After the storm, a restore..

2026-01-21 05:39:16 +00:00 · 2008-10-15 15:38:22 +00:00
commit 8e3eb45510
78 changed files with 21360 additions and 0 deletions
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -0,0 +1,236 @@
+[Request]
+
+# Target URL.
+# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
+url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
+#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
+
+# Rather than providing a target url, let Google return target
+# hosts as result of your Google dork expression. For a list of Google
+# dorks see Johnny Long Google Hacking Database at
+# http://johnny.ihackstuff.com/ghdb.php.
+# Example: +ext:php +inurl:"&id=" +intext:"powered by "
+googleDork = 
+
+# Testable parameter(s) comma separated. By default all GET/POST/Cookie
+# parameters and HTTP User-Agent are tested by sqlmap.
+testParameter = 
+
+# HTTP method to perform HTTP requests.
+# Valid: GET or POST
+# Default: GET
+method = GET
+
+# Data string to be sent through POST. It is mandatory only when
+# HTTP method is set to POST.
+data = 
+
+# HTTP Cookie header.
+cookie = 
+
+# HTTP Referer header. Useful to fake the HTTP Referer header value at
+# each HTTP request.
+referer = 
+
+# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
+# at each HTTP request
+# sqlmap will also test for SQL injection on the HTTP User-Agent value.
+agent = sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
+
+# Load a random HTTP User-Agent header from file
+# Example: txt/user-agents.txt
+userAgentsFile = 
+
+# HTTP Authentication type. Useful only if the target url requires
+# HTTP Basic or Digest authentication and you have such data.
+# Valid: Basic or Digest
+aType = 
+
+# HTTP Authentication credentials. Useful only if the target url requires
+# HTTP Basic or Digest authentication and you have such data.
+# Syntax: username:password
+aCred = 
+
+# Use a HTTP proxy to connect to the target url.
+# Syntax: http://url:port
+proxy = 
+
+# Maximum number of concurrent HTTP requests (handled with Python threads)
+# to be used in the inference SQL injection attack.
+# Default: 1
+threads = 1
+
+
+[Injection]
+
+# String to match in page when the query is valid, only needed if the
+# page content dynamically changes at each refresh, consequently changing
+# the MD5 of the page which is the method used by default to determine
+# if a query was valid or not. Read the documentation for further
+# details.
+string = 
+
+# Force back-end DBMS to this value. If this option is set, the back-end
+# DBMS identification process will be minimized as needed.
+# If not set, sqlmap will detect back-end DBMS automatically by default.
+# Valid: mssql, mysql, oracle, pgsql
+dbms = 
+
+
+[Fingerprint]
+
+# Perform an extensive back-end database management system fingerprint
+# based on various techniques.
+# Valid: True or False
+extensiveFp = False
+
+
+[Enumeration]
+
+# Retrieve back-end database management system banner.
+# Valid: True or False
+getBanner = False
+
+# Retrieve back-end database management system current user.
+# Valid: True or False
+getCurrentUser = False
+
+# Retrieve back-end database management system current database.
+# Valid: True or False
+getCurrentDb = False
+
+# Enumerate back-end database management system users.
+# Valid: True or False
+getUsers = False
+
+# Enumerate back-end database management system users password hashes.
+# Valid: True or False
+getPasswordHashes = False
+
+# Enumerate back-end database management system users privileges.
+# Valid: True or False
+getPrivileges = False
+
+# Enumerate back-end database management system databases.
+# Valid: True or False
+getDbs = False
+
+# Enumerate back-end database management system database tables.
+# Optional: db
+# Valid: True or False
+getTables = False
+
+# Enumerate back-end database management system database table columns.
+# Requires: db and tbl
+# Valid: True or False
+getColumns = False
+
+# Dump back-end database management system database table entries.
+# Requires: db and tbl
+# Optional: col
+# Valid: True or False
+dumpTable = False
+
+# Dump all back-end database management system databases tables entries.
+# Valid: True or False
+dumpAll = False
+
+# Back-end database management system database to enumerate.
+db = 
+
+# Back-end database management system database table to enumerate.
+tbl = 
+
+# Back-end database management system database table column to enumerate.
+col = 
+
+# Back-end database management system database user to enumerate.
+user = 
+
+# Exclude DBMS system databases when enumerating tables.
+# Valid: True or False
+excludeSysDbs = False
+
+# First table entry to dump (cursor start)
+# Valid: number
+# Default: 1 (sqlmap will start to dump the table entries from the first)
+limitStart = 1
+
+# Last table entry to dump (cursor stop)
+# Valid: number
+# Default: 1 (sqlmap will detect the number of table entries and dump
+# until the last)
+limitStop = 1
+
+# SQL SELECT query to be executed.
+# Example: SELECT 'foo', 'bar'
+query = 
+
+# Prompt for an interactive SQL shell.
+# Valid: True or False
+sqlShell = False
+
+
+[File system]
+
+# Read a specific OS file content (only on MySQL).
+# Examples: '/etc/passwd' or 'C:\boot.ini'
+rFile = 
+
+# Write to a specific OS file (not yet available).
+# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
+wFile = 
+
+
+[Takeover]
+
+# Prompt for an interactive OS shell (only on PHP/MySQL environment with a
+# writable directory within the web server document root for the moment).
+# Valid: True or False
+osShell = False
+
+
+[Miscellaneous]
+
+# Test for UNION SELECT (inband) SQL injection.
+# Valid: True or False
+unionTest = False
+
+# Use the UNION SELECT (inband) SQL injection to retrieve the queries
+# output. No need to go blind.
+# Valid: True or False
+unionUse = False
+
+# Retrieve each query output length and calculate the estimated time of
+# arrival in real time.
+# Valid: True or False
+eta = False
+
+# Verbosity level.
+# Valid values:
+# 0: Silent
+# 1: Show info messages
+# 2: Show also debug messages
+# 3: Show also HTTP requests
+# 4: Show also HTTP responses headers
+# 5: Show also HTTP responses page content
+# Default: 0
+verbose = 0
+
+# Update sqlmap to the latest stable version.
+# Valid: True or False
+updateAll = False
+
+# Save and resume all data retrieved on a session file.
+sessionFile = 
+
+# Never ask for user input, use the default behaviour.
+# Valid: True or False
+batch = False