25 20:17:44 +00:00
BIGARRAY_CHUNK_LENGTH = 4096
2011-07-24 09:19:33 +00:00
# Only console display last n table rows
2011-10-26 14:31:00 +00:00
TRIM_STDOUT_DUMP_SIZE = 256
2011-08-03 09:08:16 +00:00
2011-11-22 12:18:24 +00:00
# Parse response headers only first couple of times
PARSE_HEADERS_LIMIT = 3
2011-08-03 09:08:16 +00:00
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
ORDER_BY_STEP = 10
2011-08-16 06:50:20 +00:00
# Maximum number of times for revalidation of a character in time-based injections
MAX_TIME_REVALIDATION_STEPS = 5
2011-08-29 13:08:25 +00:00
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
PARAMETER_SPLITTING_REGEX = r ' [,|;] '
2011-10-09 21:21:41 +00:00
# Regular expression describing possible union char value (e.g. used in --union-char)
UNION_CHAR_REGEX = r ' \ A \ w+ \ Z '
2011-10-25 09:53:44 +00:00
# Attribute used for storing original parameter value in special cases (e.g. POST)
2011-11-20 19:10:46 +00:00
UNENCODED_ORIGINAL_VALUE = ' original '
# Common column names containing usernames (used for hash cracking in some cases)
2011-11-21 21:31:08 +00:00
COMMON_USER_COLUMNS = ( ' user ' , ' username ' , ' user_name ' , ' benutzername ' , ' benutzer ' , ' utilisateur ' , ' usager ' , ' consommateur ' , ' utente ' , ' utilizzatore ' , ' usufrutuario ' , ' korisnik ' , ' usuario ' , ' consumidor ' )
# Default delimiter in GET/POST values
DEFAULT_GET_POST_DELIMITER = ' & '
# Default delimiter in cookie values
2011-11-22 10:54:29 +00:00
DEFAULT_COOKIE_DELIMITER = ' ; '
# Skip unforced HashDB flush requests below the threshold number of cached items
2011-11-22 11:04:43 +00:00
HASHDB_FLUSH_THRESHOLD = 32
2011-12-22 20:14:56 +00:00
2012-09-25 11:21:39 +02:00
# Number of retries for unsuccessful HashDB flush attempts
HASHDB_FLUSH_RETRIES = 3
2012-03-13 09:35:37 +00:00
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
2012-06-17 21:23:12 +00:00
HASHDB_MILESTONE_VALUE = " cAWxkLYCQT " # r5129 "".join(random.sample(string.letters, 10))
2012-03-12 22:55:57 +00:00
2011-12-22 20:14:56 +00:00
# Warn user of possible delay due to large page dump in full UNION query injections
LARGE_OUTPUT_THRESHOLD = 1024 * * 2
2011-12-22 20:42:57 +00:00
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)
SLOW_ORDER_COUNT_THRESHOLD = 10000
2011-12-22 20:54:20 +00:00
# Give up on hash recognition if nothing was found in first given number of rows
HASH_RECOGNITION_QUIT_THRESHOLD = 10000
2011-12-28 15:59:30 +00:00
2012-03-15 11:10:58 +00:00
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce
MAX_SINGLE_URL_REDIRECTIONS = 4
# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop
MAX_TOTAL_REDIRECTIONS = 10
2012-04-02 14:05:30 +00:00
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm
MAX_DNS_LABEL = 63
2012-04-06 08:42:36 +00:00
2012-07-01 01:19:54 +02:00
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
DNS_BOUNDARIES_ALPHABET = re . sub ( " [a-fA-F] " , " " , string . letters )
2012-04-06 08:42:36 +00:00
# Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION/inband injections)
MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024
2012-08-07 00:50:58 +02:00
# Maximum response total page size (trimmed if larger)
MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024
2012-04-06 08:42:36 +00:00
# Mark used for trimming unnecessary content in large chunks
LARGE_CHUNK_TRIM_MARKER = " __TRIMMED_CONTENT__ "
2012-05-09 09:08:23 +00:00
# Generic SQL comment formation
GENERIC_SQL_COMMENT = " -- "
2012-05-26 07:00:26 +00:00
# Threshold value for turning back on time auto-adjustment mechanism
VALID_TIME_CHARS_RUN_THRESHOLD = 100
2012-07-12 14:31:28 +02:00
# Check for empty columns only if table is sufficiently large
CHECK_ZERO_COLUMNS_THRESHOLD = 10
2012-07-12 16:30:35 +02:00
# Boldify all logger messages containing these "patterns"
BOLD_PATTERNS = ( " ' injectable " , " might be injectable " , " ' is vulnerable " , " is not injectable " )
2012-07-13 11:23:21 +02:00
# Generic www root directory names
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ( " htdocs " , " wwwroot " , " www " )
2012-07-24 15:43:29 +02:00
# Maximum length of a help part containing switch/option name(s)
MAX_HELP_OPTION_LENGTH = 18
2012-08-22 15:51:47 +02:00
# Strings for detecting formatting errors
2012-08-23 15:37:17 +02:00
FORMAT_EXCEPTION_STRINGS = ( " Type mismatch " , " Error converting " , " Failed to convert " , " System.FormatException " , " java.lang.NumberFormatException " )
2012-09-06 14:13:54 +02:00
# Regular expression used for extracting ASP.NET View State values
VIEWSTATE_REGEX = r ' (?P<name>__VIEWSTATE[^ " ]*)[^>]+value= " (?P<name>[^ " ]+) '
2012-09-06 15:51:38 +02:00
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
LIMITED_ROWS_TEST_NUMBER = 15
