def execute(self, mole, params):
if len(params) != 2:
raise CommandException('Expected type and filename as parameter')
if params[0] not in ['xml']:
raise CommandException('Unknown export format.')
try:
mole.export_xml(params[1])
output_manager.advance('Exportation successful').line_break()
except FileOpenException:
raise CommandException('The file given could not be opened', False)
except NotInitializedException:
raise CommandException(
'Mole must be initialized in order to export', False)
def execute(self, mole, params):
if len(params) < 2:
raise CommandException(
"Auth method and user credentials required.")
if params[0] == 'basic':
params = ' '.join(params[1:]).split(':')
if len(params) < 2:
raise CommandException("Missing password.")
username = params[0]
password = '******'.join(params[1:])
mole.requester.headers["Authorization"] = "Basic " + b64encode(
(username + ':' + password).encode()).decode()
else:
raise CommandException("Invalid method")
def execute(self, mole, params):
if len(params) != 2:
raise CommandException('Expected type and filename as parameter')
if params[0] not in ['xml']:
raise CommandException('Unknown import format.')
try:
mole.import_xml(params[1])
output_manager.advance('Importation successful').line_break()
except FileOpenException:
raise CommandException('The file given could not be opened', False)
except InvalidFormatException:
raise CommandException('The file given has an invalid format',
False)
except InvalidDataException:
raise CommandException('The file given has invalid data', False)
def execute(self, mole, params):
if not mole.requester:
raise CommandException('URL must be set first.')
if len(params) == 1:
mole.requester.cookie_parameters = ' '.join(params)
elif len(params) > 1:
raise CommandException(
'Too many arguments(remember to use quotes when setting the cookie).'
)
else:
try:
output_manager.normal(
urlencode(mole.requester.cookie_parameters)).line_break()
except KeyError:
output_manager.normal('No cookie set yet.').line_break()
def execute(self, mole, params):
self.check_initialization(mole)
if len(params) < 2:
raise CommandException(
"DB name and table names to bruteforce required.")
else:
mole.brute_force_tables(params[0], params[1:])
def execute(self, mole, params):
if len(params) == 0:
method = mole.requester.method
if method == 'POST':
params = mole.requester.post_parameters
else:
params = mole.requester.get_parameters
params = urlencode(params, True)
if len(params) == 0:
params = 'No parameters have been set.'
output_manager.normal('{0}: {1}'.format(method,
params)).line_break()
elif len(params) >= 1:
try:
mole.set_method(params[0])
except InvalidMethodException:
raise CommandException('The method ' + params[0] +
' is not supported!')
if len(params) >= 2:
if params[0] == 'POST':
mole.set_post_params(params[1])
elif params[0] == 'GET':
mole.set_get_params(params[1])
if len(params) == 3:
mole.set_vulnerable_param(params[0], params[2])
def execute(self, mole, params):
self.check_initialization(mole)
if len(params) != 1:
raise CommandException('Expected filename as parameter')
data = mole.read_file(params[0])
if len(data) == 0:
output_manager.error(
'Error reading file or file is empty.').line_break()
else:
output_manager.normal(data).line_break()
def execute(self, mole, params):
if len(params) == 0:
method, param = mole.requester.get_vulnerable_param()
if method is not None and param is not None:
output_manager.normal('{0} {1}'.format(method,
param)).line_break()
else:
output_manager.normal(
'Vulnerable parameter not set yet.').line_break()
elif len(params) == 2:
if params[0] not in self.accepted_methods:
raise CommandException('The method ' + params[0] +
' is not supported!')
try:
mole.set_vulnerable_param(params[0], params[1])
except InvalidParamException:
raise CommandException('Parameter given is not valid')
else:
raise CommandException('Expected vulnerable parameter')
def execute(self, mole, params):
if len(params) == 0:
raise CommandException(
'Recursive command needs at least an argument')
if len(params) == 1 and params[0] not in self.first_param:
raise CommandException(
'The first argument for the recursive command must be schemas or tables!'
)
if len(params) == 1 and params[0] == 'tables':
raise CommandException(
'Recursive command needs schema name if you are retrieving tables!'
)
self.check_initialization(mole)
if params[0] == 'schemas':
self.__get_schemas(mole)
elif params[0] == 'tables':
self.__get_tables(mole, params[1])
def execute(self, mole, params):
if len(params) == 0:
output_manager.normal(mole.delay).line_break()
else:
try:
mole.delay = float(params[0])
except ValueError:
raise CommandException("Expected float number as argument")
if mole.requester:
mole.requester.delay = mole.delay
def execute(self, mole, params):
if len(params) == 0:
max_len = max(map(len, mole.requester.headers.keys()))
for key in mole.requester.headers:
output_manager.normal('{0}{1}-> {2}'.format(
key, ' ' * (max_len - len(key)),
mole.requester.headers[key])).line_break()
elif params[0] == 'set':
if len(params) < 3:
raise CommandException(
'"set" expects header key and value as arguments.')
if params[1] == 'Cookie':
CookieCommand().execute(mole, params[2:])
else:
mole.requester.headers[params[1]] = ' '.join(params[2:])
elif params[0] == 'del':
if len(params) != 2:
raise CommandException('"del" expects header key as argument.')
del mole.requester.headers[params[1]]
else:
raise CommandException("Invalid argument.")
def execute(self, mole, params):
if len(params) == 0:
if mole.requester.encoding is not None:
output_manager.normal(mole.requester.encoding).line_break()
else:
output_manager.normal('No encoding set yet.').line_break()
else:
try:
codecs.lookup(params[0])
except LookupError:
raise CommandException(
'Encoding ' + params[0] + ' does not exist.', False)
mole.requester.encoding = params[0]
def execute(self, mole, params):
if len(params) != 1:
raise CommandException('Database name required')
try:
self.check_initialization(mole)
tables = mole.get_tables(params[0], self.force_fetch)
except QueryError as ex:
output_manager.error('Query error: {0}'.format(ex)).line_break()
return
parser = output_manager.results_output(['Tables'])
tables.sort()
for i in tables:
parser.put([i])
parser.end_sequence()
def execute(self, mole, params):
if len(params) != 2:
raise CommandException('Database and table filter required.')
try:
self.check_initialization(mole)
tables = mole.find_tables_like(params[0],
"'" + ' '.join(params[1:]) + "'")
except QueryError as ex:
output_manager.error('Query error: {0}'.format(ex)).line_break()
return
parser = output_manager.results_output(['Tables'])
tables.sort()
for i in tables:
parser.put([i])
parser.end_sequence()
def check_initialization(self, mole):
if not mole.initialized:
try:
mole.initialize()
except MoleAttributeRequired as ex:
raise CommandException('Mole not ready: ' + str(ex), False)
except PageNotFound as ex:
raise CommandException(
'Could not detect SQL Injection: Page not found (' +
str(ex) + ')', False)
except NeedleNotFound as ex:
raise CommandException(
'Could not detect SQL Injection: Needle not found (' +
str(ex) + ')', False)
except SeparatorNotFound as ex:
raise CommandException(
'Could not exploit SQL Injection: Separator not found (' +
str(ex) + ')', False)
except CommentNotFound as ex:
raise CommandException(
'Could not exploit SQL Injection: Comment marker not found ('
+ str(ex) + ')', False)
except ColumnNumberNotFound as ex:
raise CommandException(
'Could not exploit SQL Injection: Number of columns not found ('
+ str(ex) + ')', False)
except InjectableFieldNotFound as ex:
raise CommandException(
'Could not exploit SQL Injection: Injectable field not found ('
+ str(ex) + ')', False)
except DbmsDetectionFailed as ex:
raise CommandException(
'Could not exploit SQL Injection: DBMS detection failed ('
+ str(ex) + ')', False)
except EncodingNotFound as ex:
raise CommandException(
'Could not exploit SQL Injection: HTML encoding not found ('
+ str(ex) + ')', False)
except StoppedQueryException:
raise QuietCommandException()
def execute(self, mole, params):
if len(params) < 3:
raise CommandException('Database name required')
try:
self.check_initialization(mole)
if len(params) == 4:
raise CommandException(
'Expected 3 or at least 5 parameters, got 4.')
index_limit = params.index('limit') if 'limit' in params else -1
index_where = params.index('where') if 'where' in params else -1
index_offset = params.index('offset') if 'offset' in params else -1
min_end = min(index_limit if index_limit != -1 else 0x7fffff,
index_offset if index_offset != -1 else 0x7fffff)
if min_end == 0x7fffff:
min_end = -1
where_end = min_end if min_end != -1 and min_end > index_where else len(
params) + 1
condition = ' '.join(
params[index_where +
1:where_end]) if index_where != -1 else '1=1'
if index_limit == len(params) - 1:
raise CommandException('Limit argument requires row numbers.')
if index_offset == len(params) - 1:
raise CommandException('Offset argument requires row index.')
try:
limit = int(params[index_limit +
1]) if index_limit != -1 else 0x7fffffff
limit = max(limit, 0)
offset = int(params[index_offset +
1]) if index_offset != -1 else 0
offset = max(offset, 0)
except ValueError:
raise CommandException("Non-int value given.")
if params[2] != '*':
columns = params[2].strip("'").strip('"').split(',')
else:
columns = mole.poll_columns(params[0], params[1])
if columns is None:
raise CommandException(
"Columns must be dumped first in order to use '*'.",
False)
columns.sort()
result = mole.get_fields(params[0],
params[1],
columns,
condition,
start=offset,
limit=limit)
except themole.QueryError as ex:
output_manager.error('Query error: {0}'.format(ex)).line_break()
return
res_out = output_manager.results_output(columns)
for i in result:
res_out.put(i)
res_out.end_sequence()
def execute(self, mole, params):
if len(params) != 2:
raise CommandException('Database name required')
try:
self.check_initialization(mole)
columns = mole.get_columns(params[0],
params[1],
force_fetch=self.force_fetch)
except QueryError as ex:
output_manager.error('Query error: {0}'.format(ex)).line_break()
return
columns.sort()
parser = output_manager.results_output(
['Columns for table ' + params[1]])
for i in columns:
parser.put([i])
parser.end_sequence()
def execute(self, mole, params):
if len(params) == 0:
inj_field = mole.injectable_field
if inj_field is None:
output_manager.normal(
'No injectable field has been set yet').line_break()
else:
output_manager.normal(str(inj_field)).line_break()
else:
try:
inj = int(params[0]) - 1
except:
raise CommandException('Expected integer as argument')
if mole.set_injectable_field(inj):
output_manager.advance(
'Injectable field changed successfully').line_break()
else:
output_manager.normal(
'Could not set the injectable field').line_break()
def execute(self, mole, params):
self.check_initialization(mole)
if len(params) == 0:
raise CommandException('At least one parameter is required!')
self.cmds[params[0]].execute(mole, params[1:])
def add_filter(self, mole, name, params):
try:
self.functor(mole).add_filter(name, params)
except FilterCreationError as ex:
raise CommandException(
'Filter {0} failed to initialize({1})'.format(name, str(ex)))
def execute(self, mole, params):
self.check_initialization(mole)
if len(params) == 0:
raise CommandException("DB name expected as argument.")
else:
mole.brute_force_users_tables(params[0])