[pull] master from sqlmapproject:master

.github/workflows/tests.yml

@@ -3,6 +3,11 @@ on:
     branches: [ master ]
   pull_request:
     branches: [ master ]
+  workflow_dispatch:
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
@@ -37,6 +42,54 @@ jobs:
       - name: Python sanity
         run: python -VV
 
+      - name: Pyflakes lint
+        shell: bash
+        run: |
+          python - <<'PY'
+          from __future__ import print_function
+
+          import subprocess
+          import sys
+
+          subprocess.check_call([
+              sys.executable, "-m", "pip", "install", "pyflakes"
+          ])
+
+          files = subprocess.check_output(
+              ["git", "ls-files", "*.py"]
+          ).decode("utf-8").splitlines()
+
+          files = [
+              f for f in files
+              if not f.startswith("thirdparty/")
+          ]
+
+          proc = subprocess.Popen(
+              [sys.executable, "-m", "pyflakes"] + files,
+              stdout=subprocess.PIPE,
+              stderr=subprocess.STDOUT,
+          )
+          out, _ = proc.communicate()
+
+          text = out.decode("utf-8", "replace")
+          lines = [
+              line for line in text.splitlines()
+              if " redefines " not in line
+          ]
+
+          if lines:
+              print("\n".join(lines))
+              sys.exit(1)
+
+          if proc.returncode not in (0, 1):
+              if text:
+                  print(text)
+              print("pyflakes failed unexpectedly with status %s" % proc.returncode)
+              sys.exit(proc.returncode or 1)
+
+          print("pyflakes: clean")
+          PY
+
       - name: Basic import test
         run: python -c "import sqlmap; import sqlmapapi"
 

.gitignore

@@ -14,3 +14,4 @@ extra/.DS_Store
 lib/.DS_Store
 plugins/.DS_Store
 thirdparty/.DS_Store
+CLAUDE.md

data/txt/sha256sums.txt

@@ -170,9 +170,9 @@ d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f  lib/controller
 c51c33501cc905586a9aaac93b06f2ac6f71628d032a7dc39fd0ef05d7ee3856  lib/core/bigarray.py
 122767794156afa41b19baa706ad4c124eef6eaf73ed8fd208d8f634e97e82eb  lib/core/common.py
 8f1272487e1adfcc8c755a2f56f0c6d21eac5e685a73a9a159482f9dc9142bc5  lib/core/compat.py
-742bce10b97034966021ec60c7ac294db4af4fe7893613d63172a02c29f009f8  lib/core/convert.py
+a683d0ad9ba543587382c4903d28db610ae20394fcf9045a68b2ab54a39381ae  lib/core/convert.py
 c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.py
-6c8d40d6bbab4a60d09eb03324a3352d85df1a741c62044e73701e92172d1d38  lib/core/datatype.py
+d9ec034a6d51ab4ddde0b6aa7ed306f9e0b1336557f77d7939ba547600f9b3ae  lib/core/datatype.py
 f8de57606325456928e46ae2896f5f8bbec9ad18b1c644b492a566fa992216f6  lib/core/decorators.py
 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d  lib/core/defaults.py
 8e4f4b5ea37a49d445bb0df83bf04b34f61035ec33fd8acf598ebcf371cb19a7  lib/core/dicts.py
@@ -182,18 +182,18 @@ f8de57606325456928e46ae2896f5f8bbec9ad18b1c644b492a566fa992216f6  lib/core/decor
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/core/__init__.py
 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad  lib/core/log.py
 1b03686e1aa916ccad3cd86b8e4e6ea4baca5e30e05bf86a56f8df8dd4f44ba6  lib/core/optiondict.py
-4e7f2ad3d2866093aa195616a0e93de1687406edc0b9038fbfa76bf1c9c174b2  lib/core/option.py
-ccc4a717e887652b1fcce073d9409d9c59a3b28548c703a9e453d15845f90cd7  lib/core/patch.py
+e033b20a0f7821797a10f4bf4235723f38c7db551c611fbb713faa621b123c4a  lib/core/option.py
+21b2b1745107c211fc7593923a3da7a808d40763c00091c28de5f7c129bcf3bc  lib/core/patch.py
 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec  lib/core/profiling.py
-03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04  lib/core/readlineng.py
+0c36a65b6237732eb001d333f80f0c58c088ff01ae80cf07e4dcc6da2a806364  lib/core/readlineng.py
 9bf174058f15d14e24e94f9aaf42df045119d3617c6c54bd2f3af79b462f331d  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-af4dcbb3256ae407ade6fa8270d01d4bbf398d50be3be16b80572835662d6c2f  lib/core/settings.py
+1a569b5bcd33ae45d95c140fd3bae2f12ad54640d938172de3cb99f73a549b47  lib/core/settings.py
 c7804223319e18eb0b8e2cbf0a8b6896d1cefb7b0b1a2e9f1cf826a8a3b56750  lib/core/shell.py
 a2e98a94b231432736d6b304fc75525c8b5fdb4768c418387c5b4c1a610dad64  lib/core/subprocessng.py
 19f1e3c5e3ba703d28d510cd7a9ab8284d5fbe9df5ce7e77c86e5931571364b7  lib/core/target.py
-83e23dd422b0debc82f14b2d072eb36ee478a23e4299caf986372c8c40d00b2c  lib/core/testing.py
+46b405d0e0e035b3f323deffc1f1d30505adf7c01144ea2ddf81c5dc6caaa20f  lib/core/testing.py
 95656c44bab1771f4808030dd6a17eae5b129cb1234443f00b19695c7b712b86  lib/core/threads.py
 b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02  lib/core/unescaper.py
 53e396902cb2546eaa09e77073fcba8be8827ee9ce055cfc899e81b0e6ad4d6d  lib/core/update.py
@@ -218,7 +218,7 @@ a6b37b436838caeb197fea858d0a39fadbff4736256e741b5fcec1f28fcf1ce0  lib/request/dn
 92c81cc31ff4a396723242058fb2152c9e9745f8412d01ea74480b048a53af6c  lib/request/httpshandler.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/request/__init__.py
 7a0ac2522213e756348fd871a7af74cc963bdc82f9d7ade57be5de42b5bf7cab  lib/request/inject.py
-d55b67943d925e40f019920ac7805655217c1e8f893d71d855dce724225c8fb8  lib/request/keepalive.py
+d1c5e4bda94394b5bb42c3b48b41b73ecb6069c3971af2c54394c9b35c2fed6e  lib/request/keepalive.py
 ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4  lib/request/methodrequest.py
 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568  lib/request/pkihandler.py
 b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e  lib/request/rangehandler.py
@@ -240,12 +240,12 @@ a66a4b9df6207dce722c9b71d290ea426723cb4b697b416065dc7dd5db96fe8e  lib/techniques
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/error/__init__.py
 5bbef46c16e34fd80e3f9f0e9aa255ce2e39be0d0e57479e25890b041c7efc7d  lib/techniques/error/use.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/graphql/__init__.py
-a1c5ec208843eb93e0fab40daac090aa3bf914a7dd0afb0f7c55c2db4db8d72b  lib/techniques/graphql/inject.py
+ffbc7583a563bb9fe5a560ca8363f3e4ec84ecf907b956883ab1f2904f19d529  lib/techniques/graphql/inject.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/ldap/__init__.py
-d469815c430caaafeeba285d10974456b96d7019f95738fe8038bfd0855068e4  lib/techniques/ldap/inject.py
+cc90c641d74244e45fa0c8c4026315452137e66b6fb5cef681d0eacd4e11eb69  lib/techniques/ldap/inject.py
 44401cad3e39ae9fb899ed5d0e2fdd0879561de05c3117f17f3b0db54f4e3724  lib/techniques/nosql/__init__.py
-d62b28bf9f1544e65a1017994402f484166f4d64a1efb724351b15e27b851990  lib/techniques/nosql/inject.py
+e2cd2b19f82393f9bbc8f374686cd851a4ccc264bb898ea54547ec479a05674c  lib/techniques/nosql/inject.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/union/__init__.py
 ceec65f8cb7c3254c4671351c837418c76ac5bc55ccbc40779f67231b54d7085  lib/techniques/union/test.py
 c65766f71e285fc85cdf58e7448c4c1d015af2a9dbb44fa3b665a9f13362fbcc  lib/techniques/union/use.py
@@ -265,14 +265,14 @@ b0d8ae8513c1f5ffcaa4bf0398790f26bc2180a6acf07bf5b2c86555bf9113f6  lib/utils/dial
 c1dfc3bed0fed9b181f612d1d747955dd2b506dbe99bc9fd481495602371473a  lib/utils/progress.py
 c442e9ef8324fd6fdf7bc334d765f0a6ce4037397eb3d79d59b5ce3e9a043855  lib/utils/prove.py
 2cd84db16edef8c9948e197a51d870cf1c338f4a89037b4d422de990f4a45237  lib/utils/purge.py
-f635872093a12cd63a72d77adf88e8f8cd4084a5cc64384f12966cd75a499bdf  lib/utils/safe2bin.py
-de4be7e291db0962cd59f9c04b3f7259f846e315df1fd9b323954f89fae0b2db  lib/utils/search.py
+e6d8e812c380647590a175528e75c2835fc75dd12f989ef1cceb5c12a5815bd8  lib/utils/safe2bin.py
+f8b9a876a19543ecb215956f525be6f59109716d0c301b57aa85d57cd2194a21  lib/utils/search.py
 8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35  lib/utils/sgmllib.py
 2760c4b82382e501f16bb98edec9531f46e5b286fbf004b346545b9b62f84824  lib/utils/sqlalchemy.py
 f0e5525a92fe971defc8f74c27942ff9138b1e8251f2e0d9a8bd59285b656084  lib/utils/timeout.py
 f28693d5d2783f3d5069b1df3d12e01730ce783f4a40ef31656ef2c879d2f027  lib/utils/tui.py
 e430db49aa768ff2cdba76932e30871c366054599c44d91580dde459ab9b6fef  lib/utils/versioncheck.py
-b3c5109394f6c3cdd73a524a737b36cca7ecc56619f2a5f801eb1e7f1bfdb78b  lib/utils/wafbypass.py
+c9618a9f5300f85f2078cdd71c6bee6b45a61a404834c17b07b0e0eb4709586a  lib/utils/wafbypass.py
 1b439fc59fd202c21c74978ed9f36d1c309533226c77907eae159461525f9fef  lib/utils/xrange.py
 b1bbb62f5b272a6247d442d5e4f644a5bca7138e70776539ec84a5a90433fd13  LICENSE
 6b1828a80ae3472f1adb53a540dee0835eccac14f8cfc4bf73962c4e49a49557  plugins/dbms/access/connector.py
@@ -504,7 +504,7 @@ cedf45d33461bd7e5400d06611a63c8a4ffae1a4510030c5696b9d46ed6a9883  plugins/generi
 46517f1444c202710e388873960130850ed092e17bd6f4dd5f2fedea3dbb8ffc  sqlmapapi.py
 f09d1b06901e7e02d0dbf4de607f6a4a9889acc322ae9353b98ea9101fb9548a  sqlmapapi.yaml
 627d90f1194335b800cbc9cc78db6697cf9e02e193a83598e0d4d0abb55b63b8  sqlmap.conf
-f8974aac701639b54ca34b0e11803c836e5cb1e1c5a6eaf275315949b6487310  sqlmap.py
+41fa63d55909cf00a0bb02e979c4f2c0ad7df4b32a89374150772b247fa96fc2  sqlmap.py
 eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804  tamper/0eunion.py
 a9785a4c111d6fee2e6d26466ba5efb3b229c00520b26e8024b041553b53efba  tamper/apostrophemask.py
 cf26bc8006519bd25ce06d347f72770cd75b61575cf65e5812274e8ab9392eb4  tamper/apostrophenullencode.py
@@ -583,10 +583,10 @@ bfb553602eb5d20b4ab5928dbcf8e6a3e7e5ff69f7d30d1f53ef6d323c237f6c  tests/test_age
 feb763ddcbf4f32822372ca53f8c71c754af7b72510ef06e1e9c77927fc90b10  tests/test_bigarray.py
 27ad87c0ea377e0657bd6f6a4eaa0e9756aa9d28ec0483bdadeb3f66dcc4660d  tests/test_charset.py
 9e678a56e16211c49ab4995b6c658d3f122bfa3b357d9e17ff38f5a489ace6ad  tests/test_cloak.py
-a48c411fea864e6bcd6a1c7e1a35094b8cda8d15088fd9e7b0270542ae20daa9  tests/test_common_helpers.py
+2ec894f49ca9bd750a23ead16dae176bcbc57d18ec5847fa4a5eeb886d75c1bd  tests/test_common_helpers.py
 899bc085e96d68f8a8cbe0d7e55863e98ef37b73ab0e4234f7d969e31ea2d23a  tests/test_comparison_json.py
 7b72d4f850bbd059b8e95fceb45a58470354cb7270c99b0e9981aaa189af20d1  tests/test_comparison.py
-8593f14a18c4445c58b2e59462adcb761074ac7217cd7c3808519a90ba279bda  tests/test_convert.py
+75357efd92f3f57cc05244a0f40985108077479fd192caaaa81e14f61c13783d  tests/test_convert.py
 c17544be5e945dc8c4fbb5c3b922da8eceec30b0fb239c32fb5f40e1660a197f  tests/test_datafiles.py
 9c240d4f796e56376374d4ce46f358ceb7d48cc6a7427760c5bfb89ff01cb545  tests/test_datatypes.py
 3804eb2d730220360f9dc07d5994eb64e9f65acf3b0d8648df8df2a2177ba8fd  tests/test_decodepage.py
@@ -606,7 +606,7 @@ d539d0ae758b5bb91e314ab82ab4fe03d6fb2f8b377d16aefa6d7d1d77a7d5a9  tests/test_ide
 13d0369f3fea7262f7944999f559da38e5284cbc76660fd7aeffedad78e65f5f  tests/test_ldap.py
 caa06fed7323b2bb6d0f2443ce343de94f75bf8ad012c055d5e07741d908ebad  tests/test_misc.py
 790b78c600b61eb0bdd6e07e14b1db3eb2ddd5fc5d4edb9e975f85ced38558c7  tests/test_nosql.py
-57fa9713a3186020be8bcc3f06399e92bf9ce82ec6d3413c76babe19606bb698  tests/test_openapi_drift.py
+88a8c7ce0ba0ca721dffbcf9351cd07f7e471ad2fe667a10608c18952b09868d  tests/test_openapi_drift.py
 cde0bea1263ae857561f91ed2bd515e972b716743f017d31b1718a8546c72759  tests/test_pagecontent.py
 4bac34af2abddce003756d6776e89b2fda220bb7603ef3761f4f37ee29f9c369  tests/test_payload_marking.py
 6bfc8201724078bd9d6d559916ef73c9ff97e19b0f2948f37e588a49b027795f  tests/test_payloads_structure.py

lib/core/convert.py

@@ -35,9 +35,11 @@
 from thirdparty.six.moves import collections_abc as _collections
 
 try:
-    from html import escape as htmlEscape
+    from html import escape as _escape
 except ImportError:
-    from cgi import escape as htmlEscape
+    from cgi import escape as _escape
+
+htmlEscape = _escape
 
 def base64pickle(value):
     """

lib/core/datatype.py

@@ -7,7 +7,6 @@
 
 import copy
 import threading
-import types
 
 from thirdparty.odict import OrderedDict
 from thirdparty.six.moves import collections_abc as _collections

lib/core/option.py

@@ -2604,6 +2604,7 @@ def putheader(self, header, *values):
     if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")):
         try:
             from websocket import ABNF
+            ABNF # require websocket-client, not any 'websocket' module
         except ImportError:
             errMsg = "sqlmap requires third-party module 'websocket-client' "
             errMsg += "in order to use WebSocket functionality"

lib/core/patch.py

@@ -6,7 +6,6 @@
 """
 
 import codecs
-import collections
 import difflib
 import inspect
 import logging
@@ -71,7 +70,8 @@ def _send_output(self, *args, **kwargs):
 
     # add support for inet_pton() on Windows OS
     if IS_WIN:
-        from thirdparty.wininetpton import win_inet_pton
+        from thirdparty.wininetpton.win_inet_pton import inject_into_socket
+        inject_into_socket()
 
     # Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440
     codecs.register(lambda name: codecs.lookup("utf-8") if name == "cp65001" else None)

lib/core/readlineng.py

@@ -7,15 +7,21 @@
 
 _readline = None
 try:
-    from readline import *
     import readline as _readline
 except:
     try:
-        from pyreadline import *
         import pyreadline as _readline
     except:
         pass
 
+if _readline:
+    _symbols = getattr(_readline, "__all__", None)
+    if _symbols is None:
+        _symbols = (name for name in dir(_readline) if not name.startswith("_"))
+
+    for _symbol in _symbols:
+        globals()[_symbol] = getattr(_readline, _symbol)
+
 from lib.core.data import logger
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM

lib/core/settings.py

@@ -20,7 +20,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.164"
+VERSION = "1.10.6.185"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/testing.py

@@ -90,7 +90,7 @@ def vulnTest():
         ("-u \"<url>&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)),
         ("-u \"<base>nosql?name=luther&password=x\" -p password --nosql --flush-session", ("is vulnerable to NoSQL injection", "back-end: 'MongoDB'", "NoSQL: GET parameter 'password'", "s3cr3t")),   # NoSQL (MongoDB) operator-injection detection + blind regexp extraction
         ("-u \"<base>graphql\" --graphql --flush-session --disable-hashing", ("found GraphQL endpoint", "introspection returned", "skipping 2 mutation slot", "GraphQL boolean-based blind", "in-band data exposure", "back-end DBMS: 'SQLite'", "banner: '3.", "GraphQL database tables", "fetched 30 entries from table 'creds'", "db3a16990a0008a3b04707fdef6584a0", "GraphQL scan complete")),   # GraphQL: endpoint detection + introspection + mutation-skip + boolean-blind/in-band + back-end fingerprint + batched blind dump of an injection-only table (SQLite-backed)
-        ("-u \"<base>ldap/search?q=x\" --ldap --flush-session --disable-hashing", ("is vulnerable to LDAP injection", "Title: LDAP boolean-based blind", "LDAP: GET parameter 'q' directory entries", "dumped", "LDAP scan complete")),   # LDAP: error-based detection (unbalanced paren) + boolean oracle + directory attribute extraction via blind substring probing
+        ("-u \"<base>ldap/search?q=x\" --ldap --flush-session --disable-hashing", ("is vulnerable to LDAP injection", "Title: LDAP in-band data exposure", "LDAP: GET parameter 'q' in-band entries", "in-band data exposure", "LDAP scan complete")),   # LDAP: error-based detection (unbalanced paren) + boolean oracle + directory attribute extraction via blind substring probing
         ("-u \"<url>&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")),
         ("-d \"<direct>\" --flush-session --dump -T creds --dump-format=SQLITE --binary-fields=password_hash --where \"user_id=5\"", ("3137396164343563366365326362393763663130323965323132303436653831", "dumped to SQLITE database")),
         ("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=4; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "4,foobar,nameisnull", "'987654321'",)),

lib/request/keepalive.py

@@ -9,7 +9,6 @@
 import threading
 import time
 
-from lib.core.data import conf
 from lib.core.settings import KEEPALIVE_IDLE_TIMEOUT
 from lib.core.settings import KEEPALIVE_MAX_REQUESTS
 from thirdparty.six.moves import http_client as _http_client

lib/techniques/graphql/inject.py

@@ -13,11 +13,13 @@
 from collections import namedtuple
 from collections import OrderedDict
 
+from lib.core.common import beep
 from lib.core.common import randomStr
 from lib.core.convert import getUnicode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import POST_HINT
 from lib.core.settings import ERROR_PARSING_REGEXES
 from lib.core.settings import GRAPHQL_ENDPOINT_PATHS
@@ -234,6 +236,13 @@ def _gqlSend(endpoint, query, variables=None):
     body = {"query": query}
     if variables:
         body["variables"] = variables
+
+    if conf.delay:
+        time.sleep(conf.delay)
+
+    if conf.verbose >= 3:
+        logger.log(CUSTOM_LOGGING.PAYLOAD, query[:200])
+
     oldPostHint = getattr(kb, "postHint", None)
     try:
         kb.postHint = POST_HINT.JSON
@@ -974,6 +983,8 @@ def _testSlot(slot, endpoint):
     report = "---\nParameter: %s.%s(%s:) (%s)\n    Type: GraphQL injection\n    Title: %s\n    Payload: %s\n---" % (
         slot.parentType, slot.fieldName, slot.targetArg, slot.strategy, title, _escapeGraphQLString(payload))
     conf.dumper.singleString(report)
+    if conf.beep:
+        beep()
 
     # In-band exposure: the always-true payload reflecting extra records directly
     if kind == "boolean" and templatePage:

lib/techniques/ldap/inject.py

@@ -7,9 +7,11 @@
 
 import difflib
 import re
+import time
 
 from collections import namedtuple
 
+from lib.core.common import beep
 from lib.core.common import randomStr
 from lib.core.convert import getUnicode
 from lib.core.data import conf
@@ -154,12 +156,16 @@ def _send(place, parameter, value):
     skipUrlEncode = conf.skipUrlEncode
     conf.skipUrlEncode = True
 
+    if conf.delay:
+        time.sleep(conf.delay)
+
     try:
         kwargs = {"raise404": False, "silent": True}
         payload = _replaceSegment(place, parameter, value)
         kwargs["post" if place in (PLACE.POST, PLACE.CUSTOM_POST) else "get"] = payload
 
-        logger.log(CUSTOM_LOGGING.PAYLOAD, payload)
+        if conf.verbose >= 3:
+            logger.log(CUSTOM_LOGGING.PAYLOAD, payload)
         page, _, _ = Request.getPage(**kwargs)
         return page or ""
     except Exception as ex:
@@ -671,6 +677,8 @@ def ldapScan():
                 found += 1
                 backend = backendHint or None
                 logger.info("%s parameter '%s' is vulnerable to LDAP injection (back-end: '%s')" % (place, parameter, backend or "Generic"))
+                if conf.beep:
+                    beep()
 
                 oracle = _makeOracle(place, parameter, template)
                 slots.append(Slot(place=place, parameter=parameter, backend=backend, oracle=oracle, template=template, payload=payload, breakout=breakout))
@@ -681,6 +689,8 @@ def ldapScan():
             if bypass:
                 found += 1
                 logger.info("%s parameter '%s' allows LDAP wildcard auth bypass (password=*)" % (place, parameter))
+                if conf.beep:
+                    beep()
                 slots.append(Slot(place=place, parameter=parameter, bypass=bypass))
                 continue