Adding support to sort HTML table dumps by columns

The thread-finalization loop used a reversed comparison, causing the
wait loop to be skipped immediately:

this change reverse the comparison so it will wait while there are
active threads and elapsed time is less than the configured
THREAD_FINALIZATION_TIMEOUT:

README.md

@@ -52,6 +52,8 @@ Links
 Translations
 ----
 
+* [Arabic](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ar-AR.md)
+* [Bengali](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bn-BD.md)
 * [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)

data/txt/common-outputs.txt

@@ -488,6 +488,44 @@ pma_relation
 pma_table_coords
 pma_table_info
 
+# Wordpress
+wp_users
+wp_posts
+wp_comments
+wp_options
+wp_postmeta
+wp_terms
+wp_term_taxonomy
+wp_term_relationships
+wp_links
+wp_commentmeta
+
+# WooCommerce
+wp_woocommerce_sessions
+wp_woocommerce_api_keys
+wp_woocommerce_attribute_taxonomies
+
+# Magento
+catalog_product_entity
+sales_order
+sales_order_item
+customer_entity
+quote
+
+# Drupal
+node
+users
+field_data_body
+field_revision_body
+taxonomy_term_data
+taxonomy_vocabulary
+
+# Joomla
+joomla_users
+joomla_content
+joomla_categories
+joomla_modules
+
 # PostgreSQL
 pg_aggregate
 pg_am
@@ -501,6 +539,8 @@ pg_cast
 pg_class
 pg_constraint
 pg_conversion
+pg_cron_job
+pg_cron_job_run_detail
 pg_database
 pg_depend
 pg_description
@@ -522,6 +562,7 @@ pg_rewrite
 pg_shdepend
 pg_shdescription
 pg_statistic
+pg_stat_statements
 pg_tablespace
 pg_trigger
 pg_ts_config
@@ -1194,3 +1235,21 @@ smallint
 text
 time
 timestamp
+
+# common columns
+created_at
+updated_at
+deleted_at
+created_on
+modified_on
+timestamp
+is_active
+is_deleted
+is_published
+status
+enabled
+user_id
+product_id
+category_id
+order_id
+customer_id

data/txt/sha256sums.txt

@@ -24,11 +24,11 @@ f2648a0cb4d5922d58b8aa6600f786b32324b9ac91e3a57e4ff212e901ffe151  data/shell/sta
 84b431647a2c13e72b2c9c9242a578349d1b8eef596166128e08f1056d7e4ac8  data/shell/stagers/stager.php_
 26e2a6d6154cbcef1410a6826169463129380f70a840f848dce4236b686efb23  data/txt/common-columns.txt
 22cda9937e1801f15370e7cb784797f06c9c86ad8a97db19e732ae76671c7f37  data/txt/common-files.txt
-a166b1958937364968a25e4bc64074c1ac12358443e58b1bf2ac3d8d88b48a30  data/txt/common-outputs.txt
+30b3eecf7beb4ebbfdb3aadbd7d7d2ad2a477f07753e5ed1de940693c8b145dc  data/txt/common-outputs.txt
 7953f5967da237115739ee0f0fe8b0ecec7cdac4830770acb8238e6570422a28  data/txt/common-tables.txt
 b023d7207e5e96a27696ec7ea1d32f9de59f1a269fde7672a8509cb3f0909cd3  data/txt/keywords.txt
 29a0a6a2c2d94e44899e867590bae865bdf97ba17484c649002d1d8faaf3e127  data/txt/smalldict.txt
-df66c8fdb08cc0eee63b86505bc5b05bc4cad5d0bef6553d5c20346e7202dc2b  data/txt/user-agents.txt
+aaf6be92d51eb502ba11136c7a010872b17c4df59007fc6de78ae665fe66ee5f  data/txt/user-agents.txt
 9c2d6a0e96176447ab8758f8de96e6a681aa0c074cd0eca497712246d8f410c6  data/txt/wordlist.tx_
 849c61612bd0d773971254df2cc76cc18b3d2db4051a8f508643278a166df44e  data/udf/mysql/linux/32/lib_mysqludf_sys.so_
 20b5a80b8044da1a0d5c5343c6cbc5b71947c5464e088af466a3fcd89c2881ef  data/udf/mysql/linux/64/lib_mysqludf_sys.so_
@@ -64,19 +64,19 @@ b427b65cc8b585cd02361f5155ffab2fe52fd5943100382c6b86cd0f52f352d9  data/udf/postg
 c444fd667a09927a22c92e855d206249e761c1fbd4f3630f7ee06265eb2576ee  data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
 c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e  data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
 0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241  data/udf/README.txt
-4e268596da67fb0b6a10a7cefb38af5de13f67dab760cc0505f8f80484a0fe79  data/xml/banner/generic.xml
+288592bbc7115870516865d5a92c2e1d1d54f11a26a86998f8829c13724e2551  data/xml/banner/generic.xml
 2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97  data/xml/banner/mssql.xml
 14b18da611d4bfad50341df89f893edf47cd09c41c9662e036e817055eaa0cfb  data/xml/banner/mysql.xml
 6d1ab53eeac4fae6d03b67fb4ada71b915e1446a9c1cc4d82eafc032800a68fd  data/xml/banner/oracle.xml
 9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05  data/xml/banner/postgresql.xml
 86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e  data/xml/banner/server.xml
 146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328  data/xml/banner/servlet-engine.xml
-e87c062bdf05b27db6c1d7e0d41c25f269cbe66b1f9b8e2d9b3db0d567016c76  data/xml/banner/set-cookie.xml
+8af6b979b6e0a01062dc740ae475ba6be90dc10bb3716a45d28ada56e81f9648  data/xml/banner/set-cookie.xml
 a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banner/sharepoint.xml
 e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
-75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82  data/xml/banner/x-powered-by.xml
+3a440fbbf8adffbe6f570978e96657da2750c76043f8e88a2c269fe9a190778c  data/xml/banner/x-powered-by.xml
 1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634  data/xml/boundaries.xml
-20fd2f2ba35ade45f242bd3c6e92898ac90b4ee6a63dbb8740cad06f91a395e5  data/xml/errors.xml
+47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f  data/xml/errors.xml
 cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1  data/xml/payloads/boolean_blind.xml
 f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf  data/xml/payloads/error_based.xml
 b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/payloads/inline_query.xml
@@ -88,7 +88,9 @@ abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
 2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe  doc/CHANGELOG.md
 2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
 f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
+3a8d6530c3aa16938078ee5f0e25178e8ce92758d3bad5809f800aded24c9633  doc/translations/README-ar-AR.md
 d739d4ced220b342316f5814216bdb1cb85609cd5ebb89e606478ac43301009e  doc/translations/README-bg-BG.md
+66ffca43a07c6d366fe68d5d4c93dca447c7adbff8d5e0f716fcbe54a2021854  doc/translations/README-bn-BD.md
 6882f232e5c02d9feb7d4447e0501e4e27be453134fb32119a228686b46492a5  doc/translations/README-ckb-KU.md
 9bed1c72ffd6b25eaf0ff66ac9eefaa4efc2f5e168f51cf056b0daf3e92a3db2  doc/translations/README-de-DE.md
 008c66ba4a521f7b6f05af2d28669133341a00ebc0a7b68ce0f30480581e998c  doc/translations/README-es-MX.md
@@ -108,7 +110,7 @@ b9017db1f0167dda23780949b4d618baf877375dc14e08ebd6983331b945ed44  doc/translatio
 070cc897789e98f144a6b6b166d11289b3cda4d871273d2afe0ab81ac7ae90ad  doc/translations/README-rs-RS.md
 927743c0a1f68dc76969bda49b36a6146f756b907896078af2a99c3340d6cc34  doc/translations/README-ru-RU.md
 65de5053b014b0e0b9ab5ab68fe545a7f9db9329fa0645a9973e457438b4fde5  doc/translations/README-sk-SK.md
-43de61a9defc5eda42a6c3d746f422b43f486eacefb97862f637ab60650e9ef2  doc/translations/README-tr-TR.md
+a101a1d68362adbf6a82bf66be55a3bef4b6dc8a8855f363a284c71b2ec4e144  doc/translations/README-tr-TR.md
 0db2d479b1512c948a78ce5c1cf87b5ce0b5b94e3cb16b19e9afcbed2c7f5cae  doc/translations/README-uk-UA.md
 82f9ec2cf2392163e694c99efa79c459a44b6213a5881887777db8228ea230fa  doc/translations/README-vi-VN.md
 0e8f0a2186f90fabd721072972c571a7e5664496d88d6db8aedcb1d0e34c91f0  doc/translations/README-zh-CN.md
@@ -158,46 +160,46 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  extra/vulnserver/__init__.py
 eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserver/vulnserver.py
 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c  lib/controller/action.py
-fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6  lib/controller/checks.py
+c060567ff0430f2ec915bf8abec8d632a52b5cb8a75a88984e6065a0feedcf44  lib/controller/checks.py
 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6  lib/controller/controller.py
-1947e6c69fbc2bdce91d2836e5c9c9535e397e9271ae4b4ef922f7a01857df5e  lib/controller/handler.py
+49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3  lib/controller/handler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00  lib/core/agent.py
-440cbab6161f466158c63f0ee97873254655f670ca990fa26bdd0a6e54c42c2a  lib/core/bigarray.py
-8920eb3115ecd25933084af986f453362aa55a4bd15bfb9e75673239bd206acc  lib/core/common.py
+fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0  lib/core/bigarray.py
+ebf33ba2d4fa727931ab21c61b6c65b2e6cb41c54595caed2ec5153f8776a23a  lib/core/common.py
 d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87  lib/core/compat.py
-ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a  lib/core/convert.py
+463005de14642fef4251c951c9b24ec8d456f67f0cd98a9f4d6add281ccbb775  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
-a051955f483b281344ae16ecc1d26f77ea915db0a77a7b62c1a5b80feb2d4d87  lib/core/datatype.py
-1e4e4cb64c0102a6ef07813c5a6b6c74d50f27d1a084f47067d01e382cf32190  lib/core/decorators.py
+ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024  lib/core/datatype.py
+1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead  lib/core/decorators.py
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
-1ad21a1e631f26b2ecc9c73f93218e9765de8d1a9dcc6d3c3ffe9f78ab8446d8  lib/core/dicts.py
-c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.py
-9187819a6fd55f4b9a64c6df1a9b4094718d453906fc6eeda541c8880b3b62c4  lib/core/enums.py
+ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
+4f1b858d433daa6f898d5ded54066cad63fab7ee245ad9eb1613c626448d5a0e  lib/core/dump.py
+2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
-629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2  lib/core/gui.py
+1c48804c10b94da696d3470efbd25d2fff0f0bbf2af0101aaac8f8c097fce02b  lib/core/gui.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
-16a8a7be0d34a2ba77690375c03a5d2c905b752ab3f080c39fdce5f69c3df8ce  lib/core/option.py
-866e93c93541498ecce70125037bdd376d78188e481d225f81843f21f4797d8c  lib/core/patch.py
+c53862358795097a59aa4eacc4d90815afb7e0540899b8885b586e43267be225  lib/core/option.py
+fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a  lib/core/patch.py
 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d  lib/core/profiling.py
 c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readlineng.py
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-4cd6715f3779c0ab94939d7eb4435de6eb3620beeddf5c889b0ecd72872de9ce  lib/core/settings.py
+ce4a0cbead548dee15bf60a1545fa9c8092f989eb31d4fba269b5a2c0cf47d23  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
 6cf11d8b00fa761046686437fe90565e708809f793e88a3f02527d0e49c4d2a8  lib/core/testing.py
-1ba2ba8d39c5f655f45c7454b22870f1884ae7aa36e401e3df1a9ed4de691e3d  lib/core/threads.py
+2a179b7601026a8da092271b30ad353cdb6decd658e2614fa51983aaf6dd80e7  lib/core/threads.py
 6f61e7946e368ee1450c301aaf5a26381a8ae31fc8bffa28afc9383e8b1fbc3f  lib/core/unescaper.py
-f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076  lib/core/update.py
+8919863be7a86f46d2c41bd30c0114a55a55c5931be48e3cfc66dfa96b7109c8  lib/core/update.py
 cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4  lib/core/wordlist.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/__init__.py
 7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7  lib/parse/banner.py
-e49fb4fea83c305ebdbb8008c26118063da2134bdefe05f73dee90532c6d0dd3  lib/parse/cmdline.py
+c6d1527a26014b58b8a78afb851485227b86798e36551e9ac347522ef89d7a99  lib/parse/cmdline.py
 f1ad73b6368730b8b8bc2e28b3305445d2b954041717619bede421ccc4381625  lib/parse/configfile.py
 a96b7093f30b3bf774f5cc7a622867472d64a2ae8b374b43786d155cf6203093  lib/parse/handler.py
 cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec  lib/parse/headers.py
@@ -206,21 +208,21 @@ cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec  lib/parse/head
 8baab6407b129985bf0acbea17c6a02d3a1b33b81fc646ce6c780d77fe2cc854  lib/parse/payloads.py
 d7082e4a5937f65cbb4862701bad7d4fbc096a826621ba7eab92e52e48ebd6d7  lib/parse/sitemap.py
 0f52f3c1d1f1322a91c98955bd8dc3be80964d8b3421d453a0e73a523c9cfcbf  lib/request/basicauthhandler.py
-18cb22d4dabdcc8e3381baf66edd52e74ad2d2067d0116e134a94ffc950c054e  lib/request/basic.py
+48bdb0f5f05ece57e6e681801f7ed765739ebe537f9fa5a0465332d4f3f91c06  lib/request/basic.py
 fdb4a9f2ca9d01480c3eb115f6fdf8d89f8ff0506c56a223421b395481527670  lib/request/chunkedhandler.py
-bb8a06257d170b268c66dcbd3c0fbe013de52eed1e63bb68caa112af5b9f8ca9  lib/request/comparison.py
-26fda3422995eae2e02313c016d8a5e0dc8235e7406fe094ebdb149742859b0e  lib/request/connect.py
+c56a2c170507861403e0ddebd68a111bcf3a5f5fddc7334a9de4ecd572fdcc2f  lib/request/comparison.py
+cfa172dbc459a3250db7fbaadb62b282b62d56b4f290c585d3abec01597fcd40  lib/request/connect.py
 a890be5dee3fb4f5cb8b5f35984017a5c172d587722cf0c690bf50e338deebfa  lib/request/direct.py
 a53fa3513431330ce1725a90e7e3d20f223e14605d699e1f66b41625f04439c7  lib/request/dns.py
-685b3e9855c65af3f4516b4cac1d2591bd9d653246d02b08bffa94b706115fa9  lib/request/httpshandler.py
+1e76136b68743c5b25e2d8362a57c92f736d427a76b537fe07a71eeef69cdcae  lib/request/httpshandler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/request/__init__.py
 fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6  lib/request/inject.py
 03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a  lib/request/methodrequest.py
 eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267  lib/request/pkihandler.py
 6336a6aba124905dab3e5ff67f76cf9b735c2a2879cc3bc8951cb06bea125895  lib/request/rangehandler.py
-14b402c3a927b7fb251622c9f4faf507993e033bd3b1cc281fe2873b9a382a51  lib/request/redirecthandler.py
+d6ab6436d7330278081ed21433ab18e5ef74b4d7af7ccb175ae956c245c13ce1  lib/request/redirecthandler.py
 3157d66bb021b71b2e71e355b209578d15f83000f0655bcf0cd7c7eed5d4669b  lib/request/templates.py
-96f38f1b99648e72f99e419b2119f380635fca42a2a8854625b7ccc630f484a7  lib/takeover/abstraction.py
+5f5680c5b1db48ed2a13f47ba9de8b816d9d4f7f4c7abd07a48eb7ecbe9cf3ca  lib/takeover/abstraction.py
 250782249ee5afbcf3f398c596edbc3a9a1b35b3e11ac182678f6e22c1449852  lib/takeover/icmpsh.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/takeover/__init__.py
 24f4f85dad38b4641bd70c8c9a2e5221531a37fdd27e04731176c03b5b1784f5  lib/takeover/metasploit.py
@@ -228,7 +230,7 @@ eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267  lib/request/pk
 479cf4a9c0733ba62bfa764e465a59277d21661647304fa10f6f80bf6ecc518b  lib/takeover/udf.py
 08270a96d51339f628683bce58ee53c209d3c88a64be39444be5e2f9d98c0944  lib/takeover/web.py
 d40d5d1596d975b4ff258a70ad084accfcf445421b08dcf010d36986895e56cb  lib/takeover/xp_cmdshell.py
-9b3ccafc39f24000a148484a005226b8ba5ac142f141a8bd52160dfc56941538  lib/techniques/blind/inference.py
+3a355d277fa558c90fa040b3a02b99690671bf99a7a4ffb20a9a45878b09ab5e  lib/techniques/blind/inference.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/techniques/blind/__init__.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/techniques/dns/__init__.py
 d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd  lib/techniques/dns/test.py
@@ -242,11 +244,11 @@ dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20  lib/techniques
 e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763  lib/utils/api.py
 af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brute.py
 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55  lib/utils/crawler.py
-bfb4ea118e881d60c42552d883940ca5cca4e2a406686a2836e0739ed863a6a4  lib/utils/deps.py
+56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d  lib/utils/deps.py
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
-e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
+4979120bbbc030eaef97147ee9d7d564d9683989059b59be317153cdaa23d85b  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
-acf5b98e409f1d1de8f104b994f97b7ad57768e5651898aa6754102563a25809  lib/utils/hash.py
+d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f  lib/utils/hash.py
 ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543  lib/utils/httpd.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/utils/__init__.py
 f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990  lib/utils/pivotdumptable.py
@@ -263,7 +265,7 @@ bd4975ff9cbc0745d341e6c884e6a11b07b0a414105cc899e950686d2c1f88ba  lib/utils/xran
 4533aeb5b4fefb5db485a5976102b0449cc712a82d44f9630cf86150a7b3df55  plugins/dbms/access/connector.py
 acd26b5dd9dfc0fb83c650c88a02184a0f673b1698520c15cd4ce5c29a10ea5e  plugins/dbms/access/enumeration.py
 6ae41f03920129ada7c24658673ffb3c1ce9c4d893a310b0fcdd069782d89495  plugins/dbms/access/filesystem.py
-9cf2047f6545670bc8d504bcc06a76e0d9eca2453cafd2b071d3d11baaca694e  plugins/dbms/access/fingerprint.py
+99fb8acf31529008c2aa30beaa19e0c2c04f74212b96d25adc3b4bf9b110d07e  plugins/dbms/access/fingerprint.py
 4ee0497890c6830113e36db873c97048f9aa157110029bb888ae59b949a4caf2  plugins/dbms/access/__init__.py
 9be52ff94cdecad994f83c2b7fbeb8178d77f081928e1720d82cddb524d256c6  plugins/dbms/access/syntax.py
 1e2a87087dbb9f5b9e8690c283abde4c76da3285200914009187d0a957aa33b9  plugins/dbms/access/takeover.py
@@ -376,7 +378,7 @@ f150ce95097d189d930032d5b2e63b166bcf9e438f725aed90c36e5c393793ec  plugins/dbms/m
 237615b40daa249a74898cfea05543a200e6ec668076bb9ee57502e1cee2b751  plugins/dbms/mimersql/connector.py
 9bc55b72f833a71b978a64def32f9bb949c84cf059e953a7ba7f83755714bee1  plugins/dbms/mimersql/enumeration.py
 15f4f1d4be6cff468636557c2f8c0ac9988f6b639db20149ab3ea1c2bc5aedbe  plugins/dbms/mimersql/filesystem.py
-8e292bf4b249e2cf2b9dce43e07365a3b0aa7016d094de0491d5e507a2a7c1dc  plugins/dbms/mimersql/fingerprint.py
+02ad6eb9837e7a455991f8061287e3ef3e0346d7d4e01005f2dd649dd3c2fb2c  plugins/dbms/mimersql/fingerprint.py
 e70a35787a176b388dae2b8124433a11ac60e4b669fd18ebf81665a45233363a  plugins/dbms/mimersql/__init__.py
 bc7e155bd1cc573fd4144ba98cce34f41bae489208acd3db15d1c36115bf23f8  plugins/dbms/mimersql/syntax.py
 2dea7308e4ddd3083c7b2e9db210b7cc00f27f55692b2a65affdf5344e2838df  plugins/dbms/mimersql/takeover.py
@@ -394,24 +396,24 @@ a1cf9a8cd5e263d1e48dc8b5281febaf868ee91f1e0587dee915949fdb6da1ea  plugins/dbms/m
 784d6065921a8efbba970864a2cb2e0ef1dd1fcea7181cfc3f737bbfa18f0574  plugins/dbms/mssqlserver/__init__.py
 79a887b5a2449bb086805560ff0ec2a2304dd142f47450ae9c2f88cf8bda9ac9  plugins/dbms/mssqlserver/syntax.py
 bb0edf756903d8a9df7b60272541768102c64e562e6e7a356c5a761b835efde3  plugins/dbms/mssqlserver/takeover.py
-9a1a69416af5a3fc60b93dd8a80fb23b3f190fe96f2564f170df2edeb5bb3599  plugins/dbms/mysql/connector.py
+d471eb61a33bd3aa1290cdcce40a5966ebc84af79970f75e8992a2688da4be42  plugins/dbms/mysql/connector.py
 1e29529d6c4938a728a2d42ef4276b46a40bf4309570213cf3c08871a83abdc1  plugins/dbms/mysql/enumeration.py
 200b2c910e6902ef8021fe40b3fb426992a016926414cbf9bb74a3630f40842d  plugins/dbms/mysql/filesystem.py
-b7aa7bf8b1f9ba38597bae7fc8bf436b111eeb5ee6a4ad0a977e56dca88a4afc  plugins/dbms/mysql/fingerprint.py
+55da8384ba32fe9b69022c8d5429acfacd4d44e55c14f902818d6794ed1bd0a2  plugins/dbms/mysql/fingerprint.py
 88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de  plugins/dbms/mysql/__init__.py
 20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca  plugins/dbms/mysql/syntax.py
 91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39  plugins/dbms/mysql/takeover.py
-125966162396ef4084d70fac1c03e25959a6ccebacd8274bda69b7bebf82b9d5  plugins/dbms/oracle/connector.py
+4b04646298dfe366c401001ab77893bcd342d34211aec1164c6c92757a66f5f4  plugins/dbms/oracle/connector.py
 8866391a951e577d2b38b58b970774d38fb09f930fa4f6d27f41af40c06987c1  plugins/dbms/oracle/enumeration.py
 5ca9f30cd44d63e2a06528da15643621350d44dc6be784bf134653a20b51efef  plugins/dbms/oracle/filesystem.py
 b1c939e3728fe4a739de474edb88583b7e16297713147ca2ea64cac8edf2bdf5  plugins/dbms/oracle/fingerprint.py
 53fe7fc72776d93be72454110734673939da4c59fecdf17bbbc8de9cdc52c220  plugins/dbms/oracle/__init__.py
 39611d712c13e4eb283b65c19de822d5afa4a3c08f12998dd1398725caf48940  plugins/dbms/oracle/syntax.py
 cd3590fbb4d500ed2f2434cf218a4198febb933793b7a98e3bb58126839b06f1  plugins/dbms/oracle/takeover.py
-9ca6fccb27cac0037103db6f05b561039c9f6bd280ab2fb87b76e4d52142c335  plugins/dbms/postgresql/connector.py
+ec17431637c2329b42ce0d0dd932bbb02aa93d5388a4e1c6f4e0c1b59f27ce00  plugins/dbms/postgresql/connector.py
 3ebc81646f196624ec004a77656767e4850f2f113b696f7c86b5ca4daf0ee675  plugins/dbms/postgresql/enumeration.py
 760285195bdfd91777066bf2751c897f87fab1ada24f729556b122db937c7f88  plugins/dbms/postgresql/filesystem.py
-42fbf2707e9f67554571e63ef2d204d28303e4d25eb7781ec800084fb53324ce  plugins/dbms/postgresql/fingerprint.py
+0fc3e77f569f05724ea689fa70fe9e4fc8be485ab753818b4c77d561943f7503  plugins/dbms/postgresql/fingerprint.py
 4c76ebe0369647f95114a7807e08cd0821d3f5b7159a3ec659d33ef8175163f7  plugins/dbms/postgresql/__init__.py
 04f8ce5afb10c91cfb456cf4cce627b5351539098c4ddfeb63311a55951ac6b0  plugins/dbms/postgresql/syntax.py
 33f5a6676380cdd4dfbe851b5945121399a158a16ad6b6760b931aa140a353e2  plugins/dbms/postgresql/takeover.py
@@ -432,7 +434,7 @@ e5b680e2668313a8b3d4567e2394b557a7db407c4f978f63a54c41b8d786d4b1  plugins/dbms/r
 3038aa55150688855fb4ea5017fe3405a414f2cf4a7630764b482d02f7442b25  plugins/dbms/sqlite/connector.py
 6736ff9995db5675bb82bf2014117bdc5ce641f119b79763edb7aa983443ec87  plugins/dbms/sqlite/enumeration.py
 e75cf970d5d76bc364d2fd02eab4086be6263d9c71fa5b44449bada158cd87d3  plugins/dbms/sqlite/filesystem.py
-d9a17f49a99b715187e12635a202c5a487e71ef2e6877116d5bc9eb4a0d28eee  plugins/dbms/sqlite/fingerprint.py
+c952f1848b7b9bef7c9cd40460849e805d19646e859ad4dac6ebb9f45573447d  plugins/dbms/sqlite/fingerprint.py
 9b00c84f7b25b488a4cbb45fe9571e6661206771f1968f68badc0c670f042a0b  plugins/dbms/sqlite/__init__.py
 5457814ccacf9ca75ae6c39f1e615dd1ca63a8a2f21311f549f8a1df02d09634  plugins/dbms/sqlite/syntax.py
 3aeb29f4486bd43b34afe58f581cb19a9932cabc87888416d2e383737b690072  plugins/dbms/sqlite/takeover.py
@@ -462,7 +464,7 @@ b333c73c6a490b5930a09c6c09951af1044eb97076446b2f1475c7cfdfc838a6  plugins/generi
 4a923f52e8d2dfa6b55c16e08fd5f64eeb292b99573030c0397c7292a4032dd3  plugins/generic/databases.py
 9b0dbf8f77f190ca92cc58e9c5f784d0b30276ee7d99906f6d9c826c23b6d2e1  plugins/generic/entries.py
 783a17bb5188b6b9f4a73dbf10d5cf5c073144d5c1970a9d4aec27cb828e2356  plugins/generic/enumeration.py
-5dbcb646c03b43d1f26c0dbd17ae8fb537fdc526ca9984e1cc3e9eae12c38e6e  plugins/generic/filesystem.py
+8bf9cefa645a2e639861faf3c64ccc82a7bdc0fdc330a70138ddb8b280bef020  plugins/generic/filesystem.py
 ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generic/fingerprint.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  plugins/generic/__init__.py
 9ec577d8ccf4698d4e7834bf1e97aea58fba9d2609714b7139c747bcc4f59a30  plugins/generic/misc.py
@@ -471,11 +473,11 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generi
 7bb6403d83cc9fd880180e3ad36dca0cc8268f05f9d7e6f6dba6d405eea48c3a  plugins/generic/takeover.py
 115ee30c77698bb041351686a3f191a3aa247adb2e0da9844f1ad048d0e002cd  plugins/generic/users.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  plugins/__init__.py
-90530922cac9747a5c7cf8afcc86a4854ee5a1f38ea0381a62d41fc74afe549a  README.md
+f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-4121621b1accd6099eed095e9aa48d6db6a4fdfa3bbc5eb569d54c050132cbbf  sqlmap.conf
-515893a1105f06afb6e91d7a32d89ed350828244f2a4c638d36240b284a61363  sqlmap.py
+a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9  sqlmap.conf
+d305f00a68898314242e7cfc19daf367c8f97e5f1da40100390b635b73b80722  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
 c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce  tamper/apostrophenullencode.py
@@ -603,7 +605,7 @@ fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874  thirdparty/col
 4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3  thirdparty/fcrypt/fcrypt.py
 6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f  thirdparty/fcrypt/__init__.py
 dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9  thirdparty/identywaf/data.json
-5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0  thirdparty/identywaf/identYwaf.py
+e5c0b59577c30bb44c781d2f129580eaa003e46dcc4f307f08bc7f15e1555a2e  thirdparty/identywaf/identYwaf.py
 edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa  thirdparty/identywaf/__init__.py
 d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347  thirdparty/identywaf/LICENSE
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/__init__.py

data/xml/banner/generic.xml

@@ -3,7 +3,7 @@
 <root>
     <!-- Windows -->
 
-    <regexp value="(Microsoft|Windows|Win32)">
+    <regexp value="(Microsoft|Windows|Win32|Win64|WOW64|Cygwin|MinGW)">
         <info type="Windows"/>
     </regexp>
 
@@ -151,6 +151,34 @@
         <info type="Linux" distrib="Ubuntu"/>
     </regexp>
 
+    <regexp value="\bAlpine\b">
+        <info type="Linux" distrib="Alpine"/>
+    </regexp>
+
+    <regexp value="Oracle ?Linux">
+        <info type="Linux" distrib="Oracle"/>
+    </regexp>
+
+    <regexp value="\bRHEL\b">
+        <info type="Linux" distrib="Red Hat"/>
+    </regexp>
+
+    <regexp value="Amazon Linux">
+        <info type="Linux" distrib="Amazon"/>
+    </regexp>
+
+    <regexp value="Raspbian">
+        <info type="Linux" distrib="Raspbian"/>
+    </regexp>
+
+    <regexp value="\bKali\b">
+        <info type="Linux" distrib="Kali"/>
+    </regexp>
+
+    <regexp value="Rocky Linux">
+        <info type="Linux" distrib="Rocky"/>
+    </regexp>
+
     <!-- BSD -->
 
     <regexp value="FreeBSD">
@@ -167,11 +195,22 @@
 
     <!-- Mac OSX -->
 
-    <regexp value="Mac[\-\_\ ]?OSX">
+    <regexp value="Mac[\-\_\ ]?OS ?X|macOS|Darwin">
         <info type="Mac OSX"/>
     </regexp>
 
-    <regexp value="Darwin">
-        <info type="Mac OSX"/>
+    <!-- *nix -->
+
+    <regexp value="SunOS|Solaris">
+        <info type="SunOS"/>
     </regexp>
+
+    <regexp value="\bAIX\b">
+        <info type="AIX"/>
+    </regexp>
+
+    <regexp value="HP-UX|HPUX">
+        <info type="HP-UX"/>
+    </regexp>
+
 </root>

data/xml/banner/set-cookie.xml

@@ -76,7 +76,7 @@
     </regexp>
 
     <regexp value="laravel_session">
-        <info technology="Laravel (PHP)"/>
+        <info technology="Laravel"/>
     </regexp>
 
     <regexp value="SESS[a-f0-9]{32}">

data/xml/banner/x-powered-by.xml

@@ -62,4 +62,8 @@
     <regexp value="Servlet[\-\_\/\ ]?([\d\.]+)">
         <info technology="Servlet" tech_version="1"/>
     </regexp>
+
+    <regexp value="Laravel">
+        <info technology="Laravel"/>
+    </regexp>
 </root>

data/xml/errors.xml

@@ -27,7 +27,7 @@
         <error regexp="Npgsql\."/>
         <error regexp="PG::SyntaxError:"/>
         <error regexp="org\.postgresql\.util\.PSQLException"/>
-        <error regexp="ERROR:\s\ssyntax error at or near"/>
+        <error regexp="ERROR:\s+syntax error at or near"/>
         <error regexp="ERROR: parser: parse error at or near"/>
         <error regexp="PostgreSQL query failed"/>
         <error regexp="org\.postgresql\.jdbc"/>
@@ -104,7 +104,7 @@
 
     <!-- Interbase/Firebird -->
     <dbms value="Firebird">
-        <error regexp="Dynamic SQL Error"/>
+        <error regexp="Dynamic SQL Error.{1,10}SQL error code"/>
         <error regexp="Warning.*?\Wibase_"/>
         <error regexp="org\.firebirdsql\.jdbc"/>
         <error regexp="Pdo[./_\\]Firebird"/>
@@ -122,6 +122,7 @@
         <error regexp="org\.sqlite\.JDBC"/>
         <error regexp="Pdo[./_\\]Sqlite"/>
         <error regexp="SQLiteException"/>
+        <error regexp="SqliteError:"/>
     </dbms>
 
     <dbms value="SAP MaxDB">
@@ -129,7 +130,7 @@
         <error regexp="Warning.*?\Wmaxdb_"/>
         <error regexp="DriverSapDB"/>
         <error regexp="-3014.*?Invalid end of SQL statement"/>
-        <error regexp="com\.sap\.dbtech\.jdbc"/>
+        <error regexp="com\.sap\.db(tech)?\.jdbc"/>
         <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
     </dbms>
 
@@ -164,7 +165,7 @@
 
     <dbms value="H2">
         <error regexp="org\.h2\.jdbc"/>
-        <error regexp="\[42000-192\]"/>
+        <error regexp="\[42000-\d+\]"/>
     </dbms>
 
     <dbms value="MonetDB">
@@ -211,7 +212,7 @@
     </dbms>
 
     <dbms value="ClickHouse">
-        <error regexp="Code: \d+. DB::Exception:"/>
+        <error regexp="Code: \d+[., ]+DB::Exception:"/>
         <error regexp="Syntax error: failed at position \d+"/>
     </dbms>
 

doc/translations/README-ar-AR.md

@@ -0,0 +1,68 @@
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
+
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![X](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap)
+
+<div dir=rtl>
+
+برنامج  sqlmap هو أداة اختبار اختراق مفتوحة المصدر تقوم بأتمتة عملية اكتشاف واستغلال ثغرات حقن SQL والسيطرة على خوادم قواعد البيانات. يأتي مع محرك كشف قوي، والعديد من الميزات المتخصصة لمختبر الاختراق المحترف، ومجموعة واسعة من الخيارات بما في ذلك تحديد بصمة قاعدة البيانات، واستخراج البيانات من قاعدة البيانات، والوصول إلى نظام الملفات الأساسي، وتنفيذ الأوامر على نظام التشغيل عبر اتصالات خارج النطاق.
+
+لقطات الشاشة
+----
+
+<div dir=ltr>
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+<div dir=rtl>
+
+يمكنك زيارة [مجموعة لقطات الشاشة](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) التي توضح بعض الميزات في الويكي.
+
+التثبيت
+----
+
+يمكنك تحميل أحدث إصدار tarball بالنقر [هنا](https://github.com/sqlmapproject/sqlmap/tarball/master) أو أحدث إصدار zipball بالنقر [هنا](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+يفضل تحميل sqlmap عن طريق استنساخ مستودع [Git](https://github.com/sqlmapproject/sqlmap):
+
+<div dir=ltr>
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+<div dir=rtl>
+
+يعمل sqlmap مباشرة مع [Python](https://www.python.org/download/) إصدار **2.6** و **2.7** و **3.x** على أي نظام تشغيل.
+
+الاستخدام
+----
+
+للحصول على قائمة بالخيارات والمفاتيح الأساسية استخدم:
+
+<div dir=ltr>
+
+    python sqlmap.py -h
+
+<div dir=rtl>
+
+للحصول على قائمة بجميع الخيارات والمفاتيح استخدم:
+
+<div dir=ltr>
+
+    python sqlmap.py -hh
+
+<div dir=rtl>
+
+يمكنك العثور على مثال للتشغيل [هنا](https://asciinema.org/a/46601).
+للحصول على نظرة عامة على إمكانيات sqlmap، وقائمة الميزات المدعومة، ووصف لجميع الخيارات والمفاتيح، مع الأمثلة، ننصحك بمراجعة [دليل المستخدم](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+الروابط
+----
+
+* الصفحة الرئيسية: https://sqlmap.org
+* التحميل: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) أو [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* تغذية التحديثات RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* تتبع المشكلات: https://github.com/sqlmapproject/sqlmap/issues
+* دليل المستخدم: https://github.com/sqlmapproject/sqlmap/wiki
+* الأسئلة الشائعة: https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* تويتر: [@sqlmap](https://x.com/sqlmap)
+* العروض التوضيحية: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* لقطات الشاشة: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots 

doc/translations/README-bn-BD.md

@@ -0,0 +1,62 @@
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
+
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![X](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap)
+
+**SQLMap** একটি ওপেন সোর্স পেনিট্রেশন টেস্টিং টুল যা স্বয়ংক্রিয়ভাবে SQL ইনজেকশন দুর্বলতা সনাক্ত ও শোষণ করতে এবং ডাটাবেস সার্ভার নিয়ন্ত্রণে নিতে সহায়তা করে। এটি একটি শক্তিশালী ডিটেকশন ইঞ্জিন, উন্নত ফিচার এবং পেনিট্রেশন টেস্টারদের জন্য দরকারি বিভিন্ন অপশন নিয়ে আসে। এর মাধ্যমে ডাটাবেস ফিঙ্গারপ্রিন্টিং, ডাটাবেস থেকে তথ্য আহরণ, ফাইল সিস্টেম অ্যাক্সেস, এবং অপারেটিং সিস্টেমে কমান্ড চালানোর মতো কাজ করা যায়, এমনকি আউট-অফ-ব্যান্ড সংযোগ ব্যবহার করেও।
+
+
+
+স্ক্রিনশট
+---
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+আপনি [Wiki-তে](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) গিয়ে SQLMap-এর বিভিন্ন ফিচারের ডেমোনস্ট্রেশন দেখতে পারেন।
+
+ইনস্টলেশন
+---
+সর্বশেষ টারবলে ডাউনলোড করুন [এখানে](https://github.com/sqlmapproject/sqlmap/tarball/master) অথবা সর্বশেষ জিপ ফাইল [এখানে](https://github.com/sqlmapproject/sqlmap/zipball/master)।
+
+অথবা, সরাসরি [Git](https://github.com/sqlmapproject/sqlmap) রিপোজিটরি থেকে ক্লোন করুন:
+
+```
+git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+```
+
+SQLMap স্বয়ংক্রিয়ভাবে [Python](https://www.python.org/download/) **2.6**, **2.7** এবং **3.x** সংস্করণে যেকোনো প্ল্যাটফর্মে কাজ করে।
+
+
+
+ব্যবহারের নির্দেশিকা
+---
+
+বেসিক অপশন এবং সুইচসমূহ দেখতে ব্যবহার করুন:
+
+```
+python sqlmap.py -h
+```
+
+সমস্ত অপশন ও সুইচের তালিকা পেতে ব্যবহার করুন:
+
+```
+python sqlmap.py -hh
+```
+
+আপনি একটি নমুনা রান দেখতে পারেন [এখানে](https://asciinema.org/a/46601)।
+SQLMap-এর সম্পূর্ণ ফিচার, ক্ষমতা, এবং কনফিগারেশন সম্পর্কে বিস্তারিত জানতে [ব্যবহারকারীর ম্যানুয়াল](https://github.com/sqlmapproject/sqlmap/wiki/Usage) পড়ার পরামর্শ দেওয়া হচ্ছে।
+
+
+
+লিঙ্কসমূহ
+---
+
+* হোমপেজ: https://sqlmap.org
+* ডাউনলোড: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) অথবা [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* কমিটস RSS ফিড: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* ইস্যু ট্র্যাকার: https://github.com/sqlmapproject/sqlmap/issues
+* ব্যবহারকারীর ম্যানুয়াল: https://github.com/sqlmapproject/sqlmap/wiki
+* সচরাচর জিজ্ঞাসিত প্রশ্ন (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* X: [@sqlmap](https://x.com/sqlmap)
+* ডেমো ভিডিও: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* স্ক্রিনশট: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+

doc/translations/README-tr-TR.md

@@ -2,7 +2,7 @@
 
 [![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![x](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap)
 
-sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
+sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek birçok aracı, uzak veritabanından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi işlevleri de barındırmaktadır.
 
 
 Ekran görüntüleri
@@ -17,7 +17,7 @@ Ekran görüntüleri
 Kurulum
 ----
 
-[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.
+[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipball'ı indirebilirsiniz.
 
 Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
 
@@ -37,13 +37,13 @@ Bütün seçenekleri gösterir
 
     python sqlmap.py -hh
 
-Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz
+Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz
 
 Bağlantılar
 ----
 
 * Anasayfa: https://sqlmap.org
-* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) veya [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
 * Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki

lib/controller/checks.py

@@ -73,7 +73,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
 from lib.core.settings import CHECK_INTERNET_ADDRESS
-from lib.core.settings import CHECK_INTERNET_VALUE
+from lib.core.settings import CHECK_INTERNET_CODE
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
@@ -521,7 +521,7 @@ def checkSqlInjection(place, parameter, value):
 
                                     if ratio == 1.0:
                                         continue
-                                except (MemoryError, OverflowError):
+                                except:
                                     pass
 
                             # Perform the test's True request
@@ -1586,8 +1586,7 @@ def checkConnection(suppressOutput=False):
     return True
 
 def checkInternet():
-    content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0]
-    return CHECK_INTERNET_VALUE in (content or "")
+    return Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[2] == CHECK_INTERNET_CODE
 
 def setVerbosity():  # Cross-referenced function
     raise NotImplementedError

lib/controller/handler.py

@@ -6,6 +6,8 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import Backend
+from lib.core.common import getSafeExString
+from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.dicts import DBMS_DICT
@@ -171,16 +173,17 @@ def setHandler():
             if not dialect or exception:
                 try:
                     conf.dbmsConnector.connect()
-                except Exception as ex:
+                except NameError:
                     if exception:
                         raise exception
                     else:
-                        if not isinstance(ex, NameError):
-                            raise
-                        else:
-                            msg = "support for direct connection to '%s' is not available. " % dbms
-                            msg += "Please rerun with '--dependencies'"
-                            raise SqlmapConnectionException(msg)
+                        msg = "support for direct connection to '%s' is not available. " % dbms
+                        msg += "Please rerun with '--dependencies'"
+                        raise SqlmapConnectionException(msg)
+                except:
+                    if exception:
+                        singleTimeWarnMessage(getSafeExString(exception))
+                    raise
 
         if conf.forceDbms == dbms or handler.checkDbms():
             if kb.resolutionDbms:

lib/core/bigarray.py

@@ -116,15 +116,16 @@ class BigArray(list):
             self.append(_)
 
     def pop(self):
-        if len(self.chunks[-1]) < 1:
-            self.chunks.pop()
-            try:
-                with open(self.chunks[-1], "rb") as f:
-                    self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))
-            except IOError as ex:
-                errMsg = "exception occurred while retrieving data "
-                errMsg += "from a temporary file ('%s')" % ex
-                raise SqlmapSystemException(errMsg)
+        with self._lock:
+            if not self.chunks[-1] and len(self.chunks) > 1:
+                self.chunks.pop()
+                try:
+                    with open(self.chunks[-1], "rb") as f:
+                        self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))
+                except IOError as ex:
+                    errMsg = "exception occurred while retrieving data "
+                    errMsg += "from a temporary file ('%s')" % ex
+                    raise SqlmapSystemException(errMsg)
 
         return self.chunks[-1].pop()
 
@@ -163,6 +164,9 @@ class BigArray(list):
             raise SqlmapSystemException(errMsg)
 
     def _checkcache(self, index):
+        if self.cache is not None and not isinstance(self.cache, Cache):
+            self.cache = None
+
         if (self.cache and self.cache.index != index and self.cache.dirty):
             filename = self._dump(self.cache.data)
             self.chunks[self.cache.index] = filename

lib/core/common.py

@@ -1683,11 +1683,7 @@ def parseTargetDirect():
                 elif dbmsName == DBMS.PGSQL:
                     __import__("psycopg2")
                 elif dbmsName == DBMS.ORACLE:
-                    __import__("cx_Oracle")
-
-                    # Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper
-                    if (conf.dbmsUser or "").upper() == "SYS":
-                        conf.direct = "%s?mode=SYSDBA" % conf.direct
+                    __import__("oracledb")
                 elif dbmsName == DBMS.SQLITE:
                     __import__("sqlite3")
                 elif dbmsName == DBMS.ACCESS:
@@ -2208,19 +2204,19 @@ def safeStringFormat(format_, params):
             while True:
                 match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
                 if match:
-                    if count >= len(params):
-                        warnMsg = "wrong number of parameters during string formatting. "
-                        warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
-                        raise SqlmapValueException(warnMsg)
-                    else:
-                        try:
-                            retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)
-                        except re.error:
-                            retVal = retVal.replace(match.group(0), match.group(0) % params[count], 1)
-                        count += 1
+                    try:
+                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count % len(params)], retVal, 1)
+                    except re.error:
+                        retVal = retVal.replace(match.group(0), match.group(0) % params[count % len(params)], 1)
+                    count += 1
                 else:
                     break
 
+            if count > len(params) and count % len(params):
+                warnMsg = "wrong number of parameters during string formatting. "
+                warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
+                raise SqlmapValueException(warnMsg)
+
     retVal = getText(retVal).replace(PARAMETER_PERCENTAGE_MARKER, '%')
 
     return retVal
@@ -5321,7 +5317,7 @@ def parseRequestFile(reqFile, checkParams=True):
                     _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
                     if _:
                         host = _.group(0).strip()
-                        if not re.search(r":\d+\Z", host):
+                        if not re.search(r":\d+\Z", host) and int(port) != 80:
                             request = request.replace(host, "%s:%d" % (host, int(port)))
                     reqResList.append(request)
             else:

lib/core/convert.py

@@ -154,7 +154,7 @@ def rot13(data):
 
 def decodeHex(value, binary=True):
     """
-    Returns a decoded representation of provided hexadecimal value
+    Returns a decoded representation of the provided hexadecimal value
 
     >>> decodeHex("313233") == b"123"
     True
@@ -182,7 +182,7 @@ def decodeHex(value, binary=True):
 
 def encodeHex(value, binary=True):
     """
-    Returns a encoded representation of provided string value
+    Returns an encoded representation of the provided value
 
     >>> encodeHex(b"123") == b"313233"
     True
@@ -251,7 +251,7 @@ def decodeBase64(value, binary=True, encoding=None):
 
 def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False):
     """
-    Returns a decoded representation of provided Base64 value
+    Returns a Base64 encoded representation of the provided value
 
     >>> encodeBase64(b"123") == b"MTIz"
     True
@@ -316,7 +316,7 @@ def getBytes(value, encoding=None, errors="strict", unsafe=True):
             retVal = value.encode(encoding, errors)
 
             if unsafe:
-                retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal)
+                retVal = re.sub((r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER).encode(), lambda _: decodeHex(_.group(1)), retVal)
         else:
             try:
                 retVal = value.encode(encoding, errors)

lib/core/datatype.py

@@ -152,9 +152,10 @@ class LRUDict(object):
         return key in self.cache
 
     def __getitem__(self, key):
-        value = self.cache.pop(key)
-        self.cache[key] = value
-        return value
+        with self.__lock:
+            value = self.cache.pop(key)
+            self.cache[key] = value
+            return value
 
     def get(self, key):
         return self.__getitem__(key)

lib/core/decorators.py

@@ -15,7 +15,6 @@ from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData
 
 _cache = {}
-_cache_lock = threading.Lock()
 _method_locks = {}
 
 def cachedmethod(f):
@@ -38,22 +37,27 @@ def cachedmethod(f):
     """
 
     _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS)
+    _method_locks[f] = threading.RLock()
 
     @functools.wraps(f)
     def _f(*args, **kwargs):
+        parts = (
+            f.__module__ + "." + f.__name__,
+            "^".join(repr(a) for a in args),
+            "^".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
+        )
         try:
-            key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs)).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
+            key = int(hashlib.md5("`".join(parts).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
         except ValueError:  # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
             result = f(*args, **kwargs)
         else:
-            try:
-                with _cache_lock:
-                    result = _cache[f][key]
-            except KeyError:
-                result = f(*args, **kwargs)
-
-                with _cache_lock:
-                    _cache[f][key] = result
+            lock, cache = _method_locks[f], _cache[f]
+            with lock:
+                try:
+                    result = cache[key]
+                except KeyError:
+                    result = f(*args, **kwargs)
+                    cache[key] = result
 
         return result
 
@@ -87,14 +91,12 @@ def stackedmethod(f):
     return _
 
 def lockedmethod(f):
+    lock = threading.RLock()
+
     @functools.wraps(f)
     def _(*args, **kwargs):
-        if f not in _method_locks:
-            _method_locks[f] = threading.RLock()
-
-        with _method_locks[f]:
+        with lock:
             result = f(*args, **kwargs)
-
         return result
 
     return _

lib/core/dicts.py

@@ -225,7 +225,7 @@ DBMS_DICT = {
     DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
     DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"),
     DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
-    DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "https://oracle.github.io/python-cx_Oracle/", "oracle"),
+    DBMS.ORACLE: (ORACLE_ALIASES, "python-oracledb", "https://oracle.github.io/python-oracledb/", "oracle"),
     DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"),
     DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
     DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),

lib/core/dump.py

@@ -567,7 +567,7 @@ class Dump(object):
                         else:
                             dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel))
                     elif conf.dumpFormat == DUMP_FORMAT.HTML:
-                        dataToDumpFile(dumpFP, "<th>%s</th>" % getUnicode(htmlEscape(column).encode("ascii", "xmlcharrefreplace")))
+                        dataToDumpFile(dumpFP, "<th onclick=\"sortTable(%d,this)\">%s</th>" % (field - 1, getUnicode(htmlEscape(column).encode("ascii", "xmlcharrefreplace"))))
 
                 field += 1
 
@@ -663,7 +663,7 @@ class Dump(object):
 
         elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
             if conf.dumpFormat == DUMP_FORMAT.HTML:
-                dataToDumpFile(dumpFP, "</tbody>\n</table>\n</body>\n</html>")
+                dataToDumpFile(dumpFP, "</tbody>\n</table>\n<script>let lc=-1,ld=1;function sortTable(n,h){var t=document.querySelector(\"table\"),r=Array.from(t.tBodies[0].rows);ld=(lc==n?-ld:1);lc=n;r.sort((a,b)=>{var x=a.cells[n].innerText.trim(),y=b.cells[n].innerText.trim(),nx=parseFloat(x),ny=parseFloat(y);return(!isNaN(nx)&&!isNaN(ny)?(nx-ny)*ld:x.localeCompare(y)*ld)});r.forEach(e=>t.tBodies[0].appendChild(e));Array.from(t.tHead.rows[0].cells).forEach(c=>{c.innerText=c.innerText.replace(/[\u2191\u2193]/g,\"\")});h.innerText=h.innerText+ (ld==1?\"\u2191\":\"\u2193\");}</script>\n</body>\n</html>")
             else:
                 dataToDumpFile(dumpFP, "\n")
             dumpFP.close()

lib/core/enums.py

@@ -108,6 +108,8 @@ class FORK(object):
     YUGABYTEDB = "YugabyteDB"
     OPENGAUSS = "OpenGauss"
     DM8 = "DM8"
+    DORIS = "Doris"
+    STARROCKS = "StarRocks"
 
 class CUSTOM_LOGGING(object):
     PAYLOAD = 9
@@ -192,29 +194,30 @@ class HASH(object):
     APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
     VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z'
     VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z'
+    OSCOMMERCE_OLD = r'\A[0-9a-fA-F]{32}:.{2}\Z'
     SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z'
     SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z'
     SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z'
-    DJANGO_MD5 = r'\Amd5\$[^$]+\$[0-9a-f]{32}\Z'
-    DJANGO_SHA1 = r'\Asha1\$[^$]+\$[0-9a-f]{40}\Z'
+    DJANGO_MD5 = r'\Amd5\$[^$]*\$[0-9a-f]{32}\Z'
+    DJANGO_SHA1 = r'\Asha1\$[^$]*\$[0-9a-f]{40}\Z'
     MD5_BASE64 = r'\A[a-zA-Z0-9+/]{22}==\Z'
     SHA1_BASE64 = r'\A[a-zA-Z0-9+/]{27}=\Z'
     SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z'
     SHA512_BASE64 = r'\A[a-zA-Z0-9+/]{86}==\Z'
 
-# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
+# Reference: https://whatmyuseragent.com/brand/
 class MOBILES(object):
     BLACKBERRY = ("BlackBerry Z10", "Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+")
-    GALAXY = ("Samsung Galaxy S8", "Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36 Puffin/9.0.0.50263AP")
+    GALAXY = ("Samsung Galaxy A54",  "Mozilla/5.0 (Linux; Android 15; SM-A546B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.155 Mobile Safari/537.36 AirWatchBrowser/25.08.0.2131")
     HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)")
-    HTC = ("HTC 10", "Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36")
-    HUAWEI = ("Huawei P8", "Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36")
-    IPHONE = ("Apple iPhone 8", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1")
-    LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063")
+    HTC = ("HTC One X2", "Mozilla/5.0 (Linux; Android 14; X2-HT) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.46 Mobile Safari/537.36")
+    HUAWEI = ("Huawei Honor 90 Pro", "Mozilla/5.0 (Linux; Android 15; REP-AN00 Build/HONORREP-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.137 Mobile Safari/537.36")
+    IPHONE = ("Apple iPhone 15 Pro Max", "Mozilla/7.0 (iPhone; CPU iPhone OS 18_7; iPhone 15 Pro Max) AppleWebKit/533.2 (KHTML, like Gecko) CriOS/126.0.6478.35 Mobile/15E148 Safari/804.17")
+    LUMIA = ("Microsoft Lumia 950 XL", "Mozilla/5.0 (Windows Mobile 10; Android 10.0;Microsoft;Lumia 950XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 Edge/40.15254.603")
     NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19")
     NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344")
-    PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.117 Mobile Safari/537.36")
-    XIAOMI = ("Xiaomi Mi 8 Pro", "Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36")
+    PIXEL = ("Google Pixel 9", "Mozilla/5.0 (Linux; Android 14; Pixel 9) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/139.0.0.0 Mobile Safari/537.36")
+    XIAOMI = ("Xiaomi Redmi 15C", "Mozilla/5.0 (Linux; Android 15; REDMI 15C Build/AP3A.240905.015.A2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.118 Mobile Safari/537.36 XiaoMi/MiuiBrowser/14.43.0-gn")
 
 class PROXY_TYPE(object):
     HTTP = "HTTP"

lib/core/gui.py

@@ -61,18 +61,6 @@ def runGui(parser):
             else:
                 self.set(self.old_value)
 
-    # Reference: https://code.activestate.com/recipes/580726-tkinter-notebook-that-fits-to-the-height-of-every-/
-    class AutoresizableNotebook(_tkinter_ttk.Notebook):
-        def __init__(self, master=None, **kw):
-            _tkinter_ttk.Notebook.__init__(self, master, **kw)
-            self.bind("<<NotebookTabChanged>>", self._on_tab_changed)
-
-        def _on_tab_changed(self, event):
-            event.widget.update_idletasks()
-
-            tab = event.widget.nametowidget(event.widget.select())
-            event.widget.configure(height=tab.winfo_reqheight())
-
     try:
         window = _tkinter.Tk()
     except Exception as ex:
@@ -81,11 +69,41 @@ def runGui(parser):
 
     window.title(VERSION_STRING)
 
-    # Reference: https://www.holadevs.com/pregunta/64750/change-selected-tab-color-in-ttknotebook
+    # Set theme and colors
+    bg_color = "#f5f5f5"
+    fg_color = "#333333"
+    accent_color = "#2c7fb8"
+    window.configure(background=bg_color)
+
+    # Configure styles
     style = _tkinter_ttk.Style()
-    settings = {"TNotebook.Tab": {"configure": {"padding": [5, 1], "background": "#fdd57e"}, "map": {"background": [("selected", "#C70039"), ("active", "#fc9292")], "foreground": [("selected", "#ffffff"), ("active", "#000000")]}}}
-    style.theme_create("custom", parent="alt", settings=settings)
-    style.theme_use("custom")
+
+    # Try to use a more modern theme if available
+    available_themes = style.theme_names()
+    if 'clam' in available_themes:
+        style.theme_use('clam')
+    elif 'alt' in available_themes:
+        style.theme_use('alt')
+
+    # Configure notebook style
+    style.configure("TNotebook", background=bg_color)
+    style.configure("TNotebook.Tab",
+                   padding=[10, 4],
+                   background="#e1e1e1",
+                   font=('Helvetica', 9))
+    style.map("TNotebook.Tab",
+             background=[("selected", accent_color), ("active", "#7fcdbb")],
+             foreground=[("selected", "white"), ("active", "white")])
+
+    # Configure button style
+    style.configure("TButton",
+                   padding=4,
+                   relief="flat",
+                   background=accent_color,
+                   foreground="white",
+                   font=('Helvetica', 9))
+    style.map("TButton",
+             background=[('active', '#41b6c4')])
 
     # Reference: https://stackoverflow.com/a/10018670
     def center(window):
@@ -138,16 +156,16 @@ def runGui(parser):
         config = {}
 
         for key in window._widgets:
-            dest, type = key
+            dest, widget_type = key
             widget = window._widgets[key]
 
             if hasattr(widget, "get") and not widget.get():
                 value = None
-            elif type == "string":
+            elif widget_type == "string":
                 value = widget.get()
-            elif type == "float":
+            elif widget_type == "float":
                 value = float(widget.get())
-            elif type == "int":
+            elif widget_type == "int":
                 value = int(widget.get())
             else:
                 value = bool(widget.var.get())
@@ -155,7 +173,9 @@ def runGui(parser):
             config[dest] = value
 
         for option in parser.option_list:
-            config[option.dest] = defaults.get(option.dest, None)
+            # Only set default if not already set by the user
+            if option.dest not in config or config[option.dest] is None:
+                config[option.dest] = defaults.get(option.dest, None)
 
         handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
         os.close(handle)
@@ -183,12 +203,20 @@ def runGui(parser):
 
         top = _tkinter.Toplevel()
         top.title("Console")
+        top.configure(background=bg_color)
+
+        # Create a frame for the console
+        console_frame = _tkinter.Frame(top, bg=bg_color)
+        console_frame.pack(fill=_tkinter.BOTH, expand=True, padx=10, pady=10)
 
         # Reference: https://stackoverflow.com/a/13833338
-        text = _tkinter_scrolledtext.ScrolledText(top, undo=True)
+        text = _tkinter_scrolledtext.ScrolledText(console_frame, undo=True, wrap=_tkinter.WORD,
+                                                bg="#2c3e50", fg="#ecf0f1",
+                                                insertbackground="white",
+                                                font=('Consolas', 10))
         text.bind("<Key>", onKeyPress)
         text.bind("<Return>", onReturnPress)
-        text.pack()
+        text.pack(fill=_tkinter.BOTH, expand=True)
         text.focus()
 
         center(top)
@@ -196,7 +224,6 @@ def runGui(parser):
         while True:
             line = ""
             try:
-                # line = queue.get_nowait()
                 line = queue.get(timeout=.1)
                 text.insert(_tkinter.END, line)
             except _queue.Empty:
@@ -206,9 +233,10 @@ def runGui(parser):
                 if not alive:
                     break
 
-    menubar = _tkinter.Menu(window)
+    # Create a menu bar
+    menubar = _tkinter.Menu(window, bg=bg_color, fg=fg_color)
 
-    filemenu = _tkinter.Menu(menubar, tearoff=0)
+    filemenu = _tkinter.Menu(menubar, tearoff=0, bg=bg_color, fg=fg_color)
     filemenu.add_command(label="Open", state=_tkinter.DISABLED)
     filemenu.add_command(label="Save", state=_tkinter.DISABLED)
     filemenu.add_separator()
@@ -217,7 +245,7 @@ def runGui(parser):
 
     menubar.add_command(label="Run", command=run)
 
-    helpmenu = _tkinter.Menu(menubar, tearoff=0)
+    helpmenu = _tkinter.Menu(menubar, tearoff=0, bg=bg_color, fg=fg_color)
     helpmenu.add_command(label="Official site", command=lambda: webbrowser.open(SITE))
     helpmenu.add_command(label="Github pages", command=lambda: webbrowser.open(GIT_PAGE))
     helpmenu.add_command(label="Wiki pages", command=lambda: webbrowser.open(WIKI_PAGE))
@@ -226,59 +254,173 @@ def runGui(parser):
     helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2025\n\n    (%s)" % DEV_EMAIL_ADDRESS))
     menubar.add_cascade(label="Help", menu=helpmenu)
 
-    window.config(menu=menubar)
+    window.config(menu=menubar, bg=bg_color)
     window._widgets = {}
 
-    notebook = AutoresizableNotebook(window)
+    # Create header frame
+    header_frame = _tkinter.Frame(window, bg=bg_color, height=60)
+    header_frame.pack(fill=_tkinter.X, pady=(0, 5))
+    header_frame.pack_propagate(0)
 
-    first = None
-    frames = {}
+    # Add header label
+    title_label = _tkinter.Label(header_frame, text="Configuration",
+                                font=('Helvetica', 14),
+                                fg=accent_color, bg=bg_color)
+    title_label.pack(side=_tkinter.LEFT, padx=15)
 
+    # Add run button in header
+    run_button = _tkinter_ttk.Button(header_frame, text="Run", command=run, width=12)
+    run_button.pack(side=_tkinter.RIGHT, padx=15)
+
+    # Create notebook
+    notebook = _tkinter_ttk.Notebook(window)
+    notebook.pack(expand=1, fill="both", padx=5, pady=(0, 5))
+
+    # Store tab information for background loading
+    tab_frames = {}
+    tab_canvases = {}
+    tab_scrollable_frames = {}
+    tab_groups = {}
+
+    # Create empty tabs with scrollable areas first (fast)
     for group in parser.option_groups:
-        frame = frames[group.title] = _tkinter.Frame(notebook, width=200, height=200)
-        notebook.add(frames[group.title], text=group.title)
+        # Create a frame with scrollbar for the tab
+        tab_frame = _tkinter.Frame(notebook, bg=bg_color)
+        tab_frames[group.title] = tab_frame
 
-        _tkinter.Label(frame).grid(column=0, row=0, sticky=_tkinter.W)
+        # Create a canvas with scrollbar
+        canvas = _tkinter.Canvas(tab_frame, bg=bg_color, highlightthickness=0)
+        scrollbar = _tkinter_ttk.Scrollbar(tab_frame, orient="vertical", command=canvas.yview)
+        scrollable_frame = _tkinter.Frame(canvas, bg=bg_color)
+
+        # Store references
+        tab_canvases[group.title] = canvas
+        tab_scrollable_frames[group.title] = scrollable_frame
+        tab_groups[group.title] = group
+
+        # Configure the canvas scrolling
+        scrollable_frame.bind(
+            "<Configure>",
+            lambda e, canvas=canvas: canvas.configure(scrollregion=canvas.bbox("all"))
+        )
+
+        canvas.create_window((0, 0), window=scrollable_frame, anchor="nw")
+        canvas.configure(yscrollcommand=scrollbar.set)
+
+        # Pack the canvas and scrollbar
+        canvas.pack(side="left", fill="both", expand=True)
+        scrollbar.pack(side="right", fill="y")
+
+        # Add the tab to the notebook
+        notebook.add(tab_frame, text=group.title)
+
+        # Add a loading indicator
+        loading_label = _tkinter.Label(scrollable_frame, text="Loading options...",
+                                     font=('Helvetica', 12),
+                                     fg=accent_color, bg=bg_color)
+        loading_label.pack(expand=True)
+
+    # Function to populate a tab in the background
+    def populate_tab(tab_name):
+        group = tab_groups[tab_name]
+        scrollable_frame = tab_scrollable_frames[tab_name]
+        canvas = tab_canvases[tab_name]
+
+        # Remove loading indicator
+        for child in scrollable_frame.winfo_children():
+            child.destroy()
+
+        # Add content to the scrollable frame
+        row = 0
 
-        row = 1
         if group.get_description():
-            _tkinter.Label(frame, text="%s:" % group.get_description()).grid(column=0, row=1, columnspan=3, sticky=_tkinter.W)
-            _tkinter.Label(frame).grid(column=0, row=2, sticky=_tkinter.W)
-            row += 2
+            desc_label = _tkinter.Label(scrollable_frame, text=group.get_description(),
+                                      wraplength=600, justify="left",
+                                      font=('Helvetica', 9),
+                                      fg="#555555", bg=bg_color)
+            desc_label.grid(row=row, column=0, columnspan=3, sticky="w", padx=10, pady=(10, 5))
+            row += 1
 
         for option in group.option_list:
-            _tkinter.Label(frame, text="%s " % parser.formatter._format_option_strings(option)).grid(column=0, row=row, sticky=_tkinter.W)
+            # Option label
+            option_label = _tkinter.Label(scrollable_frame,
+                                        text=parser.formatter._format_option_strings(option) + ":",
+                                        font=('Helvetica', 9),
+                                        fg=fg_color, bg=bg_color,
+                                        anchor="w")
+            option_label.grid(row=row, column=0, sticky="w", padx=10, pady=2)
 
+            # Input widget
             if option.type == "string":
-                widget = _tkinter.Entry(frame)
+                widget = _tkinter.Entry(scrollable_frame, font=('Helvetica', 9),
+                                      relief="sunken", bd=1, width=20)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             elif option.type == "float":
-                widget = ConstrainedEntry(frame, regex=r"\A\d*\.?\d*\Z")
+                widget = ConstrainedEntry(scrollable_frame, regex=r"\A\d*\.?\d*\Z",
+                                        font=('Helvetica', 9),
+                                        relief="sunken", bd=1, width=10)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             elif option.type == "int":
-                widget = ConstrainedEntry(frame, regex=r"\A\d*\Z")
+                widget = ConstrainedEntry(scrollable_frame, regex=r"\A\d*\Z",
+                                        font=('Helvetica', 9),
+                                        relief="sunken", bd=1, width=10)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             else:
                 var = _tkinter.IntVar()
-                widget = _tkinter.Checkbutton(frame, variable=var)
+                widget = _tkinter.Checkbutton(scrollable_frame, variable=var,
+                                            bg=bg_color, activebackground=bg_color)
                 widget.var = var
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
 
-            first = first or widget
-            widget.grid(column=1, row=row, sticky=_tkinter.W)
+            # Help text (truncated to improve performance)
+            help_text = option.help
+            if len(help_text) > 100:
+                help_text = help_text[:100] + "..."
 
+            help_label = _tkinter.Label(scrollable_frame, text=help_text,
+                                      font=('Helvetica', 8),
+                                      fg="#666666", bg=bg_color,
+                                      wraplength=400, justify="left")
+            help_label.grid(row=row, column=2, sticky="w", padx=5, pady=2)
+
+            # Store widget reference
             window._widgets[(option.dest, option.type)] = widget
 
+            # Set default value
             default = defaults.get(option.dest)
             if default:
                 if hasattr(widget, "insert"):
                     widget.insert(0, default)
-
-            _tkinter.Label(frame, text=" %s" % option.help).grid(column=2, row=row, sticky=_tkinter.W)
+                elif hasattr(widget, "var"):
+                    widget.var.set(1 if default else 0)
 
             row += 1
 
-        _tkinter.Label(frame).grid(column=0, row=row, sticky=_tkinter.W)
+        # Add some padding at the bottom
+        _tkinter.Label(scrollable_frame, bg=bg_color, height=1).grid(row=row, column=0)
 
-    notebook.pack(expand=1, fill="both")
-    notebook.enable_traversal()
+        # Update the scroll region after adding all widgets
+        canvas.update_idletasks()
+        canvas.configure(scrollregion=canvas.bbox("all"))
 
-    first.focus()
+        # Update the UI to show the tab is fully loaded
+        window.update_idletasks()
 
+    # Function to populate tabs in the background
+    def populate_tabs_background():
+        for tab_name in tab_groups.keys():
+            # Schedule each tab to be populated with a small delay between them
+            window.after(100, lambda name=tab_name: populate_tab(name))
+
+    # Start populating tabs in the background after a short delay
+    window.after(500, populate_tabs_background)
+
+    # Set minimum window size
+    window.update()
+    window.minsize(800, 500)
+
+    # Center the window on screen
+    center(window)
+
+    # Start the GUI
     window.mainloop()

lib/core/option.py

@@ -11,6 +11,7 @@ import codecs
 import functools
 import glob
 import inspect
+import json
 import logging
 import os
 import random
@@ -938,8 +939,8 @@ def _setPreprocessFunctions():
                     handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py")
                     os.close(handle)
 
-                    openFile(filename, "w+b").write("#!/usr/bin/env\n\ndef preprocess(req):\n    pass\n")
-                    openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass")
+                    openFile(filename, "w+").write("#!/usr/bin/env\n\ndef preprocess(req):\n    pass\n")
+                    openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+").write("pass")
 
                     errMsg = "function 'preprocess(req)' "
                     errMsg += "in preprocess script '%s' " % script
@@ -1128,13 +1129,17 @@ def _setHTTPHandlers():
                 errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, getSafeExString(ex))
                 raise SqlmapSyntaxException(errMsg)
 
-            hostnamePort = _.netloc.rsplit(":", 1)
+            match = re.search(r"\A([^:]*):([^:]*)@([^@]+)\Z", _.netloc)
+            if match:
+                username, password = match.group(1), match.group(2)
+            else:
+                username, password = None, None
+
+            hostnamePort = _.netloc.rsplit('@', 1)[-1].rsplit(":", 1)
 
             scheme = _.scheme.upper()
             hostname = hostnamePort[0]
             port = None
-            username = None
-            password = None
 
             if len(hostnamePort) == 2:
                 try:
@@ -1405,10 +1410,10 @@ def _setHTTPExtraHeaders():
         debugMsg = "setting extra HTTP headers"
         logger.debug(debugMsg)
 
-        if "\n" in conf.headers:
-            conf.headers = conf.headers.replace("\r\n", "\n").split("\n")
-        elif "\\n" in conf.headers:
+        if "\\n" in conf.headers:
             conf.headers = conf.headers.replace("\\r\\n", "\\n").split("\\n")
+        else:
+            conf.headers = conf.headers.replace("\r\n", "\n").split("\n")
 
         for headerValue in conf.headers:
             if not headerValue.strip():
@@ -1656,6 +1661,8 @@ def _createTemporaryDirectory():
             errMsg += "temporary directory location ('%s')" % getSafeExString(ex)
             raise SqlmapSystemException(errMsg)
 
+    conf.tempDirs.append(tempfile.tempdir)
+
     if six.PY3:
         _pympTempLeakPatch(kb.tempDir)
 
@@ -1981,6 +1988,8 @@ def _setConfAttributes():
     conf.dbmsHandler = None
     conf.dnsServer = None
     conf.dumpPath = None
+    conf.fileWriteType = None
+    conf.HARCollectorFactory = None
     conf.hashDB = None
     conf.hashDBFile = None
     conf.httpCollector = None
@@ -1997,9 +2006,8 @@ def _setConfAttributes():
     conf.resultsFP = None
     conf.scheme = None
     conf.tests = []
+    conf.tempDirs = []
     conf.trafficFP = None
-    conf.HARCollectorFactory = None
-    conf.fileWriteType = None
 
 def _setKnowledgeBaseAttributes(flushAll=True):
     """
@@ -2513,7 +2521,7 @@ def _setTorSocksProxySettings():
     socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)
     socks.wrapmodule(_http_client)
 
-def _setHttpChunked():
+def _setHttpOptions():
     if conf.chunked and conf.data:
         if hasattr(_http_client.HTTPConnection, "_set_content_length"):
             _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None
@@ -2527,7 +2535,10 @@ def _setHttpChunked():
 
             _http_client.HTTPConnection.putheader = putheader
 
-def _checkWebSocket():
+    if conf.http10:
+        _http_client.HTTPConnection._http_vsn = 10
+        _http_client.HTTPConnection._http_vsn_str = 'HTTP/1.0'
+
     if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
         try:
             from websocket import ABNF
@@ -2544,11 +2555,12 @@ def _checkTor():
     logger.info(infoMsg)
 
     try:
-        page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
-    except SqlmapConnectionException:
-        page = None
+        page, _, _ = Request.getPage(url="https://check.torproject.org/api/ip", raise404=False)
+        tor_status = json.loads(page)
+    except (SqlmapConnectionException, TypeError, ValueError):
+        tor_status = None
 
-    if not page or "Congratulations" not in page:
+    if not tor_status or not tor_status.get("IsTor"):
         errMsg = "it appears that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
         raise SqlmapConnectionException(errMsg)
     else:
@@ -2913,8 +2925,7 @@ def init():
     _setPostprocessFunctions()
     _setTrafficOutputFP()
     _setupHTTPCollector()
-    _setHttpChunked()
-    _checkWebSocket()
+    _setHttpOptions()
 
     parseTargetDirect()
 

lib/core/patch.py

@@ -99,6 +99,15 @@ def dirtyPatches():
         else:
             os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size))
 
+    # Reference: https://github.com/sqlmapproject/sqlmap/issues/5929
+    try:
+        global collections
+        if not hasattr(collections, "MutableSet"):
+            import collections.abc
+            collections.MutableSet = collections.abc.MutableSet
+    except ImportError:
+        pass
+
     # Reference: https://github.com/sqlmapproject/sqlmap/issues/5727
     # Reference: https://stackoverflow.com/a/14076841
     try:

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.6.0"
+VERSION = "1.9.12.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -61,21 +61,21 @@ LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
 
 # For filling in case of dumb push updates
-DUMMY_JUNK = "ahy9Ouge"
+DUMMY_JUNK = "Aich8ooT"
 
 # Markers for special cases when parameter values contain html encoded characters
-PARAMETER_AMP_MARKER = "__AMP__"
-PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
-BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__"
-PARAMETER_PERCENTAGE_MARKER = "__PERCENTAGE__"
+PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"
+PARAMETER_SEMICOLON_MARKER = "__PARAMETER_SEMICOLON__"
+BOUNDARY_BACKSLASH_MARKER = "__BOUNDARY_BACKSLASH__"
+PARAMETER_PERCENTAGE_MARKER = "__PARAMETER_PERCENTAGE__"
 PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"
 PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
-URI_QUESTION_MARKER = "__QUESTION__"
+URI_QUESTION_MARKER = "__URI_QUESTION__"
 ASTERISK_MARKER = "__ASTERISK__"
 REPLACEMENT_MARKER = "__REPLACEMENT__"
 BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__"
 BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__"
-SAFE_VARIABLE_MARKER = "__SAFE__"
+SAFE_VARIABLE_MARKER = "__SAFE_VARIABLE__"
 SAFE_HEX_MARKER = "__SAFE_HEX__"
 DOLLAR_MARKER = "__DOLLAR__"
 
@@ -97,13 +97,13 @@ SELECT_FROM_TABLE_REGEX = r"\bSELECT\b.+?\bFROM\s+(?P<result>([\w.]|`[^`<>]+`)+)
 TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"
 
 # Regular expression used for recognition of generic permission messages
-PERMISSION_DENIED_REGEX = r"(?P<result>(command|permission|access)\s*(was|is)?\s*denied)"
+PERMISSION_DENIED_REGEX = r"\b(?P<result>(command|permission|access|user)\s*(was|is|has been)?\s*(denied|forbidden|unauthorized|rejected|not allowed))"
 
 # Regular expression used in recognition of generic protection mechanisms
 GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b"
 
 # Regular expression used to detect errors in fuzz(y) UNION test
-FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|comparable|compatible|conversion|converting|failed|error"
+FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|mismatch|comparable|compatible|conversion|convert|failed|error|unexpected"
 
 # Upper threshold for starting the fuzz(y) UNION test
 FUZZ_UNION_MAX_COLUMNS = 10
@@ -142,13 +142,13 @@ BING_REGEX = r'<h2><a href="([^"]+)" h='
 DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
 
 # Regular expression used for extracting content from "textual" tags
-TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
+TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h[1-6]|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
 
 # Regular expression used for recognition of IP addresses
 IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"
 
 # Regular expression used for recognition of generic "your ip has been blocked" messages
-BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)"
+BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block\s?list|firewall)"
 
 # Dumping characters used in GROUP_CONCAT MySQL technique
 CONCAT_ROW_DELIMITER = ','
@@ -264,16 +264,16 @@ IS_WIN = PLATFORM == "nt"
 IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno())
 
 # DBMS system databases
-MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB")
-MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys")
-PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent")
+MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB", "distribution", "mssqlsystemresource")
+MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys", "ndbinfo")
+PGSQL_SYSTEM_DBS = ("postgres", "template0", "template1", "information_schema", "pg_catalog", "pg_toast", "pgagent")
 ORACLE_SYSTEM_DBS = ("ADAMS", "ANONYMOUS", "APEX_030200", "APEX_PUBLIC_USER", "APPQOSSYS", "AURORA$ORB$UNAUTHENTICATED", "AWR_STAGE", "BI", "BLAKE", "CLARK", "CSMIG", "CTXSYS", "DBSNMP", "DEMO", "DIP", "DMSYS", "DSSYS", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "HR", "IX", "JONES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OC", "OE", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "PAPER", "PERFSTAT", "PM", "SCOTT", "SH", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "TRACESVR", "TSMSYS", "WK_TEST", "WKPROXY", "WKSYS", "WMSYS", "XDB", "XS$NULL")
 SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")
-ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2")
+ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2", "MSysNavPaneGroupCategories", "MSysNavPaneGroups", "MSysNavPaneGroupToObjects", "MSysNavPaneObjectIDs")
 FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")
 MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")
-SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs")
-DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
+SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs", "tempdb")
+DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS", "SYSDEBUG", "SYSINST")
 HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")
 H2_SYSTEM_DBS = ("INFORMATION_SCHEMA",) + ("IGNITE", "ignite-sys-cache")
 INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")
@@ -295,7 +295,7 @@ VIRTUOSO_SYSTEM_DBS = ("",)
 
 # Note: (<regular>) + (<forks>)
 MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
-MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle")
+MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle", "doris", "starrocks")
 PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss")
 ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")
 SQLITE_ALIASES = ("sqlite", "sqlite3")
@@ -430,7 +430,7 @@ META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</h
 META_REFRESH_REGEX = r'(?i)<meta http-equiv="?refresh"?[^>]+content="?[^">]+;\s*(url=)?["\']?(?P<result>[^\'">]+)'
 
 # Regular expression used for parsing Javascript redirect request
-JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=["\'](?P<result>[^"\']+)'
+JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=\s*["\'](?P<result>[^"\']+)'
 
 # Regular expression used for parsing empty fields in tested form data
 EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'
@@ -439,7 +439,7 @@ EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'
 COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18")
 
 # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
-COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ", ", "@")
+COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@")
 
 # Splitter used between requests in WebScarab log files
 WEBSCARAB_SPLITTER = "### Conversation"
@@ -547,7 +547,7 @@ IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATO
 ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"
 
 # Regex for Google analytics cookie names
-GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(__utm|_ga|_gid|_gat|_gcl_au)"
+GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(_ga|_gid|_gat|_gcl_au|__utm[abcz])"
 
 # Prefix for configuration overriding environment variables
 SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"
@@ -613,7 +613,7 @@ DUMMY_SQL_INJECTION_CHARS = ";()'"
 DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\(RAND)\b"
 
 # Extensions skipped by crawler
-CRAWL_EXCLUDE_EXTENSIONS = ("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab", "caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief", "image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "z", "zip", "zipx")
+CRAWL_EXCLUDE_EXTENSIONS = frozenset(("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "accdb", "access", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bin", "bk", "bkp", "bmp", "btif", "bz2", "c", "cab", "caf", "cfg", "cgm", "cmx", "com", "conf", "config", "cpio", "cpp", "cr2", "cue", "dat", "db", "dbf", "deb", "debug", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "dylib", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "elf", "env", "eol", "eot", "epub", "error", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "go", "gz", "h", "h261", "h263", "h264", "ico", "ief", "img", "ini", "ipa", "iso", "jar", "java", "jpeg", "jpg", "jpgv", "jpm", "js", "jxr", "ktx", "lock", "log", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdb", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "msi", "mxu", "nef", "npx", "nrg", "o", "oga", "ogg", "ogv", "old", "otf", "ova", "ovf", "pbm", "pcx", "pdf", "pea", "pgm", "php", "pic", "pid", "pkg", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "py", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rb", "rgb", "rip", "rlc", "rs", "run", "rz", "s3m", "s7z", "scm", "scpt", "service", "sgi", "shar", "sil", "smv", "so", "sock", "socket", "sqlite", "sqlitedb", "sub", "svc", "swf", "swo", "swp", "sys", "tar", "tbz2", "temp", "tga", "tgz", "tif", "tiff", "tlz", "tmp", "toast", "torrent", "ts", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "vbox", "vdi", "vhd", "vhdx", "viv", "vmdk", "vmx", "vob", "vxd", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "yaml", "yml", "z", "zip", "zipx"))
 
 # Patterns often seen in HTTP headers containing custom injection marking character '*'
 PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
@@ -634,10 +634,10 @@ LAST_UPDATE_NAGGING_DAYS = 180
 MIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05
 
 # Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)
-CHECK_INTERNET_ADDRESS = "http://ipinfo.io/json"
+CHECK_INTERNET_ADDRESS = "http://www.google.com/generate_204"
 
-# Value to look for in response to CHECK_INTERNET_ADDRESS
-CHECK_INTERNET_VALUE = '"ip":'
+# HTTP code to look in response to CHECK_INTERNET_ADDRESS
+CHECK_INTERNET_CODE = 204
 
 # Payload used for checking of existence of WAF/IPS (dummier the better)
 IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
@@ -689,7 +689,7 @@ PARAMETER_SPLITTING_REGEX = r"[,|;]"
 UNENCODED_ORIGINAL_VALUE = "original"
 
 # Common column names containing usernames (used for hash cracking in some cases)
-COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "account", "account_name", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser")
+COMMON_USER_COLUMNS = frozenset(("login", "user", "uname", "username", "user_name", "user_login", "account", "account_name", "auth_user", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser"))
 
 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
@@ -893,7 +893,7 @@ ZIP_HEADER = b"\x50\x4b\x03\x04"
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 
 # Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
-CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token")
+CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token", "nonce")
 
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
@@ -941,6 +941,7 @@ td{
 }
 th{
     font-size:12px;
+    cursor:pointer;
 }
 </style>"""
 

lib/core/threads.py

@@ -166,8 +166,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                 _threadFunction()
             except (SqlmapUserQuitException, SqlmapSkipTargetException):
                 pass
-            finally:
-                return
+            return
 
         kb.multiThreadMode = True
 

lib/core/update.py

@@ -110,7 +110,7 @@ def update():
 
                         filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py")
                         if os.path.isfile(filepath):
-                            with openFile(filepath, "rb") as f:
+                            with openFile(filepath, "r") as f:
                                 version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1)
                                 logger.info("updated to the latest version '%s#dev'" % version)
                                 success = True

lib/parse/cmdline.py

@@ -177,6 +177,9 @@ def cmdLineParser(argv=None):
         request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
             help="Ignore Set-Cookie header from response")
 
+        request.add_argument("--http1.0", dest="http10", action="store_true",
+            help="Use HTTP version 1.0 (old)")
+
         request.add_argument("--http2", dest="http2", action="store_true",
             help="Use HTTP version 2 (experimental)")
 
@@ -408,6 +411,9 @@ def cmdLineParser(argv=None):
         techniques.add_argument("--time-sec", dest="timeSec", type=int,
             help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)
 
+        techniques.add_argument("--disable-stats", dest="disableStats", action="store_true",
+            help="Disable the statistical model for detecting the delay")
+
         techniques.add_argument("--union-cols", dest="uCols",
             help="Range of columns to test for UNION query SQL injection")
 
@@ -827,9 +833,6 @@ def cmdLineParser(argv=None):
         parser.add_argument("--disable-precon", dest="disablePrecon", action="store_true",
             help=SUPPRESS)
 
-        parser.add_argument("--disable-stats", dest="disableStats", action="store_true",
-            help=SUPPRESS)
-
         parser.add_argument("--profile", dest="profile", action="store_true",
             help=SUPPRESS)
 

lib/request/basic.py

@@ -402,7 +402,7 @@ def processResponse(page, responseHeaders, code=None, status=None):
                             kb.identifiedWafs.add(waf)
                             errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
                             singleTimeLogMessage(errMsg, logging.CRITICAL)
-            except SystemError as ex:
+            except Exception as ex:
                 singleTimeWarnMessage("internal error occurred in WAF/IPS detection ('%s')" % getSafeExString(ex))
 
     if kb.originalPage is None:

lib/request/comparison.py

@@ -21,9 +21,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapNoneDataException
-from lib.core.exception import SqlmapSilentQuitException
 from lib.core.settings import DEFAULT_PAGE_ENCODING
-from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DIFF_TOLERANCE
 from lib.core.settings import HTML_TITLE_REGEX
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -37,14 +35,16 @@ from lib.core.threads import getCurrentThreadData
 from thirdparty import six
 
 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
-    try:
-        _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
-        return _
-    except:
-        warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. "
-        warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS
-        logger.critical(warnMsg)
-        raise SqlmapSilentQuitException
+    if not isinstance(page, (six.text_type, six.binary_type, type(None))):
+        logger.critical("got page of type %s; repr(page)[:200]=%s" % (type(page), repr(page)[:200]))
+
+        try:
+            page = b"".join(page)
+        except:
+            page = six.text_type(page)
+
+    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
+    return _
 
 def _adjust(condition, getRatioValue):
     if not any((conf.string, conf.notString, conf.regexp, conf.code)):

lib/request/connect.py

@@ -1243,7 +1243,7 @@ class Connect(object):
                     warnMsg += ". sqlmap is going to retry the request"
                     logger.warning(warnMsg)
 
-                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, post=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, post=conf.csrfData or (conf.data if conf.csrfUrl == conf.url and (conf.csrfMethod or "").upper() == HTTPMETHOD.POST else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
                 page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
 
                 match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)

lib/request/httpshandler.py

@@ -92,7 +92,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         break
                     else:
                         sock.close()
-                except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
+                except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
                     self._tunnel_host = None
                     logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
 

lib/request/redirecthandler.py

@@ -76,16 +76,10 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
         redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None
 
         try:
-            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
+            content = fp.fp.read(MAX_CONNECTION_TOTAL_SIZE)
+            fp.fp = io.BytesIO(content)
         except:  # e.g. IncompleteRead
             content = b""
-        finally:
-            if content:
-                try:  # try to write it back to the read buffer so we could reuse it in further steps
-                    fp.fp._rbuf.truncate(0)
-                    fp.fp._rbuf.write(content)
-                except:
-                    pass
 
         content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))
 
@@ -194,7 +188,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
         result.redurl = getUnicode(redurl) if six.PY3 else redurl
         return result
 
-    http_error_301 = http_error_303 = http_error_307 = http_error_302
+    http_error_301 = http_error_303 = http_error_307 = http_error_308 = http_error_302
 
     def _infinite_loop_check(self, req):
         if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):

lib/takeover/abstraction.py

@@ -143,6 +143,8 @@ class Abstraction(Web, UDF, XP_cmdshell):
             try:
                 command = _input("os-shell> ")
                 command = getUnicode(command, encoding=sys.stdin.encoding)
+            except UnicodeDecodeError:
+                pass
             except KeyboardInterrupt:
                 print()
                 errMsg = "user aborted"

lib/techniques/blind/inference.py

@@ -221,7 +221,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 markingValue = "'%s'" % CHAR_INFERENCE_MARK
                 unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
                 forgedPayload = agent.extractPayload(payload) or ""
-                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue)).replace(markingValue, unescapedCharValue)
+                forgedPayload = forgedPayload.replace(markingValue, unescapedCharValue)
+                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue))
                 result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False)
                 incrementCounter(getTechnique())
 
@@ -246,7 +247,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 # e.g.: ... > '%c' -> ... > ORD(..)
                 markingValue = "'%s'" % CHAR_INFERENCE_MARK
                 unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value))
-                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
+                forgedPayload = validationPayload.replace(markingValue, unescapedCharValue)
+                forgedPayload = safeStringFormat(forgedPayload, (expressionUnescaped, idx))
 
             result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
@@ -352,7 +354,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         # e.g.: ... > '%c' -> ... > ORD(..)
                         markingValue = "'%s'" % CHAR_INFERENCE_MARK
                         unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
-                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
+                        forgedPayload = payload.replace(markingValue, unescapedCharValue)
+                        forgedPayload = safeStringFormat(forgedPayload, (expressionUnescaped, idx))
                         falsePayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, NULL)
 
                     if timeBasedCompare:

lib/utils/deps.py

@@ -32,7 +32,7 @@ def checkDependencies():
             elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB):
                 __import__("psycopg2")
             elif dbmsName == DBMS.ORACLE:
-                __import__("cx_Oracle")
+                __import__("oracledb")
             elif dbmsName == DBMS.SQLITE:
                 __import__("sqlite3")
             elif dbmsName == DBMS.ACCESS:

lib/utils/har.py

@@ -162,6 +162,9 @@ class Response(object):
         response = _http_client.HTTPResponse(FakeSocket(altered))
         response.begin()
 
+        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5942
+        response.length = len(raw[raw.find(b"\r\n\r\n") + 4:])
+
         try:
             content = response.read()
         except _http_client.IncompleteRead:

lib/utils/hash.py

@@ -478,6 +478,16 @@ def vbulletin_passwd(password, salt, **kwargs):
 
     return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt)
 
+def oscommerce_old_passwd(password, salt, **kwargs):
+    """
+    Reference: http://ryanuber.com/09-24-2010/os-commerce-password-hashing.html
+
+    >>> oscommerce_old_passwd(password='testpass', salt='6b')
+    '16d39816e4545b3179f86f2d2d549af4:6b'
+    """
+
+    return "%s:%s" % (md5(getBytes(salt) + getBytes(password)).hexdigest(), salt)
+
 def phpass_passwd(password, salt, count, prefix, **kwargs):
     """
     Reference(s):
@@ -570,6 +580,7 @@ __functions__ = {
     HASH.APACHE_SHA1: apache_sha1_passwd,
     HASH.VBULLETIN: vbulletin_passwd,
     HASH.VBULLETIN_OLD: vbulletin_passwd,
+    HASH.OSCOMMERCE_OLD: oscommerce_old_passwd,
     HASH.SSHA: ssha_passwd,
     HASH.SSHA256: ssha256_passwd,
     HASH.SSHA512: ssha512_passwd,
@@ -1055,7 +1066,7 @@ def dictionaryAttack(attack_dict):
                             item = [(user, hash_), {"salt": hash_[0:2]}]
                         elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
                             item = [(user, hash_), {"salt": hash_.split('$')[2], "magic": "$%s$" % hash_.split('$')[1]}]
-                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
+                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.OSCOMMERCE_OLD):
                             item = [(user, hash_), {"salt": hash_.split(':')[-1]}]
                         elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1):
                             item = [(user, hash_), {"salt": hash_.split('$')[1]}]
@@ -1302,8 +1313,12 @@ def crackHashFile(hashFile):
     i = 0
     attack_dict = {}
 
+    check = None
     for line in getFileItems(conf.hashFile):
-        if ':' in line:
+        if check is None and not attack_dict and ':' in line:
+            check = any(re.search(_, line) for _ in getPublicTypeMembers(HASH, True))
+
+        if ':' in line and check is False:
             user, hash_ = line.split(':', 1)
             attack_dict[user] = [hash_]
         else:

plugins/dbms/access/fingerprint.py

@@ -162,7 +162,7 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "confirming %s" % DBMS.ACCESS
             logger.info(infoMsg)
 
-            result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
+            result = inject.checkBooleanExpression("IIF(ATN(2) IS NOT NULL,1,0) BETWEEN 2 AND 0")
 
             if not result:
                 warnMsg = "the back-end DBMS is not %s" % DBMS.ACCESS

plugins/dbms/mimersql/fingerprint.py

@@ -68,7 +68,7 @@ class Fingerprint(GenericFingerprint):
         infoMsg = "testing %s" % DBMS.MIMERSQL
         logger.info(infoMsg)
 
-        result = inject.checkBooleanExpression("IRAND()>=0")
+        result = inject.checkBooleanExpression("IRAND() IS NOT NULL")
 
         if result:
             infoMsg = "confirming %s" % DBMS.MIMERSQL

plugins/dbms/mysql/connector.py

@@ -12,6 +12,7 @@ except:
 
 import logging
 import struct
+import sys
 
 from lib.core.common import getSafeExString
 from lib.core.data import conf
@@ -33,7 +34,7 @@ class Connector(GenericConnector):
         self.initConnection()
 
         try:
-            self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
+            self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password.encode(sys.stdin.encoding), db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
         except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError, struct.error) as ex:
             raise SqlmapConnectionException(getSafeExString(ex))
 

plugins/dbms/mysql/fingerprint.py

@@ -45,14 +45,15 @@ class Fingerprint(GenericFingerprint):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
+            (90300, 90302),  # MySQL 9.3
             (90200, 90202),  # MySQL 9.2
             (90100, 90102),  # MySQL 9.1
             (90000, 90002),  # MySQL 9.0
-            (80400, 80405),  # MySQL 8.4
+            (80400, 80406),  # MySQL 8.4
             (80300, 80302),  # MySQL 8.3
             (80200, 80202),  # MySQL 8.2
             (80100, 80102),  # MySQL 8.1
-            (80000, 80041),  # MySQL 8.0
+            (80000, 80043),  # MySQL 8.0
             (60000, 60014),  # MySQL 6.0
             (50700, 50745),  # MySQL 5.7
             (50600, 50652),  # MySQL 5.6
@@ -103,6 +104,10 @@ class Fingerprint(GenericFingerprint):
                 fork = FORK.DRIZZLE
             elif inject.checkBooleanExpression("@@VERSION_COMMENT LIKE '%Percona%'"):
                 fork = FORK.PERCONA
+            elif inject.checkBooleanExpression("@@VERSION_COMMENT LIKE '%Doris%'"):
+                fork = FORK.DORIS
+            elif inject.checkBooleanExpression("@@VERSION_COMMENT LIKE '%StarRocks%'"):
+                fork = FORK.STARROCKS
             elif inject.checkBooleanExpression("AURORA_VERSION() LIKE '%'"):            # Reference: https://aws.amazon.com/premiumsupport/knowledge-center/aurora-version-number/
                 fork = FORK.AURORA
             else:
@@ -188,7 +193,7 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "confirming %s" % DBMS.MYSQL
             logger.info(infoMsg)
 
-            result = inject.checkBooleanExpression("SESSION_USER() LIKE USER()")
+            result = inject.checkBooleanExpression("COALESCE(SESSION_USER(),USER()) IS NOT NULL")
 
             if not result:
                 # Note: MemSQL doesn't support SESSION_USER()

plugins/dbms/oracle/connector.py

@@ -6,8 +6,8 @@ See the file 'LICENSE' for copying permission
 """
 
 try:
-    import cx_Oracle
-except:
+    import oracledb
+except ImportError:
     pass
 
 import logging
@@ -25,32 +25,26 @@ os.environ["NLS_LANG"] = ".AL32UTF8"
 
 class Connector(GenericConnector):
     """
-    Homepage: https://oracle.github.io/python-cx_Oracle/
-    User https://cx-oracle.readthedocs.io/en/latest/
-    API: https://wiki.python.org/moin/DatabaseProgramming
-    License: https://cx-oracle.readthedocs.io/en/latest/license.html#license
+    Homepage: https://oracle.github.io/python-oracledb/
+    User: https://python-oracledb.readthedocs.io/en/latest/
+    License: https://github.com/oracle/python-oracledb/blob/main/LICENSE.txt
     """
 
     def connect(self):
         self.initConnection()
-        # Reference: https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html
-        self.__dsn = "%s:%d/%s" % (self.hostname, self.port, self.db)
+
         self.user = getText(self.user)
         self.password = getText(self.password)
 
         try:
-            self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA)
+            dsn = oracledb.makedsn(self.hostname, self.port, service_name=self.db)
+            self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn, mode=oracledb.AUTH_MODE_SYSDBA)
             logger.info("successfully connected as SYSDBA")
-        except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:
-            if "Oracle Client library" in getSafeExString(ex):
-                msg = re.sub(r"DPI-\d+:\s+", "", getSafeExString(ex))
-                msg = re.sub(r': ("[^"]+")', r" (\g<1>)", msg)
-                msg = re.sub(r". See (http[^ ]+)", r'. See "\g<1>"', msg)
-                raise SqlmapConnectionException(msg)
-
+        except oracledb.DatabaseError as ex:
+            # Try again without SYSDBA
             try:
-                self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
-            except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:
+                self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn)
+            except oracledb.DatabaseError as ex:
                 raise SqlmapConnectionException(ex)
 
         self.initCursor()
@@ -59,7 +53,7 @@ class Connector(GenericConnector):
     def fetchall(self):
         try:
             return self.cursor.fetchall()
-        except cx_Oracle.InterfaceError as ex:
+        except oracledb.InterfaceError as ex:
             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
             return None
 
@@ -69,11 +63,10 @@ class Connector(GenericConnector):
         try:
             self.cursor.execute(getText(query))
             retVal = True
-        except cx_Oracle.DatabaseError as ex:
+        except oracledb.DatabaseError as ex:
             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
 
         self.connector.commit()
-
         return retVal
 
     def select(self, query):

plugins/dbms/postgresql/connector.py

@@ -34,7 +34,7 @@ class Connector(GenericConnector):
 
         try:
             self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
-        except psycopg2.OperationalError as ex:
+        except (psycopg2.OperationalError, UnicodeDecodeError) as ex:
             raise SqlmapConnectionException(getSafeExString(ex))
 
         self.connector.set_client_encoding('UNICODE')

plugins/dbms/postgresql/fingerprint.py

@@ -141,7 +141,7 @@ class Fingerprint(GenericFingerprint):
                 Backend.setVersion(">= 15.0")
             elif inject.checkBooleanExpression("BIT_COUNT(NULL) IS NULL"):
                 Backend.setVersion(">= 14.0")
-            elif inject.checkBooleanExpression("GEN_RANDOM_UUID() IS NOT NULL"):
+            elif inject.checkBooleanExpression("NULL::anycompatible IS NULL"):
                 Backend.setVersion(">= 13.0")
             elif inject.checkBooleanExpression("SINH(0)=0"):
                 Backend.setVersion(">= 12.0")

plugins/dbms/sqlite/fingerprint.py

@@ -93,7 +93,7 @@ class Fingerprint(GenericFingerprint):
                 infoMsg = "actively fingerprinting %s" % DBMS.SQLITE
                 logger.info(infoMsg)
 
-                result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
+                result = inject.checkBooleanExpression("RANDOMBLOB(-1) IS NOT NULL")
                 version = '3' if result else '2'
                 Backend.setVersion(version)
 

plugins/generic/filesystem.py

@@ -16,6 +16,8 @@ from lib.core.common import dataToOutFile
 from lib.core.common import decloakToTemp
 from lib.core.common import decodeDbmsHexValue
 from lib.core.common import isListLike
+from lib.core.common import isNoneValue
+from lib.core.common import isNullValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
@@ -243,8 +245,9 @@ class Filesystem(object):
 
             kb.fileReadMode = False
 
-            if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
+            if (isNoneValue(fileContent) or isNullValue(fileContent)) and not Backend.isDbms(DBMS.PGSQL):
                 self.cleanup(onlyFileTbl=True)
+                fileContent = None
             elif isListLike(fileContent):
                 newFileContent = ""
 

sqlmap.conf

@@ -61,6 +61,10 @@ loadCookies =
 # Valid: True or False
 dropSetCookie = False
 
+# Use HTTP version 1.0 (old).
+# Valid: True or False
+http10 = False
+
 # Use HTTP version 2 (experimental).
 # Valid: True or False
 http2 = False
@@ -401,6 +405,10 @@ technique = BEUSTQ
 # Default: 5
 timeSec = 5
 
+# Disable the statistical model for detecting the delay.
+# Valid: True or False
+disableStats = False
+
 # Range of columns to test for.
 # Valid: range of integers
 # Example: 1-10

sqlmap.py

@@ -347,6 +347,12 @@ def main():
             logger.critical(errMsg)
             raise SystemExit
 
+        elif all(_ in excMsg for _ in ("httpcore", "typing.", "AttributeError")):
+            errMsg = "please update the 'httpcore' package (>= 1.0.8) "
+            errMsg += "(Reference: 'https://github.com/encode/httpcore/discussions/995')"
+            logger.critical(errMsg)
+            raise SystemExit
+
         elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None:
             errMsg = "please upgrade the Python version (>= 3.5) "
             errMsg += "(Reference: 'https://bugs.python.org/issue18183')"
@@ -513,6 +519,11 @@ def main():
             logger.critical(errMsg)
             raise SystemExit
 
+        elif "'cryptography' package is required" in excMsg:
+            errMsg = "third-party library 'cryptography' is required"
+            logger.critical(errMsg)
+            raise SystemExit
+
         elif "AttributeError: 'module' object has no attribute 'F_GETFD'" in excMsg:
             errMsg = "invalid runtime (\"%s\") " % excMsg.split("Error: ")[-1].strip()
             errMsg += "(Reference: 'https://stackoverflow.com/a/38841364' & 'https://bugs.python.org/issue24944#msg249231')"
@@ -543,7 +554,7 @@ def main():
         errMsg = maskSensitiveData(errMsg)
         excMsg = maskSensitiveData(excMsg)
 
-        if conf.get("api") or not valid or kb.lastCtrlCTime:
+        if conf.get("api") or not valid or kb.get("lastCtrlCTime"):
             logger.critical("%s\n%s" % (errMsg, excMsg))
         else:
             logger.critical(errMsg)
@@ -562,17 +573,17 @@ def main():
 
         kb.threadException = True
 
-        if kb.get("tempDir"):
+        for tempDir in conf.get("tempDirs", []):
             for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
-                for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
+                for filepath in glob.glob(os.path.join(tempDir, "%s*" % prefix)):
                     try:
                         os.remove(filepath)
                     except OSError:
                         pass
 
-            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
+            if any((conf.vulnTest, conf.smokeTest)) or not filterNone(filepath for filepath in glob.glob(os.path.join(tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
                 try:
-                    shutil.rmtree(kb.tempDir, ignore_errors=True)
+                    shutil.rmtree(tempDir, ignore_errors=True)
                 except OSError:
                     pass
 
@@ -596,7 +607,7 @@ def main():
 
         # short delay for thread finalization
         _ = time.time()
-        while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:
+        while threading.active_count() > 1 and (time.time() - _) < THREAD_FINALIZATION_TIMEOUT:
             time.sleep(0.01)
 
         if cmdLineOptions.get("sqlmapShell"):

thirdparty/identywaf/identYwaf.py

@@ -63,11 +63,11 @@ NAME = "identYwaf"
 VERSION = "1.0.131"
 BANNER = r"""
                                    ` __ __ `
- ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____ 
+ ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____
 l    j|   \    /  _]|    \ |      T`|  |  |`|  T__T  T /    T|   __|
  |  T |    \  /  [_ |  _  Yl_j  l_j`|  ~  |`|  |  |  |Y  o  ||  l_
  |  | |  D  YY    _]|  |  |  |  |  `|___  |`|  |  |  ||     ||   _|
- j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ] 
+ j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ]
 |____jl_____jl_____jl__j__j  l__j  `l____/ `  \_/\_/  l__j__jl__j  (%s)%s""".strip("\n") % (VERSION, "\n")
 
 RAW, TEXT, HTTPCODE, SERVER, TITLE, HTML, URL = xrange(7)
@@ -338,7 +338,7 @@ def load_data():
     global WAF_RECOGNITION_REGEX
 
     if os.path.isfile(DATA_JSON_FILE):
-        with codecs.open(DATA_JSON_FILE, "rb", encoding="utf8") as f:
+        with open(DATA_JSON_FILE, "r") as f:
             DATA_JSON.update(json.load(f))
 
         WAF_RECOGNITION_REGEX = ""
@@ -371,7 +371,7 @@ def init():
         if os.path.isfile(options.proxy_file):
             print(colorize("[o] loading proxy list..."))
 
-            with codecs.open(options.proxy_file, "rb", encoding="utf8") as f:
+            with open(options.proxy_file, "r") as f:
                 proxies.extend(re.sub(r"\s.*", "", _.strip()) for _ in f.read().strip().split('\n') if _.startswith("http"))
                 random.shuffle(proxies)
         else: