1#!/usr/bin/env python 2 3""" 4Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5See the file 'LICENSE' for copying permission 6""" 7 8class PRIORITY(object): 9 LOWEST = -100 10 LOWER = -50 11 LOW = -10 12 NORMAL = 0 13 HIGH = 10 14 HIGHER = 50 15 HIGHEST = 100 16 17class SORT_ORDER(object): 18 FIRST = 0 19 SECOND = 1 20 THIRD = 2 21 FOURTH = 3 22 FIFTH = 4 23 LAST = 100 24 25# Reference: https://docs.python.org/2/library/logging.html#logging-levels 26class LOGGING_LEVELS(object): 27 NOTSET = 0 28 DEBUG = 10 29 INFO = 20 30 WARNING = 30 31 ERROR = 40 32 CRITICAL = 50 33 34class DBMS(object): 35 ACCESS = "Microsoft Access" 36 DB2 = "IBM DB2" 37 FIREBIRD = "Firebird" 38 MAXDB = "SAP MaxDB" 39 MSSQL = "Microsoft SQL Server" 40 MYSQL = "MySQL" 41 ORACLE = "Oracle" 42 PGSQL = "PostgreSQL" 43 SQLITE = "SQLite" 44 SYBASE = "Sybase" 45 HSQLDB = "HSQLDB" 46 H2 = "H2" 47 INFORMIX = "Informix" 48 49class DBMS_DIRECTORY_NAME(object): 50 ACCESS = "access" 51 DB2 = "db2" 52 FIREBIRD = "firebird" 53 MAXDB = "maxdb" 54 MSSQL = "mssqlserver" 55 MYSQL = "mysql" 56 ORACLE = "oracle" 57 PGSQL = "postgresql" 58 SQLITE = "sqlite" 59 SYBASE = "sybase" 60 HSQLDB = "hsqldb" 61 H2 = "h2" 62 INFORMIX = "informix" 63 64class CUSTOM_LOGGING(object): 65 PAYLOAD = 9 66 TRAFFIC_OUT = 8 67 TRAFFIC_IN = 7 68 69class OS(object): 70 LINUX = "Linux" 71 WINDOWS = "Windows" 72 73class PLACE(object): 74 GET = "GET" 75 POST = "POST" 76 URI = "URI" 77 COOKIE = "Cookie" 78 USER_AGENT = "User-Agent" 79 REFERER = "Referer" 80 HOST = "Host" 81 CUSTOM_POST = "(custom) POST" 82 CUSTOM_HEADER = "(custom) HEADER" 83 84class POST_HINT(object): 85 SOAP = "SOAP" 86 JSON = "JSON" 87 JSON_LIKE = "JSON-like" 88 MULTIPART = "MULTIPART" 89 XML = "XML (generic)" 90 ARRAY_LIKE = "Array-like" 91 92class HTTPMETHOD(object): 93 GET = "GET" 94 POST = "POST" 95 HEAD = "HEAD" 96 PUT = "PUT" 97 DELETE = "DELETE" 98 TRACE = "TRACE" 99 OPTIONS = "OPTIONS" 100 CONNECT = "CONNECT" 101 PATCH = "PATCH" 102 103class NULLCONNECTION(object): 104 HEAD = "HEAD" 105 RANGE = "Range" 106 SKIP_READ = "skip-read" 107 108class REFLECTIVE_COUNTER(object): 109 MISS = "MISS" 110 HIT = "HIT" 111 112class CHARSET_TYPE(object): 113 BINARY = 1 114 DIGITS = 2 115 HEXADECIMAL = 3 116 ALPHA = 4 117 ALPHANUM = 5 118 119class HEURISTIC_TEST(object): 120 CASTED = 1 121 NEGATIVE = 2 122 POSITIVE = 3 123 124class HASH(object): 125 MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' 126 MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z' 127 POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z' 128 MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' 129 MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' 130 MSSQL_NEW = r'(?i)\A0x0200[0-9a-f]{8}[0-9a-f]{128}\Z' 131 ORACLE = r'(?i)\As:[0-9a-f]{60}\Z' 132 ORACLE_OLD = r'(?i)\A[0-9a-f]{16}\Z' 133 MD5_GENERIC = r'(?i)\A(0x)?[0-9a-f]{32}\Z' 134 SHA1_GENERIC = r'(?i)\A(0x)?[0-9a-f]{40}\Z' 135 SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z' 136 SHA256_GENERIC = r'(?i)\A(0x)?[0-9a-f]{64}\Z' 137 SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z' 138 SHA512_GENERIC = r'(?i)\A(0x)?[0-9a-f]{128}\Z' 139 CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z' 140 JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z' 141 WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z' 142 APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z' 143 UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z' 144 APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z' 145 VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z' 146 VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z' 147 SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z' 148 SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z' 149 SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z' 150 DJANGO_MD5 = r'\Amd5\$[^$]+\$[0-9a-f]{32}\Z' 151 DJANGO_SHA1 = r'\Asha1\$[^$]+\$[0-9a-f]{40}\Z' 152 MD5_BASE64 = r'\A[a-zA-Z0-9+/]{22}==\Z' 153 SHA1_BASE64 = r'\A[a-zA-Z0-9+/]{27}=\Z' 154 SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z' 155 SHA512_BASE64 = r'\A[a-zA-Z0-9+/]{86}==\Z' 156 157# Reference: http://www.zytrax.com/tech/web/mobile_ids.html 158class MOBILES(object): 159 BLACKBERRY = ("BlackBerry Z10", "Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+") 160 GALAXY = ("Samsung Galaxy S7", "Mozilla/5.0 (Linux; Android 7.0; SM-G930V Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36") 161 HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)") 162 HTC = ("HTC 10", "Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36") 163 HUAWEI = ("Huawei P8", "Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36") 164 IPHONE = ("Apple iPhone 8", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1") 165 LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.14977") 166 NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19") 167 NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344") 168 PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 8.0.0; Pixel Build/OPR3.170623.013) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36") 169 XIAOMI = ("Xiaomi Mi 3", "Mozilla/5.0 (Linux; U; Android 4.4.4; en-gb; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/39.0.0.0 Mobile Safari/537.36 XiaoMi/MiuiBrowser/2.1.1") 170 171class PROXY_TYPE(object): 172 HTTP = "HTTP" 173 HTTPS = "HTTPS" 174 SOCKS4 = "SOCKS4" 175 SOCKS5 = "SOCKS5" 176 177class REGISTRY_OPERATION(object): 178 READ = "read" 179 ADD = "add" 180 DELETE = "delete" 181 182class DUMP_FORMAT(object): 183 CSV = "CSV" 184 HTML = "HTML" 185 SQLITE = "SQLITE" 186 187class HTTP_HEADER(object): 188 ACCEPT = "Accept" 189 ACCEPT_CHARSET = "Accept-Charset" 190 ACCEPT_ENCODING = "Accept-Encoding" 191 ACCEPT_LANGUAGE = "Accept-Language" 192 AUTHORIZATION = "Authorization" 193 CACHE_CONTROL = "Cache-Control" 194 CONNECTION = "Connection" 195 CONTENT_ENCODING = "Content-Encoding" 196 CONTENT_LENGTH = "Content-Length" 197 CONTENT_RANGE = "Content-Range" 198 CONTENT_TYPE = "Content-Type" 199 COOKIE = "Cookie" 200 EXPIRES = "Expires" 201 HOST = "Host" 202 IF_MODIFIED_SINCE = "If-Modified-Since" 203 LAST_MODIFIED = "Last-Modified" 204 LOCATION = "Location" 205 PRAGMA = "Pragma" 206 PROXY_AUTHORIZATION = "Proxy-Authorization" 207 PROXY_CONNECTION = "Proxy-Connection" 208 RANGE = "Range" 209 REFERER = "Referer" 210 REFRESH = "Refresh" # Reference: http://stackoverflow.com/a/283794 211 SERVER = "Server" 212 SET_COOKIE = "Set-Cookie" 213 TRANSFER_ENCODING = "Transfer-Encoding" 214 URI = "URI" 215 USER_AGENT = "User-Agent" 216 VIA = "Via" 217 X_POWERED_BY = "X-Powered-By" 218 X_DATA_ORIGIN = "X-Data-Origin" 219 220class EXPECTED(object): 221 BOOL = "bool" 222 INT = "int" 223 224class OPTION_TYPE(object): 225 BOOLEAN = "boolean" 226 INTEGER = "integer" 227 FLOAT = "float" 228 STRING = "string" 229 230class HASHDB_KEYS(object): 231 DBMS = "DBMS" 232 DBMS_FORK = "DBMS_FORK" 233 CHECK_WAF_RESULT = "CHECK_WAF_RESULT" 234 CHECK_NULL_CONNECTION_RESULT = "CHECK_NULL_CONNECTION_RESULT" 235 CONF_TMP_PATH = "CONF_TMP_PATH" 236 KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS" 237 KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS" 238 KB_BRUTE_TABLES = "KB_BRUTE_TABLES" 239 KB_CHARS = "KB_CHARS" 240 KB_DYNAMIC_MARKINGS = "KB_DYNAMIC_MARKINGS" 241 KB_INJECTIONS = "KB_INJECTIONS" 242 KB_ERROR_CHUNK_LENGTH = "KB_ERROR_CHUNK_LENGTH" 243 KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE" 244 OS = "OS" 245 246class REDIRECTION(object): 247 YES = 'Y' 248 NO = 'N' 249 250class PAYLOAD(object): 251 SQLINJECTION = { 252 1: "boolean-based blind", 253 2: "error-based", 254 3: "inline query", 255 4: "stacked queries", 256 5: "time-based blind", 257 6: "UNION query", 258 } 259 260 PARAMETER = { 261 1: "Unescaped numeric", 262 2: "Single quoted string", 263 3: "LIKE single quoted string", 264 4: "Double quoted string", 265 5: "LIKE double quoted string", 266 6: "Identifier (e.g. column name)", 267 } 268 269 RISK = { 270 0: "No risk", 271 1: "Low risk", 272 2: "Medium risk", 273 3: "High risk", 274 } 275 276 CLAUSE = { 277 0: "Always", 278 1: "WHERE", 279 2: "GROUP BY", 280 3: "ORDER BY", 281 4: "LIMIT", 282 5: "OFFSET", 283 6: "TOP", 284 7: "Table name", 285 8: "Column name", 286 9: "Pre-WHERE (non-query)", 287 } 288 289 class METHOD(object): 290 COMPARISON = "comparison" 291 GREP = "grep" 292 TIME = "time" 293 UNION = "union" 294 295 class TECHNIQUE(object): 296 BOOLEAN = 1 297 ERROR = 2 298 QUERY = 3 299 STACKED = 4 300 TIME = 5 301 UNION = 6 302 303 class WHERE(object): 304 ORIGINAL = 1 305 NEGATIVE = 2 306 REPLACE = 3 307 308class WIZARD(object): 309 BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba") 310 INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs") 311 ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll") 312 313class ADJUST_TIME_DELAY(object): 314 DISABLE = -1 315 NO = 0 316 YES = 1 317 318class WEB_PLATFORM(object): 319 PHP = "php" 320 ASP = "asp" 321 ASPX = "aspx" 322 JSP = "jsp" 323 324class CONTENT_TYPE(object): 325 TARGET = 0 326 TECHNIQUES = 1 327 DBMS_FINGERPRINT = 2 328 BANNER = 3 329 CURRENT_USER = 4 330 CURRENT_DB = 5 331 HOSTNAME = 6 332 IS_DBA = 7 333 USERS = 8 334 PASSWORDS = 9 335 PRIVILEGES = 10 336 ROLES = 11 337 DBS = 12 338 TABLES = 13 339 COLUMNS = 14 340 SCHEMA = 15 341 COUNT = 16 342 DUMP_TABLE = 17 343 SEARCH = 18 344 SQL_QUERY = 19 345 COMMON_TABLES = 20 346 COMMON_COLUMNS = 21 347 FILE_READ = 22 348 FILE_WRITE = 23 349 OS_CMD = 24 350 REG_READ = 25 351 STATEMENTS = 26 352 353class CONTENT_STATUS(object): 354 IN_PROGRESS = 0 355 COMPLETE = 1 356 357class AUTH_TYPE(object): 358 BASIC = "basic" 359 DIGEST = "digest" 360 NTLM = "ntlm" 361 PKI = "pki" 362 363class AUTOCOMPLETE_TYPE(object): 364 SQL = 0 365 OS = 1 366 SQLMAP = 2 367 API = 3 368 369class NOTE(object): 370 FALSE_POSITIVE_OR_UNEXPLOITABLE = "false positive or unexploitable" 371 372class MKSTEMP_PREFIX(object): 373 HASHES = "sqlmaphashes-" 374 CRAWLER = "sqlmapcrawler-" 375 IPC = "sqlmapipc-" 376 CONFIG = "sqlmapconfig-" 377 TESTING = "sqlmaptesting-" 378 RESULTS = "sqlmapresults-" 379 COOKIE_JAR = "sqlmapcookiejar-" 380 BIG_ARRAY = "sqlmapbigarray-" 381 SPECIFIC_RESPONSE = "sqlmapresponse-" 382 PREPROCESS = "sqlmappreprocess-" 383 384class TIMEOUT_STATE(object): 385 NORMAL = 0 386 EXCEPTION = 1 387 TIMEOUT = 2 388 389class HINT(object): 390 PREPEND = 0 391 APPEND = 1 392