Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/lib/core/settings.py
3553 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import codecs

9
import os

10
import platform

11
import random

12
import re

13
import string

14
import sys

15
import time

16


17
from lib.core.enums import DBMS

18
from lib.core.enums import DBMS_DIRECTORY_NAME

19
from lib.core.enums import OS

20
from thirdparty import six

21


22
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)

23
VERSION = "1.10.2.14"

24
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"

25
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}

26
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

27
DESCRIPTION = "automatic SQL injection and database takeover tool"

28
SITE = "https://sqlmap.org"

29
DEFAULT_USER_AGENT = "%s (%s)" % (VERSION_STRING, SITE)

30
DEV_EMAIL_ADDRESS = "[email protected]"

31
ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"

32
GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git"

33
GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"

34
WIKI_PAGE = "https://github.com/sqlmapproject/sqlmap/wiki/"

35
ZIPBALL_PAGE = "https://github.com/sqlmapproject/sqlmap/zipball/master"

36


37
# colorful banner

38
BANNER = """\033[01;33m\

39
        ___

40
       __H__

41
 ___ ___[.]_____ ___ ___  \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m

42
|_ -| . [.]     | .'| . |

43
|___|_  [.]_|_|_|__,|  _|

44
      |_|V...       |_|   \033[0m\033[4;37m%s\033[0m\n

45
""" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split('/')[-1], SITE)

46


47
# Minimum distance of ratio from kb.matchRatio to result in True

48
DIFF_TOLERANCE = 0.05

49
CONSTANT_RATIO = 0.9

50


51
# Ratio used in heuristic check for WAF/IPS protected targets

52
IPS_WAF_CHECK_RATIO = 0.5

53


54
# Timeout used in heuristic check for WAF/IPS protected targets

55
IPS_WAF_CHECK_TIMEOUT = 10

56


57
# Timeout used in checking for existence of live-cookies file

58
LIVE_COOKIES_TIMEOUT = 120

59


60
# Lower and upper values for match ratio in case of stable page

61
LOWER_RATIO_BOUND = 0.02

62
UPPER_RATIO_BOUND = 0.98

63


64
# For filling in case of dumb push updates

65
DUMMY_JUNK = "theim1Ga"

66


67
# Markers for special cases when parameter values contain html encoded characters

68
PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"

69
PARAMETER_SEMICOLON_MARKER = "__PARAMETER_SEMICOLON__"

70
BOUNDARY_BACKSLASH_MARKER = "__BOUNDARY_BACKSLASH__"

71
PARAMETER_PERCENTAGE_MARKER = "__PARAMETER_PERCENTAGE__"

72
PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"

73
PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"

74
URI_QUESTION_MARKER = "__URI_QUESTION__"

75
ASTERISK_MARKER = "__ASTERISK__"

76
REPLACEMENT_MARKER = "__REPLACEMENT__"

77
BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__"

78
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__"

79
SAFE_VARIABLE_MARKER = "__SAFE_VARIABLE__"

80
SAFE_HEX_MARKER = "__SAFE_HEX__"

81
DOLLAR_MARKER = "__DOLLAR__"

82


83
RANDOM_INTEGER_MARKER = "[RANDINT]"

84
RANDOM_STRING_MARKER = "[RANDSTR]"

85
SLEEP_TIME_MARKER = "[SLEEPTIME]"

86
INFERENCE_MARKER = "[INFERENCE]"

87
SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]"

88
GENERIC_SQL_COMMENT_MARKER = "[GENERIC_SQL_COMMENT]"

89


90
PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"

91
CHAR_INFERENCE_MARK = "%c"

92
PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]"

93


94
# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)

95
SELECT_FROM_TABLE_REGEX = r"\bSELECT\b.+?\bFROM\s+(?P<result>([\w.]|`[^`<>]+`)+)"

96


97
# Regular expression used for recognition of textual content-type

98
TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"

99


100
# Regular expression used for recognition of generic permission messages

101
PERMISSION_DENIED_REGEX = r"\b(?P<result>(command|permission|access|user)\s*(was|is|has been)?\s*(denied|forbidden|unauthorized|rejected|not allowed))"

102


103
# Regular expression used in recognition of generic protection mechanisms

104
GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b"

105


106
# Regular expression used to detect errors in fuzz(y) UNION test

107
FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|mismatch|comparable|compatible|conversion|convert|failed|error|unexpected"

108


109
# Upper threshold for starting the fuzz(y) UNION test

110
FUZZ_UNION_MAX_COLUMNS = 10

111


112
# Regular expression used for recognition of generic maximum connection messages

113
MAX_CONNECTIONS_REGEX = r"\bmax.{1,100}\bconnection"

114


115
# Maximum consecutive connection errors before asking the user if he wants to continue

116
MAX_CONSECUTIVE_CONNECTION_ERRORS = 15

117


118
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)

119
PRECONNECT_CANDIDATE_TIMEOUT = 10

120


121
# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support)

122
PRECONNECT_INCOMPATIBLE_SERVERS = ("SimpleHTTP", "BaseHTTP")

123


124
# Identify WAF/IPS inside limited number of responses (Note: for optimization purposes)

125
IDENTYWAF_PARSE_COUNT_LIMIT = 10

126


127
# Identify WAF/IPS inside limited size of responses

128
IDENTYWAF_PARSE_PAGE_LIMIT = 4 * 1024

129


130
# Maximum sleep time in "Murphy" (testing) mode

131
MAX_MURPHY_SLEEP_TIME = 3

132


133
# Regular expression used for extracting results from Google search

134
GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"

135


136
# Google Search consent cookie

137
GOOGLE_CONSENT_COOKIE = "CONSENT=YES+shp.gws-%s-0-RC1.%s+FX+740" % (time.strftime("%Y%m%d"), "".join(random.sample(string.ascii_lowercase, 2)))

138


139
# Regular expression used for extracting results from DuckDuckGo search

140
DUCKDUCKGO_REGEX = r'<a class="result__url" href="(htt[^"]+)'

141


142
# Regular expression used for extracting results from Bing search

143
BING_REGEX = r'<h2><a href="([^"]+)" h='

144


145
# Dummy user agent for search (if default one returns different results)

146
DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64; rv:141.0) Gecko/20100101 Firefox/141.0"

147


148
# Regular expression used for extracting content from "textual" tags

149
TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h[1-6]|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"

150


151
# Regular expression used for recognition of IP addresses

152
IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"

153


154
# Regular expression used for recognition of generic "your ip has been blocked" messages

155
BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block\s?list|firewall)"

156


157
# Dumping characters used in GROUP_CONCAT MySQL technique

158
CONCAT_ROW_DELIMITER = ','

159
CONCAT_VALUE_DELIMITER = '|'

160


161
# Coefficient used for a time-based query delay checking (must be >= 7)

162
TIME_STDEV_COEFF = 7

163


164
# Minimum response time that can be even considered as delayed (not a complete requirement)

165
MIN_VALID_DELAYED_RESPONSE = 0.5

166


167
# Standard deviation after which a warning message should be displayed about connection lags

168
WARN_TIME_STDEV = 0.5

169


170
# Minimum length of usable union injected response (quick defense against substr fields)

171
UNION_MIN_RESPONSE_CHARS = 10

172


173
# Coefficient used for a union-based number of columns checking (must be >= 7)

174
UNION_STDEV_COEFF = 7

175


176
# Length of queue for candidates for time delay adjustment

177
TIME_DELAY_CANDIDATES = 3

178


179
# Default value for HTTP Accept header

180
HTTP_ACCEPT_HEADER_VALUE = "*/*"

181


182
# Default value for HTTP Accept-Encoding header

183
HTTP_ACCEPT_ENCODING_HEADER_VALUE = "gzip,deflate"

184


185
# Default timeout for running commands over backdoor

186
BACKDOOR_RUN_CMD_TIMEOUT = 5

187


188
# Number of seconds to wait for thread finalization at program end

189
THREAD_FINALIZATION_TIMEOUT = 1

190


191
# Maximum number of techniques used in inject.py/getValue() per one value

192
MAX_TECHNIQUES_PER_VALUE = 2

193


194
# In case of missing piece of partial union dump, buffered array must be flushed after certain size

195
MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024

196


197
# Maximum size of cache used in @cachedmethod decorator

198
MAX_CACHE_ITEMS = 1024

199


200
# Suffix used for naming meta databases in DBMS(es) without explicit database name

201
METADB_SUFFIX = "_masterdb"

202


203
# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)

204
PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3

205


206
# Minimum time response set needed for time-comparison based on standard deviation

207
MIN_TIME_RESPONSES = 30

208


209
# Maximum time response set used during time-comparison based on standard deviation

210
MAX_TIME_RESPONSES = 200

211


212
# Minimum comparison ratio set needed for searching valid union column number based on standard deviation

213
MIN_UNION_RESPONSES = 5

214


215
# After these number of blanks at the end inference should stop (just in case)

216
INFERENCE_BLANK_BREAK = 5

217


218
# Use this replacement character for cases when inference is not able to retrieve the proper character value

219
INFERENCE_UNKNOWN_CHAR = '?'

220


221
# Character used for operation "greater" in inference

222
INFERENCE_GREATER_CHAR = ">"

223


224
# Character used for operation "greater or equal" in inference

225
INFERENCE_GREATER_EQUALS_CHAR = ">="

226


227
# Character used for operation "equals" in inference

228
INFERENCE_EQUALS_CHAR = "="

229


230
# Character used for operation "not-equals" in inference

231
INFERENCE_NOT_EQUALS_CHAR = "!="

232


233
# String used for representation of unknown DBMS

234
UNKNOWN_DBMS = "Unknown"

235


236
# String used for representation of unknown DBMS version

237
UNKNOWN_DBMS_VERSION = "Unknown"

238


239
# Dynamicity boundary length used in dynamicity removal engine

240
DYNAMICITY_BOUNDARY_LENGTH = 20

241


242
# Dummy user prefix used in dictionary attack

243
DUMMY_USER_PREFIX = "__dummy__"

244


245
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1

246
DEFAULT_PAGE_ENCODING = "iso-8859-1"

247


248
try:

249
    codecs.lookup(DEFAULT_PAGE_ENCODING)

250
except LookupError:

251
    DEFAULT_PAGE_ENCODING = "utf8"

252


253
# Marker for program piped input

254
STDIN_PIPE_DASH = '-'

255


256
# URL used in dummy runs

257
DUMMY_URL = "http://foo/bar?id=1"

258


259
# Timeout used during initial websocket (pull) testing

260
WEBSOCKET_INITIAL_TIMEOUT = 3

261


262
# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'

263
PLATFORM = os.name

264
PYVERSION = sys.version.split()[0]

265
IS_WIN = PLATFORM == "nt"

266
IS_PYPY = platform.python_implementation() == "PyPy"

267


268
# Check if running in terminal

269
IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno())

270


271
# DBMS system databases

272
MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB", "distribution", "mssqlsystemresource")

273
MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys", "ndbinfo")

274
PGSQL_SYSTEM_DBS = ("postgres", "template0", "template1", "information_schema", "pg_catalog", "pg_toast", "pgagent")

275
ORACLE_SYSTEM_DBS = ("ADAMS", "ANONYMOUS", "APEX_030200", "APEX_PUBLIC_USER", "APPQOSSYS", "AURORA$ORB$UNAUTHENTICATED", "AWR_STAGE", "BI", "BLAKE", "CLARK", "CSMIG", "CTXSYS", "DBSNMP", "DEMO", "DIP", "DMSYS", "DSSYS", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "HR", "IX", "JONES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OC", "OE", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "PAPER", "PERFSTAT", "PM", "SCOTT", "SH", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "TRACESVR", "TSMSYS", "WK_TEST", "WKPROXY", "WKSYS", "WMSYS", "XDB", "XS$NULL")

276
SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")

277
ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2", "MSysNavPaneGroupCategories", "MSysNavPaneGroups", "MSysNavPaneGroupToObjects", "MSysNavPaneObjectIDs")

278
FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")

279
MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")

280
SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs", "tempdb")

281
DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS", "SYSDEBUG", "SYSINST")

282
HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")

283
H2_SYSTEM_DBS = ("INFORMATION_SCHEMA",) + ("IGNITE", "ignite-sys-cache")

284
INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")

285
MONETDB_SYSTEM_DBS = ("tmp", "json", "profiler")

286
DERBY_SYSTEM_DBS = ("NULLID", "SQLJ", "SYS", "SYSCAT", "SYSCS_DIAG", "SYSCS_UTIL", "SYSFUN", "SYSIBM", "SYSPROC", "SYSSTAT")

287
VERTICA_SYSTEM_DBS = ("v_catalog", "v_internal", "v_monitor",)

288
MCKOI_SYSTEM_DBS = ("",)

289
PRESTO_SYSTEM_DBS = ("information_schema",)

290
ALTIBASE_SYSTEM_DBS = ("SYSTEM_",)

291
MIMERSQL_SYSTEM_DBS = ("information_schema", "SYSTEM",)

292
CRATEDB_SYSTEM_DBS = ("information_schema", "pg_catalog", "sys")

293
CLICKHOUSE_SYSTEM_DBS = ("information_schema", "INFORMATION_SCHEMA", "system")

294
CUBRID_SYSTEM_DBS = ("DBA",)

295
CACHE_SYSTEM_DBS = ("%Dictionary", "INFORMATION_SCHEMA", "%SYS")

296
EXTREMEDB_SYSTEM_DBS = ("",)

297
FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA")

298
RAIMA_SYSTEM_DBS = ("",)

299
VIRTUOSO_SYSTEM_DBS = ("",)

300
SNOWFLAKE_SYSTEM_DBS = ("INFORMATION_SCHEMA",)

301


302
# Note: (<regular>) + (<forks>)

303
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")

304
MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle", "doris", "starrocks")

305
PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss")

306
ORACLE_ALIASES = ("oracle", "orcl", "ora", "or", "dm8")

307
SQLITE_ALIASES = ("sqlite", "sqlite3")

308
ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet")

309
FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb")

310
MAXDB_ALIASES = ("max", "maxdb", "sap maxdb", "sap db")

311
SYBASE_ALIASES = ("sybase", "sybase sql server")

312
DB2_ALIASES = ("db2", "ibm db2", "ibmdb2")

313
HSQLDB_ALIASES = ("hsql", "hsqldb", "hs", "hypersql")

314
H2_ALIASES = ("h2",) + ("ignite", "apache ignite")

315
INFORMIX_ALIASES = ("informix", "ibm informix", "ibminformix")

316
MONETDB_ALIASES = ("monet", "monetdb",)

317
DERBY_ALIASES = ("derby", "apache derby",)

318
VERTICA_ALIASES = ("vertica",)

319
MCKOI_ALIASES = ("mckoi",)

320
PRESTO_ALIASES = ("presto",)

321
ALTIBASE_ALIASES = ("altibase",)

322
MIMERSQL_ALIASES = ("mimersql", "mimer")

323
CRATEDB_ALIASES = ("cratedb", "crate")

324
CUBRID_ALIASES = ("cubrid",)

325
CLICKHOUSE_ALIASES = ("clickhouse",)

326
CACHE_ALIASES = ("intersystems cache", "cachedb", "cache", "iris")

327
EXTREMEDB_ALIASES = ("extremedb", "extreme")

328
FRONTBASE_ALIASES = ("frontbase",)

329
RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis")

330
VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso")

331
SNOWFLAKE_ALIASES = ("snowflake",)

332


333
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))

334


335
SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES + SNOWFLAKE_ALIASES)

336
SUPPORTED_OS = ("linux", "windows")

337


338
DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES), (DBMS.SNOWFLAKE, SNOWFLAKE_ALIASES))

339


340
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")

341
REFERER_ALIASES = ("ref", "referer", "referrer")

342
HOST_ALIASES = ("host",)

343


344
# DBMSes with upper case identifiers

345
UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE, DBMS.SNOWFLAKE))

346


347
# Default schemas to use (when unable to enumerate)

348
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"

349
VERTICA_DEFAULT_SCHEMA = "public"

350
MCKOI_DEFAULT_SCHEMA = "APP"

351
CACHE_DEFAULT_SCHEMA = "SQLUser"

352


353
# DBMSes where OFFSET mechanism starts from 1

354
PLUS_ONE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.ALTIBASE, DBMS.MSSQL, DBMS.CACHE))

355


356
# Names that can't be used to name files on Windows OS

357
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

358


359
# Items displayed in basic help (-h) output

360
BASIC_HELP_ITEMS = (

361
    "url",

362
    "googleDork",

363
    "data",

364
    "cookie",

365
    "randomAgent",

366
    "proxy",

367
    "testParameter",

368
    "dbms",

369
    "level",

370
    "risk",

371
    "technique",

372
    "getAll",

373
    "getBanner",

374
    "getCurrentUser",

375
    "getCurrentDb",

376
    "getPasswordHashes",

377
    "getDbs",

378
    "getTables",

379
    "getColumns",

380
    "getSchema",

381
    "dumpTable",

382
    "dumpAll",

383
    "db",

384
    "tbl",

385
    "col",

386
    "osShell",

387
    "osPwn",

388
    "batch",

389
    "checkTor",

390
    "flushSession",

391
    "tor",

392
    "sqlmapShell",

393
    "wizard",

394
)

395


396
# Tags used for value replacements inside shell scripts

397
SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%"

398
SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%"

399


400
# String representation for NULL value

401
NULL = "NULL"

402


403
# String representation for blank ('') value

404
BLANK = "<blank>"

405


406
# String representation for current database

407
CURRENT_DB = "CD"

408


409
# String representation for current user

410
CURRENT_USER = "CU"

411


412
# Name of SQLite file used for storing session data

413
SESSION_SQLITE_FILE = "session.sqlite"

414


415
# Regular expressions used for finding file paths in error messages

416
FILE_PATH_REGEXES = (r"<b>(?P<result>[^<>]+?)</b> on line \d+", r"\bin (?P<result>[^<>'\"]+?)['\"]? on line \d+", r"(?:[>(\[\s])(?P<result>[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P<result>/\w[/\w.~-]+)", r"\bhref=['\"]file://(?P<result>/[^'\"]+)", r"\bin <b>(?P<result>[^<]+): line \d+")

417


418
# Regular expressions used for parsing error messages (--parse-errors)

419
ERROR_PARSING_REGEXES = (

420
    r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P<result>[^<]+)",

421
    r"<b>[^<]{0,100}(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>[^<]+)",

422
    r"(?m)^\s{0,100}(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",

423
    r"(sql|dbc)[^>'\"]{0,32}(fatal|error|warning|exception)(</b>)?:\s*(?P<result>[^<>]+)",

424
    r"(?P<result>[^\n>]{0,100}SQL Syntax[^\n<]+)",

425
    r"(?s)<li>Error Type:<br>(?P<result>.+?)</li>",

426
    r"CDbCommand (?P<result>[^<>\n]*SQL[^<>\n]+)",

427
    r"Code: \d+. DB::Exception: (?P<result>[^<>\n]*)",

428
    r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",

429
    r"\[[^\n\]]{1,100}(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P<result>[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)",

430
    r"(?P<result>query error: SELECT[^<>]+)"

431
)

432


433
# Regular expression used for parsing charset info from meta html headers

434
META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</head>'

435


436
# Regular expression used for parsing refresh info from meta html headers

437
META_REFRESH_REGEX = r'(?i)<meta http-equiv="?refresh"?[^>]+content="?[^">]+;\s*(url=)?["\']?(?P<result>[^\'">]+)'

438


439
# Regular expression used for parsing Javascript redirect request

440
JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=\s*["\'](?P<result>[^"\']+)'

441


442
# Regular expression used for parsing empty fields in tested form data

443
EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'

444


445
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf

446
COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18")

447


448
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html

449
COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@")

450


451
# Splitter used between requests in WebScarab log files

452
WEBSCARAB_SPLITTER = "### Conversation"

453


454
# Splitter used between requests in BURP log files

455
BURP_REQUEST_REGEX = r"={10,}\s+([A-Z]{3,} .+?)\s+(={10,}|\Z)"

456


457
# Regex used for parsing XML Burp saved history items

458
BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.*?<request base64="true"><!\[CDATA\[([^]]+)'

459


460
# Encoding used for Unicode data

461
UNICODE_ENCODING = "utf8"

462


463
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri

464
URI_HTTP_HEADER = "URI"

465


466
# Uri format which could be injectable (e.g. www.site.com/id82)

467
URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"

468


469
# Regex used for masking sensitive data

470
SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*\b%s\b[^\s]*)\s"

471


472
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)

473
SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred", "sqlQuery", "requestFile", "csrfToken", "csrfData", "csrfUrl", "testParameter")

474


475
# Maximum number of threads (avoiding connection issues and/or DoS)

476
MAX_NUMBER_OF_THREADS = 10

477


478
# Minimum range between minimum and maximum of statistical set

479
MIN_STATISTICAL_RANGE = 0.01

480


481
# Minimum value for comparison ratio

482
MIN_RATIO = 0.0

483


484
# Maximum value for comparison ratio

485
MAX_RATIO = 1.0

486


487
# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)

488
CANDIDATE_SENTENCE_MIN_LENGTH = 10

489


490
# Character used for marking injectable position inside provided data

491
CUSTOM_INJECTION_MARK_CHAR = '*'

492


493
# Wildcard value that can be used in option --ignore-code

494
IGNORE_CODE_WILDCARD = '*'

495


496
# Other way to declare injection position

497
INJECT_HERE_REGEX = r"(?i)%INJECT[_ ]?HERE%"

498


499
# Minimum chunk length used for retrieving data over error based payloads

500
MIN_ERROR_CHUNK_LENGTH = 8

501


502
# Maximum chunk length used for retrieving data over error based payloads

503
MAX_ERROR_CHUNK_LENGTH = 1024

504


505
# Do not escape the injected statement if it contains any of the following SQL keywords

506
EXCLUDE_UNESCAPE = ("WAITFOR DELAY '", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)

507


508
# Mark used for replacement of reflected values

509
REFLECTED_VALUE_MARKER = "__REFLECTED_VALUE__"

510


511
# Regular expression used for replacing border non-alphanum characters

512
REFLECTED_BORDER_REGEX = r"[^A-Za-z]+"

513


514
# Regular expression used for replacing non-alphanum characters

515
REFLECTED_REPLACEMENT_REGEX = r"[^\n]{1,168}"

516


517
# Maximum time (in seconds) spent per reflective value(s) replacement

518
REFLECTED_REPLACEMENT_TIMEOUT = 3

519


520
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)

521
REFLECTED_MAX_REGEX_PARTS = 10

522


523
# Chars which can be used as a failsafe values in case of too long URL encoding value

524
URLENCODE_FAILSAFE_CHARS = "()|,"

525


526
# Factor used for yuge page multiplication

527
YUGE_FACTOR = 1000

528


529
# Maximum length of URL encoded value after which failsafe procedure takes away

530
URLENCODE_CHAR_LIMIT = 2000

531


532
# Default schema for Microsoft SQL Server DBMS

533
DEFAULT_MSSQL_SCHEMA = "dbo"

534


535
# Display hash attack info every mod number of items

536
HASH_MOD_ITEM_DISPLAY = 11

537


538
# Display marker for (cracked) empty password

539
HASH_EMPTY_PASSWORD_MARKER = "<empty>"

540


541
# Maximum integer value

542
MAX_INT = sys.maxsize

543


544
# Replacement for unsafe characters in dump table filenames

545
UNSAFE_DUMP_FILEPATH_REPLACEMENT = '_'

546


547
# Options that need to be restored in multiple targets run mode

548
RESTORE_MERGED_OPTIONS = ("col", "db", "dbms", "os", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")

549


550
# Parameters to be ignored in detection phase (upper case)

551
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")

552


553
# Regular expression used for recognition of ASP.NET control parameters

554
ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"

555


556
# Regex for Google analytics cookie names

557
GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(_ga|_gid|_gat|_gcl_au|__utm[abcz])"

558


559
# Prefix for configuration overriding environment variables

560
SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"

561


562
# General OS environment variables that can be used for setting proxy address

563
PROXY_ENVIRONMENT_VARIABLES = ("all_proxy", "ALL_PROXY", "http_proxy", "HTTP_PROXY", "https_proxy", "HTTPS_PROXY")

564


565
# Turn off resume console info to avoid potential slowdowns

566
TURN_OFF_RESUME_INFO_LIMIT = 20

567


568
# Strftime format for results file used in multiple target mode

569
RESULTS_FILE_FORMAT = "results-%m%d%Y_%I%M%p.csv"

570


571
# Official web page with the list of Python supported codecs

572
CODECS_LIST_PAGE = "http://docs.python.org/library/codecs.html#standard-encodings"

573


574
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)

575
SQL_SCALAR_REGEX = r"\A(SELECT(?!\s+DISTINCT\(?))?\s*\w*\("

576


577
# Option/switch values to ignore during configuration save

578
IGNORE_SAVE_OPTIONS = ("saveConfig",)

579


580
# IP address of the localhost

581
LOCALHOST = "127.0.0.1"

582


583
# Default SOCKS ports used by Tor

584
DEFAULT_TOR_SOCKS_PORTS = (9050, 9150)

585


586
# Default HTTP ports used by Tor

587
DEFAULT_TOR_HTTP_PORTS = (8123, 8118)

588


589
# Percentage below which comparison engine could have problems

590
LOW_TEXT_PERCENT = 20

591


592
# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases

593
VERSION_COMPARISON_CORRECTION = 0.0001

594


595
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)

596
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html

597
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")

598


599
# Keywords expected to be in UPPERCASE in getValue()

600
GET_VALUE_UPPERCASE_KEYWORDS = ("SELECT", "FROM", "WHERE", "DISTINCT", "COUNT")

601


602
LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

603


604
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)

605
REFLECTIVE_MISS_THRESHOLD = 20

606


607
# Regular expression used for extracting HTML title

608
HTML_TITLE_REGEX = r"(?i)<title>(?P<result>[^<]+)</title>"

609


610
# Table used for Base64 conversion in WordPress hash cracking routine

611
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

612


613
# Options/switches to be ignored in command-line parsing (e.g. those passed from Firefox)

614
IGNORED_OPTIONS = ("--compressed",)

615


616
# Chars used to quickly distinguish if the user provided tainted parameter values

617
DUMMY_SQL_INJECTION_CHARS = ";()'"

618


619
# Simple check against dummy users

620
DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\(RAND)\b"

621


622
# Extensions skipped by crawler

623
CRAWL_EXCLUDE_EXTENSIONS = frozenset(("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "accdb", "access", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bin", "bk", "bkp", "bmp", "btif", "bz2", "c", "cab", "caf", "cfg", "cgm", "cmx", "com", "conf", "config", "cpio", "cpp", "cr2", "cue", "dat", "db", "dbf", "deb", "debug", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "dylib", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "elf", "env", "eol", "eot", "epub", "error", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "go", "gz", "h", "h261", "h263", "h264", "ico", "ief", "img", "ini", "ipa", "iso", "jar", "java", "jpeg", "jpg", "jpgv", "jpm", "js", "jxr", "ktx", "lock", "log", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdb", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "msi", "mxu", "nef", "npx", "nrg", "o", "oga", "ogg", "ogv", "old", "otf", "ova", "ovf", "pbm", "pcx", "pdf", "pea", "pgm", "php", "pic", "pid", "pkg", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "py", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rb", "rgb", "rip", "rlc", "rs", "run", "rz", "s3m", "s7z", "scm", "scpt", "service", "sgi", "shar", "sil", "smv", "so", "sock", "socket", "sqlite", "sqlitedb", "sub", "svc", "swf", "swo", "swp", "sys", "tar", "tbz2", "temp", "tga", "tgz", "tif", "tiff", "tlz", "tmp", "toast", "torrent", "ts", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "vbox", "vdi", "vhd", "vhdx", "viv", "vmdk", "vmx", "vob", "vxd", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "yaml", "yml", "z", "zip", "zipx"))

624


625
# Patterns often seen in HTTP headers containing custom injection marking character '*'

626
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"

627


628
# Template used for common table existence check

629
BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"

630


631
# Template used for common column existence check

632
BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"

633


634
# Data inside shellcodeexec to be filled with random string

635
SHELLCODEEXEC_RANDOM_STRING_MARKER = b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

636


637
# Period after last-update to start nagging about the old revision

638
LAST_UPDATE_NAGGING_DAYS = 180

639


640
# Minimum non-writing chars (e.g. ['"-:/]) ratio in case of parsed error messages

641
MIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05

642


643
# Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)

644
CHECK_INTERNET_ADDRESS = "http://www.google.com/generate_204"

645


646
# HTTP code to look in response to CHECK_INTERNET_ADDRESS

647
CHECK_INTERNET_CODE = 204

648


649
# Payload used for checking of existence of WAF/IPS (dummier the better)

650
IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"

651


652
# Vectors used for provoking specific WAF/IPS behavior(s)

653
WAF_ATTACK_VECTORS = (

654
    "",  # NIL

655
    "search=<script>alert(1)</script>",

656
    "file=../../../../etc/passwd",

657
    "q=<invalid>foobar",

658
    "id=1 %s" % IPS_WAF_CHECK_PAYLOAD

659
)

660


661
# Used for status representation in dictionary attack phase

662
ROTATING_CHARS = ('\\', '|', '|', '/', '-')

663


664
# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)

665
BIGARRAY_CHUNK_SIZE = 32 * 1024 * 1024

666


667
# Compress level used for storing BigArray chunks to disk (0-9)

668
BIGARRAY_COMPRESS_LEVEL = 4

669


670
# Maximum number of socket pre-connects

671
SOCKET_PRE_CONNECT_QUEUE_SIZE = 3

672


673
# Only console display last n table rows

674
TRIM_STDOUT_DUMP_SIZE = 256

675


676
# Reference: http://stackoverflow.com/a/3168436

677
# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149

678
DUMP_FILE_BUFFER_SIZE = 1024

679


680
# Parse response headers only first couple of times

681
PARSE_HEADERS_LIMIT = 3

682


683
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections

684
ORDER_BY_STEP = 10

685


686
# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections

687
ORDER_BY_MAX = 1000

688


689
# Maximum number of times for revalidation of a character in inference (as required)

690
MAX_REVALIDATION_STEPS = 5

691


692
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)

693
PARAMETER_SPLITTING_REGEX = r"[,|;]"

694


695
# Attribute used for storing original parameter value in special cases (e.g. POST)

696
UNENCODED_ORIGINAL_VALUE = "original"

697


698
# Common column names containing usernames (used for hash cracking in some cases)

699
COMMON_USER_COLUMNS = frozenset(("login", "user", "uname", "username", "user_name", "user_login", "account", "account_name", "auth_user", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser"))

700


701
# Default delimiter in GET/POST values

702
DEFAULT_GET_POST_DELIMITER = '&'

703


704
# Default delimiter in cookie values

705
DEFAULT_COOKIE_DELIMITER = ';'

706


707
# Unix timestamp used for forcing cookie expiration when provided with --load-cookies

708
FORCE_COOKIE_EXPIRATION_TIME = "9999999999"

709


710
# Github OAuth token used for creating an automatic Issue for unhandled exceptions

711
GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe"

712


713
# Flush HashDB threshold number of cached items

714
HASHDB_FLUSH_THRESHOLD_ITEMS = 200

715


716
# Flush HashDB threshold "dirty" time

717
HASHDB_FLUSH_THRESHOLD_TIME = 5

718


719
# Number of retries for unsuccessful HashDB flush attempts

720
HASHDB_FLUSH_RETRIES = 3

721


722
# Number of retries for unsuccessful HashDB retrieve attempts

723
HASHDB_RETRIEVE_RETRIES = 3

724


725
# Number of retries for unsuccessful HashDB end transaction attempts

726
HASHDB_END_TRANSACTION_RETRIES = 3

727


728
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)

729
HASHDB_MILESTONE_VALUE = "GpqxbkWTfz"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'

730


731
# Pickle protocl used for storage of serialized data inside HashDB (https://docs.python.org/3/library/pickle.html#data-stream-format)

732
PICKLE_PROTOCOL = 2

733


734
# Warn user of possible delay due to large page dump in full UNION query injections

735
LARGE_OUTPUT_THRESHOLD = 1024 ** 2

736


737
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)

738
SLOW_ORDER_COUNT_THRESHOLD = 10000

739


740
# Give up on hash recognition if nothing was found in first given number of rows

741
HASH_RECOGNITION_QUIT_THRESHOLD = 1000

742


743
# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values

744
HASH_BINARY_COLUMNS_REGEX = r"(?i)pass|psw|hash"

745


746
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce

747
MAX_SINGLE_URL_REDIRECTIONS = 4

748


749
# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop

750
MAX_TOTAL_REDIRECTIONS = 10

751


752
# Maximum (deliberate) delay used in page stability check

753
MAX_STABILITY_DELAY = 0.5

754


755
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm

756
MAX_DNS_LABEL = 63

757


758
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)

759
DNS_BOUNDARIES_ALPHABET = re.sub(r"[a-fA-F]", "", string.ascii_letters)

760


761
# Alphabet used for heuristic checks

762
HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')

763


764
# Minor artistic touch

765
BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample(HEURISTIC_CHECK_ALPHABET, 1)[0], BANNER)

766


767
# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value

768
DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"

769


770
# Regular expression used for recognition of file inclusion errors

771
FI_ERROR_REGEX = r"(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"

772


773
# Length of prefix and suffix used in non-SQLI heuristic checks

774
NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6

775


776
# Connection read size (processing large responses in parts to avoid MemoryError crashes - e.g. large table dump in full UNION injections)

777
MAX_CONNECTION_READ_SIZE = 10 * 1024 * 1024

778


779
# Maximum response total page size (trimmed if larger)

780
MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024

781


782
# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)

783
MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024

784


785
# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), htmlParser, etc.)

786
HEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024

787


788
# Maximum (multi-threaded) length of entry in bisection algorithm

789
MAX_BISECTION_LENGTH = 50 * 1024 * 1024

790


791
# Mark used for trimming unnecessary content in large connection reads

792
LARGE_READ_TRIM_MARKER = "__TRIMMED_CONTENT__"

793


794
# Generic SQL comment formation

795
GENERIC_SQL_COMMENT = "-- [RANDSTR]"

796


797
# Threshold value for turning back on time auto-adjustment mechanism

798
VALID_TIME_CHARS_RUN_THRESHOLD = 100

799


800
# Check for empty columns only if table is sufficiently large

801
CHECK_ZERO_COLUMNS_THRESHOLD = 10

802


803
# Threshold for checking types of columns in case of SQLite dump format

804
CHECK_SQLITE_TYPE_THRESHOLD = 100

805


806
# Boldify all logger messages containing these "patterns"

807
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed", "counterpart to database")

808


809
# Regular expression used to search for bold-patterns

810
BOLD_PATTERNS_REGEX = '|'.join(BOLD_PATTERNS)

811


812
# TLDs used in randomization of email-alike parameter values

813
RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "uk", "br", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe", "au")

814


815
# Generic www root directory names

816
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "public_html", "wwwroot", "www", "site")

817


818
# Maximum length of a help part containing switch/option name(s)

819
MAX_HELP_OPTION_LENGTH = 18

820


821
# Maximum number of connection retries (to prevent problems with recursion)

822
MAX_CONNECT_RETRIES = 100

823


824
# Strings for detecting formatting errors

825
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "Attribute validation error for tag", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException", "Arguments are of the wrong type", "Invalid conversion")

826


827
# Regular expression used for extracting ASP.NET view state values

828
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

829


830
# Regular expression used for extracting ASP.NET event validation values

831
EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<result>[^"]+)'

832


833
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)

834
LIMITED_ROWS_TEST_NUMBER = 15

835


836
# Default adapter to use for bottle server

837
RESTAPI_DEFAULT_ADAPTER = "wsgiref"

838


839
# Default REST-JSON API server listen address

840
RESTAPI_DEFAULT_ADDRESS = "127.0.0.1"

841


842
# Default REST-JSON API server listen port

843
RESTAPI_DEFAULT_PORT = 8775

844


845
# Unsupported options by REST-JSON API server

846
RESTAPI_UNSUPPORTED_OPTIONS = ("sqlShell", "wizard")

847


848
# Use "Supplementary Private Use Area-A"

849
INVALID_UNICODE_PRIVATE_AREA = False

850


851
# Format used for representing invalid unicode characters

852
INVALID_UNICODE_CHAR_FORMAT = r"\x%02x"

853


854
# Minimum supported version of httpx library (for --http2)

855
MIN_HTTPX_VERSION = "0.28"

856


857
# Regular expression for XML POST data

858
XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z"

859


860
# Regular expression used for detecting JSON POST data

861
JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]*"|\d+|true|false|null|\[).*\}\s*(\]\s*)*\Z'

862


863
# Regular expression used for detecting JSON-like POST data

864
JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*('[^']+'|\"[^\"]+\"|\w+)\s*:\s*('[^']+'|\"[^\"]+\"|\d+).*\}\s*(\]\s*)*\Z"

865


866
# Regular expression used for detecting multipart POST data

867
MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="

868


869
# Regular expression used for detecting Array-like POST data

870
ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\d*\]=.+%s\2\[\d*\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)

871


872
# Default POST data content-type

873
DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8"

874


875
# Raw text POST data content-type

876
PLAIN_TEXT_CONTENT_TYPE = "text/plain; charset=utf-8"

877


878
# Length used while checking for existence of Suhosin-patch (like) protection mechanism

879
SUHOSIN_MAX_VALUE_LENGTH = 512

880


881
# Minimum size of an (binary) entry before it can be considered for dumping to disk

882
MIN_BINARY_DISK_DUMP_SIZE = 100

883


884
# Filenames of payloads xml files (in order of loading)

885
PAYLOAD_XML_FILES = ("boolean_blind.xml", "error_based.xml", "inline_query.xml", "stacked_queries.xml", "time_blind.xml", "union_query.xml")

886


887
# Regular expression used for extracting form tags

888
FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"

889


890
# Maximum number of lines to save in history file

891
MAX_HISTORY_LENGTH = 1000

892


893
# Minimum field entry length needed for encoded content (hex, base64,...) check

894
MIN_ENCODED_LEN_CHECK = 5

895


896
# Timeout in seconds in which Metasploit remote session has to be initialized

897
METASPLOIT_SESSION_TIMEOUT = 180

898


899
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html

900
LOBLKSIZE = 2048

901


902
# Prefix used to mark special variables (e.g. keywords, having special chars, etc.)

903
EVALCODE_ENCODED_PREFIX = "EVAL_"

904


905
# Reference: https://en.wikipedia.org/wiki/Zip_(file_format)

906
ZIP_HEADER = b"\x50\x4b\x03\x04"

907


908
# Reference: http://www.cookiecentral.com/faq/#3.5

909
NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."

910


911
# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens

912
CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token", "nonce")

913


914
# Prefixes used in brute force search for web server document root

915
BRUTE_DOC_ROOT_PREFIXES = {

916
    OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%", "/Library/WebServer/Documents", "/opt/homebrew/var/www"),

917
    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")

918
}

919


920
# Suffixes used in brute force search for web server document root

921
BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")

922


923
# String used for marking target name inside used brute force web server document root

924
BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%"

925


926
# Character used as a boundary in kb.chars (preferably less frequent letter)

927
KB_CHARS_BOUNDARY_CHAR = 'q'

928


929
# Letters of lower frequency used in kb.chars

930
KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp"

931


932
# Printable bytes

933
PRINTABLE_BYTES = set(bytes(string.printable, "ascii") if six.PY3 else string.printable)

934


935
# SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk)

936
HTTP_CHUNKED_SPLIT_KEYWORDS = ("SELECT", "UPDATE", "INSERT", "FROM", "LOAD_FILE", "UNION", "information_schema", "sysdatabases", "msysaccessobjects", "msysqueries", "sysmodules")

937


938
# CSS style used in HTML dump format

939
HTML_DUMP_CSS_STYLE = """<style>

940
table{

941
    margin:10;

942
    background-color:#FFFFFF;

943
    font-family:verdana;

944
    font-size:12px;

945
    align:center;

946
}

947
thead{

948
    font-weight:bold;

949
    background-color:#4F81BD;

950
    color:#FFFFFF;

951
}

952
tr:nth-child(even) {

953
    background-color: #D3DFEE

954
}

955
td{

956
    font-size:12px;

957
}

958
th{

959
    font-size:12px;

960
    cursor:pointer;

961
}

962
</style>"""

963


964
# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)

965
for key, value in os.environ.items():

966
    if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):

967
        _ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()

968
        if _ in globals():

969
            original = globals()[_]

970
            if isinstance(original, int):

971
                try:

972
                    globals()[_] = int(value)

973
                except ValueError:

974
                    pass

975
            elif isinstance(original, bool):

976
                globals()[_] = value.lower() in ('1', 'true')

977
            elif isinstance(original, (list, tuple)):

978
                globals()[_] = [__.strip() for __ in _.split(',')]

979
            else:

980
                globals()[_] = value

981


982