sqlmap源码阅读系列init中的_cleanupOptions
2024-05-28 20:04:56
有很多人说sqlmap的源码很难,也有人说sqlmap的源码非常值得一读。我觉得这就像小马过河一样,你不读你就没有发言权。对我而言,截至目前,sqlmap的源码还在可以理解的范围内,至少要比unittest的源码简单。
看来init()
def init():"""Set attributes into both configuration and knowledge base singletonsbased upon command line and configuration file options."""# sqlmap --wizard 为了新手的提示页面 _useWizardInterface()# sqlmap -v 来控制日志级别setVerbosity()# sqmap --save Save options to a configuration INI file_saveConfig()# sqlmap -r从文件里面载入http请求_setRequestFromFile()# 这里没有读懂 2021-12-2_cleanupOptions()_cleanupEnvironment()_purge()_checkDependencies()_createHomeDirectories()_createTemporaryDirectory()_basicOptionValidation()_setProxyList()_setTorProxySettings()_setDNSServer()_adjustLoggingFormatter()_setMultipleTargets()_listTamperingFunctions()_setTamperingFunctions()_setPreprocessFunctions()_setPostprocessFunctions()_setTrafficOutputFP()_setupHTTPCollector()_setHttpChunked()_checkWebSocket()parseTargetDirect()if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.stdinPipe)):_setHostname()_setHTTPTimeout()_setHTTPExtraHeaders()_setHTTPCookies()_setHTTPReferer()_setHTTPHost()_setHTTPUserAgent()_setHTTPAuthentication()_setHTTPHandlers()_setDNSCache()_setSocketPreConnect()_setSafeVisit()_doSearch()_setStdinPipeTargets()_setBulkMultipleTargets()_checkTor()_setCrawler()_findPageForms()_setDBMS()_setTechnique()_setThreads()_setOS()_setWriteFile()_setMetasploit()_setDBMSAuthentication()loadBoundaries()loadPayloads()_setPrefixSuffix()update()_loadQueries()
_cleanupOptions() 这个函数的阅读
def _cleanupOptions():"""Cleanup configuration attributes."""if conf.encoding:try:codecs.lookup(conf.encoding)except LookupError:errMsg = "unknown encoding '%s'" % conf.encodingraise SqlmapValueException(errMsg)debugMsg = "cleaning up configuration parameters"logger.debug(debugMsg)width = getConsoleWidth()if conf.eta:conf.progressWidth = width - 26else:conf.progressWidth = width - 46for key, value in conf.items():if value and any(key.endswith(_) for _ in ("Path", "File", "Dir")):if isinstance(value, str):conf[key] = safeExpandUser(value)# 获取测试参数,对应于sqlmap -p if conf.testParameter:conf.testParameter = urldecode(conf.testParameter)conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)]else:conf.testParameter = []if conf.ignoreCode:if conf.ignoreCode == IGNORE_CODE_WILDCARD:conf.ignoreCode = xrange(0, 1000)else:try:conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)]except ValueError:errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARDraise SqlmapSyntaxException(errMsg)else:conf.ignoreCode = []# sqlmap --param-filter 选择可以测试的参数位置,例如 POST|GET|if conf.paramFilter:conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]else:conf.paramFilter = []if conf.base64Parameter:conf.base64Parameter = urldecode(conf.base64Parameter)conf.base64Parameter = conf.base64Parameter.strip()conf.base64Parameter = re.split(PARAMETER_SPLITTING_REGEX, conf.base64Parameter)else:conf.base64Parameter = []# 对应于sqlmap --user-agent if conf.agent:conf.agent = re.sub(r"[\r\n]", "", conf.agent)if conf.user:conf.user = conf.user.replace(" ", "")# 对应于sqlmap --randomize. Randomly change value for given parameter(s)if conf.rParam:if all(_ in conf.rParam for _ in ('=', ',')):original = conf.rParamconf.rParam = []for part in original.split(';'):if '=' in part:left, right = part.split('=', 1)conf.rParam.append(left)kb.randomPool[left] = filterNone(_.strip() for _ in right.split(','))else:conf.rParam.append(part)else:conf.rParam = conf.rParam.replace(" ", "")conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)else:conf.rParam = []if conf.paramDel:conf.paramDel = decodeStringEscape(conf.paramDel)if conf.skip:conf.skip = conf.skip.replace(" ", "")conf.skip = re.split(PARAMETER_SPLITTING_REGEX, conf.skip)else:conf.skip = []if conf.cookie:conf.cookie = re.sub(r"[\r\n]", "", conf.cookie)# 对应于sqlmap --delay, 后面有这样的代码time.sleep(conf.delay)if conf.delay:conf.delay = float(conf.delay)if conf.url:conf.url = conf.url.strip().lstrip('/')if not re.search(r"\A\w+://", conf.url):conf.url = "http://%s" % conf.urlif conf.fileRead:conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead))if conf.fileWrite:conf.fileWrite = ntToPosixSlashes(normalizePath(conf.fileWrite))if conf.fileDest:conf.fileDest = ntToPosixSlashes(normalizePath(conf.fileDest))if conf.msfPath:conf.msfPath = ntToPosixSlashes(normalizePath(conf.msfPath))if conf.tmpPath:conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath))if any((conf.googleDork, conf.logFile, conf.bulkFile, conf.forms, conf.crawlDepth, conf.stdinPipe)):conf.multipleTargets = Trueif conf.optimize:setOptimize()if conf.os:conf.os = conf.os.capitalize()if conf.forceDbms:conf.dbms = conf.forceDbmsif conf.dbms:kb.dbmsFilter = []for _ in conf.dbms.split(','):for dbms, aliases in DBMS_ALIASES:if _.strip().lower() in aliases:kb.dbmsFilter.append(dbms)conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else Nonebreakif conf.testFilter:conf.testFilter = conf.testFilter.strip('*+')conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter)try:re.compile(conf.testFilter)except re.error:conf.testFilter = re.escape(conf.testFilter)if conf.csrfToken:original = conf.csrfTokentry:re.compile(conf.csrfToken)if re.escape(conf.csrfToken) != conf.csrfToken:message = "provided value for option '--csrf-token' is a regular expression? [y/N] "if not readInput(message, default='N', boolean=True):conf.csrfToken = re.escape(conf.csrfToken)except re.error:conf.csrfToken = re.escape(conf.csrfToken)finally:class _(six.text_type):passconf.csrfToken = _(conf.csrfToken)conf.csrfToken._original = originalif conf.testSkip:conf.testSkip = conf.testSkip.strip('*+')conf.testSkip = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testSkip)try:re.compile(conf.testSkip)except re.error:conf.testSkip = re.escape(conf.testSkip)if "timeSec" not in kb.explicitSettings:if conf.tor:conf.timeSec = 2 * conf.timeSeckb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLEwarnMsg = "increasing default value for "warnMsg += "option '--time-sec' to %d because " % conf.timeSecwarnMsg += "switch '--tor' was provided"logger.warn(warnMsg)else:kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLEif conf.retries:conf.retries = min(conf.retries, MAX_CONNECT_RETRIES)if conf.code:conf.code = int(conf.code)if conf.csvDel:conf.csvDel = decodeStringEscape(conf.csvDel)if conf.torPort and hasattr(conf.torPort, "isdigit") and conf.torPort.isdigit():conf.torPort = int(conf.torPort)if conf.torType:conf.torType = conf.torType.upper()if conf.outputDir:paths.SQLMAP_OUTPUT_PATH = os.path.realpath(os.path.expanduser(conf.outputDir))setPaths(paths.SQLMAP_ROOT_PATH)if conf.string:conf.string = decodeStringEscape(conf.string)if conf.getAll:for _ in WIZARD.ALL:conf.__setitem__(_, True)if conf.noCast:DUMP_REPLACEMENTS.clear()if conf.dumpFormat:conf.dumpFormat = conf.dumpFormat.upper()if conf.torType:conf.torType = conf.torType.upper()if conf.col:conf.col = re.sub(r"\s*,\s*", ',', conf.col)if conf.exclude:regex = Falseoriginal = conf.excludeif any(_ in conf.exclude for _ in ('+', '*')):try:re.compile(conf.exclude)except re.error:passelse:regex = Trueif not regex:conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude)conf.exclude = r"\A%s\Z" % '|'.join(re.escape(_) for _ in conf.exclude.split(','))else:conf.exclude = re.sub(r"(\w+)\$", r"\g<1>\$", conf.exclude)class _(six.text_type):passconf.exclude = _(conf.exclude)conf.exclude._original = originalif conf.binaryFields:conf.binaryFields = conf.binaryFields.replace(" ", "")conf.binaryFields = re.split(PARAMETER_SPLITTING_REGEX, conf.binaryFields)envProxy = max(os.environ.get(_, "") for _ in PROXY_ENVIRONMENT_VARIABLES)if re.search(r"\A(https?|socks[45])://.+:\d+\Z", envProxy) and conf.proxy is None:debugMsg = "using environment proxy '%s'" % envProxylogger.debug(debugMsg)conf.proxy = envProxyif any((conf.proxy, conf.proxyFile, conf.tor)):conf.disablePrecon = Trueif conf.dummy:conf.batch = TruethreadData = getCurrentThreadData()threadData.reset()sqlmap --param-filter Select testable parameter(s) by place
选择可供注入的参数的位置。
有哪些可以注入的位置可以参考下图
一个人走得很快,一群人走的更远,后续我打算搞个交流群,感兴趣的童鞋可以关注一波
sqlmap源码阅读系列init中的_cleanupOptions相关推荐
- sqlmap源码阅读系列检查是否满足依赖
sqlmap --dependencies 可以用来检查sqlmap需要使用的一些依赖是否满足. 通过阅读源码我们知道了,核心是__import__()函数. 异常:ImportError __imp ...
- java中arraycopy的用法_[jdk源码阅读系列]Java中System.arraycopy()的用法
本文转载,原文链接: 3分钟了解Java中System.arraycopy的用法 - 伊万夫斯基 - 博客园 https://www.cnblogs.com/benjieqiang/p/114288 ...
- 【Dubbo源码阅读系列】之远程服务调用(上)
今天打算来讲一讲 Dubbo 服务远程调用.笔者在开始看 Dubbo 远程服务相关源码的时候,看的有点迷糊.后来慢慢明白 Dubbo 远程服务的调用的本质就是动态代理模式的一种实现.本地消费者无须知道 ...
- DM 源码阅读系列文章(四)dump/load 全量同步的实现
作者:杨非 本文为 DM 源码阅读系列文章的第四篇,上篇文章 介绍了数据同步处理单元实现的功能,数据同步流程的运行逻辑以及数据同步处理单元的 interface 设计.本篇文章在此基础上展开,详细介绍 ...
- TiDB 源码阅读系列文章(六)Select 语句概览
在先前的 TiDB 源码阅读系列文章(四) 中,我们介绍了 Insert 语句,想必大家已经了解了 TiDB 是如何写入数据,本篇文章介绍一下 Select 语句是如何执行.相比 Insert,Sel ...
- TiDB 源码阅读系列文章(十九)tikv-client(下)
上篇文章 中,我们介绍了数据读写过程中 tikv-client 需要解决的几个具体问题,本文将继续介绍 tikv-client 里的两个主要的模块--负责处理分布式计算的 copIterator 和执 ...
- TiDB 源码阅读系列文章(十五)Sort Merge Join
2019独角兽企业重金招聘Python工程师标准>>> 什么是 Sort Merge Join 在开始阅读源码之前, 我们来看看什么是 Sort Merge Join (SMJ),定 ...
- DM 源码阅读系列文章(二)整体架构介绍
2019独角兽企业重金招聘Python工程师标准>>> 作者:张学程 本文为 DM 源码阅读系列文章的第二篇,第一篇文章 简单介绍了 DM 源码阅读的目的和规划,以及 DM 的源码结 ...
- SpringMVC源码阅读系列汇总
1.前言 1.1 导入 SpringMVC是基于Servlet和Spring框架设计的Web框架,做JavaWeb的同学应该都知道 本文基于Spring4.3.7源码分析,(不要被图片欺骗了,手动滑稽 ...
最新文章
- 实战centos6安装zabbix-2.4版(终极版)
- 批处理——服务器的web文件备份
- java rt_java中rt包中源码了解
- linux php mysql安装包下载_在linux下手动安装 apache, php, mysql--终极版
- 【bzoj4709】[Jsoi2011]柠檬 斜率优化
- 威纶触摸屏使用说明书_「西门子1200PLC教程」20.PLC变量表的使用
- C++ Qt 访问权限总结
- 仿制波形驱动机器人- SAW
- Pandas——筛选数据(loc、iloc)
- 分布式唯一id生成器的想法
- javaMD5加密生成key方法
- cie色度图matlab,带你解读 CIE1931色度图
- Surf算法特征点检测与匹配
- 怎么有效的管理微信群?分享3点有用的经验
- 一步一步教你写股票走势图——分时图三(对齐图表、自定义高亮)
- html游戏寻宝源码,WP7 Platformer寻宝游戏源码
- 项目实践-基于视觉的自动驾驶正向碰撞预警(matlab代码)
- Ubuntu20.04+GTX1060+显卡驱动+CUDA11.8+cuDNN8.5.0
- java打印输出万年历_用Java编程输出万年历的功能实现
- C#使用Interop.OPCAutomation.dll文件报错