2013-02-14 15:32:17 +04:00
|
|
|
#!/usr/bin/env python
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
"""
|
2013-01-18 18:07:51 +04:00
|
|
|
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
|
2010-10-15 03:18:29 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2008-12-12 22:06:31 +03:00
|
|
|
import sys
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
from optparse import OptionError
|
|
|
|
from optparse import OptionGroup
|
|
|
|
from optparse import OptionParser
|
2010-05-21 13:35:36 +04:00
|
|
|
from optparse import SUPPRESS_HELP
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-11-28 14:10:57 +04:00
|
|
|
from lib.core.common import checkDeprecatedOptions
|
2011-06-15 15:58:50 +04:00
|
|
|
from lib.core.common import expandMnemonics
|
2011-01-30 02:01:39 +03:00
|
|
|
from lib.core.common import getUnicode
|
2008-10-15 19:38:22 +04:00
|
|
|
from lib.core.data import logger
|
2011-06-16 15:42:13 +04:00
|
|
|
from lib.core.defaults import defaults
|
2012-07-03 14:09:18 +04:00
|
|
|
from lib.core.settings import BASIC_HELP_ITEMS
|
2013-02-28 23:20:08 +04:00
|
|
|
from lib.core.settings import DUMMY_URL
|
2011-03-29 03:09:19 +04:00
|
|
|
from lib.core.settings import IS_WIN
|
2012-07-24 17:43:29 +04:00
|
|
|
from lib.core.settings import MAX_HELP_OPTION_LENGTH
|
2013-03-20 14:44:09 +04:00
|
|
|
from lib.core.settings import VERSION_STRING
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
def cmdLineParser():
|
|
|
|
"""
|
|
|
|
This function parses the command line parameters and arguments
|
|
|
|
"""
|
|
|
|
|
2011-04-21 14:17:41 +04:00
|
|
|
usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
|
|
|
|
"\"%s\"" % sys.argv[0] if " " in sys.argv[0] else sys.argv[0])
|
2011-06-15 15:58:50 +04:00
|
|
|
|
2012-07-03 15:11:09 +04:00
|
|
|
parser = OptionParser(usage=usage)
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
try:
|
2012-07-03 14:09:18 +04:00
|
|
|
parser.add_option("--hh", dest="advancedHelp",
|
|
|
|
action="store_true",
|
2012-07-03 14:49:35 +04:00
|
|
|
help="Show advanced help message and exit")
|
2012-07-03 14:09:18 +04:00
|
|
|
|
2013-03-20 14:44:09 +04:00
|
|
|
parser.add_option("--version", dest="showVersion",
|
|
|
|
action="store_true",
|
2013-04-08 13:25:31 +04:00
|
|
|
help="Show program's version number and exit")
|
2013-03-20 14:44:09 +04:00
|
|
|
|
2012-02-22 14:40:11 +04:00
|
|
|
parser.add_option("-v", dest="verbose", type="int",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Verbosity level: 0-6 (default %d)" % defaults.verbose)
|
2008-12-18 00:35:04 +03:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
# Target options
|
|
|
|
target = OptionGroup(parser, "Target", "At least one of these "
|
2013-04-30 14:44:47 +04:00
|
|
|
"options has to be provided to set the target(s)")
|
2008-12-04 20:40:03 +03:00
|
|
|
|
2010-03-27 02:23:25 +03:00
|
|
|
target.add_option("-d", dest="direct", help="Direct "
|
|
|
|
"connection to the database")
|
|
|
|
|
2013-03-15 20:00:01 +04:00
|
|
|
target.add_option("-u", "--url", dest="url", help="Target URL (e.g. \"www.target.com/vuln.php?id=1\")")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-05-11 00:48:34 +04:00
|
|
|
target.add_option("-l", dest="logFile", help="Parse targets from Burp "
|
2010-01-10 00:08:47 +03:00
|
|
|
"or WebScarab proxy logs")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-05-11 12:46:40 +04:00
|
|
|
target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted "
|
|
|
|
"in a given textual file ")
|
|
|
|
|
2010-01-14 23:42:45 +03:00
|
|
|
target.add_option("-r", dest="requestFile",
|
|
|
|
help="Load HTTP request from a file")
|
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
target.add_option("-g", dest="googleDork",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Process Google dork results as target URLs")
|
2008-11-20 20:56:09 +03:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
target.add_option("-c", dest="configFile",
|
|
|
|
help="Load options from a configuration INI file")
|
2010-01-14 23:42:45 +03:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
# Request options
|
|
|
|
request = OptionGroup(parser, "Request", "These options can be used "
|
2013-03-15 20:00:01 +04:00
|
|
|
"to specify how to connect to the target URL")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
request.add_option("--data", dest="data",
|
|
|
|
help="Data string to be sent through POST")
|
|
|
|
|
2011-10-07 02:03:33 +04:00
|
|
|
request.add_option("--param-del", dest="pDel",
|
|
|
|
help="Character used for splitting parameter values")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
request.add_option("--cookie", dest="cookie",
|
|
|
|
help="HTTP Cookie header")
|
|
|
|
|
2012-07-24 17:34:50 +04:00
|
|
|
request.add_option("--load-cookies", dest="loadCookies",
|
2012-03-07 18:48:45 +04:00
|
|
|
help="File containing cookies in Netscape/wget format")
|
|
|
|
|
2010-01-14 23:42:45 +03:00
|
|
|
request.add_option("--drop-set-cookie", dest="dropSetCookie",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-01-02 05:02:12 +03:00
|
|
|
help="Ignore Set-Cookie header from response")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
request.add_option("--user-agent", dest="agent",
|
|
|
|
help="HTTP User-Agent header")
|
|
|
|
|
2011-02-02 17:51:12 +03:00
|
|
|
request.add_option("--random-agent", dest="randomAgent",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-02-02 17:51:12 +03:00
|
|
|
help="Use randomly selected HTTP User-Agent header")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-12-20 16:52:41 +04:00
|
|
|
request.add_option("--host", dest="host",
|
|
|
|
help="HTTP Host header")
|
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
request.add_option("--referer", dest="referer",
|
|
|
|
help="HTTP Referer header")
|
|
|
|
|
2008-12-09 00:24:24 +03:00
|
|
|
request.add_option("--headers", dest="headers",
|
2012-01-07 19:26:54 +04:00
|
|
|
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
request.add_option("--auth-type", dest="aType",
|
2010-03-12 15:23:05 +03:00
|
|
|
help="HTTP authentication type "
|
2010-01-07 16:09:14 +03:00
|
|
|
"(Basic, Digest or NTLM)")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
request.add_option("--auth-cred", dest="aCred",
|
2010-03-12 15:23:05 +03:00
|
|
|
help="HTTP authentication credentials "
|
2010-01-07 16:09:14 +03:00
|
|
|
"(name:password)")
|
2010-07-30 16:49:25 +04:00
|
|
|
|
2010-01-07 15:59:09 +03:00
|
|
|
request.add_option("--auth-cert", dest="aCert",
|
2010-03-12 15:23:05 +03:00
|
|
|
help="HTTP authentication certificate ("
|
2010-01-07 15:59:09 +03:00
|
|
|
"key_file,cert_file)")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
request.add_option("--proxy", dest="proxy",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Use a HTTP proxy to connect to the target URL")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-08-19 02:45:00 +04:00
|
|
|
request.add_option("--proxy-cred", dest="pCred",
|
2010-10-15 14:28:34 +04:00
|
|
|
help="HTTP proxy authentication credentials "
|
2010-08-19 02:45:00 +04:00
|
|
|
"(name:password)")
|
2010-09-27 17:23:29 +04:00
|
|
|
|
|
|
|
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Ignore system default HTTP proxy")
|
2010-03-03 19:19:17 +03:00
|
|
|
|
2013-04-30 16:11:56 +04:00
|
|
|
request.add_option("--tor", dest="tor",
|
|
|
|
action="store_true",
|
|
|
|
help="Use Tor anonymity network")
|
|
|
|
|
|
|
|
request.add_option("--tor-port", dest="torPort",
|
|
|
|
help="Set Tor proxy port other than default")
|
|
|
|
|
|
|
|
request.add_option("--tor-type", dest="torType",
|
|
|
|
help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)")
|
|
|
|
|
|
|
|
request.add_option("--check-tor", dest="checkTor",
|
|
|
|
action="store_true",
|
|
|
|
help="Check to see if Tor is used properly")
|
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
request.add_option("--delay", dest="delay", type="float",
|
2008-11-09 19:57:47 +03:00
|
|
|
help="Delay in seconds between each HTTP request")
|
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
request.add_option("--timeout", dest="timeout", type="float",
|
2008-12-04 20:40:03 +03:00
|
|
|
help="Seconds to wait before timeout connection "
|
2011-06-16 15:42:13 +04:00
|
|
|
"(default %d)" % defaults.timeout)
|
2008-12-04 20:40:03 +03:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
request.add_option("--retries", dest="retries", type="int",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Retries when the connection timeouts "
|
2011-06-16 15:42:13 +04:00
|
|
|
"(default %d)" % defaults.retries)
|
2010-01-10 00:08:47 +03:00
|
|
|
|
2013-04-02 19:34:56 +04:00
|
|
|
request.add_option("--randomize", dest="rParam",
|
|
|
|
help="Randomly change value for given parameter(s)")
|
|
|
|
|
2012-02-22 14:40:11 +04:00
|
|
|
request.add_option("--scope", dest="scope",
|
2010-01-10 00:08:47 +03:00
|
|
|
help="Regexp to filter targets from provided proxy log")
|
2009-04-22 15:48:07 +04:00
|
|
|
|
2012-02-22 14:40:11 +04:00
|
|
|
request.add_option("--safe-url", dest="safUrl",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="URL address to visit frequently during testing")
|
2010-04-16 16:44:47 +04:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
request.add_option("--safe-freq", dest="saFreq", type="int",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Test requests between two visits to a given safe URL")
|
2010-04-16 16:44:47 +04:00
|
|
|
|
2012-05-25 03:30:33 +04:00
|
|
|
request.add_option("--skip-urlencode", dest="skipUrlEncode",
|
|
|
|
action="store_true",
|
2012-09-26 17:25:01 +04:00
|
|
|
help="Skip URL encoding of payload data")
|
2012-05-25 03:30:33 +04:00
|
|
|
|
2013-04-30 15:56:38 +04:00
|
|
|
request.add_option("--force-ssl", dest="forceSSL",
|
|
|
|
action="store_true",
|
|
|
|
help="Force usage of SSL/HTTPS")
|
|
|
|
|
2013-04-30 15:59:44 +04:00
|
|
|
request.add_option("--eval", dest="evalCode",
|
|
|
|
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
|
|
|
|
|
2010-10-17 01:52:16 +04:00
|
|
|
# Optimization options
|
|
|
|
optimization = OptionGroup(parser, "Optimization", "These "
|
2013-04-30 14:44:47 +04:00
|
|
|
"switches can be used to optimize the "
|
2012-02-01 18:49:42 +04:00
|
|
|
"performance of sqlmap")
|
2010-10-17 01:52:16 +04:00
|
|
|
|
|
|
|
optimization.add_option("-o", dest="optimize",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-10-23 01:13:12 +04:00
|
|
|
help="Turn on all optimization switches")
|
2010-10-17 01:52:16 +04:00
|
|
|
|
2010-10-17 03:50:13 +04:00
|
|
|
optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Predict common queries output")
|
2010-10-17 01:52:16 +04:00
|
|
|
|
|
|
|
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Use persistent HTTP(s) connections")
|
2010-10-17 01:52:16 +04:00
|
|
|
|
|
|
|
optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Retrieve page length without actual HTTP response body")
|
2010-10-17 01:52:16 +04:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
optimization.add_option("--threads", dest="threads", type="int",
|
2010-10-25 19:17:59 +04:00
|
|
|
help="Max number of concurrent HTTP(s) "
|
2011-06-16 15:42:13 +04:00
|
|
|
"requests (default %d)" % defaults.threads)
|
2010-10-17 01:52:16 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Injection options
|
2008-12-12 22:06:31 +03:00
|
|
|
injection = OptionGroup(parser, "Injection", "These options can be "
|
|
|
|
"used to specify which parameters to test "
|
|
|
|
"for, provide custom injection payloads and "
|
2012-02-01 18:49:42 +04:00
|
|
|
"optional tampering scripts")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
injection.add_option("-p", dest="testParameter",
|
|
|
|
help="Testable parameter(s)")
|
|
|
|
|
2013-04-04 16:21:57 +04:00
|
|
|
injection.add_option("--skip", dest="skip",
|
|
|
|
help="Skip testing for given parameter(s)")
|
|
|
|
|
2008-12-05 18:34:13 +03:00
|
|
|
injection.add_option("--dbms", dest="dbms",
|
|
|
|
help="Force back-end DBMS to this value")
|
|
|
|
|
2013-04-30 16:05:50 +04:00
|
|
|
injection.add_option("--dbms-cred", dest="dbmsCred",
|
|
|
|
help="DBMS authentication credentials (user:password)")
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
injection.add_option("--os", dest="os",
|
|
|
|
help="Force back-end DBMS operating system "
|
|
|
|
"to this value")
|
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
injection.add_option("--invalid-bignum", dest="invalidBignum",
|
|
|
|
action="store_true",
|
|
|
|
help="Use big numbers for invalidating values")
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
injection.add_option("--invalid-logical", dest="invalidLogical",
|
2011-10-24 04:40:06 +04:00
|
|
|
action="store_true",
|
2012-04-26 00:29:07 +04:00
|
|
|
help="Use logical operations for invalidating values")
|
2012-03-30 14:50:01 +04:00
|
|
|
|
|
|
|
injection.add_option("--no-cast", dest="noCast",
|
|
|
|
action="store_true",
|
|
|
|
help="Turn off payload casting mechanism")
|
2011-10-24 04:40:06 +04:00
|
|
|
|
2013-01-18 18:40:37 +04:00
|
|
|
injection.add_option("--no-escape", dest="noEscape",
|
2012-07-16 13:07:47 +04:00
|
|
|
action="store_true",
|
2013-01-18 18:40:37 +04:00
|
|
|
help="Turn off string escaping mechanism")
|
2012-07-16 13:07:47 +04:00
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
injection.add_option("--prefix", dest="prefix",
|
|
|
|
help="Injection payload prefix string")
|
|
|
|
|
|
|
|
injection.add_option("--suffix", dest="suffix",
|
|
|
|
help="Injection payload suffix string")
|
|
|
|
|
2010-11-08 13:11:43 +03:00
|
|
|
injection.add_option("--tamper", dest="tamper",
|
|
|
|
help="Use given script(s) for tampering injection data")
|
|
|
|
|
|
|
|
# Detection options
|
|
|
|
detection = OptionGroup(parser, "Detection", "These options can be "
|
2013-04-30 14:44:47 +04:00
|
|
|
"used to customize the detection phase")
|
2010-11-08 13:11:43 +03:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
detection.add_option("--level", dest="level", type="int",
|
2010-11-28 21:10:54 +03:00
|
|
|
help="Level of tests to perform (1-5, "
|
2011-06-16 15:42:13 +04:00
|
|
|
"default %d)" % defaults.level)
|
2010-11-28 21:10:54 +03:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
detection.add_option("--risk", dest="risk", type="int",
|
2010-11-28 21:10:54 +03:00
|
|
|
help="Risk of tests to perform (0-3, "
|
2011-06-16 15:42:13 +04:00
|
|
|
"default %d)" % defaults.level)
|
2010-11-28 21:10:54 +03:00
|
|
|
|
2010-11-08 13:11:43 +03:00
|
|
|
detection.add_option("--string", dest="string",
|
2012-07-07 13:41:52 +04:00
|
|
|
help="String to match when "
|
|
|
|
"query is evaluated to True")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-07-26 14:06:02 +04:00
|
|
|
detection.add_option("--not-string", dest="notString",
|
|
|
|
help="String to match when "
|
|
|
|
"query is evaluated to False")
|
|
|
|
|
2010-11-08 13:11:43 +03:00
|
|
|
detection.add_option("--regexp", dest="regexp",
|
2012-07-07 13:41:52 +04:00
|
|
|
help="Regexp to match when "
|
|
|
|
"query is evaluated to True")
|
2008-12-05 18:34:13 +03:00
|
|
|
|
2011-08-12 20:48:11 +04:00
|
|
|
detection.add_option("--code", dest="code", type="int",
|
2012-07-07 13:41:52 +04:00
|
|
|
help="HTTP code to match when "
|
|
|
|
"query is evaluated to True")
|
2011-08-12 20:48:11 +04:00
|
|
|
|
2010-11-08 13:11:43 +03:00
|
|
|
detection.add_option("--text-only", dest="textOnly",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-03-08 01:04:17 +03:00
|
|
|
help="Compare pages based only on the textual content")
|
2010-10-12 23:41:29 +04:00
|
|
|
|
2011-06-11 03:18:43 +04:00
|
|
|
detection.add_option("--titles", dest="titles",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-06-11 03:18:43 +04:00
|
|
|
help="Compare pages based only on their titles")
|
|
|
|
|
2008-11-12 03:36:50 +03:00
|
|
|
# Techniques options
|
2011-03-21 03:40:25 +03:00
|
|
|
techniques = OptionGroup(parser, "Techniques", "These options can be "
|
|
|
|
"used to tweak testing of specific SQL "
|
2012-02-01 18:49:42 +04:00
|
|
|
"injection techniques")
|
2008-11-12 03:36:50 +03:00
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
techniques.add_option("--technique", dest="tech",
|
2013-03-15 19:37:52 +04:00
|
|
|
help="SQL injection techniques to use "
|
2011-11-30 21:39:41 +04:00
|
|
|
"(default \"%s\")" % defaults.tech)
|
2011-04-06 18:41:44 +04:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
techniques.add_option("--time-sec", dest="timeSec",
|
2011-06-16 15:42:13 +04:00
|
|
|
type="int",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Seconds to delay the DBMS response "
|
2011-11-30 21:39:41 +04:00
|
|
|
"(default %d)" % defaults.timeSec)
|
2009-04-22 15:48:07 +04:00
|
|
|
|
2011-01-12 01:18:47 +03:00
|
|
|
techniques.add_option("--union-cols", dest="uCols",
|
2010-11-19 18:48:24 +03:00
|
|
|
help="Range of columns to test for UNION query SQL injection")
|
2010-11-14 02:24:41 +03:00
|
|
|
|
2011-01-12 01:56:21 +03:00
|
|
|
techniques.add_option("--union-char", dest="uChar",
|
2011-03-08 01:04:17 +03:00
|
|
|
help="Character to use for bruteforcing number of columns")
|
2010-11-19 17:56:20 +03:00
|
|
|
|
2013-03-21 14:28:44 +04:00
|
|
|
techniques.add_option("--union-from", dest="uFrom",
|
|
|
|
help="Table to use in FROM part of UNION query SQL injection")
|
|
|
|
|
2012-07-24 17:34:50 +04:00
|
|
|
techniques.add_option("--dns-domain", dest="dnsName",
|
2012-05-27 22:41:06 +04:00
|
|
|
help="Domain name used for DNS exfiltration attack")
|
|
|
|
|
2012-07-26 16:07:05 +04:00
|
|
|
techniques.add_option("--second-order", dest="secondOrder",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Resulting page URL searched for second-order "
|
2012-07-26 16:07:05 +04:00
|
|
|
"response")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Fingerprint options
|
|
|
|
fingerprint = OptionGroup(parser, "Fingerprint")
|
|
|
|
|
|
|
|
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-11-16 02:41:31 +03:00
|
|
|
help="Perform an extensive DBMS version fingerprint")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
# Enumeration options
|
|
|
|
enumeration = OptionGroup(parser, "Enumeration", "These options can "
|
|
|
|
"be used to enumerate the back-end database "
|
|
|
|
"management system information, structure "
|
|
|
|
"and data contained in the tables. Moreover "
|
2012-02-01 18:49:42 +04:00
|
|
|
"you can run your own SQL statements")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-10-05 12:24:09 +04:00
|
|
|
enumeration.add_option("-a", "--all", dest="getAll",
|
|
|
|
action="store_true", help="Retrieve everything")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("-b", "--banner", dest="getBanner",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true", help="Retrieve DBMS banner")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--current-user", dest="getCurrentUser",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-10-15 19:38:22 +04:00
|
|
|
help="Retrieve DBMS current user")
|
|
|
|
|
|
|
|
enumeration.add_option("--current-db", dest="getCurrentDb",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-10-15 19:38:22 +04:00
|
|
|
help="Retrieve DBMS current database")
|
|
|
|
|
2012-07-12 03:01:57 +04:00
|
|
|
enumeration.add_option("--hostname", dest="getHostname",
|
|
|
|
action="store_true",
|
|
|
|
help="Retrieve DBMS server hostname")
|
|
|
|
|
2008-12-18 23:41:11 +03:00
|
|
|
enumeration.add_option("--is-dba", dest="isDba",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-12-18 23:41:11 +03:00
|
|
|
help="Detect if the DBMS current user is DBA")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("--users", dest="getUsers", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Enumerate DBMS users")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--passwords", dest="getPasswordHashes",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-03-03 21:57:09 +03:00
|
|
|
help="Enumerate DBMS users password hashes")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--privileges", dest="getPrivileges",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-03-03 21:57:09 +03:00
|
|
|
help="Enumerate DBMS users privileges")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-03-25 18:46:06 +03:00
|
|
|
enumeration.add_option("--roles", dest="getRoles",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-03-25 18:46:06 +03:00
|
|
|
help="Enumerate DBMS users roles")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("--dbs", dest="getDbs", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Enumerate DBMS databases")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--tables", dest="getTables", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Enumerate DBMS database tables")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--columns", dest="getColumns", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Enumerate DBMS database table columns")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-04-29 03:59:00 +04:00
|
|
|
enumeration.add_option("--schema", dest="getSchema", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Enumerate DBMS schema")
|
2011-04-29 03:59:00 +04:00
|
|
|
|
2011-04-30 04:22:22 +04:00
|
|
|
enumeration.add_option("--count", dest="getCount", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Retrieve number of entries for table(s)")
|
2011-04-30 04:22:22 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("--dump", dest="dumpTable", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Dump DBMS database table entries")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Dump all DBMS databases tables entries")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-05-07 17:40:57 +04:00
|
|
|
enumeration.add_option("--search", dest="search", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Search column(s), table(s) and/or database name(s)")
|
2010-05-07 17:40:57 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("-D", dest="db",
|
|
|
|
help="DBMS database to enumerate")
|
|
|
|
|
|
|
|
enumeration.add_option("-T", dest="tbl",
|
|
|
|
help="DBMS database table to enumerate")
|
|
|
|
|
|
|
|
enumeration.add_option("-C", dest="col",
|
|
|
|
help="DBMS database table column to enumerate")
|
|
|
|
|
|
|
|
enumeration.add_option("-U", dest="user",
|
|
|
|
help="DBMS user to enumerate")
|
|
|
|
|
|
|
|
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-10-15 19:38:22 +04:00
|
|
|
help="Exclude DBMS system databases when "
|
|
|
|
"enumerating tables")
|
|
|
|
|
|
|
|
enumeration.add_option("--start", dest="limitStart", type="int",
|
2009-04-25 00:12:52 +04:00
|
|
|
help="First query output entry to retrieve")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--stop", dest="limitStop", type="int",
|
2009-04-25 00:12:52 +04:00
|
|
|
help="Last query output entry to retrieve")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2009-09-26 03:03:45 +04:00
|
|
|
enumeration.add_option("--first", dest="firstChar", type="int",
|
|
|
|
help="First query output word character to retrieve")
|
|
|
|
|
|
|
|
enumeration.add_option("--last", dest="lastChar", type="int",
|
|
|
|
help="Last query output word character to retrieve")
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
enumeration.add_option("--sql-query", dest="query",
|
2008-12-21 19:35:03 +03:00
|
|
|
help="SQL statement to be executed")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
enumeration.add_option("--sql-shell", dest="sqlShell",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2008-10-15 19:38:22 +04:00
|
|
|
help="Prompt for an interactive SQL shell")
|
|
|
|
|
2012-07-10 03:27:08 +04:00
|
|
|
enumeration.add_option("--sql-file", dest="sqlFile",
|
|
|
|
help="Execute SQL statements from given file(s)")
|
|
|
|
|
2010-11-09 19:15:55 +03:00
|
|
|
# User-defined function options
|
|
|
|
brute = OptionGroup(parser, "Brute force", "These "
|
2013-04-30 14:44:47 +04:00
|
|
|
"switches can be used to run brute force "
|
2012-02-01 18:49:42 +04:00
|
|
|
"checks")
|
2010-11-09 19:15:55 +03:00
|
|
|
|
2010-11-11 10:57:44 +03:00
|
|
|
brute.add_option("--common-tables", dest="commonTables", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Check existence of common tables")
|
2010-09-30 16:35:45 +04:00
|
|
|
|
2010-11-11 10:57:44 +03:00
|
|
|
brute.add_option("--common-columns", dest="commonColumns", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Check existence of common columns")
|
2010-09-30 16:35:45 +04:00
|
|
|
|
2009-09-26 03:03:45 +04:00
|
|
|
# User-defined function options
|
|
|
|
udf = OptionGroup(parser, "User-defined function injection", "These "
|
|
|
|
"options can be used to create custom user-defined "
|
2012-02-01 18:49:42 +04:00
|
|
|
"functions")
|
2009-09-26 03:03:45 +04:00
|
|
|
|
|
|
|
udf.add_option("--udf-inject", dest="udfInject", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help="Inject custom user-defined functions")
|
2009-09-26 03:03:45 +04:00
|
|
|
|
|
|
|
udf.add_option("--shared-lib", dest="shLib",
|
|
|
|
help="Local path of the shared library")
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# File system options
|
|
|
|
filesystem = OptionGroup(parser, "File system access", "These options "
|
|
|
|
"can be used to access the back-end database "
|
2012-02-01 18:49:42 +04:00
|
|
|
"management system underlying file system")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-02-10 22:55:47 +03:00
|
|
|
filesystem.add_option("--file-read", dest="rFile",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Read a file from the back-end DBMS "
|
|
|
|
"file system")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-02-10 22:55:47 +03:00
|
|
|
filesystem.add_option("--file-write", dest="wFile",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Write a local file on the back-end "
|
|
|
|
"DBMS file system")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-02-10 22:55:47 +03:00
|
|
|
filesystem.add_option("--file-dest", dest="dFile",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Back-end DBMS absolute filepath to "
|
|
|
|
"write to")
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Takeover options
|
2010-03-12 02:54:07 +03:00
|
|
|
takeover = OptionGroup(parser, "Operating system access", "These "
|
|
|
|
"options can be used to access the back-end "
|
2009-04-22 15:48:07 +04:00
|
|
|
"database management system underlying "
|
2012-02-01 18:49:42 +04:00
|
|
|
"operating system")
|
2009-04-22 15:48:07 +04:00
|
|
|
|
|
|
|
takeover.add_option("--os-cmd", dest="osCmd",
|
|
|
|
help="Execute an operating system command")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
takeover.add_option("--os-shell", dest="osShell",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Prompt for an interactive operating "
|
|
|
|
"system shell")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
takeover.add_option("--os-pwn", dest="osPwn",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Prompt for an out-of-band shell, "
|
|
|
|
"meterpreter or VNC")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
takeover.add_option("--os-smbrelay", dest="osSmb",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="One click prompt for an OOB shell, "
|
|
|
|
"meterpreter or VNC")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
takeover.add_option("--os-bof", dest="osBof",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-04-22 15:48:07 +04:00
|
|
|
help="Stored procedure buffer overflow "
|
|
|
|
"exploitation")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
takeover.add_option("--priv-esc", dest="privEsc",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-03-13 01:43:35 +03:00
|
|
|
help="Database process' user privilege escalation")
|
2009-04-22 15:48:07 +04:00
|
|
|
|
|
|
|
takeover.add_option("--msf-path", dest="msfPath",
|
2011-09-12 21:26:22 +04:00
|
|
|
help="Local path where Metasploit Framework "
|
2009-04-22 15:48:07 +04:00
|
|
|
"is installed")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
takeover.add_option("--tmp-path", dest="tmpPath",
|
|
|
|
help="Remote absolute path of temporary files "
|
|
|
|
"directory")
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2009-09-26 03:03:45 +04:00
|
|
|
# Windows registry options
|
2010-03-12 02:54:07 +03:00
|
|
|
windows = OptionGroup(parser, "Windows registry access", "These "
|
|
|
|
"options can be used to access the back-end "
|
2009-09-26 03:03:45 +04:00
|
|
|
"database management system Windows "
|
2012-02-01 18:49:42 +04:00
|
|
|
"registry")
|
2009-09-26 03:03:45 +04:00
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
windows.add_option("--reg-read", dest="regRead",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-09-26 03:03:45 +04:00
|
|
|
help="Read a Windows registry key value")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
windows.add_option("--reg-add", dest="regAdd",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-09-26 03:03:45 +04:00
|
|
|
help="Write a Windows registry key value data")
|
|
|
|
|
2010-09-27 17:23:29 +04:00
|
|
|
windows.add_option("--reg-del", dest="regDel",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2009-09-26 03:03:45 +04:00
|
|
|
help="Delete a Windows registry key value")
|
|
|
|
|
|
|
|
windows.add_option("--reg-key", dest="regKey",
|
|
|
|
help="Windows registry key")
|
|
|
|
|
|
|
|
windows.add_option("--reg-value", dest="regVal",
|
|
|
|
help="Windows registry key value")
|
|
|
|
|
|
|
|
windows.add_option("--reg-data", dest="regData",
|
|
|
|
help="Windows registry key value data")
|
|
|
|
|
|
|
|
windows.add_option("--reg-type", dest="regType",
|
|
|
|
help="Windows registry key value type")
|
|
|
|
|
2010-11-16 17:11:32 +03:00
|
|
|
# General options
|
|
|
|
general = OptionGroup(parser, "General", "These options can be used "
|
2013-01-10 18:02:28 +04:00
|
|
|
"to set some general working parameters")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2011-02-27 15:17:41 +03:00
|
|
|
#general.add_option("-x", dest="xmlFile",
|
|
|
|
# help="Dump the data into an XML file")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2013-03-15 20:22:33 +04:00
|
|
|
general.add_option("-s", dest="sessionFile",
|
|
|
|
help="Load session from a stored (.sqlite) file")
|
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
general.add_option("-t", dest="trafficFile",
|
|
|
|
help="Log all HTTP traffic into a "
|
|
|
|
"textual file")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
general.add_option("--batch", dest="batch",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-05-18 02:55:22 +04:00
|
|
|
help="Never ask for user input, use the default behaviour")
|
|
|
|
|
|
|
|
general.add_option("--charset", dest="charset",
|
|
|
|
help="Force character encoding used for data retrieval")
|
2011-03-24 13:08:47 +03:00
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
general.add_option("--crawl", dest="crawlDepth", type="int",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Crawl the website starting from the target URL")
|
2011-07-06 09:44:47 +04:00
|
|
|
|
2011-11-30 21:39:41 +04:00
|
|
|
general.add_option("--csv-del", dest="csvDel",
|
|
|
|
help="Delimiting character used in CSV output "
|
|
|
|
"(default \"%s\")" % defaults.csvDel)
|
|
|
|
|
2012-11-28 13:58:18 +04:00
|
|
|
general.add_option("--dump-format", dest="dumpFormat",
|
|
|
|
help="Format of dumped data (CSV (default), HTML or SQLITE)")
|
|
|
|
|
2010-11-16 17:11:32 +03:00
|
|
|
general.add_option("--eta", dest="eta",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-11-16 17:11:32 +03:00
|
|
|
help="Display for each output the "
|
2012-07-02 03:22:34 +04:00
|
|
|
"estimated time of arrival")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
general.add_option("--flush-session", dest="flushSession",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2012-07-04 22:28:18 +04:00
|
|
|
help="Flush session files for current target")
|
2011-05-18 02:55:22 +04:00
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
general.add_option("--forms", dest="forms",
|
|
|
|
action="store_true",
|
2013-03-15 20:00:01 +04:00
|
|
|
help="Parse and test forms on target URL")
|
2011-07-06 09:44:47 +04:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
general.add_option("--fresh-queries", dest="freshQueries",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2013-04-24 14:10:06 +04:00
|
|
|
help="Ignore query results stored in session file")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
general.add_option("--hex", dest="hexConvert",
|
|
|
|
action="store_true",
|
2013-04-25 21:55:45 +04:00
|
|
|
help="Use DBMS hex function(s) for data retrieval")
|
2012-02-21 15:44:48 +04:00
|
|
|
|
2012-07-03 02:50:23 +04:00
|
|
|
general.add_option("--output-dir", dest="oDir",
|
|
|
|
action="store",
|
|
|
|
help="Custom output directory path")
|
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
general.add_option("--parse-errors", dest="parseErrors",
|
|
|
|
action="store_true",
|
|
|
|
help="Parse and display DBMS error messages from responses")
|
|
|
|
|
2013-04-18 19:12:32 +04:00
|
|
|
general.add_option("--pivot-column", dest="pivotColumn",
|
|
|
|
help="Pivot column name")
|
|
|
|
|
2010-11-16 17:11:32 +03:00
|
|
|
general.add_option("--save", dest="saveCmdline",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2012-02-14 17:18:37 +04:00
|
|
|
help="Save options to a configuration INI file")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
general.add_option("--update", dest="updateAll",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-05-18 02:55:22 +04:00
|
|
|
help="Update sqlmap")
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2010-10-16 03:26:48 +04:00
|
|
|
# Miscellaneous options
|
|
|
|
miscellaneous = OptionGroup(parser, "Miscellaneous")
|
2010-09-16 14:23:51 +04:00
|
|
|
|
2011-06-15 15:58:50 +04:00
|
|
|
miscellaneous.add_option("-z", dest="mnemonics",
|
2011-12-22 02:09:21 +04:00
|
|
|
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
|
2011-06-15 15:58:50 +04:00
|
|
|
|
2012-12-11 15:48:58 +04:00
|
|
|
miscellaneous.add_option("--alert", dest="alert",
|
|
|
|
help="Run shell command(s) when SQL injection is found")
|
|
|
|
|
2012-11-21 13:16:13 +04:00
|
|
|
miscellaneous.add_option("--answers", dest="answers",
|
|
|
|
help="Set question answers (e.g. \"quit=N,follow=N\")")
|
|
|
|
|
2012-12-11 15:02:06 +04:00
|
|
|
miscellaneous.add_option("--beep", dest="beep", action="store_true",
|
|
|
|
help="Make a beep sound when SQL injection is found")
|
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
miscellaneous.add_option("--check-waf", dest="checkWaf",
|
|
|
|
action="store_true",
|
2013-02-21 17:48:19 +04:00
|
|
|
help="Heuristically check for WAF/IPS/IDS protection")
|
2010-11-08 14:22:47 +03:00
|
|
|
|
2010-11-16 17:09:09 +03:00
|
|
|
miscellaneous.add_option("--cleanup", dest="cleanup",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2010-11-16 17:09:09 +03:00
|
|
|
help="Clean up the DBMS by sqlmap specific "
|
|
|
|
"UDF and tables")
|
2010-05-21 13:35:36 +04:00
|
|
|
|
2011-06-27 12:21:33 +04:00
|
|
|
miscellaneous.add_option("--dependencies", dest="dependencies",
|
|
|
|
action="store_true",
|
2012-10-30 14:54:21 +04:00
|
|
|
help="Check for missing (non-core) sqlmap dependencies")
|
2011-06-27 12:21:33 +04:00
|
|
|
|
2012-08-16 00:31:25 +04:00
|
|
|
miscellaneous.add_option("--disable-coloring", dest="disableColoring",
|
|
|
|
action="store_true",
|
|
|
|
help="Disable console output coloring")
|
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
miscellaneous.add_option("--gpage", dest="googlePage", type="int",
|
2011-03-23 14:57:57 +03:00
|
|
|
help="Use Google dork results from specified page number")
|
|
|
|
|
2012-12-10 14:55:31 +04:00
|
|
|
miscellaneous.add_option("--hpp", dest="hpp",
|
|
|
|
action="store_true",
|
|
|
|
help="Use HTTP parameter pollution")
|
|
|
|
|
2013-02-21 17:48:19 +04:00
|
|
|
miscellaneous.add_option("--identify-waf", dest="identifyWaf",
|
|
|
|
action="store_true",
|
|
|
|
help="Make a through testing for a WAF/IPS/IDS protection")
|
|
|
|
|
2011-04-29 23:27:23 +04:00
|
|
|
miscellaneous.add_option("--mobile", dest="mobile",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-04-29 23:27:23 +04:00
|
|
|
help="Imitate smartphone through HTTP User-Agent header")
|
|
|
|
|
2011-03-23 14:57:57 +03:00
|
|
|
miscellaneous.add_option("--page-rank", dest="pageRank",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-03-23 14:57:57 +03:00
|
|
|
help="Display page rank (PR) for Google dork results")
|
2010-01-02 05:02:12 +03:00
|
|
|
|
2012-04-23 18:24:23 +04:00
|
|
|
miscellaneous.add_option("--purge-output", dest="purgeOutput",
|
|
|
|
action="store_true",
|
|
|
|
help="Safely remove all content from output directory")
|
|
|
|
|
2011-07-10 19:16:58 +04:00
|
|
|
miscellaneous.add_option("--smart", dest="smart",
|
|
|
|
action="store_true",
|
|
|
|
help="Conduct through tests only if positive heuristic(s)")
|
|
|
|
|
2012-07-24 17:43:29 +04:00
|
|
|
miscellaneous.add_option("--test-filter", dest="testFilter",
|
2012-06-14 18:36:53 +04:00
|
|
|
help="Select tests by payloads and/or titles (e.g. ROW)")
|
|
|
|
|
2011-03-29 15:42:55 +04:00
|
|
|
miscellaneous.add_option("--wizard", dest="wizard",
|
2011-06-16 15:42:13 +04:00
|
|
|
action="store_true",
|
2011-03-29 15:42:55 +04:00
|
|
|
help="Simple wizard interface for beginner users")
|
|
|
|
|
2010-05-21 13:35:36 +04:00
|
|
|
# Hidden and/or experimental options
|
2013-02-28 23:20:08 +04:00
|
|
|
parser.add_option("--dummy", dest="dummy", action="store_true",
|
|
|
|
help=SUPPRESS_HELP)
|
|
|
|
|
2013-01-10 02:09:50 +04:00
|
|
|
parser.add_option("--pickled-options", dest="pickledOptions", help=SUPPRESS_HELP)
|
2013-01-09 16:34:45 +04:00
|
|
|
|
2010-05-21 13:35:36 +04:00
|
|
|
parser.add_option("--profile", dest="profile", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help=SUPPRESS_HELP)
|
2010-05-21 13:35:36 +04:00
|
|
|
|
2013-02-13 14:27:03 +04:00
|
|
|
parser.add_option("--binary-fields", dest="binaryFields",
|
2013-02-13 12:56:44 +04:00
|
|
|
help=SUPPRESS_HELP)
|
|
|
|
|
2011-06-16 15:42:13 +04:00
|
|
|
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
|
2010-05-21 13:35:36 +04:00
|
|
|
help=SUPPRESS_HELP)
|
2012-07-30 23:50:46 +04:00
|
|
|
|
|
|
|
parser.add_option("--force-dns", dest="forceDns", action="store_true",
|
|
|
|
help=SUPPRESS_HELP)
|
2010-05-21 13:35:36 +04:00
|
|
|
|
2010-07-30 16:49:25 +04:00
|
|
|
parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help=SUPPRESS_HELP)
|
2010-07-30 16:49:25 +04:00
|
|
|
|
2010-09-15 17:59:55 +04:00
|
|
|
parser.add_option("--live-test", dest="liveTest", action="store_true",
|
2011-06-16 15:42:13 +04:00
|
|
|
help=SUPPRESS_HELP)
|
2010-09-15 17:59:55 +04:00
|
|
|
|
2012-12-17 15:41:43 +04:00
|
|
|
parser.add_option("--stop-fail", dest="stopFail", action="store_true",
|
|
|
|
help=SUPPRESS_HELP)
|
|
|
|
|
2012-12-17 15:29:33 +04:00
|
|
|
parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)
|
2011-03-24 15:07:47 +03:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
parser.add_option_group(target)
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.add_option_group(request)
|
2010-10-17 01:52:16 +04:00
|
|
|
parser.add_option_group(optimization)
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.add_option_group(injection)
|
2010-11-08 13:11:43 +03:00
|
|
|
parser.add_option_group(detection)
|
2008-11-12 03:36:50 +03:00
|
|
|
parser.add_option_group(techniques)
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.add_option_group(fingerprint)
|
|
|
|
parser.add_option_group(enumeration)
|
2010-11-09 19:15:55 +03:00
|
|
|
parser.add_option_group(brute)
|
2009-09-26 03:03:45 +04:00
|
|
|
parser.add_option_group(udf)
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.add_option_group(filesystem)
|
|
|
|
parser.add_option_group(takeover)
|
2009-09-26 03:03:45 +04:00
|
|
|
parser.add_option_group(windows)
|
2010-11-16 17:11:32 +03:00
|
|
|
parser.add_option_group(general)
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.add_option_group(miscellaneous)
|
|
|
|
|
2012-07-24 17:34:50 +04:00
|
|
|
# Dirty hack to display longer options without breaking into two lines
|
|
|
|
def _(self, *args):
|
|
|
|
_ = parser.formatter._format_option_strings(*args)
|
2012-07-24 17:43:29 +04:00
|
|
|
if len(_) > MAX_HELP_OPTION_LENGTH:
|
|
|
|
_ = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % _
|
2012-07-24 17:34:50 +04:00
|
|
|
return _
|
|
|
|
|
|
|
|
parser.formatter._format_option_strings = parser.formatter.format_option_strings
|
|
|
|
parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser, type(parser))
|
|
|
|
|
2012-07-03 14:09:18 +04:00
|
|
|
# Dirty hack for making a short option -hh
|
2012-07-03 14:29:42 +04:00
|
|
|
option = parser.get_option("--hh")
|
|
|
|
option._short_opts = ["-hh"]
|
|
|
|
option._long_opts = []
|
2012-07-03 14:09:18 +04:00
|
|
|
|
2012-07-03 15:11:09 +04:00
|
|
|
# Dirty hack for inherent help message of switch -h
|
|
|
|
option = parser.get_option("-h")
|
|
|
|
option.help = option.help.capitalize().replace("this help", "basic help")
|
2012-07-03 14:49:35 +04:00
|
|
|
|
2010-10-14 00:54:18 +04:00
|
|
|
args = []
|
2012-07-03 14:29:42 +04:00
|
|
|
advancedHelp = True
|
2011-02-20 00:06:24 +03:00
|
|
|
|
2010-10-14 00:54:18 +04:00
|
|
|
for arg in sys.argv:
|
2011-03-18 19:26:39 +03:00
|
|
|
args.append(getUnicode(arg, system=True))
|
2011-02-20 00:06:24 +03:00
|
|
|
|
2012-11-28 14:10:57 +04:00
|
|
|
checkDeprecatedOptions(args)
|
|
|
|
|
2012-07-03 14:09:18 +04:00
|
|
|
# Hide non-basic options in basic help case
|
|
|
|
for i in xrange(len(sys.argv)):
|
|
|
|
if sys.argv[i] == '-hh':
|
|
|
|
sys.argv[i] = '-h'
|
2013-03-20 14:44:09 +04:00
|
|
|
elif sys.argv[i] == '--version':
|
|
|
|
print VERSION_STRING
|
|
|
|
raise SystemExit
|
2012-07-03 14:09:18 +04:00
|
|
|
elif sys.argv[i] == '-h':
|
2012-07-03 14:29:42 +04:00
|
|
|
advancedHelp = False
|
2012-07-03 14:09:18 +04:00
|
|
|
for group in parser.option_groups[:]:
|
|
|
|
found = False
|
|
|
|
for option in group.option_list:
|
|
|
|
if option.dest not in BASIC_HELP_ITEMS:
|
|
|
|
option.help = SUPPRESS_HELP
|
|
|
|
else:
|
|
|
|
found = True
|
|
|
|
if not found:
|
|
|
|
parser.option_groups.remove(group)
|
|
|
|
|
2012-07-03 14:21:40 +04:00
|
|
|
try:
|
|
|
|
(args, _) = parser.parse_args(args)
|
|
|
|
except SystemExit:
|
2012-07-03 14:29:42 +04:00
|
|
|
if '-h' in sys.argv and not advancedHelp:
|
2012-07-03 14:21:40 +04:00
|
|
|
print "\n[!] to see full list of options run with '-hh'"
|
|
|
|
raise
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-07-03 14:09:18 +04:00
|
|
|
# Expand given mnemonic options (e.g. -z "ign,flu,bat")
|
|
|
|
for i in xrange(len(sys.argv) - 1):
|
2011-06-15 15:58:50 +04:00
|
|
|
if sys.argv[i] == '-z':
|
2013-01-10 16:18:44 +04:00
|
|
|
expandMnemonics(sys.argv[i + 1], parser, args)
|
2011-06-15 15:58:50 +04:00
|
|
|
|
2013-02-28 23:20:08 +04:00
|
|
|
if args.dummy:
|
|
|
|
args.url = args.url or DUMMY_URL
|
|
|
|
|
2011-11-21 00:14:47 +04:00
|
|
|
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
|
2012-12-12 19:31:20 +04:00
|
|
|
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
|
2013-01-09 16:34:45 +04:00
|
|
|
args.purgeOutput, args.pickledOptions)):
|
2012-04-23 18:42:24 +04:00
|
|
|
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
|
2012-07-03 18:34:11 +04:00
|
|
|
errMsg += "use -h for basic or -hh for advanced help"
|
2008-10-15 19:38:22 +04:00
|
|
|
parser.error(errMsg)
|
|
|
|
|
|
|
|
return args
|
2011-03-29 03:09:19 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
except (OptionError, TypeError), e:
|
|
|
|
parser.error(e)
|
|
|
|
|
2012-02-22 14:40:11 +04:00
|
|
|
except SystemExit:
|
2011-03-29 03:12:04 +04:00
|
|
|
# Protection against Windows dummy double clicking
|
2011-03-29 03:09:19 +04:00
|
|
|
if IS_WIN:
|
2011-03-29 03:40:46 +04:00
|
|
|
print "\nPress Enter to continue...",
|
2011-03-29 03:09:19 +04:00
|
|
|
raw_input()
|
|
|
|
raise
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
debugMsg = "parsing command line"
|
|
|
|
logger.debug(debugMsg)
|