Implementation for an Issue sqlmapproject#3108

stamparm · stamparm · commit 1f9bf587b523 · 2018-07-31T02:18:33.000+02:00
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -868,20 +868,20 @@ def boldifyMessage(message):
     retVal = message
 
     if any(_ in message for _ in BOLD_PATTERNS):
-        retVal = setColor(message, True)
+        retVal = setColor(message, bold=True)
 
     return retVal
 
-def setColor(message, bold=False):
+def setColor(message, color=None, bold=False):
     retVal = message
     level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel")
 
     if isinstance(level, unicode):
         level = unicodeencode(level)
 
     if message and getattr(LOGGER_HANDLER, "is_tty", False):  # colorizing handler
-        if bold:
-            retVal = colored(message, color=None, on_color=None, attrs=("bold",))
+        if bold or color:
+            retVal = colored(message, color=color, on_color=None, attrs=("bold",) if bold else None)
         elif level:
             level = getattr(logging, level, None) if isinstance(level, basestring) else level
             retVal = LOGGER_HANDLER.colorize(message, level)
@@ -925,7 +925,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
                 if conf.get("api"):
                     sys.stdout.write(message, status, content_type)
                 else:
-                    sys.stdout.write(setColor(message, bold))
+                    sys.stdout.write(setColor(message, bold=bold))
 
                 sys.stdout.flush()
             except IOError:
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -54,6 +54,7 @@
 from lib.core.common import runningAsAdmin
 from lib.core.common import safeExpandUser
 from lib.core.common import saveConfig
+from lib.core.common import setColor
 from lib.core.common import setOptimize
 from lib.core.common import setPaths
 from lib.core.common import singleTimeWarnMessage
@@ -699,6 +700,22 @@ def _setDBMS():
 
             break
 
+def _listTamperingFunctions():
+    """
+    Lists available tamper functions
+    """
+
+    if conf.listTampers:
+        infoMsg = "listing available tamper scripts\n"
+        logger.info(infoMsg)
+
+        for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))):
+            content = openFile(script, "rb").read()
+            match = re.search(r'(?s)__priority__.+"""(.+)"""', content)
+            if match:
+                comment = match.group(1).strip()
+                dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip())))
+
 def _setTamperingFunctions():
     """
     Loads tampering functions from given script(s)
@@ -2459,6 +2476,7 @@ def init():
     _setDNSServer()
     _adjustLoggingFormatter()
     _setMultipleTargets()
+    _listTamperingFunctions()
     _setTamperingFunctions()
     _setWafFunctions()
     _setTrafficOutputFP()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -227,6 +227,7 @@
         "disableColoring": "boolean",
         "googlePage": "integer",
         "identifyWaf": "boolean",
+        "listTampers": "boolean",
         "mobile": "boolean",
         "offline": "boolean",
         "purge": "boolean",
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.7.27"
+VERSION = "1.2.7.28"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -637,6 +637,9 @@ def cmdLineParser(argv=None):
         miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
                                  help="Make a thorough testing for a WAF/IPS/IDS protection")
 
+        miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
+                                 help="Display list of available tamper scripts")
+
         miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
                                  help="Imitate smartphone through HTTP User-Agent header")
 
@@ -874,9 +877,9 @@ def _(self, *args):
         if args.dummy:
             args.url = args.url or DUMMY_URL
 
-        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)):
-            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), "
-            errMsg += "use -h for basic or -hh for advanced help\n"
+        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
+            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
+            errMsg += "Use -h for basic and -hh for advanced help\n"
             parser.error(errMsg)
 
         return args
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -778,6 +778,10 @@ googlePage = 1
 # Valid: True or False
 identifyWaf = False
 
+# Display list of available tamper scripts
+# Valid: True or False
+listTampers = False
+
 # Imitate smartphone through HTTP User-Agent header.
 # Valid: True or False
 mobile = False
diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its UTF-8 full width counterpart
+    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its illegal double unicode counterpart
+    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
 
     >>> tamper("1 AND '1'='1")
     '1 AND %00%271%00%27=%00%271'
diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py
@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends encoded NULL byte character (%00) at the end of payload
+    Appends (Access) NULL byte character (%00) at the end of payload
 
     Requirement:
         * Microsoft Access
diff --git a/tamper/base64encode.py b/tamper/base64encode.py
@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Base64 all characters in a given payload
+    Base64-encodes all characters in a given payload
 
     >>> tamper("1' AND SLEEP(5)#")
     'MScgQU5EIFNMRUVQKDUpIw=='
diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py
@@ -17,8 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character after SQL statement with a valid random blank character.
-    Afterwards replace character '=' with operator LIKE
+    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
 
     Requirement:
         * Blue Coat SGOS with WAF activated as documented in
diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py
@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Double URL-encodes all characters in a given payload (not processing already encoded)
+    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
 
     Notes:
         * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
diff --git a/tamper/charencode.py b/tamper/charencode.py
@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    URL-encodes all characters in a given payload (not processing already encoded)
+    URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)
 
     Tested against:
         * Microsoft SQL Server 2005
diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py
@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Unicode-URL-encodes all characters in a given payload (not processing already encoded)
+    Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)
 
     Requirement:
         * ASP
diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py
@@ -13,7 +13,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
+    Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054)
 
     Notes:
         * Useful to bypass weak filtering and/or WAFs in JSON contexes
diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END'
+    Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart
 
     Requirement:
         * MySQL
diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
+    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
 
     Requirement:
         * MySQL
diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py
@@ -13,7 +13,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
+    Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier
 
     >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
     'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
diff --git a/tamper/lowercase.py b/tamper/lowercase.py
@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with lower case value
+    Replaces each keyword character with lower case value (e.g. SELECT -> select)
 
     Tested against:
         * Microsoft SQL Server 2005
diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py
@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Converts all (non-alphanum) characters in a given payload (not processing already encoded)
+    Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7)
 
     Reference:
         * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py
@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Converts all characters in a given payload (not processing already encoded)
+    Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94)
 
     Reference:
         * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
diff --git a/tamper/percentage.py b/tamper/percentage.py
@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds a percentage sign ('%') infront of each character
+    Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T)
 
     Requirement:
         * ASP
diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py
@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus operator ('+') with (MsSQL) function CONCAT()
+    Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart
 
     Tested against:
         * Microsoft SQL Server 2012
diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py
@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
+    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart
 
     Tested against:
         * Microsoft SQL Server 2008
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with random case value
+    Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
 
     Tested against:
         * Microsoft SQL Server 2005
diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
@@ -15,7 +15,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Add random inline comments inside SQL keywords
+    Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
 
     >>> import random
     >>> random.seed(0)
diff --git a/tamper/space2dash.py b/tamper/space2dash.py
@@ -14,8 +14,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a dash comment ('--') followed by
-    a random string and a new line ('\n')
+    Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')
 
     Requirement:
         * MSSQL
diff --git a/tamper/space2hash.py b/tamper/space2hash.py
@@ -20,8 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
-    a random string and a new line ('\n')
+    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
 
     Requirement:
         * MySQL
diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py
@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with comments '/**_**/'
+    Replaces (MySQL) instances of space character (' ') with comments '/**_**/'
 
     Tested against:
         * MySQL 5.0 and 5.5
diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py
@@ -23,8 +23,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
-    a random string and a new line ('\n')
+    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
 
     Requirement:
         * MySQL >= 5.1.13
diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py
@@ -19,8 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a random blank character from a
-    valid set of alternate characters
+    Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
 
     Requirement:
         * Microsoft SQL Server
diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py
@@ -11,8 +11,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
-    a new line ('\n')
+    Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
 
     Requirement:
         * MSSQL
diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py
@@ -19,8 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a random blank character from a
-    valid set of alternate characters
+    Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
 
     Requirement:
         * MySQL
diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py
@@ -18,15 +18,12 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a dash comment ('--') followed by
-    a new line ('\n')
+    Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')
 
     Requirement:
         * MySQL
         * MSSQL
 
-    Tested against:
-
     Notes:
         * Useful to bypass several web application firewalls.
 
diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py
diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py
diff --git a/tamper/uppercase.py b/tamper/uppercase.py
diff --git a/tamper/varnish.py b/tamper/varnish.py
diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py
diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py
diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py
diff --git a/txt/checksum.md5 b/txt/checksum.md5
