Skip to content

Commit

Permalink
Faster sqlmap
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazet
kazet committed May 19, 2024
1 parent f30539e commit e061333
Showing 1 changed file with 5 additions and 9 deletions.
14 changes: 5 additions & 9 deletions karton_sqlmap/karton_sqlmap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ def run(self, current_task: Task) -> None:
# (https://github.com/sqlmapproject/sqlmap/issues/5561) so it is done here.
soup = BeautifulSoup(response.text)
urls_with_injection_points = set()
expanded_urls_with_example_values = []
expanded_urls_with_example_values_dict = {}
for tag in soup.find_all():
new_url = None
for attribute in ["src", "href"]:
Expand All @@ -301,8 +301,8 @@ def run(self, current_task: Task) -> None:
new_url = new_url.split("#")[0]

if any(
new_url.split("?")[0].endswith(extension)
for extension in [".png", ".jpg", ".svg", ".jpeg", ".css", ".js"]
new_url.split("?")[0].lower().endswith(extension)
for extension in [".png", ".jpg", ".svg", ".jpeg", ".css", ".js", ".ico", ".woff2"]
):
# Let's not inject image/style paths
continue
Expand All @@ -318,13 +318,9 @@ def run(self, current_task: Task) -> None:
continue

urls_with_injection_points.add(url_with_injection_point)
expanded_urls_with_example_values.append(
(
url_with_injection_point,
example_value,
)
)
expanded_urls_with_example_values_dict[url_with_injection_point] = example_value

expanded_urls_with_example_values = list(expanded_urls_with_example_values_dict.items())
random.shuffle(expanded_urls_with_example_values)
expanded_urls_with_example_values = expanded_urls_with_example_values[
: ExtraModulesConfig.SQLMAP_MAX_URLS_TO_CRAWL
Expand Down

0 comments on commit e061333

Please sign in to comment.