def updateProgram(): success = False if not os.path.exists(os.path.join(paths.w9scan_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'boy-hack/w9scan' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/boy-hack/w9scan.git w9scan')" logger.critical(errMsg) else: infoMsg = "updating w9scan to the latest development version from the " infoMsg += "GitHub repository" logger.info("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg)) debugMsg = "w9scan will try to update itself using 'git' command" logger.info(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = subprocess.Popen( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.w9scan_ROOT_PATH.encode(locale.getpreferredencoding()) ) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex)
def pack(self, srcFile, dstFile=None): self.__initialize(srcFile, dstFile) logger.debug("executing local command: %s" % self.__upxCmd) process = execute(self.__upxCmd, shell=True, stdout=PIPE, stderr=STDOUT) dataToStdout("\r[%s] [INFO] compression in progress " % time.strftime("%X")) pollProcess(process) upxStdout, upxStderr = process.communicate() if hasattr(self, '__upxTempExe'): os.remove(self.__upxTempExe.name) msg = "failed to compress the file" if "NotCompressibleException" in upxStdout: msg += " because you provided a Metasploit version above " msg += "3.3-dev revision 6681. This will not inficiate " msg += "the correct execution of sqlmap. It might " msg += "only slow down a bit the execution" logger.debug(msg) elif upxStderr: logger.warn(msg) else: return os.path.getsize(srcFile) return None
def updateProgram(): success = False if not os.path.exists(os.path.join(path.Ajatar_ROOT_PATH, ".git")): errMsg = "not a git repository. from GitHub (e.g. 'git clone --depth 1 https://github.com/370040400/Ajatar.git Ajatar')" logger.critical(errMsg) else: infoMsg = "updating latest development version from the GitHub repository" logger.info("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg)) debugMsg = "will try to update itself using 'git' command" logger.info(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: #创建进程stdin,stdout,stderr:分别表示程序的标准输入、标准输出、标准错误,cwd:用于设置子进程的当前目录,locale.getpreferredencoding()获取本地编码。 process = subprocess.Popen( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.w9scan_ROOT_PATH.encode(locale.getpreferredencoding()) ) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() #Communicate()返回一个元组 success = not process.returncode #获取进程的返回值。如果进程还没有结束,返回None。 except (IOError, OSError) as ex: success = False stderr = getSafeExString(ex) if success: logger.info("\r[%s] [INFO] %s the latest revision '%s'" % (time.strftime("%X"), "already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. " errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/370040400/Ajatar.git sqlmap')" logger.critical(errMsg) else: logger.critical("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if subprocess.mswindows: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/370040400/Ajatar" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" #time.strftime("%X") 当前时间 print("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg))
def __updateSqlmap(): rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = str(event_dict['action']) index = action.find('_') prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find('_update') != -1: return if action.find('_completed') == -1: print "%s\t%s" % (prefix, event_dict['path']) else: revision = str(event_dict['revision']) index = revision.find('number ') if index != -1: revision = revision[index+7:].strip('>') logger.info('updated to the latest revision %s' % revision) client = pysvn.Client() client.callback_notify = notify client.update(rootDir) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) pollProcess(process) svnStdout, svnStderr = process.communicate() if svnStderr: errMsg = svnStderr.strip() logger.error(errMsg) elif svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info('updated to the latest revision %s' % revision.group(1))
def update(): if not conf.updateAll: return success = False rootDir = paths.SQLMAP_ROOT_PATH if not os.path.exists(os.path.join(rootDir, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev)" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode if success: import lib.core.settings _ = lib.core.settings.REVISION = getRevisionNumber() logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
def update(): if not conf.updateAll: return success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = execute( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode( locale.getpreferredencoding()) ) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: import lib.core.settings _ = lib.core.settings.REVISION = getRevisionNumber() logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
def update(): if not conf.updateAll: return success = False rootDir = paths.SQLMAP_ROOT_PATH if not os.path.exists(os.path.join(rootDir, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode if success: import lib.core.settings _ = lib.core.settings.REVISION = getRevisionNumber() logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) Metasploit._initVars(self) self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] match = re.search( b"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\d]+)", payloadStderr) if match: payloadSize = int(match.group(2)) if extra == "BufferRegister=EAX": payloadSize = payloadSize // 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode ('%s')" % getText( payloadStderr).replace("\n", " ").replace("\r", "") raise SqlmapFilePathException(errMsg) self._shellcodeFP = open(self._shellcodeFilePath, "rb") self.shellcodeString = getText(self._shellcodeFP.read()) self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def update(): if not conf['UPDATE']: return success = False if not os.path.exists(os.path.join(paths['ROOT_PATH'], ".git")): errMsg = "not a git repository. Please checkout the 'Xyntax/POC-T' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')" logger.error(errMsg) else: infoMsg = "updating POC-T to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "POC-T will try to update itself using 'git' command" logger.debug(debugMsg) logger.info("update in progress ") try: process = execute( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths['ROOT_PATH'].encode(locale.getpreferredencoding()) ) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: _ = getRevisionNumber() logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'Xyntax/POC-T' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')" logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
def update(): if not conf.updateAll: return success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = execute( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: import lib.core.settings _ = lib.core.settings.REVISION = getRevisionNumber() logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub( r"\W+", " ", stderr).strip())
def update(): if not conf.updateAll: return success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = subprocess.Popen( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
def update(): if not conf.UPDATE: return success = False if not os.path.exists(os.path.join(paths.ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'Xyntax/POC-T' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')" logger.error(errMsg) else: infoMsg = "updating POC-T to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "POC-T will try to update itself using 'git' command" logger.debug(debugMsg) logger.info("update in progress ") try: process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.ROOT_PATH.encode( locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: _ = getRevisionNumber() logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'Xyntax/POC-T' repository " errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')" logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework 3 multi-stage shellcode " logger.info(infoMsg) self.__randStr = randomStr(lowercase=True) self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__initVars() self.__prepareIngredients(encode=encode) self.__forgeMsfPayloadCmd(exitfunc, format, self.__shellcodeFilePath, extra) logger.debug("executing local command: %s" % self.__payloadCmd) process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] if kb.os == "Windows" or extra == "BufferRegister=EAX": payloadSize = re.search("size ([\d]+)", payloadStderr, re.I) else: payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I) if payloadSize: payloadSize = int(payloadSize.group(1)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", "") raise sqlmapFilePathException, errMsg self.__shellcodeFP = open(self.__shellcodeFilePath, "rb") self.shellcodeString = self.__shellcodeFP.read() self.__shellcodeFP.close() os.unlink(self.__shellcodeFilePath)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) Metasploit._initVars(self) self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr) if match: payloadSize = int(match.group(2)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") raise SqlmapFilePathException(errMsg) self._shellcodeFP = open(self._shellcodeFilePath, "rb") self.shellcodeString = self._shellcodeFP.read() self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def update(): if not conf.updateAll: return success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository " warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.warn(warnMsg) if VERSION == getLatestRevision(): logger.info("already at the latest revision '%s'" % getRevisionNumber()) return message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]" if readInput(message, default='N', boolean=True): directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) try: open(os.path.join(directory, "sqlmap.py"), "w+b") except Exception as ex: errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex)) logger.error(errMsg) else: attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode for wildcard in ('*', ".*"): for _ in glob.glob(os.path.join(directory, wildcard)): try: if os.path.isdir(_): shutil.rmtree(_) else: os.remove(_) except: pass if glob.glob(os.path.join(directory, '*')): errMsg = "unable to clear the content of directory '%s'" % directory logger.error(errMsg) else: try: archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0] with zipfile.ZipFile(archive) as f: for info in f.infolist(): info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename) if info.filename: f.extract(info, directory) filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") if os.path.isfile(filepath): with openFile(filepath, "rb") as f: version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1) logger.info("updated to the latest version '%s#dev'" % version) success = True except Exception as ex: logger.error("update could not be completed ('%s')" % getSafeExString(ex)) else: if not success: logger.error("update could not be completed") else: try: os.chmod(os.path.join(directory, "sqlmap.py"), attrs) except OSError: logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py")) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X")) output = "" try: process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH) pollProcess(process, True) output, _ = process.communicate() success = not process.returncode except Exception as ex: success = False output = getSafeExString(ex) finally: output = getText(output) if success: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in output else "updated to", getRevisionNumber())) else: if "Not a git repository" in output: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", output).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's recommended " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt install git')" logger.info(infoMsg)
def update(): if not conf.updateAll: return success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository " warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.warn(warnMsg) if VERSION == getLatestRevision(): logger.info("already at the latest revision '%s'" % getRevisionNumber()) return message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]" if readInput(message, default='N', boolean=True): directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) try: open(os.path.join(directory, "sqlmap.py"), "w+b") except Exception as ex: errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex)) logger.error(errMsg) else: attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode for wildcard in ('*', ".*"): for _ in glob.glob(os.path.join(directory, wildcard)): try: if os.path.isdir(_): shutil.rmtree(_) else: os.remove(_) except: pass if glob.glob(os.path.join(directory, '*')): errMsg = "unable to clear the content of directory '%s'" % directory logger.error(errMsg) else: try: archive = urllib.urlretrieve(ZIPBALL_PAGE)[0] with zipfile.ZipFile(archive) as f: for info in f.infolist(): info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename) if info.filename: f.extract(info, directory) filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") if os.path.isfile(filepath): with open(filepath, "rb") as f: version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1) logger.info("updated to the latest version '%s#dev'" % version) success = True except Exception as ex: logger.error("update could not be completed ('%s')" % getSafeExString(ex)) else: if not success: logger.error("update could not be completed") else: try: os.chmod(os.path.join(directory, "sqlmap.py"), attrs) except OSError: logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py")) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress" % time.strftime("%X")) try: process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError) as ex: success = False stderr = getSafeExString(ex) if success: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's recommended " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
os.chmod(os.path.join(directory, "sqlmap.py"), attrs) except OSError: logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py")) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = subprocess.Popen( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg)
def createMsfPayloadStager(self, initialize=True): if initialize: infoMsg = "" else: infoMsg = "re" infoMsg += "creating Metasploit Framework 3 payload stager" logger.info(infoMsg) self.__randStr = randomStr(lowercase=True) if kb.os == "Windows": self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr) # Metasploit developers added support for the old exe format # to msfencode using '-t exe-small' (>= 3.3.3-dev), # http://www.metasploit.com/redmine/projects/framework/repository/revisions/7840 # This is useful for sqlmap because on PostgreSQL it is not # possible to write files bigger than 8192 bytes abusing the # lo_export() feature implemented in sqlmap. if kb.dbms == "PostgreSQL": self.__fileFormat = "exe-small" else: self.__fileFormat = "exe" else: self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__fileFormat = "elf" if initialize: self.__initVars() if self.payloadStr is None: self.__prepareIngredients() self.__forgeMsfPayloadCmd("process", self.__fileFormat, self.exeFilePathLocal) logger.debug("executing local command: %s" % self.__payloadCmd) process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] if kb.os == "Windows": payloadSize = re.search("size\s([\d]+)", payloadStderr, re.I) else: payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I) os.chmod(self.exeFilePathLocal, stat.S_IRWXU) if payloadSize: payloadSize = payloadSize.group(1) exeSize = os.path.getsize(self.exeFilePathLocal) # Only pack the payload stager if the back-end DBMS operating # system is Windows and new portable executable template is # used if self.__fileFormat == "exe": packedSize = upx.pack(self.exeFilePathLocal) else: packedSize = None debugMsg = "the encoded payload size is %s bytes, " % payloadSize if packedSize and packedSize < exeSize: debugMsg += "as a compressed portable executable its size " debugMsg += "is %d bytes, decompressed it " % packedSize debugMsg += "was %s bytes large" % exeSize else: debugMsg += "as a portable executable its size is " debugMsg += "%s bytes" % exeSize logger.debug(debugMsg) else: errMsg = "failed to create the payload stager (%s)" % payloadStderr raise sqlmapFilePathException, errMsg