Sqlmap

* Added support for Oracle database management system
* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins;
* Added support to extract database users password hash on Microsoft SQL Server;
* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
* Added support for SQL injection on HTTP Cookie and User-Agent headers;
* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind();
* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
* Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;
* Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;
* Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;
* Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;
* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`);
* Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces;
* More minor layout enhancements in some libraries;
* Renamed DMBS plugins;
* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
* Updated all documentation files.

* Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;
* Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate 'version' parsing matching on an XML file to get also the exact patching level of the DBMS;
* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <https://sqlmap.org/dev/>;
* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
* Improved logging functionality: passed from banal 'print' to Python native logging library;
* Added support for more than one parameter in `-p` command line option;
* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`);
* Added the command line option `--remote-dbms` to manually specify the remote DBMS;
* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and ``) in UNION query statements;
* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`);
* Added support to specify the database table column to enumerate (`-C COL`);
* Added inband SQL injection (UNION query) support (`--union-use`);
* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
* Reviewed the directory tree structure;
* Split lib/common.py: inband injection functionalities now are moved to lib/union.py;
* Updated documentation files.

* Added module for MS SQL Server;
* Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;
* Added PostgreSQL dbms active fingerprint;
* Added support for string match (`--string`);
* Added support for UNION check (`--union-check`);
* Removed duplicated code, delegated most of features to the engine in common.py and option.py;
* Added support for `--data` command line argument to pass the string for POST requests;
* Added encodeParams() method to encode url parameters before making http request;
* Many bug fixes;
* Rewritten documentation files;
* Complete code restyling.

* complete refactor of entire program;
* added TODO and THANKS files;
* added some papers references in README file;
* moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;
* strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;
* replaced old inference algorithm with a new bisection algorithm.
* reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;
* improved Common class, adding support for http proxy and http post method in hash_page;
* added OptionCheck class in option.py which performs all needed checks on command line parameters and values;
* added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;
* improved output methods in dump.py;
* layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.