Removing --fuzz-test

Author: stamparm

lib/core/settings.py

@@ -20,7 +20,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.9.16"
+VERSION = "1.5.9.17"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/testing.py

@@ -166,71 +166,6 @@ def _thread():
 
     return retVal
 
-def fuzzTest():
-    count = 0
-    address, port = "127.0.0.10", random.randint(1025, 65535)
-
-    def _thread():
-        vulnserver.init(quiet=True)
-        vulnserver.run(address=address, port=port)
-
-    thread = threading.Thread(target=_thread)
-    thread.daemon = True
-    thread.start()
-
-    while True:
-        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        try:
-            s.connect((address, port))
-            break
-        except:
-            time.sleep(1)
-
-    handle, config = tempfile.mkstemp(suffix=".conf")
-    os.close(handle)
-
-    url = "http://%s:%d/?id=1" % (address, port)
-
-    content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url)
-    open(config, "w+").write(content)
-
-    while True:
-        lines = content.split("\n")
-
-        for i in xrange(20):
-            j = random.randint(0, len(lines) - 1)
-
-            if any(_ in lines[j] for _ in ("googleDork",)):
-                continue
-
-            if re.search(r"= (True|False)", lines[j]):
-                lines[j] = lines[j].replace(" = False", " = True")
-                continue
-
-            if lines[j].strip().endswith('='):
-                lines[j] += random.sample(("True", "False", randomStr(), str(randomInt())), 1)[0]
-
-            k = random.randint(0, len(lines) - 1)
-            if '=' in lines[k] and not re.search(r"= (True|False)", lines[k]):
-                lines[k] += chr(random.randint(0, 255))
-
-        open(config, "w+").write("\n".join(lines))
-
-        cmd = "%s %s -c %s --non-interactive --answers='Github=n' --flush-session --technique=%s --banner" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), config, random.sample("BEUQ", 1)[0])
-        output = shellExec(cmd)
-
-        if "Traceback" in output:
-            dataToStdout("---\n\n$ %s\n" % cmd)
-            dataToStdout("%s---\n" % output, coloring=False)
-
-            handle, config = tempfile.mkstemp(prefix="sqlmapcrash", suffix=".conf")
-            os.close(handle)
-            open(config, "w+").write("\n".join(lines))
-        else:
-            dataToStdout("\r%d\r" % count)
-
-        count += 1
-
 def smokeTest():
     """
     Runs the basic smoke testing of a program

lib/parse/cmdline.py

@@ -824,9 +824,6 @@ def cmdLineParser(argv=None):
         parser.add_argument("--vuln-test", dest="vulnTest", action="store_true",
             help=SUPPRESS)
 
-        parser.add_argument("--fuzz-test", dest="fuzzTest", action="store_true",
-            help=SUPPRESS)
-
         # API options
         parser.add_argument("--api", dest="api", action="store_true",
             help=SUPPRESS)
@@ -1065,7 +1062,7 @@ def _format_action_invocation(self, action):
         else:
             args.stdinPipe = None
 
-        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)):
+        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)):
             errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). "
             errMsg += "Use -h for basic and -hh for advanced help\n"
             parser.error(errMsg)

sqlmap.py

@@ -175,9 +175,6 @@ def main():
             elif conf.vulnTest:
                 from lib.core.testing import vulnTest
                 os._exitcode = 1 - (vulnTest() or 0)
-            elif conf.fuzzTest:
-                from lib.core.testing import fuzzTest
-                fuzzTest()
             else:
                 from lib.controller.controller import start
                 if conf.profile: