ptnqoxywl
/
sqlmap
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

修改handler.py 2

Browse Source
pull/3/head
wang 2 months ago
parent 910c1a8c56
commit fa9039fd5e
1 changed files with 124 additions and 31 deletions
Show Stats Download Patch File Download Diff File

155
src/sqlmap-master/lib/controller/handler.py
Unescape View File

@ -1,97 +1,190 @@
# 导入sqlmap核心模块和数据库相关的插件
#!/usr/bin/env python
"""
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
# Import necessary modules and classes from the sqlmap project
from lib.core.common import Backend
from lib.core.data import conf
from lib.core.data import kb
from lib.core.dicts import DBMS_DICT
from lib.core.enums import DBMS
from lib.core.exception import SqlmapConnectionException
# 导入各种数据库的别名设置
from lib.core.settings import ACCESS_ALIASES, ALTIBASE_ALIASES, ..., VIRTUOSO_ALIASES
# 导入sqlalchemy工具用于直接连接数据库
from lib.core.settings import * # Import all database aliases settings
from lib.utils.sqlalchemy import SQLAlchemy
# 导入各种数据库的插件模块
# Import connectors and maps for various DBMS
from plugins.dbms.access.connector import Connector as AccessConn
from plugins.dbms.access import AccessMap
# ... 其他数据库的插件模块
from plugins.dbms.altibase.connector import Connector as AltibaseConn
from plugins.dbms.altibase import AltibaseMap
from plugins.dbms.cache.connector import Connector as CacheConn
from plugins.dbms.cache import CacheMap
from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
from plugins.dbms.clickhouse import ClickHouseMap
from plugins.dbms.cratedb.connector import Connector as CrateDBConn
from plugins.dbms.cratedb import CrateDBMap
from plugins.dbms.cubrid.connector import Connector as CubridConn
from plugins.dbms.cubrid import CubridMap
from plugins.dbms.db2.connector import Connector as DB2Conn
from plugins.dbms.db2 import DB2Map
from plugins.dbms.derby.connector import Connector as DerbyConn
from plugins.dbms.derby import DerbyMap
from plugins.dbms.extremedb.connector import Connector as ExtremeDBConn
from plugins.dbms.extremedb import ExtremeDBMap
from plugins.dbms.firebird.connector import Connector as FirebirdConn
from plugins.dbms.firebird import FirebirdMap
from plugins.dbms.frontbase.connector import Connector as FrontBaseConn
from plugins.dbms.frontbase import FrontBaseMap
from plugins.dbms.h2.connector import Connector as H2Conn
from plugins.dbms.h2 import H2Map
from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
from plugins.dbms.hsqldb import HSQLDBMap
from plugins.dbms.informix.connector import Connector as InformixConn
from plugins.dbms.informix import InformixMap
from plugins.dbms.maxdb.connector import Connector as MaxDBConn
from plugins.dbms.maxdb import MaxDBMap
from plugins.dbms.mckoi.connector import Connector as MckoiConn
from plugins.dbms.mckoi import MckoiMap
from plugins.dbms.mimersql.connector import Connector as MimerSQLConn
from plugins.dbms.mimersql import MimerSQLMap
from plugins.dbms.monetdb.connector import Connector as MonetDBConn
from plugins.dbms.monetdb import MonetDBMap
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
from plugins.dbms.mssqlserver import MSSQLServerMap
from plugins.dbms.mysql.connector import Connector as MySQLConn
from plugins.dbms.mysql import MySQLMap
from plugins.dbms.oracle.connector import Connector as OracleConn
from plugins.dbms.oracle import OracleMap
from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
from plugins.dbms.postgresql import PostgreSQLMap
from plugins.dbms.presto.connector import Connector as PrestoConn
from plugins.dbms.presto import PrestoMap
from plugins.dbms.raima.connector import Connector as RaimaConn
from plugins.dbms.raima import RaimaMap
from plugins.dbms.sqlite.connector import Connector as SQLiteConn
from plugins.dbms.sqlite import SQLiteMap
from plugins.dbms.sybase.connector import Connector as SybaseConn
from plugins.dbms.sybase import SybaseMap
from plugins.dbms.vertica.connector import Connector as VerticaConn
from plugins.dbms.vertica import VerticaMap
from plugins.dbms.virtuoso.connector import Connector as VirtuosoConn
from plugins.dbms.virtuoso import VirtuosoMap
def setHandler():
"""
检测目标网站后端数据库管理系统DBMS类型
Detect which is the target web application back-end database
management system. This function will handle the identification
of the database management system (DBMS) to work with the sqlmap tool.
"""
# 包含所有支持的数据库类型及其别名、处理器和连接器的列表
# List of tuples containing DBMS information (DBMS type, aliases, map class, connector class)
items = [
(DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
# ... 其他数据库类型
(DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
(DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
(DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
(DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
(DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
(DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
(DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
(DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
(DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
(DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
(DBMS.H2, H2_ALIASES, H2Map, H2Conn),
(DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
(DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
(DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
(DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),
(DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn),
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
(DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
(DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
(DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
(DBMS.EXTREMEDB, EXTREMEDB_ALIASES, ExtremeDBMap, ExtremeDBConn),
(DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn),
(DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn),
(DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn),
]
# 如果配置、后端已识别的DBMS或启发式检测到的DBMS存在于别名中则将其置于列表首位
# Identify the current DBMS by evaluating conditions
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
# If a DBMS is detected, remove it from the list and place it at the start
if _:
items.remove(_)
items.insert(0, _)
# 遍历所有数据库类型
# Iterate through the list of DBMS to find the suitable one
for dbms, aliases, Handler, Connector in items:
# 如果用户强制指定了DBMS且当前类型不在别名中则跳过
# If a specific DBMS is forced via configuration
if conf.forceDbms:
if conf.forceDbms.lower() not in aliases:
continue
continue # Skip if aliases do not match
else:
kb.dbms = conf.dbms = conf.forceDbms = dbms
kb.dbms = conf.dbms = conf.forceDbms = dbms # Set the forced DBMS
# 如果有DBMS过滤器且当前DBMS不在过滤器中则跳过
# Check if the current DBMS is filtered out
if kb.dbmsFilter:
if dbms not in kb.dbmsFilter:
continue
# 创建处理器实例和连接器实例
continue # Skip if DBMS is in the filter list
# Instantiate the handler and connector classes for the DBMS
handler = Handler()
conf.dbmsConnector = Connector()
# 如果用户选择直接连接数据库
# Direct connection logic if applicable
if conf.direct:
exception = None
dialect = DBMS_DICT[dbms][3]
# 尝试使用sqlalchemy或直接连接
dialect = DBMS_DICT[dbms][3] # Get the dialect from the dictionary
# Attempt to connect using SQLAlchemy with the provided dialect
if dialect:
try:
sqlalchemy = SQLAlchemy(dialect=dialect)
sqlalchemy.connect()
if sqlalchemy.connector:
sqlalchemy.connect() # Establish SQLAlchemy connection
if sqlalchemy.connector: # If connected successfully
conf.dbmsConnector = sqlalchemy
except Exception as ex:
exception = ex
exception = ex # Capture any exception that occurs
# If no valid dialect or an exception occurred, try direct connection with the DBMS connector
if not dialect or exception:
try:
conf.dbmsConnector.connect()
except Exception as ex:
if exception:
raise exception
raise exception # Raise the previously caught exception
else:
if not isinstance(ex, NameError):
raise
raise # Raise unexpected exceptions
else:
# Raise an exception for unsupported direct connection
msg = "support for direct connection to '%s' is not available. " % dbms
msg += "Please rerun with '--dependencies'"
raise SqlmapConnectionException(msg)
# 如果用户强制指定了DBMS或处理器检查确认了DBMS则设置处理器和连接器
# Determine if the current handler should proceed based on DBMS check
if conf.forceDbms == dbms or handler.checkDbms():
# If a specific DBMS resolution is set, assign the corresponding handler
if kb.resolutionDbms:
conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
conf.dbmsHandler._dbms = kb.resolutionDbms
else:
# Assign the detected handler and set the DBMS type
conf.dbmsHandler = handler
conf.dbmsHandler._dbms = dbms
break
break # Exit loop after successful DBMS identification
else:
conf.dbmsConnector = None
# Set the DBMS connector to None if the check fails
conf.dbmsConnector = None
# DBMS指纹识别完成后无需再强制执行
# At this point, back-end DBMS is correctly fingerprinted, no need to enforce it anymore
Backend.flushForcedDbms()
Write Preview
Loading…
Cancel
Save