Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/lib/core/settings.py
2989 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import codecs

9
import os

10
import random

11
import re

12
import string

13
import sys

14
import time

15


16
from lib.core.enums import DBMS

17
from lib.core.enums import DBMS_DIRECTORY_NAME

18
from lib.core.enums import OS

19
from thirdparty import six

20


21
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)

22
VERSION = "1.9.9.1"

23
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"

24
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}

25
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

26
DESCRIPTION = "automatic SQL injection and database takeover tool"

27
SITE = "https://sqlmap.org"

28
DEFAULT_USER_AGENT = "%s (%s)" % (VERSION_STRING, SITE)

29
DEV_EMAIL_ADDRESS = "[email protected]"

30
ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"

31
GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git"

32
GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"

33
WIKI_PAGE = "https://github.com/sqlmapproject/sqlmap/wiki/"

34
ZIPBALL_PAGE = "https://github.com/sqlmapproject/sqlmap/zipball/master"

35


36
# colorful banner

37
BANNER = """\033[01;33m\

38
        ___

39
       __H__

40
 ___ ___[.]_____ ___ ___  \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m

41
|_ -| . [.]     | .'| . |

42
|___|_  [.]_|_|_|__,|  _|

43
      |_|V...       |_|   \033[0m\033[4;37m%s\033[0m\n

44
""" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split('/')[-1], SITE)

45


46
# Minimum distance of ratio from kb.matchRatio to result in True

47
DIFF_TOLERANCE = 0.05

48
CONSTANT_RATIO = 0.9

49


50
# Ratio used in heuristic check for WAF/IPS protected targets

51
IPS_WAF_CHECK_RATIO = 0.5

52


53
# Timeout used in heuristic check for WAF/IPS protected targets

54
IPS_WAF_CHECK_TIMEOUT = 10

55


56
# Timeout used in checking for existence of live-cookies file

57
LIVE_COOKIES_TIMEOUT = 120

58


59
# Lower and upper values for match ratio in case of stable page

60
LOWER_RATIO_BOUND = 0.02

61
UPPER_RATIO_BOUND = 0.98

62


63
# For filling in case of dumb push updates

64
DUMMY_JUNK = "ahy9Ouge"

65


66
# Markers for special cases when parameter values contain html encoded characters

67
PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"

68
PARAMETER_SEMICOLON_MARKER = "__PARAMETER_SEMICOLON__"

69
BOUNDARY_BACKSLASH_MARKER = "__BOUNDARY_BACKSLASH__"

70
PARAMETER_PERCENTAGE_MARKER = "__PARAMETER_PERCENTAGE__"

71
PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"

72
PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"

73
URI_QUESTION_MARKER = "__URI_QUESTION__"

74
ASTERISK_MARKER = "__ASTERISK__"

75
REPLACEMENT_MARKER = "__REPLACEMENT__"

76
BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__"

77
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__"

78
SAFE_VARIABLE_MARKER = "__SAFE_VARIABLE__"

79
SAFE_HEX_MARKER = "__SAFE_HEX__"

80
DOLLAR_MARKER = "__DOLLAR__"

81


82
RANDOM_INTEGER_MARKER = "[RANDINT]"

83
RANDOM_STRING_MARKER = "[RANDSTR]"

84
SLEEP_TIME_MARKER = "[SLEEPTIME]"

85
INFERENCE_MARKER = "[INFERENCE]"

86
SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]"

87
GENERIC_SQL_COMMENT_MARKER = "[GENERIC_SQL_COMMENT]"

88


89
PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"

90
CHAR_INFERENCE_MARK = "%c"

91
PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]"

92


93
# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)

94
SELECT_FROM_TABLE_REGEX = r"\bSELECT\b.+?\bFROM\s+(?P<result>([\w.]|`[^`<>]+`)+)"

95


96
# Regular expression used for recognition of textual content-type

97
TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"

98


99
# Regular expression used for recognition of generic permission messages

100
PERMISSION_DENIED_REGEX = r"\b(?P<result>(command|permission|access|user)\s*(was|is|has been)?\s*(denied|forbidden|unauthorized|rejected|not allowed))"

101


102
# Regular expression used in recognition of generic protection mechanisms

103
GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b"

104


105
# Regular expression used to detect errors in fuzz(y) UNION test

106
FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|mismatch|comparable|compatible|conversion|convert|failed|error|unexpected"

107


108
# Upper threshold for starting the fuzz(y) UNION test

109
FUZZ_UNION_MAX_COLUMNS = 10

110


111
# Regular expression used for recognition of generic maximum connection messages

112
MAX_CONNECTIONS_REGEX = r"\bmax.{1,100}\bconnection"

113


114
# Maximum consecutive connection errors before asking the user if he wants to continue

115
MAX_CONSECUTIVE_CONNECTION_ERRORS = 15

116


117
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)

118
PRECONNECT_CANDIDATE_TIMEOUT = 10

119


120
# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support)

121
PRECONNECT_INCOMPATIBLE_SERVERS = ("SimpleHTTP", "BaseHTTP")

122


123
# Identify WAF/IPS inside limited number of responses (Note: for optimization purposes)

124
IDENTYWAF_PARSE_LIMIT = 10

125


126
# Maximum sleep time in "Murphy" (testing) mode

127
MAX_MURPHY_SLEEP_TIME = 3

128


129
# Regular expression used for extracting results from Google search

130
GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"

131


132
# Google Search consent cookie

133
GOOGLE_CONSENT_COOKIE = "CONSENT=YES+shp.gws-%s-0-RC1.%s+FX+740" % (time.strftime("%Y%m%d"), "".join(random.sample(string.ascii_lowercase, 2)))

134


135
# Regular expression used for extracting results from DuckDuckGo search

136
DUCKDUCKGO_REGEX = r'<a class="result__url" href="(htt[^"]+)'

137


138
# Regular expression used for extracting results from Bing search

139
BING_REGEX = r'<h2><a href="([^"]+)" h='

140


141
# Dummy user agent for search (if default one returns different results)

142
DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"

143


144
# Regular expression used for extracting content from "textual" tags

145
TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h[1-6]|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"

146


147
# Regular expression used for recognition of IP addresses

148
IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"

149


150
# Regular expression used for recognition of generic "your ip has been blocked" messages

151
BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block\s?list|firewall)"

152


153
# Dumping characters used in GROUP_CONCAT MySQL technique

154
CONCAT_ROW_DELIMITER = ','

155
CONCAT_VALUE_DELIMITER = '|'

156


157
# Coefficient used for a time-based query delay checking (must be >= 7)

158
TIME_STDEV_COEFF = 7

159


160
# Minimum response time that can be even considered as delayed (not a complete requirement)

161
MIN_VALID_DELAYED_RESPONSE = 0.5

162


163
# Standard deviation after which a warning message should be displayed about connection lags

164
WARN_TIME_STDEV = 0.5

165


166
# Minimum length of usable union injected response (quick defense against substr fields)

167
UNION_MIN_RESPONSE_CHARS = 10

168


169
# Coefficient used for a union-based number of columns checking (must be >= 7)

170
UNION_STDEV_COEFF = 7

171


172
# Length of queue for candidates for time delay adjustment

173
TIME_DELAY_CANDIDATES = 3

174


175
# Default value for HTTP Accept header

176
HTTP_ACCEPT_HEADER_VALUE = "*/*"

177


178
# Default value for HTTP Accept-Encoding header

179
HTTP_ACCEPT_ENCODING_HEADER_VALUE = "gzip,deflate"

180


181
# Default timeout for running commands over backdoor

182
BACKDOOR_RUN_CMD_TIMEOUT = 5

183


184
# Number of seconds to wait for thread finalization at program end

185
THREAD_FINALIZATION_TIMEOUT = 1

186


187
# Maximum number of techniques used in inject.py/getValue() per one value

188
MAX_TECHNIQUES_PER_VALUE = 2

189


190
# In case of missing piece of partial union dump, buffered array must be flushed after certain size

191
MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024

192


193
# Maximum size of cache used in @cachedmethod decorator

194
MAX_CACHE_ITEMS = 256

195


196
# Suffix used for naming meta databases in DBMS(es) without explicit database name

197
METADB_SUFFIX = "_masterdb"

198


199
# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)

200
PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3

201


202
# Minimum time response set needed for time-comparison based on standard deviation

203
MIN_TIME_RESPONSES = 30

204


205
# Maximum time response set used during time-comparison based on standard deviation

206
MAX_TIME_RESPONSES = 200

207


208
# Minimum comparison ratio set needed for searching valid union column number based on standard deviation

209
MIN_UNION_RESPONSES = 5

210


211
# After these number of blanks at the end inference should stop (just in case)

212
INFERENCE_BLANK_BREAK = 5

213


214
# Use this replacement character for cases when inference is not able to retrieve the proper character value

215
INFERENCE_UNKNOWN_CHAR = '?'

216


217
# Character used for operation "greater" in inference

218
INFERENCE_GREATER_CHAR = ">"

219


220
# Character used for operation "greater or equal" in inference

221
INFERENCE_GREATER_EQUALS_CHAR = ">="

222


223
# Character used for operation "equals" in inference

224
INFERENCE_EQUALS_CHAR = "="

225


226
# Character used for operation "not-equals" in inference

227
INFERENCE_NOT_EQUALS_CHAR = "!="

228


229
# String used for representation of unknown DBMS

230
UNKNOWN_DBMS = "Unknown"

231


232
# String used for representation of unknown DBMS version

233
UNKNOWN_DBMS_VERSION = "Unknown"

234


235
# Dynamicity boundary length used in dynamicity removal engine

236
DYNAMICITY_BOUNDARY_LENGTH = 20

237


238
# Dummy user prefix used in dictionary attack

239
DUMMY_USER_PREFIX = "__dummy__"

240


241
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1

242
DEFAULT_PAGE_ENCODING = "iso-8859-1"

243


244
try:

245
    codecs.lookup(DEFAULT_PAGE_ENCODING)

246
except LookupError:

247
    DEFAULT_PAGE_ENCODING = "utf8"

248


249
# Marker for program piped input

250
STDIN_PIPE_DASH = '-'

251


252
# URL used in dummy runs

253
DUMMY_URL = "http://foo/bar?id=1"

254


255
# Timeout used during initial websocket (pull) testing

256
WEBSOCKET_INITIAL_TIMEOUT = 3

257


258
# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'

259
PLATFORM = os.name

260
PYVERSION = sys.version.split()[0]

261
IS_WIN = PLATFORM == "nt"

262


263
# Check if running in terminal

264
IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno())

265


266
# DBMS system databases

267
MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB", "distribution", "mssqlsystemresource")

268
MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys", "ndbinfo")

269
PGSQL_SYSTEM_DBS = ("postgres", "template0", "template1", "information_schema", "pg_catalog", "pg_toast", "pgagent")

270
ORACLE_SYSTEM_DBS = ("ADAMS", "ANONYMOUS", "APEX_030200", "APEX_PUBLIC_USER", "APPQOSSYS", "AURORA$ORB$UNAUTHENTICATED", "AWR_STAGE", "BI", "BLAKE", "CLARK", "CSMIG", "CTXSYS", "DBSNMP", "DEMO", "DIP", "DMSYS", "DSSYS", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "HR", "IX", "JONES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OC", "OE", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "PAPER", "PERFSTAT", "PM", "SCOTT", "SH", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "TRACESVR", "TSMSYS", "WK_TEST", "WKPROXY", "WKSYS", "WMSYS", "XDB", "XS$NULL")

271
SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")

272
ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2", "MSysNavPaneGroupCategories", "MSysNavPaneGroups", "MSysNavPaneGroupToObjects", "MSysNavPaneObjectIDs")

273
FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")

274
MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")

275
SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs", "tempdb")

276
DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS", "SYSDEBUG", "SYSINST")

277
HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")

278
H2_SYSTEM_DBS = ("INFORMATION_SCHEMA",) + ("IGNITE", "ignite-sys-cache")

279
INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")

280
MONETDB_SYSTEM_DBS = ("tmp", "json", "profiler")

281
DERBY_SYSTEM_DBS = ("NULLID", "SQLJ", "SYS", "SYSCAT", "SYSCS_DIAG", "SYSCS_UTIL", "SYSFUN", "SYSIBM", "SYSPROC", "SYSSTAT")

282
VERTICA_SYSTEM_DBS = ("v_catalog", "v_internal", "v_monitor",)

283
MCKOI_SYSTEM_DBS = ("",)

284
PRESTO_SYSTEM_DBS = ("information_schema",)

285
ALTIBASE_SYSTEM_DBS = ("SYSTEM_",)

286
MIMERSQL_SYSTEM_DBS = ("information_schema", "SYSTEM",)

287
CRATEDB_SYSTEM_DBS = ("information_schema", "pg_catalog", "sys")

288
CLICKHOUSE_SYSTEM_DBS = ("information_schema", "INFORMATION_SCHEMA", "system")

289
CUBRID_SYSTEM_DBS = ("DBA",)

290
CACHE_SYSTEM_DBS = ("%Dictionary", "INFORMATION_SCHEMA", "%SYS")

291
EXTREMEDB_SYSTEM_DBS = ("",)

292
FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA")

293
RAIMA_SYSTEM_DBS = ("",)

294
VIRTUOSO_SYSTEM_DBS = ("",)

295


296
# Note: (<regular>) + (<forks>)

297
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")

298
MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle", "doris", "starrocks")

299
PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss")

300
ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")

301
SQLITE_ALIASES = ("sqlite", "sqlite3")

302
ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet")

303
FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb")

304
MAXDB_ALIASES = ("max", "maxdb", "sap maxdb", "sap db")

305
SYBASE_ALIASES = ("sybase", "sybase sql server")

306
DB2_ALIASES = ("db2", "ibm db2", "ibmdb2")

307
HSQLDB_ALIASES = ("hsql", "hsqldb", "hs", "hypersql")

308
H2_ALIASES = ("h2",) + ("ignite", "apache ignite")

309
INFORMIX_ALIASES = ("informix", "ibm informix", "ibminformix")

310
MONETDB_ALIASES = ("monet", "monetdb",)

311
DERBY_ALIASES = ("derby", "apache derby",)

312
VERTICA_ALIASES = ("vertica",)

313
MCKOI_ALIASES = ("mckoi",)

314
PRESTO_ALIASES = ("presto",)

315
ALTIBASE_ALIASES = ("altibase",)

316
MIMERSQL_ALIASES = ("mimersql", "mimer")

317
CRATEDB_ALIASES = ("cratedb", "crate")

318
CUBRID_ALIASES = ("cubrid",)

319
CLICKHOUSE_ALIASES = ("clickhouse",)

320
CACHE_ALIASES = ("intersystems cache", "cachedb", "cache", "iris")

321
EXTREMEDB_ALIASES = ("extremedb", "extreme")

322
FRONTBASE_ALIASES = ("frontbase",)

323
RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis")

324
VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso")

325


326
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))

327


328
SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES)

329
SUPPORTED_OS = ("linux", "windows")

330


331
DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES))

332


333
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")

334
REFERER_ALIASES = ("ref", "referer", "referrer")

335
HOST_ALIASES = ("host",)

336


337
# DBMSes with upper case identifiers

338
UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE))

339


340
# Default schemas to use (when unable to enumerate)

341
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"

342
VERTICA_DEFAULT_SCHEMA = "public"

343
MCKOI_DEFAULT_SCHEMA = "APP"

344
CACHE_DEFAULT_SCHEMA = "SQLUser"

345


346
# DBMSes where OFFSET mechanism starts from 1

347
PLUS_ONE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.ALTIBASE, DBMS.MSSQL, DBMS.CACHE))

348


349
# Names that can't be used to name files on Windows OS

350
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

351


352
# Items displayed in basic help (-h) output

353
BASIC_HELP_ITEMS = (

354
    "url",

355
    "googleDork",

356
    "data",

357
    "cookie",

358
    "randomAgent",

359
    "proxy",

360
    "testParameter",

361
    "dbms",

362
    "level",

363
    "risk",

364
    "technique",

365
    "getAll",

366
    "getBanner",

367
    "getCurrentUser",

368
    "getCurrentDb",

369
    "getPasswordHashes",

370
    "getDbs",

371
    "getTables",

372
    "getColumns",

373
    "getSchema",

374
    "dumpTable",

375
    "dumpAll",

376
    "db",

377
    "tbl",

378
    "col",

379
    "osShell",

380
    "osPwn",

381
    "batch",

382
    "checkTor",

383
    "flushSession",

384
    "tor",

385
    "sqlmapShell",

386
    "wizard",

387
)

388


389
# Tags used for value replacements inside shell scripts

390
SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%"

391
SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%"

392


393
# String representation for NULL value

394
NULL = "NULL"

395


396
# String representation for blank ('') value

397
BLANK = "<blank>"

398


399
# String representation for current database

400
CURRENT_DB = "CD"

401


402
# String representation for current user

403
CURRENT_USER = "CU"

404


405
# Name of SQLite file used for storing session data

406
SESSION_SQLITE_FILE = "session.sqlite"

407


408
# Regular expressions used for finding file paths in error messages

409
FILE_PATH_REGEXES = (r"<b>(?P<result>[^<>]+?)</b> on line \d+", r"\bin (?P<result>[^<>'\"]+?)['\"]? on line \d+", r"(?:[>(\[\s])(?P<result>[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P<result>/\w[/\w.~-]+)", r"\bhref=['\"]file://(?P<result>/[^'\"]+)", r"\bin <b>(?P<result>[^<]+): line \d+")

410


411
# Regular expressions used for parsing error messages (--parse-errors)

412
ERROR_PARSING_REGEXES = (

413
    r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P<result>[^<]+)",

414
    r"<b>[^<]{0,100}(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>[^<]+)",

415
    r"(?m)^\s{0,100}(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",

416
    r"(sql|dbc)[^>'\"]{0,32}(fatal|error|warning|exception)(</b>)?:\s*(?P<result>[^<>]+)",

417
    r"(?P<result>[^\n>]{0,100}SQL Syntax[^\n<]+)",

418
    r"(?s)<li>Error Type:<br>(?P<result>.+?)</li>",

419
    r"CDbCommand (?P<result>[^<>\n]*SQL[^<>\n]+)",

420
    r"Code: \d+. DB::Exception: (?P<result>[^<>\n]*)",

421
    r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",

422
    r"\[[^\n\]]{1,100}(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P<result>[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)",

423
    r"(?P<result>query error: SELECT[^<>]+)"

424
)

425


426
# Regular expression used for parsing charset info from meta html headers

427
META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</head>'

428


429
# Regular expression used for parsing refresh info from meta html headers

430
META_REFRESH_REGEX = r'(?i)<meta http-equiv="?refresh"?[^>]+content="?[^">]+;\s*(url=)?["\']?(?P<result>[^\'">]+)'

431


432
# Regular expression used for parsing Javascript redirect request

433
JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=\s*["\'](?P<result>[^"\']+)'

434


435
# Regular expression used for parsing empty fields in tested form data

436
EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'

437


438
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf

439
COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18")

440


441
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html

442
COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@")

443


444
# Splitter used between requests in WebScarab log files

445
WEBSCARAB_SPLITTER = "### Conversation"

446


447
# Splitter used between requests in BURP log files

448
BURP_REQUEST_REGEX = r"={10,}\s+([A-Z]{3,} .+?)\s+(={10,}|\Z)"

449


450
# Regex used for parsing XML Burp saved history items

451
BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.*?<request base64="true"><!\[CDATA\[([^]]+)'

452


453
# Encoding used for Unicode data

454
UNICODE_ENCODING = "utf8"

455


456
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri

457
URI_HTTP_HEADER = "URI"

458


459
# Uri format which could be injectable (e.g. www.site.com/id82)

460
URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"

461


462
# Regex used for masking sensitive data

463
SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*\b%s\b[^\s]*)\s"

464


465
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)

466
SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred", "sqlQuery", "requestFile", "csrfToken", "csrfData", "csrfUrl", "testParameter")

467


468
# Maximum number of threads (avoiding connection issues and/or DoS)

469
MAX_NUMBER_OF_THREADS = 10

470


471
# Minimum range between minimum and maximum of statistical set

472
MIN_STATISTICAL_RANGE = 0.01

473


474
# Minimum value for comparison ratio

475
MIN_RATIO = 0.0

476


477
# Maximum value for comparison ratio

478
MAX_RATIO = 1.0

479


480
# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)

481
CANDIDATE_SENTENCE_MIN_LENGTH = 10

482


483
# Character used for marking injectable position inside provided data

484
CUSTOM_INJECTION_MARK_CHAR = '*'

485


486
# Wildcard value that can be used in option --ignore-code

487
IGNORE_CODE_WILDCARD = '*'

488


489
# Other way to declare injection position

490
INJECT_HERE_REGEX = r"(?i)%INJECT[_ ]?HERE%"

491


492
# Minimum chunk length used for retrieving data over error based payloads

493
MIN_ERROR_CHUNK_LENGTH = 8

494


495
# Maximum chunk length used for retrieving data over error based payloads

496
MAX_ERROR_CHUNK_LENGTH = 1024

497


498
# Do not escape the injected statement if it contains any of the following SQL keywords

499
EXCLUDE_UNESCAPE = ("WAITFOR DELAY '", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)

500


501
# Mark used for replacement of reflected values

502
REFLECTED_VALUE_MARKER = "__REFLECTED_VALUE__"

503


504
# Regular expression used for replacing border non-alphanum characters

505
REFLECTED_BORDER_REGEX = r"[^A-Za-z]+"

506


507
# Regular expression used for replacing non-alphanum characters

508
REFLECTED_REPLACEMENT_REGEX = r"[^\n]{1,168}"

509


510
# Maximum time (in seconds) spent per reflective value(s) replacement

511
REFLECTED_REPLACEMENT_TIMEOUT = 3

512


513
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)

514
REFLECTED_MAX_REGEX_PARTS = 10

515


516
# Chars which can be used as a failsafe values in case of too long URL encoding value

517
URLENCODE_FAILSAFE_CHARS = "()|,"

518


519
# Factor used for yuge page multiplication

520
YUGE_FACTOR = 1000

521


522
# Maximum length of URL encoded value after which failsafe procedure takes away

523
URLENCODE_CHAR_LIMIT = 2000

524


525
# Default schema for Microsoft SQL Server DBMS

526
DEFAULT_MSSQL_SCHEMA = "dbo"

527


528
# Display hash attack info every mod number of items

529
HASH_MOD_ITEM_DISPLAY = 11

530


531
# Display marker for (cracked) empty password

532
HASH_EMPTY_PASSWORD_MARKER = "<empty>"

533


534
# Maximum integer value

535
MAX_INT = sys.maxsize

536


537
# Replacement for unsafe characters in dump table filenames

538
UNSAFE_DUMP_FILEPATH_REPLACEMENT = '_'

539


540
# Options that need to be restored in multiple targets run mode

541
RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")

542


543
# Parameters to be ignored in detection phase (upper case)

544
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")

545


546
# Regular expression used for recognition of ASP.NET control parameters

547
ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"

548


549
# Regex for Google analytics cookie names

550
GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(_ga|_gid|_gat|_gcl_au|__utm[abcz])"

551


552
# Prefix for configuration overriding environment variables

553
SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"

554


555
# General OS environment variables that can be used for setting proxy address

556
PROXY_ENVIRONMENT_VARIABLES = ("all_proxy", "ALL_PROXY", "http_proxy", "HTTP_PROXY", "https_proxy", "HTTPS_PROXY")

557


558
# Turn off resume console info to avoid potential slowdowns

559
TURN_OFF_RESUME_INFO_LIMIT = 20

560


561
# Strftime format for results file used in multiple target mode

562
RESULTS_FILE_FORMAT = "results-%m%d%Y_%I%M%p.csv"

563


564
# Official web page with the list of Python supported codecs

565
CODECS_LIST_PAGE = "http://docs.python.org/library/codecs.html#standard-encodings"

566


567
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)

568
SQL_SCALAR_REGEX = r"\A(SELECT(?!\s+DISTINCT\(?))?\s*\w*\("

569


570
# Option/switch values to ignore during configuration save

571
IGNORE_SAVE_OPTIONS = ("saveConfig",)

572


573
# IP address of the localhost

574
LOCALHOST = "127.0.0.1"

575


576
# Default SOCKS ports used by Tor

577
DEFAULT_TOR_SOCKS_PORTS = (9050, 9150)

578


579
# Default HTTP ports used by Tor

580
DEFAULT_TOR_HTTP_PORTS = (8123, 8118)

581


582
# Percentage below which comparison engine could have problems

583
LOW_TEXT_PERCENT = 20

584


585
# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases

586
VERSION_COMPARISON_CORRECTION = 0.0001

587


588
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)

589
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html

590
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")

591


592
# Keywords expected to be in UPPERCASE in getValue()

593
GET_VALUE_UPPERCASE_KEYWORDS = ("SELECT", "FROM", "WHERE", "DISTINCT", "COUNT")

594


595
LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

596


597
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)

598
REFLECTIVE_MISS_THRESHOLD = 20

599


600
# Regular expression used for extracting HTML title

601
HTML_TITLE_REGEX = r"(?i)<title>(?P<result>[^<]+)</title>"

602


603
# Table used for Base64 conversion in WordPress hash cracking routine

604
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

605


606
# Options/switches to be ignored in command-line parsing (e.g. those passed from Firefox)

607
IGNORED_OPTIONS = ("--compressed",)

608


609
# Chars used to quickly distinguish if the user provided tainted parameter values

610
DUMMY_SQL_INJECTION_CHARS = ";()'"

611


612
# Simple check against dummy users

613
DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\(RAND)\b"

614


615
# Extensions skipped by crawler

616
CRAWL_EXCLUDE_EXTENSIONS = frozenset(("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "accdb", "access", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bin", "bk", "bkp", "bmp", "btif", "bz2", "c", "cab", "caf", "cfg", "cgm", "cmx", "com", "conf", "config", "cpio", "cpp", "cr2", "cue", "dat", "db", "dbf", "deb", "debug", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "dylib", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "elf", "env", "eol", "eot", "epub", "error", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "go", "gz", "h", "h261", "h263", "h264", "ico", "ief", "img", "ini", "ipa", "iso", "jar", "java", "jpeg", "jpg", "jpgv", "jpm", "js", "jxr", "ktx", "lock", "log", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdb", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "msi", "mxu", "nef", "npx", "nrg", "o", "oga", "ogg", "ogv", "old", "otf", "ova", "ovf", "pbm", "pcx", "pdf", "pea", "pgm", "php", "pic", "pid", "pkg", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "py", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rb", "rgb", "rip", "rlc", "rs", "run", "rz", "s3m", "s7z", "scm", "scpt", "service", "sgi", "shar", "sil", "smv", "so", "sock", "socket", "sqlite", "sqlitedb", "sub", "svc", "swf", "swo", "swp", "sys", "tar", "tbz2", "temp", "tga", "tgz", "tif", "tiff", "tlz", "tmp", "toast", "torrent", "ts", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "vbox", "vdi", "vhd", "vhdx", "viv", "vmdk", "vmx", "vob", "vxd", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "yaml", "yml", "z", "zip", "zipx"))

617


618
# Patterns often seen in HTTP headers containing custom injection marking character '*'

619
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"

620


621
# Template used for common table existence check

622
BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"

623


624
# Template used for common column existence check

625
BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"

626


627
# Data inside shellcodeexec to be filled with random string

628
SHELLCODEEXEC_RANDOM_STRING_MARKER = b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

629


630
# Period after last-update to start nagging about the old revision

631
LAST_UPDATE_NAGGING_DAYS = 180

632


633
# Minimum non-writing chars (e.g. ['"-:/]) ratio in case of parsed error messages

634
MIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05

635


636
# Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)

637
CHECK_INTERNET_ADDRESS = "http://www.google.com/generate_204"

638


639
# HTTP code to look in response to CHECK_INTERNET_ADDRESS

640
CHECK_INTERNET_CODE = 204

641


642
# Payload used for checking of existence of WAF/IPS (dummier the better)

643
IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"

644


645
# Vectors used for provoking specific WAF/IPS behavior(s)

646
WAF_ATTACK_VECTORS = (

647
    "",  # NIL

648
    "search=<script>alert(1)</script>",

649
    "file=../../../../etc/passwd",

650
    "q=<invalid>foobar",

651
    "id=1 %s" % IPS_WAF_CHECK_PAYLOAD

652
)

653


654
# Used for status representation in dictionary attack phase

655
ROTATING_CHARS = ('\\', '|', '|', '/', '-')

656


657
# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)

658
BIGARRAY_CHUNK_SIZE = 1024 * 1024

659


660
# Compress level used for storing BigArray chunks to disk (0-9)

661
BIGARRAY_COMPRESS_LEVEL = 9

662


663
# Maximum number of socket pre-connects

664
SOCKET_PRE_CONNECT_QUEUE_SIZE = 3

665


666
# Only console display last n table rows

667
TRIM_STDOUT_DUMP_SIZE = 256

668


669
# Reference: http://stackoverflow.com/a/3168436

670
# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149

671
DUMP_FILE_BUFFER_SIZE = 1024

672


673
# Parse response headers only first couple of times

674
PARSE_HEADERS_LIMIT = 3

675


676
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections

677
ORDER_BY_STEP = 10

678


679
# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections

680
ORDER_BY_MAX = 1000

681


682
# Maximum number of times for revalidation of a character in inference (as required)

683
MAX_REVALIDATION_STEPS = 5

684


685
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)

686
PARAMETER_SPLITTING_REGEX = r"[,|;]"

687


688
# Attribute used for storing original parameter value in special cases (e.g. POST)

689
UNENCODED_ORIGINAL_VALUE = "original"

690


691
# Common column names containing usernames (used for hash cracking in some cases)

692
COMMON_USER_COLUMNS = frozenset(("login", "user", "uname", "username", "user_name", "user_login", "account", "account_name", "auth_user", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser"))

693


694
# Default delimiter in GET/POST values

695
DEFAULT_GET_POST_DELIMITER = '&'

696


697
# Default delimiter in cookie values

698
DEFAULT_COOKIE_DELIMITER = ';'

699


700
# Unix timestamp used for forcing cookie expiration when provided with --load-cookies

701
FORCE_COOKIE_EXPIRATION_TIME = "9999999999"

702


703
# Github OAuth token used for creating an automatic Issue for unhandled exceptions

704
GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe"

705


706
# Skip unforced HashDB flush requests below the threshold number of cached items

707
HASHDB_FLUSH_THRESHOLD = 32

708


709
# Number of retries for unsuccessful HashDB flush attempts

710
HASHDB_FLUSH_RETRIES = 3

711


712
# Number of retries for unsuccessful HashDB retrieve attempts

713
HASHDB_RETRIEVE_RETRIES = 3

714


715
# Number of retries for unsuccessful HashDB end transaction attempts

716
HASHDB_END_TRANSACTION_RETRIES = 3

717


718
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)

719
HASHDB_MILESTONE_VALUE = "OdqjeUpBLc"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'

720


721
# Pickle protocl used for storage of serialized data inside HashDB (https://docs.python.org/3/library/pickle.html#data-stream-format)

722
PICKLE_PROTOCOL = 2

723


724
# Warn user of possible delay due to large page dump in full UNION query injections

725
LARGE_OUTPUT_THRESHOLD = 1024 ** 2

726


727
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)

728
SLOW_ORDER_COUNT_THRESHOLD = 10000

729


730
# Give up on hash recognition if nothing was found in first given number of rows

731
HASH_RECOGNITION_QUIT_THRESHOLD = 1000

732


733
# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values

734
HASH_BINARY_COLUMNS_REGEX = r"(?i)pass|psw|hash"

735


736
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce

737
MAX_SINGLE_URL_REDIRECTIONS = 4

738


739
# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop

740
MAX_TOTAL_REDIRECTIONS = 10

741


742
# Maximum (deliberate) delay used in page stability check

743
MAX_STABILITY_DELAY = 0.5

744


745
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm

746
MAX_DNS_LABEL = 63

747


748
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)

749
DNS_BOUNDARIES_ALPHABET = re.sub(r"[a-fA-F]", "", string.ascii_letters)

750


751
# Alphabet used for heuristic checks

752
HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')

753


754
# Minor artistic touch

755
BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample(HEURISTIC_CHECK_ALPHABET, 1)[0], BANNER)

756


757
# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value

758
DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"

759


760
# Regular expression used for recognition of file inclusion errors

761
FI_ERROR_REGEX = r"(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"

762


763
# Length of prefix and suffix used in non-SQLI heuristic checks

764
NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6

765


766
# Connection read size (processing large responses in parts to avoid MemoryError crashes - e.g. large table dump in full UNION injections)

767
MAX_CONNECTION_READ_SIZE = 10 * 1024 * 1024

768


769
# Maximum response total page size (trimmed if larger)

770
MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024

771


772
# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)

773
MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024

774


775
# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), identYwaf, htmlParser, etc.)

776
HEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024

777


778
# Maximum (multi-threaded) length of entry in bisection algorithm

779
MAX_BISECTION_LENGTH = 50 * 1024 * 1024

780


781
# Mark used for trimming unnecessary content in large connection reads

782
LARGE_READ_TRIM_MARKER = "__TRIMMED_CONTENT__"

783


784
# Generic SQL comment formation

785
GENERIC_SQL_COMMENT = "-- [RANDSTR]"

786


787
# Threshold value for turning back on time auto-adjustment mechanism

788
VALID_TIME_CHARS_RUN_THRESHOLD = 100

789


790
# Check for empty columns only if table is sufficiently large

791
CHECK_ZERO_COLUMNS_THRESHOLD = 10

792


793
# Boldify all logger messages containing these "patterns"

794
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ")

795


796
# TLDs used in randomization of email-alike parameter values

797
RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "uk", "br", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe", "au")

798


799
# Generic www root directory names

800
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "public_html", "wwwroot", "www", "site")

801


802
# Maximum length of a help part containing switch/option name(s)

803
MAX_HELP_OPTION_LENGTH = 18

804


805
# Maximum number of connection retries (to prevent problems with recursion)

806
MAX_CONNECT_RETRIES = 100

807


808
# Strings for detecting formatting errors

809
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "Attribute validation error for tag", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException", "Arguments are of the wrong type", "Invalid conversion")

810


811
# Regular expression used for extracting ASP.NET view state values

812
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

813


814
# Regular expression used for extracting ASP.NET event validation values

815
EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<result>[^"]+)'

816


817
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)

818
LIMITED_ROWS_TEST_NUMBER = 15

819


820
# Default adapter to use for bottle server

821
RESTAPI_DEFAULT_ADAPTER = "wsgiref"

822


823
# Default REST-JSON API server listen address

824
RESTAPI_DEFAULT_ADDRESS = "127.0.0.1"

825


826
# Default REST-JSON API server listen port

827
RESTAPI_DEFAULT_PORT = 8775

828


829
# Unsupported options by REST-JSON API server

830
RESTAPI_UNSUPPORTED_OPTIONS = ("sqlShell", "wizard")

831


832
# Use "Supplementary Private Use Area-A"

833
INVALID_UNICODE_PRIVATE_AREA = False

834


835
# Format used for representing invalid unicode characters

836
INVALID_UNICODE_CHAR_FORMAT = r"\x%02x"

837


838
# Minimum supported version of httpx library (for --http2)

839
MIN_HTTPX_VERSION = "0.28"

840


841
# Regular expression for XML POST data

842
XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z"

843


844
# Regular expression used for detecting JSON POST data

845
JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]*"|\d+|true|false|null|\[).*\}\s*(\]\s*)*\Z'

846


847
# Regular expression used for detecting JSON-like POST data

848
JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*('[^']+'|\"[^\"]+\"|\w+)\s*:\s*('[^']+'|\"[^\"]+\"|\d+).*\}\s*(\]\s*)*\Z"

849


850
# Regular expression used for detecting multipart POST data

851
MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="

852


853
# Regular expression used for detecting Array-like POST data

854
ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\d*\]=.+%s\2\[\d*\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)

855


856
# Default POST data content-type

857
DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8"

858


859
# Raw text POST data content-type

860
PLAIN_TEXT_CONTENT_TYPE = "text/plain; charset=utf-8"

861


862
# Length used while checking for existence of Suhosin-patch (like) protection mechanism

863
SUHOSIN_MAX_VALUE_LENGTH = 512

864


865
# Minimum size of an (binary) entry before it can be considered for dumping to disk

866
MIN_BINARY_DISK_DUMP_SIZE = 100

867


868
# Filenames of payloads xml files (in order of loading)

869
PAYLOAD_XML_FILES = ("boolean_blind.xml", "error_based.xml", "inline_query.xml", "stacked_queries.xml", "time_blind.xml", "union_query.xml")

870


871
# Regular expression used for extracting form tags

872
FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"

873


874
# Maximum number of lines to save in history file

875
MAX_HISTORY_LENGTH = 1000

876


877
# Minimum field entry length needed for encoded content (hex, base64,...) check

878
MIN_ENCODED_LEN_CHECK = 5

879


880
# Timeout in seconds in which Metasploit remote session has to be initialized

881
METASPLOIT_SESSION_TIMEOUT = 120

882


883
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html

884
LOBLKSIZE = 2048

885


886
# Prefix used to mark special variables (e.g. keywords, having special chars, etc.)

887
EVALCODE_ENCODED_PREFIX = "EVAL_"

888


889
# Reference: https://en.wikipedia.org/wiki/Zip_(file_format)

890
ZIP_HEADER = b"\x50\x4b\x03\x04"

891


892
# Reference: http://www.cookiecentral.com/faq/#3.5

893
NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."

894


895
# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens

896
CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token", "nonce")

897


898
# Prefixes used in brute force search for web server document root

899
BRUTE_DOC_ROOT_PREFIXES = {

900
    OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),

901
    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")

902
}

903


904
# Suffixes used in brute force search for web server document root

905
BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")

906


907
# String used for marking target name inside used brute force web server document root

908
BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%"

909


910
# Character used as a boundary in kb.chars (preferably less frequent letter)

911
KB_CHARS_BOUNDARY_CHAR = 'q'

912


913
# Letters of lower frequency used in kb.chars

914
KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp"

915


916
# Printable bytes

917
PRINTABLE_BYTES = set(bytes(string.printable, "ascii") if six.PY3 else string.printable)

918


919
# SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk)

920
HTTP_CHUNKED_SPLIT_KEYWORDS = ("SELECT", "UPDATE", "INSERT", "FROM", "LOAD_FILE", "UNION", "information_schema", "sysdatabases", "msysaccessobjects", "msysqueries", "sysmodules")

921


922
# CSS style used in HTML dump format

923
HTML_DUMP_CSS_STYLE = """<style>

924
table{

925
    margin:10;

926
    background-color:#FFFFFF;

927
    font-family:verdana;

928
    font-size:12px;

929
    align:center;

930
}

931
thead{

932
    font-weight:bold;

933
    background-color:#4F81BD;

934
    color:#FFFFFF;

935
}

936
tr:nth-child(even) {

937
    background-color: #D3DFEE

938
}

939
td{

940
    font-size:12px;

941
}

942
th{

943
    font-size:12px;

944
}

945
</style>"""

946


947
# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)

948
for key, value in os.environ.items():

949
    if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):

950
        _ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()

951
        if _ in globals():

952
            original = globals()[_]

953
            if isinstance(original, int):

954
                try:

955
                    globals()[_] = int(value)

956
                except ValueError:

957
                    pass

958
            elif isinstance(original, bool):

959
                globals()[_] = value.lower() in ('1', 'true')

960
            elif isinstance(original, (list, tuple)):

961
                globals()[_] = [__.strip() for __ in _.split(',')]

962
            else:

963
                globals()[_] = value

964


965