mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 13:11:29 +00:00
Some more PEPing (I hope that I haven't broke anything)
This commit is contained in:
Miroslav Stampar
@@ -50,9 +50,7 @@ def cmdLineParser(argv=None):
|
||||
# Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
|
||||
_ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding)
|
||||
|
||||
usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
|
||||
"\"%s\"" % _ if " " in _ else _)
|
||||
|
||||
usage = "%s%s [options]" % ("python " if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _)
|
||||
parser = OptionParser(usage=usage)
|
||||
|
||||
try:
|
||||
@@ -115,15 +113,13 @@ def cmdLineParser(argv=None):
|
||||
request.add_option("--load-cookies", dest="loadCookies",
|
||||
help="File containing cookies in Netscape/wget format")
|
||||
|
||||
request.add_option("--drop-set-cookie", dest="dropSetCookie",
|
||||
action="store_true",
|
||||
request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
|
||||
help="Ignore Set-Cookie header from response")
|
||||
|
||||
request.add_option("--user-agent", dest="agent",
|
||||
help="HTTP User-Agent header value")
|
||||
|
||||
request.add_option("--random-agent", dest="randomAgent",
|
||||
action="store_true",
|
||||
request.add_option("--random-agent", dest="randomAgent", action="store_true",
|
||||
help="Use randomly selected HTTP User-Agent header value")
|
||||
|
||||
request.add_option("--host", dest="host",
|
||||
@@ -139,62 +135,55 @@ def cmdLineParser(argv=None):
|
||||
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
|
||||
|
||||
request.add_option("--auth-type", dest="authType",
|
||||
help="HTTP authentication type "
|
||||
"(Basic, Digest, NTLM or PKI)")
|
||||
help="HTTP authentication type (Basic, Digest, NTLM or PKI)")
|
||||
|
||||
request.add_option("--auth-cred", dest="authCred",
|
||||
help="HTTP authentication credentials "
|
||||
"(name:password)")
|
||||
help="HTTP authentication credentials (name:password)")
|
||||
|
||||
request.add_option("--auth-file", dest="authFile",
|
||||
help="HTTP authentication PEM cert/private key file")
|
||||
|
||||
request.add_option("--ignore-code", dest="ignoreCode", type="int",
|
||||
help="Ignore HTTP error code (e.g. 401)")
|
||||
help="Ignore HTTP error code (e.g. 401)")
|
||||
|
||||
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
|
||||
help="Ignore system default proxy settings")
|
||||
|
||||
request.add_option("--ignore-redirects", dest="ignoreRedirects", action="store_true",
|
||||
help="Ignore redirection attempts")
|
||||
help="Ignore redirection attempts")
|
||||
|
||||
request.add_option("--ignore-timeouts", dest="ignoreTimeouts", action="store_true",
|
||||
help="Ignore connection timeouts")
|
||||
help="Ignore connection timeouts")
|
||||
|
||||
request.add_option("--proxy", dest="proxy",
|
||||
help="Use a proxy to connect to the target URL")
|
||||
|
||||
request.add_option("--proxy-cred", dest="proxyCred",
|
||||
help="Proxy authentication credentials "
|
||||
"(name:password)")
|
||||
help="Proxy authentication credentials (name:password)")
|
||||
|
||||
request.add_option("--proxy-file", dest="proxyFile",
|
||||
help="Load proxy list from a file")
|
||||
|
||||
request.add_option("--tor", dest="tor",
|
||||
action="store_true",
|
||||
help="Use Tor anonymity network")
|
||||
request.add_option("--tor", dest="tor", action="store_true",
|
||||
help="Use Tor anonymity network")
|
||||
|
||||
request.add_option("--tor-port", dest="torPort",
|
||||
help="Set Tor proxy port other than default")
|
||||
help="Set Tor proxy port other than default")
|
||||
|
||||
request.add_option("--tor-type", dest="torType",
|
||||
help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")
|
||||
help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")
|
||||
|
||||
request.add_option("--check-tor", dest="checkTor",
|
||||
action="store_true",
|
||||
help="Check to see if Tor is used properly")
|
||||
request.add_option("--check-tor", dest="checkTor", action="store_true",
|
||||
help="Check to see if Tor is used properly")
|
||||
|
||||
request.add_option("--delay", dest="delay", type="float",
|
||||
help="Delay in seconds between each HTTP request")
|
||||
|
||||
request.add_option("--timeout", dest="timeout", type="float",
|
||||
help="Seconds to wait before timeout connection "
|
||||
"(default %d)" % defaults.timeout)
|
||||
help="Seconds to wait before timeout connection (default %d)" % defaults.timeout)
|
||||
|
||||
request.add_option("--retries", dest="retries", type="int",
|
||||
help="Retries when the connection timeouts "
|
||||
"(default %d)" % defaults.retries)
|
||||
help="Retries when the connection timeouts (default %d)" % defaults.retries)
|
||||
|
||||
request.add_option("--randomize", dest="rParam",
|
||||
help="Randomly change value for given parameter(s)")
|
||||
@@ -211,8 +200,7 @@ def cmdLineParser(argv=None):
|
||||
request.add_option("--safe-freq", dest="safeFreq", type="int",
|
||||
help="Test requests between two visits to a given safe URL")
|
||||
|
||||
request.add_option("--skip-urlencode", dest="skipUrlEncode",
|
||||
action="store_true",
|
||||
request.add_option("--skip-urlencode", dest="skipUrlEncode", action="store_true",
|
||||
help="Skip URL encoding of payload data")
|
||||
|
||||
request.add_option("--csrf-token", dest="csrfToken",
|
||||
@@ -221,44 +209,36 @@ def cmdLineParser(argv=None):
|
||||
request.add_option("--csrf-url", dest="csrfUrl",
|
||||
help="URL address to visit to extract anti-CSRF token")
|
||||
|
||||
request.add_option("--force-ssl", dest="forceSSL",
|
||||
action="store_true",
|
||||
request.add_option("--force-ssl", dest="forceSSL", action="store_true",
|
||||
help="Force usage of SSL/HTTPS")
|
||||
|
||||
request.add_option("--hpp", dest="hpp",
|
||||
action="store_true",
|
||||
help="Use HTTP parameter pollution method")
|
||||
request.add_option("--hpp", dest="hpp", action="store_true",
|
||||
help="Use HTTP parameter pollution method")
|
||||
|
||||
request.add_option("--eval", dest="evalCode",
|
||||
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
|
||||
|
||||
# Optimization options
|
||||
optimization = OptionGroup(parser, "Optimization", "These "
|
||||
"options can be used to optimize the "
|
||||
"performance of sqlmap")
|
||||
optimization = OptionGroup(parser, "Optimization", "These options can be used to optimize the performance of sqlmap")
|
||||
|
||||
optimization.add_option("-o", dest="optimize",
|
||||
action="store_true",
|
||||
help="Turn on all optimization switches")
|
||||
optimization.add_option("-o", dest="optimize", action="store_true",
|
||||
help="Turn on all optimization switches")
|
||||
|
||||
optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
|
||||
help="Predict common queries output")
|
||||
help="Predict common queries output")
|
||||
|
||||
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
|
||||
help="Use persistent HTTP(s) connections")
|
||||
help="Use persistent HTTP(s) connections")
|
||||
|
||||
optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
|
||||
help="Retrieve page length without actual HTTP response body")
|
||||
help="Retrieve page length without actual HTTP response body")
|
||||
|
||||
optimization.add_option("--threads", dest="threads", type="int",
|
||||
help="Max number of concurrent HTTP(s) "
|
||||
help="Max number of concurrent HTTP(s) "
|
||||
"requests (default %d)" % defaults.threads)
|
||||
|
||||
# Injection options
|
||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||
"used to specify which parameters to test "
|
||||
"for, provide custom injection payloads and "
|
||||
"optional tampering scripts")
|
||||
injection = OptionGroup(parser, "Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts")
|
||||
|
||||
injection.add_option("-p", dest="testParameter",
|
||||
help="Testable parameter(s)")
|
||||
@@ -270,36 +250,30 @@ def cmdLineParser(argv=None):
|
||||
help="Skip testing parameters that not appear to be dynamic")
|
||||
|
||||
injection.add_option("--param-exclude", dest="paramExclude",
|
||||
help="Regexp to exclude parameters from testing (e.g. \"ses\")")
|
||||
help="Regexp to exclude parameters from testing (e.g. \"ses\")")
|
||||
|
||||
injection.add_option("--dbms", dest="dbms",
|
||||
help="Force back-end DBMS to this value")
|
||||
|
||||
injection.add_option("--dbms-cred", dest="dbmsCred",
|
||||
help="DBMS authentication credentials (user:password)")
|
||||
help="DBMS authentication credentials (user:password)")
|
||||
|
||||
injection.add_option("--os", dest="os",
|
||||
help="Force back-end DBMS operating system "
|
||||
"to this value")
|
||||
help="Force back-end DBMS operating system to this value")
|
||||
|
||||
injection.add_option("--invalid-bignum", dest="invalidBignum",
|
||||
action="store_true",
|
||||
injection.add_option("--invalid-bignum", dest="invalidBignum", action="store_true",
|
||||
help="Use big numbers for invalidating values")
|
||||
|
||||
injection.add_option("--invalid-logical", dest="invalidLogical",
|
||||
action="store_true",
|
||||
injection.add_option("--invalid-logical", dest="invalidLogical", action="store_true",
|
||||
help="Use logical operations for invalidating values")
|
||||
|
||||
injection.add_option("--invalid-string", dest="invalidString",
|
||||
action="store_true",
|
||||
injection.add_option("--invalid-string", dest="invalidString", action="store_true",
|
||||
help="Use random strings for invalidating values")
|
||||
|
||||
injection.add_option("--no-cast", dest="noCast",
|
||||
action="store_true",
|
||||
injection.add_option("--no-cast", dest="noCast", action="store_true",
|
||||
help="Turn off payload casting mechanism")
|
||||
|
||||
injection.add_option("--no-escape", dest="noEscape",
|
||||
action="store_true",
|
||||
injection.add_option("--no-escape", dest="noEscape", action="store_true",
|
||||
help="Turn off string escaping mechanism")
|
||||
|
||||
injection.add_option("--prefix", dest="prefix",
|
||||
@@ -312,54 +286,40 @@ def cmdLineParser(argv=None):
|
||||
help="Use given script(s) for tampering injection data")
|
||||
|
||||
# Detection options
|
||||
detection = OptionGroup(parser, "Detection", "These options can be "
|
||||
"used to customize the detection phase")
|
||||
detection = OptionGroup(parser, "Detection", "These options can be used to customize the detection phase")
|
||||
|
||||
detection.add_option("--level", dest="level", type="int",
|
||||
help="Level of tests to perform (1-5, "
|
||||
"default %d)" % defaults.level)
|
||||
help="Level of tests to perform (1-5, default %d)" % defaults.level)
|
||||
|
||||
detection.add_option("--risk", dest="risk", type="int",
|
||||
help="Risk of tests to perform (1-3, "
|
||||
"default %d)" % defaults.risk)
|
||||
help="Risk of tests to perform (1-3, default %d)" % defaults.risk)
|
||||
|
||||
detection.add_option("--string", dest="string",
|
||||
help="String to match when "
|
||||
"query is evaluated to True")
|
||||
help="String to match when query is evaluated to True")
|
||||
|
||||
detection.add_option("--not-string", dest="notString",
|
||||
help="String to match when "
|
||||
"query is evaluated to False")
|
||||
help="String to match when query is evaluated to False")
|
||||
|
||||
detection.add_option("--regexp", dest="regexp",
|
||||
help="Regexp to match when "
|
||||
"query is evaluated to True")
|
||||
help="Regexp to match when query is evaluated to True")
|
||||
|
||||
detection.add_option("--code", dest="code", type="int",
|
||||
help="HTTP code to match when "
|
||||
"query is evaluated to True")
|
||||
help="HTTP code to match when query is evaluated to True")
|
||||
|
||||
detection.add_option("--text-only", dest="textOnly",
|
||||
action="store_true",
|
||||
detection.add_option("--text-only", dest="textOnly", action="store_true",
|
||||
help="Compare pages based only on the textual content")
|
||||
|
||||
detection.add_option("--titles", dest="titles",
|
||||
action="store_true",
|
||||
detection.add_option("--titles", dest="titles", action="store_true",
|
||||
help="Compare pages based only on their titles")
|
||||
|
||||
# Techniques options
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can be "
|
||||
"used to tweak testing of specific SQL "
|
||||
"injection techniques")
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can be used to tweak testing of specific SQL injection techniques")
|
||||
|
||||
techniques.add_option("--technique", dest="tech",
|
||||
help="SQL injection techniques to use "
|
||||
"(default \"%s\")" % defaults.tech)
|
||||
help="SQL injection techniques to use (default \"%s\")" % defaults.tech)
|
||||
|
||||
techniques.add_option("--time-sec", dest="timeSec",
|
||||
type="int",
|
||||
help="Seconds to delay the DBMS response "
|
||||
"(default %d)" % defaults.timeSec)
|
||||
techniques.add_option("--time-sec", dest="timeSec", type="int",
|
||||
help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)
|
||||
|
||||
techniques.add_option("--union-cols", dest="uCols",
|
||||
help="Range of columns to test for UNION query SQL injection")
|
||||
@@ -374,58 +334,45 @@ def cmdLineParser(argv=None):
|
||||
help="Domain name used for DNS exfiltration attack")
|
||||
|
||||
techniques.add_option("--second-order", dest="secondOrder",
|
||||
help="Resulting page URL searched for second-order "
|
||||
"response")
|
||||
help="Resulting page URL searched for second-order response")
|
||||
|
||||
# Fingerprint options
|
||||
fingerprint = OptionGroup(parser, "Fingerprint")
|
||||
|
||||
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
|
||||
action="store_true",
|
||||
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", action="store_true",
|
||||
help="Perform an extensive DBMS version fingerprint")
|
||||
|
||||
# Enumeration options
|
||||
enumeration = OptionGroup(parser, "Enumeration", "These options can "
|
||||
"be used to enumerate the back-end database "
|
||||
"management system information, structure "
|
||||
"and data contained in the tables. Moreover "
|
||||
"you can run your own SQL statements")
|
||||
enumeration = OptionGroup(parser, "Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements")
|
||||
|
||||
enumeration.add_option("-a", "--all", dest="getAll",
|
||||
action="store_true", help="Retrieve everything")
|
||||
enumeration.add_option("-a", "--all", dest="getAll", action="store_true",
|
||||
help="Retrieve everything")
|
||||
|
||||
enumeration.add_option("-b", "--banner", dest="getBanner",
|
||||
action="store_true", help="Retrieve DBMS banner")
|
||||
enumeration.add_option("-b", "--banner", dest="getBanner", action="store_true",
|
||||
help="Retrieve DBMS banner")
|
||||
|
||||
enumeration.add_option("--current-user", dest="getCurrentUser",
|
||||
action="store_true",
|
||||
enumeration.add_option("--current-user", dest="getCurrentUser", action="store_true",
|
||||
help="Retrieve DBMS current user")
|
||||
|
||||
enumeration.add_option("--current-db", dest="getCurrentDb",
|
||||
action="store_true",
|
||||
enumeration.add_option("--current-db", dest="getCurrentDb", action="store_true",
|
||||
help="Retrieve DBMS current database")
|
||||
|
||||
enumeration.add_option("--hostname", dest="getHostname",
|
||||
action="store_true",
|
||||
enumeration.add_option("--hostname", dest="getHostname", action="store_true",
|
||||
help="Retrieve DBMS server hostname")
|
||||
|
||||
enumeration.add_option("--is-dba", dest="isDba",
|
||||
action="store_true",
|
||||
enumeration.add_option("--is-dba", dest="isDba", action="store_true",
|
||||
help="Detect if the DBMS current user is DBA")
|
||||
|
||||
enumeration.add_option("--users", dest="getUsers", action="store_true",
|
||||
help="Enumerate DBMS users")
|
||||
|
||||
enumeration.add_option("--passwords", dest="getPasswordHashes",
|
||||
action="store_true",
|
||||
enumeration.add_option("--passwords", dest="getPasswordHashes", action="store_true",
|
||||
help="Enumerate DBMS users password hashes")
|
||||
|
||||
enumeration.add_option("--privileges", dest="getPrivileges",
|
||||
action="store_true",
|
||||
enumeration.add_option("--privileges", dest="getPrivileges", action="store_true",
|
||||
help="Enumerate DBMS users privileges")
|
||||
|
||||
enumeration.add_option("--roles", dest="getRoles",
|
||||
action="store_true",
|
||||
enumeration.add_option("--roles", dest="getRoles", action="store_true",
|
||||
help="Enumerate DBMS users roles")
|
||||
|
||||
enumeration.add_option("--dbs", dest="getDbs", action="store_true",
|
||||
@@ -470,10 +417,8 @@ def cmdLineParser(argv=None):
|
||||
enumeration.add_option("-U", dest="user",
|
||||
help="DBMS user to enumerate")
|
||||
|
||||
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
|
||||
action="store_true",
|
||||
help="Exclude DBMS system databases when "
|
||||
"enumerating tables")
|
||||
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", action="store_true",
|
||||
help="Exclude DBMS system databases when enumerating tables")
|
||||
|
||||
enumeration.add_option("--pivot-column", dest="pivotColumn",
|
||||
help="Pivot column name")
|
||||
@@ -496,28 +441,23 @@ def cmdLineParser(argv=None):
|
||||
enumeration.add_option("--sql-query", dest="query",
|
||||
help="SQL statement to be executed")
|
||||
|
||||
enumeration.add_option("--sql-shell", dest="sqlShell",
|
||||
action="store_true",
|
||||
enumeration.add_option("--sql-shell", dest="sqlShell", action="store_true",
|
||||
help="Prompt for an interactive SQL shell")
|
||||
|
||||
enumeration.add_option("--sql-file", dest="sqlFile",
|
||||
help="Execute SQL statements from given file(s)")
|
||||
|
||||
# Brute force options
|
||||
brute = OptionGroup(parser, "Brute force", "These "
|
||||
"options can be used to run brute force "
|
||||
"checks")
|
||||
brute = OptionGroup(parser, "Brute force", "These options can be used to run brute force checks")
|
||||
|
||||
brute.add_option("--common-tables", dest="commonTables", action="store_true",
|
||||
help="Check existence of common tables")
|
||||
help="Check existence of common tables")
|
||||
|
||||
brute.add_option("--common-columns", dest="commonColumns", action="store_true",
|
||||
help="Check existence of common columns")
|
||||
help="Check existence of common columns")
|
||||
|
||||
# User-defined function options
|
||||
udf = OptionGroup(parser, "User-defined function injection", "These "
|
||||
"options can be used to create custom user-defined "
|
||||
"functions")
|
||||
udf = OptionGroup(parser, "User-defined function injection", "These options can be used to create custom user-defined functions")
|
||||
|
||||
udf.add_option("--udf-inject", dest="udfInject", action="store_true",
|
||||
help="Inject custom user-defined functions")
|
||||
@@ -526,167 +466,131 @@ def cmdLineParser(argv=None):
|
||||
help="Local path of the shared library")
|
||||
|
||||
# File system options
|
||||
filesystem = OptionGroup(parser, "File system access", "These options "
|
||||
"can be used to access the back-end database "
|
||||
"management system underlying file system")
|
||||
filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system")
|
||||
|
||||
filesystem.add_option("--file-read", dest="rFile",
|
||||
help="Read a file from the back-end DBMS "
|
||||
"file system")
|
||||
help="Read a file from the back-end DBMS file system")
|
||||
|
||||
filesystem.add_option("--file-write", dest="wFile",
|
||||
help="Write a local file on the back-end "
|
||||
"DBMS file system")
|
||||
help="Write a local file on the back-end DBMS file system")
|
||||
|
||||
filesystem.add_option("--file-dest", dest="dFile",
|
||||
help="Back-end DBMS absolute filepath to "
|
||||
"write to")
|
||||
help="Back-end DBMS absolute filepath to write to")
|
||||
|
||||
# Takeover options
|
||||
takeover = OptionGroup(parser, "Operating system access", "These "
|
||||
"options can be used to access the back-end "
|
||||
"database management system underlying "
|
||||
"operating system")
|
||||
takeover = OptionGroup(parser, "Operating system access", "These options can be used to access the back-end database management system underlying operating system")
|
||||
|
||||
takeover.add_option("--os-cmd", dest="osCmd",
|
||||
help="Execute an operating system command")
|
||||
|
||||
takeover.add_option("--os-shell", dest="osShell",
|
||||
action="store_true",
|
||||
help="Prompt for an interactive operating "
|
||||
"system shell")
|
||||
takeover.add_option("--os-shell", dest="osShell", action="store_true",
|
||||
help="Prompt for an interactive operating system shell")
|
||||
|
||||
takeover.add_option("--os-pwn", dest="osPwn",
|
||||
action="store_true",
|
||||
help="Prompt for an OOB shell, "
|
||||
"Meterpreter or VNC")
|
||||
takeover.add_option("--os-pwn", dest="osPwn", action="store_true",
|
||||
help="Prompt for an OOB shell, Meterpreter or VNC")
|
||||
|
||||
takeover.add_option("--os-smbrelay", dest="osSmb",
|
||||
action="store_true",
|
||||
help="One click prompt for an OOB shell, "
|
||||
"Meterpreter or VNC")
|
||||
takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true",
|
||||
help="One click prompt for an OOB shell, Meterpreter or VNC")
|
||||
|
||||
takeover.add_option("--os-bof", dest="osBof",
|
||||
action="store_true",
|
||||
takeover.add_option("--os-bof", dest="osBof", action="store_true",
|
||||
help="Stored procedure buffer overflow "
|
||||
"exploitation")
|
||||
|
||||
takeover.add_option("--priv-esc", dest="privEsc",
|
||||
action="store_true",
|
||||
takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
|
||||
help="Database process user privilege escalation")
|
||||
|
||||
takeover.add_option("--msf-path", dest="msfPath",
|
||||
help="Local path where Metasploit Framework "
|
||||
"is installed")
|
||||
help="Local path where Metasploit Framework is installed")
|
||||
|
||||
takeover.add_option("--tmp-path", dest="tmpPath",
|
||||
help="Remote absolute path of temporary files "
|
||||
"directory")
|
||||
help="Remote absolute path of temporary files directory")
|
||||
|
||||
# Windows registry options
|
||||
windows = OptionGroup(parser, "Windows registry access", "These "
|
||||
"options can be used to access the back-end "
|
||||
"database management system Windows "
|
||||
"registry")
|
||||
windows = OptionGroup(parser, "Windows registry access", "These options can be used to access the back-end database management system Windows registry")
|
||||
|
||||
windows.add_option("--reg-read", dest="regRead",
|
||||
action="store_true",
|
||||
help="Read a Windows registry key value")
|
||||
windows.add_option("--reg-read", dest="regRead", action="store_true",
|
||||
help="Read a Windows registry key value")
|
||||
|
||||
windows.add_option("--reg-add", dest="regAdd",
|
||||
action="store_true",
|
||||
help="Write a Windows registry key value data")
|
||||
windows.add_option("--reg-add", dest="regAdd", action="store_true",
|
||||
help="Write a Windows registry key value data")
|
||||
|
||||
windows.add_option("--reg-del", dest="regDel",
|
||||
action="store_true",
|
||||
help="Delete a Windows registry key value")
|
||||
windows.add_option("--reg-del", dest="regDel", action="store_true",
|
||||
help="Delete a Windows registry key value")
|
||||
|
||||
windows.add_option("--reg-key", dest="regKey",
|
||||
help="Windows registry key")
|
||||
help="Windows registry key")
|
||||
|
||||
windows.add_option("--reg-value", dest="regVal",
|
||||
help="Windows registry key value")
|
||||
help="Windows registry key value")
|
||||
|
||||
windows.add_option("--reg-data", dest="regData",
|
||||
help="Windows registry key value data")
|
||||
help="Windows registry key value data")
|
||||
|
||||
windows.add_option("--reg-type", dest="regType",
|
||||
help="Windows registry key value type")
|
||||
help="Windows registry key value type")
|
||||
|
||||
# General options
|
||||
general = OptionGroup(parser, "General", "These options can be used "
|
||||
"to set some general working parameters")
|
||||
general = OptionGroup(parser, "General", "These options can be used to set some general working parameters")
|
||||
|
||||
general.add_option("-s", dest="sessionFile",
|
||||
help="Load session from a stored (.sqlite) file")
|
||||
help="Load session from a stored (.sqlite) file")
|
||||
|
||||
general.add_option("-t", dest="trafficFile",
|
||||
help="Log all HTTP traffic into a "
|
||||
"textual file")
|
||||
help="Log all HTTP traffic into a textual file")
|
||||
|
||||
general.add_option("--batch", dest="batch",
|
||||
action="store_true",
|
||||
help="Never ask for user input, use the default behavior")
|
||||
general.add_option("--batch", dest="batch", action="store_true",
|
||||
help="Never ask for user input, use the default behavior")
|
||||
|
||||
general.add_option("--binary-fields", dest="binaryFields",
|
||||
help="Result fields having binary values (e.g. \"digest\")")
|
||||
help="Result fields having binary values (e.g. \"digest\")")
|
||||
|
||||
general.add_option("--check-internet", dest="checkInternet",
|
||||
action="store_true",
|
||||
help="Check Internet connection before assessing the target")
|
||||
general.add_option("--check-internet", dest="checkInternet", action="store_true",
|
||||
help="Check Internet connection before assessing the target")
|
||||
|
||||
general.add_option("--crawl", dest="crawlDepth", type="int",
|
||||
help="Crawl the website starting from the target URL")
|
||||
help="Crawl the website starting from the target URL")
|
||||
|
||||
general.add_option("--crawl-exclude", dest="crawlExclude",
|
||||
help="Regexp to exclude pages from crawling (e.g. \"logout\")")
|
||||
|
||||
general.add_option("--csv-del", dest="csvDel",
|
||||
help="Delimiting character used in CSV output "
|
||||
"(default \"%s\")" % defaults.csvDel)
|
||||
help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel)
|
||||
|
||||
general.add_option("--charset", dest="charset",
|
||||
help="Blind SQL injection charset (e.g. \"0123456789abcdef\")")
|
||||
|
||||
general.add_option("--dump-format", dest="dumpFormat",
|
||||
help="Format of dumped data (CSV (default), HTML or SQLITE)")
|
||||
help="Format of dumped data (CSV (default), HTML or SQLITE)")
|
||||
|
||||
general.add_option("--encoding", dest="encoding",
|
||||
help="Character encoding used for data retrieval (e.g. GBK)")
|
||||
help="Character encoding used for data retrieval (e.g. GBK)")
|
||||
|
||||
general.add_option("--eta", dest="eta",
|
||||
action="store_true",
|
||||
help="Display for each output the estimated time of arrival")
|
||||
general.add_option("--eta", dest="eta", action="store_true",
|
||||
help="Display for each output the estimated time of arrival")
|
||||
|
||||
general.add_option("--flush-session", dest="flushSession",
|
||||
action="store_true",
|
||||
help="Flush session files for current target")
|
||||
general.add_option("--flush-session", dest="flushSession", action="store_true",
|
||||
help="Flush session files for current target")
|
||||
|
||||
general.add_option("--forms", dest="forms",
|
||||
action="store_true",
|
||||
help="Parse and test forms on target URL")
|
||||
general.add_option("--forms", dest="forms", action="store_true",
|
||||
help="Parse and test forms on target URL")
|
||||
|
||||
general.add_option("--fresh-queries", dest="freshQueries",
|
||||
action="store_true",
|
||||
help="Ignore query results stored in session file")
|
||||
general.add_option("--fresh-queries", dest="freshQueries", action="store_true",
|
||||
help="Ignore query results stored in session file")
|
||||
|
||||
general.add_option("--har", dest="harFile",
|
||||
help="Log all HTTP traffic into a HAR file")
|
||||
|
||||
general.add_option("--hex", dest="hexConvert",
|
||||
action="store_true",
|
||||
help="Use DBMS hex function(s) for data retrieval")
|
||||
general.add_option("--hex", dest="hexConvert", action="store_true",
|
||||
help="Use DBMS hex function(s) for data retrieval")
|
||||
|
||||
general.add_option("--output-dir", dest="outputDir",
|
||||
action="store",
|
||||
help="Custom output directory path")
|
||||
general.add_option("--output-dir", dest="outputDir", action="store",
|
||||
help="Custom output directory path")
|
||||
|
||||
general.add_option("--parse-errors", dest="parseErrors",
|
||||
action="store_true",
|
||||
help="Parse and display DBMS error messages from responses")
|
||||
general.add_option("--parse-errors", dest="parseErrors", action="store_true",
|
||||
help="Parse and display DBMS error messages from responses")
|
||||
|
||||
general.add_option("--save", dest="saveConfig",
|
||||
help="Save options to a configuration INI file")
|
||||
help="Save options to a configuration INI file")
|
||||
|
||||
general.add_option("--scope", dest="scope",
|
||||
help="Regexp to filter targets from provided proxy log")
|
||||
@@ -697,77 +601,65 @@ def cmdLineParser(argv=None):
|
||||
general.add_option("--test-skip", dest="testSkip",
|
||||
help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")
|
||||
|
||||
general.add_option("--update", dest="updateAll",
|
||||
action="store_true",
|
||||
help="Update sqlmap")
|
||||
general.add_option("--update", dest="updateAll", action="store_true",
|
||||
help="Update sqlmap")
|
||||
|
||||
# Miscellaneous options
|
||||
miscellaneous = OptionGroup(parser, "Miscellaneous")
|
||||
|
||||
miscellaneous.add_option("-z", dest="mnemonics",
|
||||
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
|
||||
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
|
||||
|
||||
miscellaneous.add_option("--alert", dest="alert",
|
||||
help="Run host OS command(s) when SQL injection is found")
|
||||
help="Run host OS command(s) when SQL injection is found")
|
||||
|
||||
miscellaneous.add_option("--answers", dest="answers",
|
||||
help="Set question answers (e.g. \"quit=N,follow=N\")")
|
||||
help="Set question answers (e.g. \"quit=N,follow=N\")")
|
||||
|
||||
miscellaneous.add_option("--beep", dest="beep", action="store_true",
|
||||
help="Beep on question and/or when SQL injection is found")
|
||||
help="Beep on question and/or when SQL injection is found")
|
||||
|
||||
miscellaneous.add_option("--cleanup", dest="cleanup",
|
||||
action="store_true",
|
||||
help="Clean up the DBMS from sqlmap specific "
|
||||
"UDF and tables")
|
||||
miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true",
|
||||
help="Clean up the DBMS from sqlmap specific UDF and tables")
|
||||
|
||||
miscellaneous.add_option("--dependencies", dest="dependencies",
|
||||
action="store_true",
|
||||
help="Check for missing (non-core) sqlmap dependencies")
|
||||
miscellaneous.add_option("--dependencies", dest="dependencies", action="store_true",
|
||||
help="Check for missing (non-core) sqlmap dependencies")
|
||||
|
||||
miscellaneous.add_option("--disable-coloring", dest="disableColoring",
|
||||
action="store_true",
|
||||
help="Disable console output coloring")
|
||||
miscellaneous.add_option("--disable-coloring", dest="disableColoring", action="store_true",
|
||||
help="Disable console output coloring")
|
||||
|
||||
miscellaneous.add_option("--gpage", dest="googlePage", type="int",
|
||||
help="Use Google dork results from specified page number")
|
||||
help="Use Google dork results from specified page number")
|
||||
|
||||
miscellaneous.add_option("--identify-waf", dest="identifyWaf",
|
||||
action="store_true",
|
||||
help="Make a thorough testing for a WAF/IPS/IDS protection")
|
||||
miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
|
||||
help="Make a thorough testing for a WAF/IPS/IDS protection")
|
||||
|
||||
miscellaneous.add_option("--mobile", dest="mobile",
|
||||
action="store_true",
|
||||
help="Imitate smartphone through HTTP User-Agent header")
|
||||
miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
|
||||
help="Imitate smartphone through HTTP User-Agent header")
|
||||
|
||||
miscellaneous.add_option("--offline", dest="offline",
|
||||
action="store_true",
|
||||
help="Work in offline mode (only use session data)")
|
||||
miscellaneous.add_option("--offline", dest="offline", action="store_true",
|
||||
help="Work in offline mode (only use session data)")
|
||||
|
||||
miscellaneous.add_option("--purge-output", dest="purgeOutput",
|
||||
action="store_true",
|
||||
help="Safely remove all content from output directory")
|
||||
miscellaneous.add_option("--purge-output", dest="purgeOutput", action="store_true",
|
||||
help="Safely remove all content from output directory")
|
||||
|
||||
miscellaneous.add_option("--skip-waf", dest="skipWaf",
|
||||
action="store_true",
|
||||
help="Skip heuristic detection of WAF/IPS/IDS protection")
|
||||
miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true",
|
||||
help="Skip heuristic detection of WAF/IPS/IDS protection")
|
||||
|
||||
miscellaneous.add_option("--smart", dest="smart",
|
||||
action="store_true",
|
||||
help="Conduct thorough tests only if positive heuristic(s)")
|
||||
miscellaneous.add_option("--smart", dest="smart", action="store_true",
|
||||
help="Conduct thorough tests only if positive heuristic(s)")
|
||||
|
||||
miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
|
||||
help="Prompt for an interactive sqlmap shell")
|
||||
help="Prompt for an interactive sqlmap shell")
|
||||
|
||||
miscellaneous.add_option("--tmp-dir", dest="tmpDir",
|
||||
help="Local directory for storing temporary files")
|
||||
help="Local directory for storing temporary files")
|
||||
|
||||
miscellaneous.add_option("--web-root", dest="webRoot",
|
||||
help="Web server document root directory (e.g. \"/var/www\")")
|
||||
help="Web server document root directory (e.g. \"/var/www\")")
|
||||
|
||||
miscellaneous.add_option("--wizard", dest="wizard",
|
||||
action="store_true",
|
||||
help="Simple wizard interface for beginner users")
|
||||
miscellaneous.add_option("--wizard", dest="wizard", action="store_true",
|
||||
help="Simple wizard interface for beginner users")
|
||||
|
||||
# Hidden and/or experimental options
|
||||
parser.add_option("--dummy", dest="dummy", action="store_true",
|
||||
@@ -976,9 +868,7 @@ def cmdLineParser(argv=None):
|
||||
if args.dummy:
|
||||
args.url = args.url or DUMMY_URL
|
||||
|
||||
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
|
||||
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
|
||||
args.purgeOutput, args.sitemapUrl)):
|
||||
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput, args.sitemapUrl)):
|
||||
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), "
|
||||
errMsg += "use -h for basic or -hh for advanced help\n"
|
||||
parser.error(errMsg)
|
||||
|
||||
@@ -24,18 +24,16 @@ def headersParser(headers):
|
||||
if not kb.headerPaths:
|
||||
kb.headerPaths = {
|
||||
"microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
|
||||
"server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
|
||||
"servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"),
|
||||
"set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"),
|
||||
"x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
|
||||
"x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
|
||||
"server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
|
||||
"servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"),
|
||||
"set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"),
|
||||
"x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
|
||||
"x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
|
||||
}
|
||||
|
||||
for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers):
|
||||
value = headers[header]
|
||||
xmlfile = kb.headerPaths[header]
|
||||
|
||||
handler = FingerprintHandler(value, kb.headersFp)
|
||||
|
||||
parseXmlFile(xmlfile, handler)
|
||||
parseXmlFile(paths.GENERIC_XML, handler)
|
||||
|
||||
Reference in New Issue
Block a user