sqlmap/lib/parse/cmdline.py

479 lines
21 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
2010-03-03 18:26:27 +03:00
Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
2008-10-15 19:38:22 +04:00
sqlmap is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 2 of the License.
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import sys
2008-10-15 19:38:22 +04:00
from optparse import OptionError
from optparse import OptionGroup
from optparse import OptionParser
2010-05-21 13:35:36 +04:00
from optparse import SUPPRESS_HELP
2008-10-15 19:38:22 +04:00
2010-05-28 15:48:44 +04:00
from lib.core.convert import utf8decode
2008-10-15 19:38:22 +04:00
from lib.core.data import logger
from lib.core.settings import VERSION_STRING
def cmdLineParser():
"""
This function parses the command line parameters and arguments
"""
usage = "%s [options]" % sys.argv[0]
2008-10-15 19:38:22 +04:00
parser = OptionParser(usage=usage, version=VERSION_STRING)
try:
parser.add_option("-v", dest="verbose", type="int", default=1,
2008-12-18 00:35:04 +03:00
help="Verbosity level: 0-5 (default 1)")
# Target options
target = OptionGroup(parser, "Target", "At least one of these "
"options has to be specified to set the source "
"to get target urls from.")
target.add_option("-d", dest="direct", help="Direct "
"connection to the database")
target.add_option("-u", "--url", dest="url", help="Target url")
2008-10-15 19:38:22 +04:00
target.add_option("-l", dest="list", help="Parse targets from Burp "
2010-01-10 00:08:47 +03:00
"or WebScarab proxy logs")
2008-10-15 19:38:22 +04:00
2010-01-14 23:42:45 +03:00
target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file")
target.add_option("-g", dest="googleDork",
help="Process Google dork results as target urls")
target.add_option("-c", dest="configFile",
help="Load options from a configuration INI file")
2010-01-14 23:42:45 +03:00
# Request options
request = OptionGroup(parser, "Request", "These options can be used "
"to specify how to connect to the target url.")
2008-10-15 19:38:22 +04:00
request.add_option("--method", dest="method", default="GET",
help="HTTP method, GET or POST (default GET)")
2008-10-15 19:38:22 +04:00
request.add_option("--data", dest="data",
help="Data string to be sent through POST")
request.add_option("--cookie", dest="cookie",
help="HTTP Cookie header")
2010-01-14 23:42:45 +03:00
request.add_option("--cookie-urlencode", dest="cookieUrlencode",
action="store_true",
2010-03-03 16:49:24 +03:00
help="URL Encode generated cookie injections")
2010-01-14 23:42:45 +03:00
request.add_option("--drop-set-cookie", dest="dropSetCookie",
action="store_true",
help="Ignore Set-Cookie header from response")
2008-10-15 19:38:22 +04:00
request.add_option("--user-agent", dest="agent",
help="HTTP User-Agent header")
request.add_option("-a", dest="userAgentsFile",
help="Load a random HTTP User-Agent "
"header from file")
request.add_option("--referer", dest="referer",
help="HTTP Referer header")
request.add_option("--headers", dest="headers",
help="Extra HTTP headers newline separated")
2008-10-15 19:38:22 +04:00
request.add_option("--auth-type", dest="aType",
2010-03-12 15:23:05 +03:00
help="HTTP authentication type "
2010-01-07 16:09:14 +03:00
"(Basic, Digest or NTLM)")
2008-10-15 19:38:22 +04:00
request.add_option("--auth-cred", dest="aCred",
2010-03-12 15:23:05 +03:00
help="HTTP authentication credentials "
2010-01-07 16:09:14 +03:00
"(name:password)")
2010-01-07 15:59:09 +03:00
request.add_option("--auth-cert", dest="aCert",
2010-03-12 15:23:05 +03:00
help="HTTP authentication certificate ("
2010-01-07 15:59:09 +03:00
"key_file,cert_file)")
2008-10-15 19:38:22 +04:00
request.add_option("--proxy", dest="proxy",
help="Use a HTTP proxy to connect to the target url")
2010-03-03 19:19:17 +03:00
request.add_option("--ignore-proxy", dest="ignoreProxy",
action="store_true",
help="Ignore system default HTTP proxy")
request.add_option("--threads", dest="threads", type="int", default=1,
2008-10-15 19:38:22 +04:00
help="Maximum number of concurrent HTTP "
"requests (default 1)")
request.add_option("--delay", dest="delay", type="float",
help="Delay in seconds between each HTTP request")
request.add_option("--timeout", dest="timeout", type="float", default=30,
help="Seconds to wait before timeout connection "
"(default 30)")
request.add_option("--retries", dest="retries", type="int", default=3,
help="Retries when the connection timeouts "
"(default 3)")
2010-01-10 00:08:47 +03:00
request.add_option("--scope", dest="scope",
2010-01-10 00:08:47 +03:00
help="Regexp to filter targets from provided proxy log")
request.add_option("--safe-url", dest="safUrl",
help="Url address to visit frequently during testing")
request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
help="Test requests between two visits to a given safe url")
2008-10-15 19:38:22 +04:00
# Injection options
injection = OptionGroup(parser, "Injection", "These options can be "
"used to specify which parameters to test "
"for, provide custom injection payloads and "
"how to parse and compare HTTP responses "
"page content when using the blind SQL "
"injection technique.")
2008-10-15 19:38:22 +04:00
injection.add_option("-p", dest="testParameter",
help="Testable parameter(s)")
injection.add_option("--dbms", dest="dbms",
help="Force back-end DBMS to this value")
injection.add_option("--os", dest="os",
help="Force back-end DBMS operating system "
"to this value")
injection.add_option("--prefix", dest="prefix",
help="Injection payload prefix string")
injection.add_option("--postfix", dest="postfix",
help="Injection payload postfix string")
2008-10-15 19:38:22 +04:00
injection.add_option("--string", dest="string",
help="String to match in page when the "
"query is valid")
injection.add_option("--regexp", dest="regexp",
help="Regexp to match in page when the "
"query is valid")
injection.add_option("--excl-str", dest="eString",
help="String to be excluded before comparing "
"page contents")
injection.add_option("--excl-reg", dest="eRegexp",
help="Matches to be excluded before "
"comparing page contents")
2008-10-15 19:38:22 +04:00
injection.add_option("--use-between", dest="useBetween",
action="store_true",
help="Use operator BETWEEN instead of default '>'")
# Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can "
"be used to test for specific SQL injection "
"technique or to use one of them to exploit "
"the affected parameter(s) rather than using "
"the default blind SQL injection technique.")
techniques.add_option("--stacked-test", dest="stackedTest",
action="store_true",
help="Test for stacked queries (multiple "
"statements) support")
techniques.add_option("--time-test", dest="timeTest",
action="store_true",
2009-01-19 01:36:48 +03:00
help="Test for time based blind SQL injection")
2008-12-18 00:35:04 +03:00
techniques.add_option("--time-sec", dest="timeSec",
type="int", default=5,
help="Seconds to delay the DBMS response "
"(default 5)")
techniques.add_option("--union-test", dest="unionTest",
action="store_true",
help="Test for UNION query (inband) SQL injection")
techniques.add_option("--union-tech", dest="uTech",
help="Technique to test for UNION query SQL injection")
techniques.add_option("--union-use", dest="unionUse",
action="store_true",
help="Use the UNION query (inband) SQL injection "
"to retrieve the queries output. No "
"need to go blind")
2008-10-15 19:38:22 +04:00
# Fingerprint options
fingerprint = OptionGroup(parser, "Fingerprint")
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
action="store_true",
help="Perform an extensive DBMS version fingerprint")
2008-10-15 19:38:22 +04:00
# Enumeration options
enumeration = OptionGroup(parser, "Enumeration", "These options can "
"be used to enumerate the back-end database "
"management system information, structure "
"and data contained in the tables. Moreover "
"you can run your own SQL statements.")
2008-10-15 19:38:22 +04:00
enumeration.add_option("-b", "--banner", dest="getBanner",
action="store_true", help="Retrieve DBMS banner")
enumeration.add_option("--current-user", dest="getCurrentUser",
action="store_true",
help="Retrieve DBMS current user")
enumeration.add_option("--current-db", dest="getCurrentDb",
action="store_true",
help="Retrieve DBMS current database")
enumeration.add_option("--is-dba", dest="isDba",
action="store_true",
help="Detect if the DBMS current user is DBA")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--users", dest="getUsers", action="store_true",
help="Enumerate DBMS users")
enumeration.add_option("--passwords", dest="getPasswordHashes",
action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users password hashes")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--privileges", dest="getPrivileges",
action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users privileges")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--roles", dest="getRoles",
action="store_true",
help="Enumerate DBMS users roles")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dbs", dest="getDbs", action="store_true",
help="Enumerate DBMS databases")
enumeration.add_option("--tables", dest="getTables", action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS database tables")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--columns", dest="getColumns", action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS database table columns")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump", dest="dumpTable", action="store_true",
2010-03-03 21:57:09 +03:00
help="Dump DBMS database table entries")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
help="Dump all DBMS databases tables entries")
enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)")
2008-10-15 19:38:22 +04:00
enumeration.add_option("-D", dest="db",
help="DBMS database to enumerate")
enumeration.add_option("-T", dest="tbl",
help="DBMS database table to enumerate")
enumeration.add_option("-C", dest="col",
help="DBMS database table column to enumerate")
enumeration.add_option("-U", dest="user",
help="DBMS user to enumerate")
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
action="store_true",
help="Exclude DBMS system databases when "
"enumerating tables")
enumeration.add_option("--start", dest="limitStart", type="int",
2009-04-25 00:12:52 +04:00
help="First query output entry to retrieve")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--stop", dest="limitStop", type="int",
2009-04-25 00:12:52 +04:00
help="Last query output entry to retrieve")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--first", dest="firstChar", type="int",
help="First query output word character to retrieve")
enumeration.add_option("--last", dest="lastChar", type="int",
help="Last query output word character to retrieve")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--sql-query", dest="query",
help="SQL statement to be executed")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--sql-shell", dest="sqlShell",
action="store_true",
help="Prompt for an interactive SQL shell")
# User-defined function options
udf = OptionGroup(parser, "User-defined function injection", "These "
"options can be used to create custom user-defined "
"functions.")
udf.add_option("--udf-inject", dest="udfInject", action="store_true",
help="Inject custom user-defined functions")
udf.add_option("--shared-lib", dest="shLib",
help="Local path of the shared library")
2008-10-15 19:38:22 +04:00
# File system options
filesystem = OptionGroup(parser, "File system access", "These options "
"can be used to access the back-end database "
"management system underlying file system.")
2008-10-15 19:38:22 +04:00
filesystem.add_option("--read-file", dest="rFile",
help="Read a file from the back-end DBMS "
"file system")
2008-10-15 19:38:22 +04:00
filesystem.add_option("--write-file", dest="wFile",
help="Write a local file on the back-end "
"DBMS file system")
2008-10-15 19:38:22 +04:00
filesystem.add_option("--dest-file", dest="dFile",
help="Back-end DBMS absolute filepath to "
"write to")
2008-10-15 19:38:22 +04:00
# Takeover options
2010-03-12 02:54:07 +03:00
takeover = OptionGroup(parser, "Operating system access", "These "
"options can be used to access the back-end "
"database management system underlying "
"operating system.")
takeover.add_option("--os-cmd", dest="osCmd",
help="Execute an operating system command")
2008-10-15 19:38:22 +04:00
takeover.add_option("--os-shell", dest="osShell", action="store_true",
help="Prompt for an interactive operating "
"system shell")
takeover.add_option("--os-pwn", dest="osPwn", action="store_true",
help="Prompt for an out-of-band shell, "
"meterpreter or VNC")
takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true",
help="One click prompt for an OOB shell, "
"meterpreter or VNC")
takeover.add_option("--os-bof", dest="osBof", action="store_true",
help="Stored procedure buffer overflow "
"exploitation")
takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
help="Database process' user privilege escalation")
takeover.add_option("--msf-path", dest="msfPath",
help="Local path where Metasploit Framework 3 "
"is installed")
2008-10-15 19:38:22 +04:00
takeover.add_option("--tmp-path", dest="tmpPath",
help="Remote absolute path of temporary files "
"directory")
# Windows registry options
2010-03-12 02:54:07 +03:00
windows = OptionGroup(parser, "Windows registry access", "These "
"options can be used to access the back-end "
"database management system Windows "
"registry.")
windows.add_option("--reg-read", dest="regRead", action="store_true",
help="Read a Windows registry key value")
windows.add_option("--reg-add", dest="regAdd", action="store_true",
help="Write a Windows registry key value data")
windows.add_option("--reg-del", dest="regDel", action="store_true",
help="Delete a Windows registry key value")
windows.add_option("--reg-key", dest="regKey",
help="Windows registry key")
windows.add_option("--reg-value", dest="regVal",
help="Windows registry key value")
windows.add_option("--reg-data", dest="regData",
help="Windows registry key value data")
windows.add_option("--reg-type", dest="regType",
help="Windows registry key value type")
2008-10-15 19:38:22 +04:00
# Miscellaneous options
miscellaneous = OptionGroup(parser, "Miscellaneous")
miscellaneous.add_option("-s", dest="sessionFile",
help="Save and resume all data retrieved "
"on a session file")
2010-05-21 13:35:36 +04:00
2010-03-04 16:01:18 +03:00
miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
help="Flush session file for current target")
2010-05-21 13:35:36 +04:00
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--eta", dest="eta", action="store_true",
help="Display for each output the "
"estimated time of arrival")
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--gpage", dest="googlePage", type="int",
help="Use google dork results from specified page number")
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--update", dest="updateAll", action="store_true",
2010-03-03 16:59:29 +03:00
help="Update sqlmap")
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
help="Save options on a configuration INI file")
miscellaneous.add_option("--batch", dest="batch", action="store_true",
help="Never ask for user input, use the default behaviour")
miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true",
help="Clean up the DBMS by sqlmap specific "
"UDF and tables")
2010-05-21 13:35:36 +04:00
# Hidden and/or experimental options
parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
help=SUPPRESS_HELP)
parser.add_option("--common-prediction", dest="useCommonPrediction", action="store_true",
help=SUPPRESS_HELP)
parser.add_option_group(target)
2008-10-15 19:38:22 +04:00
parser.add_option_group(request)
parser.add_option_group(injection)
parser.add_option_group(techniques)
2008-10-15 19:38:22 +04:00
parser.add_option_group(fingerprint)
parser.add_option_group(enumeration)
parser.add_option_group(udf)
2008-10-15 19:38:22 +04:00
parser.add_option_group(filesystem)
parser.add_option_group(takeover)
parser.add_option_group(windows)
2008-10-15 19:38:22 +04:00
parser.add_option_group(miscellaneous)
2010-05-28 15:48:44 +04:00
(args, _) = parser.parse_args([utf8decode(arg) for arg in sys.argv])
2008-10-15 19:38:22 +04:00
if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
2008-10-15 19:38:22 +04:00
errMsg += "-h for help"
parser.error(errMsg)
return args
except (OptionError, TypeError), e:
parser.error(e)
debugMsg = "parsing command line"
logger.debug(debugMsg)