Added some brute force options.

Author: Marshall Lee Whittaker

background.js

@@ -34,6 +34,10 @@ var techuOption = true;
 var techsOption = true;
 var techtOption = true;
 var techqOption = true;
+var dbsOption = true;
+var ctablesOption = false;
+var ccolumnsOption = false;
+var cfilesOption = false;
 var trigger;
 
 
@@ -102,6 +106,10 @@ function assembleCmd(url, referUrl) {
  if (unstableconnOption) {sqlmapText += " --unstable"; };
  if (nocastOption) {sqlmapText += " --no-cast"; };
  if (noescapeOption) {sqlmapText += " --no-escape"; };
+ if (dbsOption) {sqlmapText += " --dbs"; };
+ if (ctablesOption) {sqlmapText += " --common-tables"; };
+ if (ccolumnsOption) {sqlmapText += " --common-columns"; };
+ if (cfilesOption) {sqlmapText += " --common-files"; };
 
  techOption = ''
  if (techbOption) {techOption += "B"; };
@@ -186,7 +194,7 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
 
  // check the saved options each click in case they changed
  let gettingOptions = browser.storage.sync.get(
- ['quotes','prog','verbose','rua','dumpall','osshell','sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'techb', 'teche', 'techu', 'techs', 'techt', 'techq', 'snackbar'])
+ ['quotes','prog','verbose','rua','dumpall','osshell','sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'techb', 'teche', 'techu', 'techs', 'techt', 'techq', 'dbs', 'ctables', 'ccolumns', 'cfiles', 'snackbar'])
  .then((res) => {
  quotesOption = res.quotes;
  programOption = res.prog;
@@ -214,6 +222,10 @@ browser.contextMenus.onClicked.addListener((info, tab) => {
  techsOption = res.techs;
  techtOption = res.techt;
  techqOption = res.techq;
+ dbsOption = res.dbs;
+ ctablesOption = res.ctables;
+ ccolumnsOption = res.ccolumns;
+ cfilesOption = res.cfiles;
  snackbarOption = res.snackbar;
  });
  let promiseCancel = new Promise(function(resolve,reject) {

manifest.json

@@ -2,7 +2,7 @@
  "manifest_version": 2,
  "name": "SQLMap Helper",
  "description": "Adds a helper menu for SQLMap.",
- "version": "0.12",
+ "version": "0.12r3",
  "homepage_url": "https://github.com/oxagast/sqlmap-helper",
 
  "background": {

options.html

@@ -61,6 +61,8 @@
  "noescape" /><br />
  </div>
  <div id="enum" class="tab-content">
+ Enumerate databases: <input type="checkbox" name="dbs" id=
+ "dbs" /><br />
  Dump all tables: <input type="checkbox" name="dumpall" id=
  "dumpall" /><br />
  </div>
@@ -79,12 +81,18 @@
  "techt" /><br />
  </div>
  <div id="detect" class="tab-content">
-  Page text only comparison: <input type="checkbox" name=
-  "textonly" id="textonly" /><br />
-  Page title only comparison: <input type="checkbox" name=
-  "titleonly" id="titleonly" /><br />
+ Page text only comparison: <input type="checkbox" name=
+ "textonly" id="textonly" /><br />
+ Page title only comparison: <input type="checkbox" name=
+ "titleonly" id="titleonly" /><br />
  </div>
  <div id="brute" class="tab-content">
+ Check for common tables: <input type="checkbox" name=
+ "ctables" id="ctables" /><br />
+ Check for common columns <input type="checkbox" name=
+ "ccolumns" id="ccolumns" /><br />
+ Check for common files: <input type="checkbox" name=
+ "cfiles" id="cfiles" /><br />
  </div>
  <div id="osa" class="tab-content">
  Try to obtain OS shell: <input type="checkbox" name=

options.js

@@ -26,6 +26,10 @@ function saveOptions(e) {
  techs: document.querySelector('input[name=techs]').checked,
  techt: document.querySelector('input[name=techt]').checked,
  techq: document.querySelector('input[name=techq]').checked,
+ dbs: document.querySelector('input[name=dbs]').checked,
+ ctables: document.querySelector('input[name=ctables]').checked,
+ ccolumns: document.querySelector('input[name=ccolumns]').checked,
+ cfiles: document.querySelector('input[name=cfiles]').checked,
  snackbar: document.querySelector('input[name=snackbar]').checked, 
 
  });
@@ -37,7 +41,7 @@ function saveOptions(e) {
 
 function restoreOptions() {
  var gettingItem = browser.storage.sync.get(
- ['quotes', 'prog', 'verbose', 'rua', 'dumpall', 'osshell', 'sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'techb', 'teche', 'techu', 'techs', 'techt', 'techq', 'snackbar']);
+ ['quotes', 'prog', 'verbose', 'rua', 'dumpall', 'osshell', 'sqlmapUser', 'keepalive', 'nullconn', 'textonly', 'titleonly', 'batchp', 'hex', 'mobile', 'chunked', 'dropcook', 'threads', 'unstableconn', 'nocast', 'noescape', 'techb', 'teche', 'techu', 'techs', 'techt', 'techq', 'dbs', 'ctables', 'ccolumns', 'cfiles', 'snackbar']);
  gettingItem.then((res) => {
 
  if (Object.keys(res).length > 0 && res.constructor === Object) {
@@ -67,6 +71,10 @@ function restoreOptions() {
  document.querySelector('input[name=techs]').checked = res.techs ? res.techs : true;
  document.querySelector('input[name=techt]').checked = res.techt ? res.techt : true;
  document.querySelector('input[name=techq]').checked = res.techq ? res.techq : true;
+ document.querySelector('input[name=dbs]').checked = res.dbs ? res.dbs : true;
+ document.querySelector('input[name=ctables]').checked = res.ctables ? res.ctables : false;
+ document.querySelector('input[name=ccolumns]').checked = res.ccolumns ? res.ccolumns : false;
+ document.querySelector('input[name=cfiles]').checked = res.cfiles ? res.cfiles : false;
  document.querySelector('input[name=snackbar]').checked = res.snackbar ? res.snackbar : false;
  }
  // if no saved info save the defaults to initialize