def headersParser(headers): """ This function calls a class that parses the input HTTP headers to fingerprint the back-end database management system operating system and the web application technology """ if not kb.headerPaths: kb.headerPaths = { "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"), "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"), "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), } for header in _filter(lambda _: _ in kb.headerPaths, headers): value = headers[header] xmlfile = kb.headerPaths[header] handler = FingerprintHandler(value, kb.headersFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML handler = HTMLHandler(page) key = hash(page) if key in kb.cache.parsedDbms: retVal = kb.cache.parsedDbms[key] if retVal: handler._markAsErrorPage() return retVal parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None kb.cache.parsedDbms[key] = handler.dbms # generic SQL warning/error messages if re.search(r"SQL (warning|error|syntax)", page, re.I): handler._markAsErrorPage() return handler.dbms
def headersParser(headers): """ This function calls a class that parses the input HTTP headers to fingerprint the back-end database management system operating system and the web application technology """ if not kb.headerPaths: kb.headerPaths = { "cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"), "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), } for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers): value = headers[header] xmlfile = kb.headerPaths[header] checkFile(xmlfile) handler = FingerprintHandler(value, kb.headersFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def headersParser(headers): """ This function calls a class that parses the input HTTP headers to fingerprint the back-end database management system operating system and the web application technology """ # It is enough to parse the headers on first four HTTP responses if kb.headersCount > 3: return kb.headersCount += 1 topHeaders = { "cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"), "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml") } for header in headers: if header in topHeaders.keys(): value = headers[header] xmlfile = topHeaders[header] checkFile(xmlfile) handler = FingerprintHandler(value, kb.headersFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def htmlParser(page): """ 该函数调用一个解析输入HTML页面的类来对后端数据库管理系统进行指纹识别 """ xmlfile = paths.ERRORS_XML handler = HTMLHandler(page) key = hash(page) if key in kb.cache.parsedDbms: retVal = kb.cache.parsedDbms[key] if retVal: handler._markAsErrorPage() return retVal parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None kb.cache.parsedDbms[key] = handler.dbms # 通用SQL警告/错误消息 if re.search(r"SQL (warning|error|syntax)", page, re.I): handler._markAsErrorPage() return handler.dbms
def bannerParser(banner): """ This function calls a class to extract information from the given DBMS banner based upon the data in XML file """ xmlfile = None if Backend.isDbms(DBMS.MSSQL): xmlfile = paths.MSSQL_XML elif Backend.isDbms(DBMS.MYSQL): xmlfile = paths.MYSQL_XML elif Backend.isDbms(DBMS.ORACLE): xmlfile = paths.ORACLE_XML elif Backend.isDbms(DBMS.PGSQL): xmlfile = paths.PGSQL_XML if not xmlfile: return checkFile(xmlfile) if Backend.isDbms(DBMS.MSSQL): handler = MSSQLBannerHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(paths.GENERIC_XML, handler) else: handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def bannerParser(banner): """ This function calls a class to extract information from the given DBMS banner based upon the data in XML file """ xmlfile = None if Backend.isDbms(DBMS.MSSQL): xmlfile = paths.MSSQL_XML elif Backend.isDbms(DBMS.MYSQL): xmlfile = paths.MYSQL_XML elif Backend.isDbms(DBMS.ORACLE): xmlfile = paths.ORACLE_XML elif Backend.isDbms(DBMS.PGSQL): xmlfile = paths.PGSQL_XML if not xmlfile: return if Backend.isDbms(DBMS.MSSQL): handler = MSSQLBannerHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(paths.GENERIC_XML, handler) else: handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML checkFile(xmlfile) page = sanitizeStr(page) handler = htmlHandler(page) parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.htmlFp.append(handler.dbms) return handler.dbms
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML checkFile(xmlfile) handler = htmlHandler(page) parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None return handler.dbms
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system >>> from lib.core.enums import DBMS >>> htmlParser("Warning: mysql_fetch_array() expects parameter 1 to be resource") == DBMS.MYSQL True >>> threadData = getCurrentThreadData() >>> threadData.lastErrorPage = None """ page = page[:HEURISTIC_PAGE_SIZE_THRESHOLD] xmlfile = paths.ERRORS_XML handler = HTMLHandler(page) key = hash(page) # generic SQL warning/error messages if re.search(r"SQL (warning|error|syntax)", page, re.I): handler._markAsErrorPage() if key in kb.cache.parsedDbms: retVal = kb.cache.parsedDbms[key] if retVal: handler._markAsErrorPage() return retVal parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None kb.cache.parsedDbms[key] = handler.dbms return handler.dbms
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML #而paths.ERRORS_XML这一变量的就是SQLMAP用来识别的指纹配置文件路径,位置在于./xml/errors.xml中。 handler = HTMLHandler(page) parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None # generic SQL warning/error messages if re.search(r"SQL (warning|error|syntax)", page, re.I): handler._markAsErrorPage() return handler.dbms
def htmlParser(page): #htmlParser函数,就是根据不同的数据库指纹去识别当前的数据库究竟是什么 """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML #paths.ERRORS_XML这一变量的就是SQLMAP用来识别的指纹配置文件路径,位置在于./xml/errors.xml中 checkFile(xmlfile) handler = HTMLHandler(page) ##最终实现的的其实是HTMLHandler这个类, parseXmlFile(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.lastParserStatus = handler.dbms kb.htmlFp.append(handler.dbms) else: kb.lastParserStatus = None # generic SQL warning/error messages if re.search(r"SQL (warning|error|syntax)", page, re.I): handler._markAsErrorPage() return handler.dbms