def bannerParser(banner): """ This function calls a class to extract information from the given DBMS banner based upon the data in XML file """ xmlfile = None if Backend.isDbms(DBMS.MSSQL): xmlfile = paths.MSSQL_XML elif Backend.isDbms(DBMS.MYSQL): xmlfile = paths.MYSQL_XML elif Backend.isDbms(DBMS.ORACLE): xmlfile = paths.ORACLE_XML elif Backend.isDbms(DBMS.PGSQL): xmlfile = paths.PGSQL_XML if not xmlfile: return if Backend.isDbms(DBMS.MSSQL): handler = MSSQLBannerHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(paths.GENERIC_XML, handler) else: handler = FingerprintHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def bannerParser(banner): """ This function calls a class to extract information from the given DBMS banner based upon the data in XML file """ if kb.dbms == "Microsoft SQL Server": xmlfile = paths.MSSQL_XML elif kb.dbms == "MySQL": xmlfile = paths.MYSQL_XML elif kb.dbms == "Oracle": xmlfile = paths.ORACLE_XML elif kb.dbms == "PostgreSQL": xmlfile = paths.PGSQL_XML checkFile(xmlfile) if kb.dbms == "Microsoft SQL Server": handler = MSSQLBannerHandler(banner) parse(xmlfile, handler) handler = FingerprintHandler(banner, kb.bannerFp) parse(paths.GENERIC_XML, handler) else: handler = FingerprintHandler(banner, kb.bannerFp) parse(xmlfile, handler) parse(paths.GENERIC_XML, handler)
def headersParser(headers): """ This function calls a class that parses the input HTTP headers to fingerprint the back-end database management system operating system and the web application technology """ if not kb.headerPaths: kb.headerPaths = { "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"), "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"), "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), } for header in _filter(lambda _: _ in kb.headerPaths, headers): value = headers[header] xmlfile = kb.headerPaths[header] handler = FingerprintHandler(value, kb.headersFp) parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler)
def headersParser(headers): """ This function calls a class that parses the input HTTP headers to fingerprint the back-end database management system operating system and the web application technology """ # It is enough to parse the headers on first four HTTP responses if kb.headersCount > 3: return kb.headersCount += 1 topHeaders = { "cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH, "microsoftsharepointteamservices": "%s/sharepoint.xml" % paths.SQLMAP_XML_BANNER_PATH, "server": "%s/server.xml" % paths.SQLMAP_XML_BANNER_PATH, "servlet-engine": "%s/servlet.xml" % paths.SQLMAP_XML_BANNER_PATH, "set-cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version": "%s/x-aspnet-version.xml" % paths.SQLMAP_XML_BANNER_PATH, "x-powered-by": "%s/x-powered-by.xml" % paths.SQLMAP_XML_BANNER_PATH, } for header in headers: if header in topHeaders.keys(): value = headers[header] xmlfile = topHeaders[header] checkFile(xmlfile) handler = FingerprintHandler(value, kb.headersFp) parse(xmlfile, handler) parse(paths.GENERIC_XML, handler)