def updateProgram():
success = False
if not os.path.exists(os.path.join(paths.w9scan_ROOT_PATH, ".git")):
errMsg = "not a git repository. Please checkout the 'boy-hack/w9scan' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/boy-hack/w9scan.git w9scan')"
logger.critical(errMsg)
else:
infoMsg = "updating w9scan to the latest development version from the "
infoMsg += "GitHub repository"
logger.info("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg))
debugMsg = "w9scan will try to update itself using 'git' command"
logger.info(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = subprocess.Popen(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=paths.w9scan_ROOT_PATH.encode(locale.getpreferredencoding())
) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
def pack(self, srcFile, dstFile=None):
self.__initialize(srcFile, dstFile)
logger.debug("executing local command: %s" % self.__upxCmd)
process = execute(self.__upxCmd, shell=True, stdout=PIPE, stderr=STDOUT)
dataToStdout("\r[%s] [INFO] compression in progress " % time.strftime("%X"))
pollProcess(process)
upxStdout, upxStderr = process.communicate()
if hasattr(self, '__upxTempExe'):
os.remove(self.__upxTempExe.name)
msg = "failed to compress the file"
if "NotCompressibleException" in upxStdout:
msg += " because you provided a Metasploit version above "
msg += "3.3-dev revision 6681. This will not inficiate "
msg += "the correct execution of sqlmap. It might "
msg += "only slow down a bit the execution"
logger.debug(msg)
elif upxStderr:
logger.warn(msg)
else:
return os.path.getsize(srcFile)
return None
def updateProgram():
success = False
if not os.path.exists(os.path.join(path.Ajatar_ROOT_PATH, ".git")):
errMsg = "not a git repository. from GitHub (e.g. 'git clone --depth 1 https://github.com/370040400/Ajatar.git Ajatar')"
logger.critical(errMsg)
else:
infoMsg = "updating latest development version from the GitHub repository"
logger.info("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg))
debugMsg = "will try to update itself using 'git' command"
logger.info(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
#创建进程stdin,stdout,stderr:分别表示程序的标准输入、标准输出、标准错误,cwd:用于设置子进程的当前目录,locale.getpreferredencoding()获取本地编码。
process = subprocess.Popen(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=paths.w9scan_ROOT_PATH.encode(locale.getpreferredencoding())
) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate() #Communicate()返回一个元组
success = not process.returncode #获取进程的返回值。如果进程还没有结束,返回None。
except (IOError, OSError) as ex:
success = False
stderr = getSafeExString(ex)
if success:
logger.info("\r[%s] [INFO] %s the latest revision '%s'" %
(time.strftime("%X"), "already at" if "Already" in stdout
else "updated to", getRevisionNumber()))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. "
errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/370040400/Ajatar.git sqlmap')"
logger.critical(errMsg)
else:
logger.critical("update could not be completed ('%s')" %
re.sub(r"\W+", " ", stderr).strip())
if not success:
if subprocess.mswindows:
infoMsg = "for Windows platform it's recommended "
infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (http://windows.github.com/) or just "
infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/370040400/Ajatar"
else:
infoMsg = "for Linux platform it's required "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"
#time.strftime("%X") 当前时间
print("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg))
def __updateSqlmap():
rootDir = paths.SQLMAP_ROOT_PATH
infoMsg = "updating sqlmap to latest development version from the "
infoMsg += "subversion repository"
logger.info(infoMsg)
try:
import pysvn
debugMsg = "sqlmap will update itself using installed python-svn "
debugMsg += "third-party library, http://pysvn.tigris.org/"
logger.debug(debugMsg)
def notify(event_dict):
action = str(event_dict['action'])
index = action.find('_')
prefix = action[index + 1].upper() if index != -1 else action.capitalize()
if action.find('_update') != -1:
return
if action.find('_completed') == -1:
print "%s\t%s" % (prefix, event_dict['path'])
else:
revision = str(event_dict['revision'])
index = revision.find('number ')
if index != -1:
revision = revision[index+7:].strip('>')
logger.info('updated to the latest revision %s' % revision)
client = pysvn.Client()
client.callback_notify = notify
client.update(rootDir)
except ImportError, _:
debugMsg = "sqlmap will try to update itself using 'svn' command"
logger.debug(debugMsg)
process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
pollProcess(process)
svnStdout, svnStderr = process.communicate()
if svnStderr:
errMsg = svnStderr.strip()
logger.error(errMsg)
elif svnStdout:
revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
if revision:
logger.info('updated to the latest revision %s' % revision.group(1))
def update():
if not conf.updateAll:
return
success = False
rootDir = paths.SQLMAP_ROOT_PATH
if not os.path.exists(os.path.join(rootDir, ".git")):
errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev)"
logger.error(errMsg)
else:
infoMsg = "updating sqlmap to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
process = execute("git checkout . && git pull %s HEAD" %
GIT_REPOSITORY,
shell=True,
stdout=PIPE,
stderr=PIPE)
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
if success:
import lib.core.settings
_ = lib.core.settings.REVISION = getRevisionNumber()
logger.info(
"%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to", _))
else:
logger.error("update could not be completed ('%s')" %
re.sub(r"\W+", " ", stderr).strip())
if not success:
if IS_WIN:
infoMsg = "for Windows platform it's recommended "
infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (http://windows.github.com/) or just "
infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
else:
infoMsg = "for Linux platform it's required "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"
logger.info(infoMsg)
def update():
if not conf.updateAll:
return
success = False
if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
infoMsg = "updating sqlmap to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = execute(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=PIPE,
stderr=PIPE,
cwd=paths.SQLMAP_ROOT_PATH.encode(
locale.getpreferredencoding())
) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
import lib.core.settings
_ = lib.core.settings.REVISION = getRevisionNumber()
logger.info(
"%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to", _))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" %
re.sub(r"\W+", " ", stderr).strip())
def update():
if not conf.updateAll:
return
success = False
rootDir = paths.SQLMAP_ROOT_PATH
if not os.path.exists(os.path.join(rootDir, ".git")):
errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
infoMsg = "updating sqlmap to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
if success:
import lib.core.settings
_ = lib.core.settings.REVISION = getRevisionNumber()
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
if not success:
if IS_WIN:
infoMsg = "for Windows platform it's recommended "
infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (http://windows.github.com/) or just "
infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
else:
infoMsg = "for Linux platform it's required "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"
logger.info(infoMsg)
def createMsfShellcode(self, exitfunc, format, extra, encode):
infoMsg = "creating Metasploit Framework multi-stage shellcode "
logger.info(infoMsg)
self._randStr = randomStr(lowercase=True)
self._shellcodeFilePath = os.path.join(conf.outputPath,
"tmpm%s" % self._randStr)
Metasploit._initVars(self)
self._prepareIngredients(encode=encode)
self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath,
extra)
logger.debug("executing local command: %s" % self._payloadCmd)
process = execute(self._payloadCmd,
shell=True,
stdin=PIPE,
stdout=PIPE,
stderr=PIPE,
close_fds=False)
dataToStdout("\r[%s] [INFO] creation in progress " %
time.strftime("%X"))
pollProcess(process)
payloadStderr = process.communicate()[1]
match = re.search(
b"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\d]+)",
payloadStderr)
if match:
payloadSize = int(match.group(2))
if extra == "BufferRegister=EAX":
payloadSize = payloadSize // 2
debugMsg = "the shellcode size is %d bytes" % payloadSize
logger.debug(debugMsg)
else:
errMsg = "failed to create the shellcode ('%s')" % getText(
payloadStderr).replace("\n", " ").replace("\r", "")
raise SqlmapFilePathException(errMsg)
self._shellcodeFP = open(self._shellcodeFilePath, "rb")
self.shellcodeString = getText(self._shellcodeFP.read())
self._shellcodeFP.close()
os.unlink(self._shellcodeFilePath)
def update():
if not conf['UPDATE']:
return
success = False
if not os.path.exists(os.path.join(paths['ROOT_PATH'], ".git")):
errMsg = "not a git repository. Please checkout the 'Xyntax/POC-T' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"
logger.error(errMsg)
else:
infoMsg = "updating POC-T to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "POC-T will try to update itself using 'git' command"
logger.debug(debugMsg)
logger.info("update in progress ")
try:
process = execute(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=PIPE,
stderr=PIPE,
cwd=paths['ROOT_PATH'].encode(locale.getpreferredencoding())
) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
_ = getRevisionNumber()
logger.info(
"%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to", _))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'Xyntax/POC-T' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" %
re.sub(r"\W+", " ", stderr).strip())
def update():
if not conf.updateAll:
return
success = False
if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
infoMsg = "updating sqlmap to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = execute(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=PIPE,
stderr=PIPE,
cwd=paths.SQLMAP_ROOT_PATH)
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
import lib.core.settings
_ = lib.core.settings.REVISION = getRevisionNumber()
logger.info(
"%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to", _))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(
r"\W+", " ", stderr).strip())
def update():
if not conf.updateAll:
return
success = False
if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
else:
infoMsg = "updating sqlmap to the latest development revision from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = subprocess.Popen(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding()
or UNICODE_ENCODING))
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
logger.info("%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to",
getRevisionNumber()))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" %
re.sub(r"\W+", " ", stderr).strip())
def update():
if not conf.UPDATE:
return
success = False
if not os.path.exists(os.path.join(paths.ROOT_PATH, ".git")):
errMsg = "not a git repository. Please checkout the 'Xyntax/POC-T' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"
logger.error(errMsg)
else:
infoMsg = "updating POC-T to the latest development version from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "POC-T will try to update itself using 'git' command"
logger.debug(debugMsg)
logger.info("update in progress ")
try:
process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE,
stderr=PIPE, cwd=paths.ROOT_PATH.encode(
locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
_ = getRevisionNumber()
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'Xyntax/POC-T' repository "
errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
def createMsfShellcode(self, exitfunc, format, extra, encode):
infoMsg = "creating Metasploit Framework 3 multi-stage shellcode "
logger.info(infoMsg)
self.__randStr = randomStr(lowercase=True)
self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr)
self.__initVars()
self.__prepareIngredients(encode=encode)
self.__forgeMsfPayloadCmd(exitfunc, format, self.__shellcodeFilePath, extra)
logger.debug("executing local command: %s" % self.__payloadCmd)
process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE)
dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
pollProcess(process)
payloadStderr = process.communicate()[1]
if kb.os == "Windows" or extra == "BufferRegister=EAX":
payloadSize = re.search("size ([\d]+)", payloadStderr, re.I)
else:
payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)
if payloadSize:
payloadSize = int(payloadSize.group(1))
if extra == "BufferRegister=EAX":
payloadSize = payloadSize / 2
debugMsg = "the shellcode size is %d bytes" % payloadSize
logger.debug(debugMsg)
else:
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", "")
raise sqlmapFilePathException, errMsg
self.__shellcodeFP = open(self.__shellcodeFilePath, "rb")
self.shellcodeString = self.__shellcodeFP.read()
self.__shellcodeFP.close()
os.unlink(self.__shellcodeFilePath)
def createMsfShellcode(self, exitfunc, format, extra, encode):
infoMsg = "creating Metasploit Framework multi-stage shellcode "
logger.info(infoMsg)
self._randStr = randomStr(lowercase=True)
self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr)
Metasploit._initVars(self)
self._prepareIngredients(encode=encode)
self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra)
logger.debug("executing local command: %s" % self._payloadCmd)
process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)
dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
pollProcess(process)
payloadStderr = process.communicate()[1]
match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr)
if match:
payloadSize = int(match.group(2))
if extra == "BufferRegister=EAX":
payloadSize = payloadSize / 2
debugMsg = "the shellcode size is %d bytes" % payloadSize
logger.debug(debugMsg)
else:
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
raise SqlmapFilePathException(errMsg)
self._shellcodeFP = open(self._shellcodeFilePath, "rb")
self.shellcodeString = self._shellcodeFP.read()
self._shellcodeFP.close()
os.unlink(self._shellcodeFilePath)
def update():
if not conf.updateAll:
return
success = False
if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository "
warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.warn(warnMsg)
if VERSION == getLatestRevision():
logger.info("already at the latest revision '%s'" % getRevisionNumber())
return
message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]"
if readInput(message, default='N', boolean=True):
directory = os.path.abspath(paths.SQLMAP_ROOT_PATH)
try:
open(os.path.join(directory, "sqlmap.py"), "w+b")
except Exception as ex:
errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex))
logger.error(errMsg)
else:
attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode
for wildcard in ('*', ".*"):
for _ in glob.glob(os.path.join(directory, wildcard)):
try:
if os.path.isdir(_):
shutil.rmtree(_)
else:
os.remove(_)
except:
pass
if glob.glob(os.path.join(directory, '*')):
errMsg = "unable to clear the content of directory '%s'" % directory
logger.error(errMsg)
else:
try:
archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0]
with zipfile.ZipFile(archive) as f:
for info in f.infolist():
info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename)
if info.filename:
f.extract(info, directory)
filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py")
if os.path.isfile(filepath):
with openFile(filepath, "rb") as f:
version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1)
logger.info("updated to the latest version '%s#dev'" % version)
success = True
except Exception as ex:
logger.error("update could not be completed ('%s')" % getSafeExString(ex))
else:
if not success:
logger.error("update could not be completed")
else:
try:
os.chmod(os.path.join(directory, "sqlmap.py"), attrs)
except OSError:
logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py"))
else:
infoMsg = "updating sqlmap to the latest development revision from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X"))
output = ""
try:
process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)
pollProcess(process, True)
output, _ = process.communicate()
success = not process.returncode
except Exception as ex:
success = False
output = getSafeExString(ex)
finally:
output = getText(output)
if success:
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in output else "updated to", getRevisionNumber()))
else:
if "Not a git repository" in output:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", output).strip())
if not success:
if IS_WIN:
infoMsg = "for Windows platform it's recommended "
infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (http://windows.github.com/) or just "
infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
else:
infoMsg = "for Linux platform it's recommended "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt install git')"
logger.info(infoMsg)
def update():
if not conf.updateAll:
return
success = False
if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository "
warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.warn(warnMsg)
if VERSION == getLatestRevision():
logger.info("already at the latest revision '%s'" % getRevisionNumber())
return
message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]"
if readInput(message, default='N', boolean=True):
directory = os.path.abspath(paths.SQLMAP_ROOT_PATH)
try:
open(os.path.join(directory, "sqlmap.py"), "w+b")
except Exception as ex:
errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex))
logger.error(errMsg)
else:
attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode
for wildcard in ('*', ".*"):
for _ in glob.glob(os.path.join(directory, wildcard)):
try:
if os.path.isdir(_):
shutil.rmtree(_)
else:
os.remove(_)
except:
pass
if glob.glob(os.path.join(directory, '*')):
errMsg = "unable to clear the content of directory '%s'" % directory
logger.error(errMsg)
else:
try:
archive = urllib.urlretrieve(ZIPBALL_PAGE)[0]
with zipfile.ZipFile(archive) as f:
for info in f.infolist():
info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename)
if info.filename:
f.extract(info, directory)
filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py")
if os.path.isfile(filepath):
with open(filepath, "rb") as f:
version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1)
logger.info("updated to the latest version '%s#dev'" % version)
success = True
except Exception as ex:
logger.error("update could not be completed ('%s')" % getSafeExString(ex))
else:
if not success:
logger.error("update could not be completed")
else:
try:
os.chmod(os.path.join(directory, "sqlmap.py"), attrs)
except OSError:
logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py"))
else:
infoMsg = "updating sqlmap to the latest development revision from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X"))
try:
process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError) as ex:
success = False
stderr = getSafeExString(ex)
if success:
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber()))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
if not success:
if IS_WIN:
infoMsg = "for Windows platform it's recommended "
infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (http://windows.github.com/) or just "
infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
else:
infoMsg = "for Linux platform it's recommended "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"
logger.info(infoMsg)
os.chmod(os.path.join(directory, "sqlmap.py"), attrs)
except OSError:
logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py"))
else:
infoMsg = "updating sqlmap to the latest development revision from the "
infoMsg += "GitHub repository"
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber()))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
else:
logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
logger.info(infoMsg)
debugMsg = "sqlmap will try to update itself using 'git' command"
logger.debug(debugMsg)
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = subprocess.Popen(
"git checkout . && git pull %s HEAD" % GIT_REPOSITORY,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding()
or UNICODE_ENCODING))
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode
except (IOError, OSError), ex:
success = False
stderr = getSafeExString(ex)
if success:
logger.info("%s the latest revision '%s'" %
("already at" if "Already" in stdout else "updated to",
getRevisionNumber()))
else:
if "Not a git repository" in stderr:
errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
logger.error(errMsg)
def createMsfPayloadStager(self, initialize=True):
if initialize:
infoMsg = ""
else:
infoMsg = "re"
infoMsg += "creating Metasploit Framework 3 payload stager"
logger.info(infoMsg)
self.__randStr = randomStr(lowercase=True)
if kb.os == "Windows":
self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr)
# Metasploit developers added support for the old exe format
# to msfencode using '-t exe-small' (>= 3.3.3-dev),
# http://www.metasploit.com/redmine/projects/framework/repository/revisions/7840
# This is useful for sqlmap because on PostgreSQL it is not
# possible to write files bigger than 8192 bytes abusing the
# lo_export() feature implemented in sqlmap.
if kb.dbms == "PostgreSQL":
self.__fileFormat = "exe-small"
else:
self.__fileFormat = "exe"
else:
self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr)
self.__fileFormat = "elf"
if initialize:
self.__initVars()
if self.payloadStr is None:
self.__prepareIngredients()
self.__forgeMsfPayloadCmd("process", self.__fileFormat, self.exeFilePathLocal)
logger.debug("executing local command: %s" % self.__payloadCmd)
process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE)
dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
pollProcess(process)
payloadStderr = process.communicate()[1]
if kb.os == "Windows":
payloadSize = re.search("size\s([\d]+)", payloadStderr, re.I)
else:
payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)
os.chmod(self.exeFilePathLocal, stat.S_IRWXU)
if payloadSize:
payloadSize = payloadSize.group(1)
exeSize = os.path.getsize(self.exeFilePathLocal)
# Only pack the payload stager if the back-end DBMS operating
# system is Windows and new portable executable template is
# used
if self.__fileFormat == "exe":
packedSize = upx.pack(self.exeFilePathLocal)
else:
packedSize = None
debugMsg = "the encoded payload size is %s bytes, " % payloadSize
if packedSize and packedSize < exeSize:
debugMsg += "as a compressed portable executable its size "
debugMsg += "is %d bytes, decompressed it " % packedSize
debugMsg += "was %s bytes large" % exeSize
else:
debugMsg += "as a portable executable its size is "
debugMsg += "%s bytes" % exeSize
logger.debug(debugMsg)
else:
errMsg = "failed to create the payload stager (%s)" % payloadStderr
raise sqlmapFilePathException, errMsg
