sqlmap/lib/parse/cmdline.py

943 lines
44 KiB
Python
Raw Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2019-01-05 23:38:52 +03:00
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2008-10-15 19:38:22 +04:00
"""
2019-01-22 03:20:27 +03:00
from __future__ import print_function
import os
import re
2014-09-16 16:12:43 +04:00
import shlex
import sys
2008-10-15 19:38:22 +04:00
from optparse import OptionError
from optparse import OptionGroup
from optparse import OptionParser
2010-05-21 13:35:36 +04:00
from optparse import SUPPRESS_HELP
2008-10-15 19:38:22 +04:00
2019-05-24 15:18:18 +03:00
from lib.core.common import checkOldOptions
2013-08-27 15:55:38 +04:00
from lib.core.common import checkSystemEncoding
2016-06-10 19:41:41 +03:00
from lib.core.common import dataToStdout
2011-06-15 15:58:50 +04:00
from lib.core.common import expandMnemonics
2019-05-03 01:48:46 +03:00
from lib.core.common import getSafeExString
2019-03-28 18:04:38 +03:00
from lib.core.compat import xrange
2019-05-06 01:54:21 +03:00
from lib.core.convert import getUnicode
2014-09-16 16:12:43 +04:00
from lib.core.data import cmdLineOptions
from lib.core.data import conf
2008-10-15 19:38:22 +04:00
from lib.core.data import logger
from lib.core.defaults import defaults
2014-09-16 16:12:43 +04:00
from lib.core.enums import AUTOCOMPLETE_TYPE
from lib.core.exception import SqlmapShellQuitException
2014-12-15 11:11:40 +03:00
from lib.core.exception import SqlmapSyntaxException
2012-07-03 14:09:18 +04:00
from lib.core.settings import BASIC_HELP_ITEMS
from lib.core.settings import DUMMY_URL
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
2011-03-29 03:09:19 +04:00
from lib.core.settings import IS_WIN
2012-07-24 17:43:29 +04:00
from lib.core.settings import MAX_HELP_OPTION_LENGTH
from lib.core.settings import VERSION_STRING
2014-09-16 16:12:43 +04:00
from lib.core.shell import autoCompletion
from lib.core.shell import clearHistory
from lib.core.shell import loadHistory
from lib.core.shell import saveHistory
2019-05-02 01:45:44 +03:00
from thirdparty.six.moves import input as _input
2008-10-15 19:38:22 +04:00
2015-09-10 16:01:30 +03:00
def cmdLineParser(argv=None):
2008-10-15 19:38:22 +04:00
"""
This function parses the command line parameters and arguments
"""
2015-09-10 16:01:30 +03:00
if not argv:
argv = sys.argv
2013-08-27 15:55:38 +04:00
checkSystemEncoding()
2017-06-29 16:33:34 +03:00
# Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
_ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding)
2019-05-02 01:45:44 +03:00
usage = "%s%s [options]" % ("%s " % os.path.basename(sys.executable) if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _)
parser = OptionParser(usage=usage)
2008-10-15 19:38:22 +04:00
try:
2012-07-03 14:09:18 +04:00
parser.add_option("--hh", dest="advancedHelp",
action="store_true",
2012-07-03 14:49:35 +04:00
help="Show advanced help message and exit")
2012-07-03 14:09:18 +04:00
parser.add_option("--version", dest="showVersion",
action="store_true",
2013-04-08 13:25:31 +04:00
help="Show program's version number and exit")
parser.add_option("-v", dest="verbose", type="int",
help="Verbosity level: 0-6 (default %d)" % defaults.verbose)
2008-12-18 00:35:04 +03:00
# Target options
target = OptionGroup(parser, "Target", "At least one of these "
2014-04-01 18:38:50 +04:00
"options has to be provided to define the target(s)")
2014-04-01 18:38:50 +04:00
target.add_option("-d", dest="direct", help="Connection string "
"for direct database connection")
2014-04-01 18:38:50 +04:00
target.add_option("-u", "--url", dest="url", help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")")
2008-10-15 19:38:22 +04:00
2014-04-01 18:38:50 +04:00
target.add_option("-l", dest="logFile", help="Parse target(s) from Burp "
"or WebScarab proxy log file")
2008-10-15 19:38:22 +04:00
2014-07-03 00:31:18 +04:00
target.add_option("-x", dest="sitemapUrl", help="Parse target(s) from remote sitemap(.xml) file")
2014-04-01 18:38:50 +04:00
target.add_option("-m", dest="bulkFile", help="Scan multiple targets given "
"in a textual file ")
2010-01-14 23:42:45 +03:00
target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file")
target.add_option("-g", dest="googleDork",
2013-03-15 20:00:01 +04:00
help="Process Google dork results as target URLs")
target.add_option("-c", dest="configFile",
help="Load options from a configuration INI file")
2010-01-14 23:42:45 +03:00
# Request options
request = OptionGroup(parser, "Request", "These options can be used "
2013-03-15 20:00:01 +04:00
"to specify how to connect to the target URL")
2008-10-15 19:38:22 +04:00
2014-11-21 11:41:39 +03:00
request.add_option("--method", dest="method",
help="Force usage of given HTTP method (e.g. PUT)")
2008-10-15 19:38:22 +04:00
request.add_option("--data", dest="data",
2018-10-15 03:15:05 +03:00
help="Data string to be sent through POST (e.g. \"id=1\")")
2008-10-15 19:38:22 +04:00
2014-04-06 18:48:46 +04:00
request.add_option("--param-del", dest="paramDel",
2018-10-15 03:15:05 +03:00
help="Character used for splitting parameter values (e.g. &)")
2008-10-15 19:38:22 +04:00
request.add_option("--cookie", dest="cookie",
2018-10-15 03:15:05 +03:00
help="HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\")")
2008-10-15 19:38:22 +04:00
2014-04-06 18:50:58 +04:00
request.add_option("--cookie-del", dest="cookieDel",
2018-10-15 03:15:05 +03:00
help="Character used for splitting cookie values (e.g. ;)")
2013-07-31 22:41:19 +04:00
2012-07-24 17:34:50 +04:00
request.add_option("--load-cookies", dest="loadCookies",
2012-03-07 18:48:45 +04:00
help="File containing cookies in Netscape/wget format")
request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
help="Ignore Set-Cookie header from response")
2008-10-15 19:38:22 +04:00
2015-07-07 10:24:16 +03:00
request.add_option("--user-agent", dest="agent",
2014-04-01 18:38:50 +04:00
help="HTTP User-Agent header value")
2008-10-15 19:38:22 +04:00
request.add_option("--random-agent", dest="randomAgent", action="store_true",
2014-04-01 18:38:50 +04:00
help="Use randomly selected HTTP User-Agent header value")
2008-10-15 19:38:22 +04:00
request.add_option("--host", dest="host",
2014-04-01 18:38:50 +04:00
help="HTTP Host header value")
request.add_option("--referer", dest="referer",
2014-04-01 18:38:50 +04:00
help="HTTP Referer header value")
2015-07-07 10:24:16 +03:00
request.add_option("-H", "--header", dest="header",
help="Extra header (e.g. \"X-Forwarded-For: 127.0.0.1\")")
request.add_option("--headers", dest="headers",
2012-01-07 19:26:54 +04:00
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
2013-08-09 16:13:48 +04:00
request.add_option("--auth-type", dest="authType",
help="HTTP authentication type (Basic, Digest, NTLM or PKI)")
2008-10-15 19:38:22 +04:00
2013-08-09 16:13:48 +04:00
request.add_option("--auth-cred", dest="authCred",
help="HTTP authentication credentials (name:password)")
2015-09-27 16:59:17 +03:00
request.add_option("--auth-file", dest="authFile",
help="HTTP authentication PEM cert/private key file")
2008-10-15 19:38:22 +04:00
2017-08-23 14:17:37 +03:00
request.add_option("--ignore-code", dest="ignoreCode", type="int",
2018-10-15 03:15:05 +03:00
help="Ignore (problematic) HTTP error code (e.g. 401)")
2014-10-13 11:19:25 +04:00
2016-10-14 00:17:54 +03:00
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
help="Ignore system default proxy settings")
request.add_option("--ignore-redirects", dest="ignoreRedirects", action="store_true",
help="Ignore redirection attempts")
2016-10-14 00:17:54 +03:00
request.add_option("--ignore-timeouts", dest="ignoreTimeouts", action="store_true",
help="Ignore connection timeouts")
2016-10-14 00:17:54 +03:00
2008-10-15 19:38:22 +04:00
request.add_option("--proxy", dest="proxy",
help="Use a proxy to connect to the target URL")
2008-10-15 19:38:22 +04:00
2013-08-09 16:13:48 +04:00
request.add_option("--proxy-cred", dest="proxyCred",
help="Proxy authentication credentials (name:password)")
2013-08-09 16:13:48 +04:00
request.add_option("--proxy-file", dest="proxyFile",
help="Load proxy list from a file")
request.add_option("--tor", dest="tor", action="store_true",
help="Use Tor anonymity network")
2013-04-30 16:11:56 +04:00
request.add_option("--tor-port", dest="torPort",
help="Set Tor proxy port other than default")
2013-04-30 16:11:56 +04:00
request.add_option("--tor-type", dest="torType",
help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")
2013-04-30 16:11:56 +04:00
request.add_option("--check-tor", dest="checkTor", action="store_true",
help="Check to see if Tor is used properly")
2013-04-30 16:11:56 +04:00
request.add_option("--delay", dest="delay", type="float",
help="Delay in seconds between each HTTP request")
request.add_option("--timeout", dest="timeout", type="float",
help="Seconds to wait before timeout connection (default %d)" % defaults.timeout)
request.add_option("--retries", dest="retries", type="int",
help="Retries when the connection timeouts (default %d)" % defaults.retries)
2010-01-10 00:08:47 +03:00
2013-04-02 19:34:56 +04:00
request.add_option("--randomize", dest="rParam",
help="Randomly change value for given parameter(s)")
2015-04-21 01:02:47 +03:00
request.add_option("--safe-url", dest="safeUrl",
2013-03-15 20:00:01 +04:00
help="URL address to visit frequently during testing")
2015-04-21 01:02:47 +03:00
request.add_option("--safe-post", dest="safePost",
2015-04-21 00:55:59 +03:00
help="POST data to send to a safe URL")
2015-04-22 17:28:54 +03:00
request.add_option("--safe-req", dest="safeReqFile",
help="Load safe HTTP request from a file")
2015-04-21 01:02:47 +03:00
request.add_option("--safe-freq", dest="safeFreq", type="int",
2013-03-15 20:00:01 +04:00
help="Test requests between two visits to a given safe URL")
request.add_option("--skip-urlencode", dest="skipUrlEncode", action="store_true",
2012-09-26 17:25:01 +04:00
help="Skip URL encoding of payload data")
2014-10-23 13:23:53 +04:00
request.add_option("--csrf-token", dest="csrfToken",
2014-11-17 13:50:05 +03:00
help="Parameter used to hold anti-CSRF token")
2014-10-23 13:23:53 +04:00
request.add_option("--csrf-url", dest="csrfUrl",
help="URL address to visit for extraction of anti-CSRF token")
2014-10-23 13:23:53 +04:00
request.add_option("--force-ssl", dest="forceSSL", action="store_true",
2013-04-30 15:56:38 +04:00
help="Force usage of SSL/HTTPS")
2019-03-19 16:07:39 +03:00
request.add_option("--chunked", dest="chunked", action="store_true",
2019-03-19 16:48:12 +03:00
help="Use HTTP chunked transfer encoded (POST) requests")
2019-03-19 16:07:39 +03:00
request.add_option("--hpp", dest="hpp", action="store_true",
help="Use HTTP parameter pollution method")
2013-04-30 16:32:11 +04:00
2013-04-30 15:59:44 +04:00
request.add_option("--eval", dest="evalCode",
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
2019-04-19 14:54:48 +03:00
# Optimization options
optimization = OptionGroup(parser, "Optimization", "These options can be used to optimize the performance of sqlmap")
optimization.add_option("-o", dest="optimize", action="store_true",
help="Turn on all optimization switches")
optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
help="Predict common queries output")
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
help="Use persistent HTTP(s) connections")
optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
help="Retrieve page length without actual HTTP response body")
optimization.add_option("--threads", dest="threads", type="int",
help="Max number of concurrent HTTP(s) "
"requests (default %d)" % defaults.threads)
2008-10-15 19:38:22 +04:00
# Injection options
injection = OptionGroup(parser, "Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts")
2008-10-15 19:38:22 +04:00
injection.add_option("-p", dest="testParameter",
help="Testable parameter(s)")
2013-04-04 16:21:57 +04:00
injection.add_option("--skip", dest="skip",
help="Skip testing for given parameter(s)")
2015-05-18 21:57:15 +03:00
injection.add_option("--skip-static", dest="skipStatic", action="store_true",
2016-10-26 22:41:57 +03:00
help="Skip testing parameters that not appear to be dynamic")
2015-05-18 21:57:15 +03:00
injection.add_option("--param-exclude", dest="paramExclude",
help="Regexp to exclude parameters from testing (e.g. \"ses\")")
2019-05-17 12:00:51 +03:00
injection.add_option("--param-filter", dest="paramFilter",
help="Select testable parameter(s) by place (e.g. \"POST\")")
injection.add_option("--dbms", dest="dbms",
2018-06-07 01:24:29 +03:00
help="Force back-end DBMS to provided value")
2013-04-30 16:05:50 +04:00
injection.add_option("--dbms-cred", dest="dbmsCred",
help="DBMS authentication credentials (user:password)")
2013-04-30 16:05:50 +04:00
injection.add_option("--os", dest="os",
2018-06-07 01:24:29 +03:00
help="Force back-end DBMS operating system to provided value")
injection.add_option("--invalid-bignum", dest="invalidBignum", action="store_true",
help="Use big numbers for invalidating values")
injection.add_option("--invalid-logical", dest="invalidLogical", action="store_true",
help="Use logical operations for invalidating values")
injection.add_option("--invalid-string", dest="invalidString", action="store_true",
2014-01-24 00:56:06 +04:00
help="Use random strings for invalidating values")
injection.add_option("--no-cast", dest="noCast", action="store_true",
help="Turn off payload casting mechanism")
2011-10-24 04:40:06 +04:00
injection.add_option("--no-escape", dest="noEscape", action="store_true",
2013-01-18 18:40:37 +04:00
help="Turn off string escaping mechanism")
2012-07-16 13:07:47 +04:00
injection.add_option("--prefix", dest="prefix",
help="Injection payload prefix string")
injection.add_option("--suffix", dest="suffix",
help="Injection payload suffix string")
2010-11-08 13:11:43 +03:00
injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data")
# Detection options
detection = OptionGroup(parser, "Detection", "These options can be used to customize the detection phase")
2010-11-08 13:11:43 +03:00
detection.add_option("--level", dest="level", type="int",
help="Level of tests to perform (1-5, default %d)" % defaults.level)
detection.add_option("--risk", dest="risk", type="int",
help="Risk of tests to perform (1-3, default %d)" % defaults.risk)
2010-11-08 13:11:43 +03:00
detection.add_option("--string", dest="string",
help="String to match when query is evaluated to True")
2008-10-15 19:38:22 +04:00
2012-07-26 14:06:02 +04:00
detection.add_option("--not-string", dest="notString",
help="String to match when query is evaluated to False")
2012-07-26 14:06:02 +04:00
2010-11-08 13:11:43 +03:00
detection.add_option("--regexp", dest="regexp",
help="Regexp to match when query is evaluated to True")
detection.add_option("--code", dest="code", type="int",
help="HTTP code to match when query is evaluated to True")
detection.add_option("--text-only", dest="textOnly", action="store_true",
2011-03-08 01:04:17 +03:00
help="Compare pages based only on the textual content")
2010-10-12 23:41:29 +04:00
detection.add_option("--titles", dest="titles", action="store_true",
help="Compare pages based only on their titles")
# Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can be used to tweak testing of specific SQL injection techniques")
techniques.add_option("--technique", dest="tech",
help="SQL injection techniques to use (default \"%s\")" % defaults.tech)
techniques.add_option("--time-sec", dest="timeSec", type="int",
help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)
techniques.add_option("--union-cols", dest="uCols",
help="Range of columns to test for UNION query SQL injection")
techniques.add_option("--union-char", dest="uChar",
2011-03-08 01:04:17 +03:00
help="Character to use for bruteforcing number of columns")
2013-03-21 14:28:44 +04:00
techniques.add_option("--union-from", dest="uFrom",
help="Table to use in FROM part of UNION query SQL injection")
2016-10-22 22:52:18 +03:00
techniques.add_option("--dns-domain", dest="dnsDomain",
2012-05-27 22:41:06 +04:00
help="Domain name used for DNS exfiltration attack")
2018-06-19 17:11:49 +03:00
techniques.add_option("--second-url", dest="secondUrl",
help="Resulting page URL searched for second-order response")
2012-07-26 16:07:05 +04:00
2018-06-19 17:23:17 +03:00
techniques.add_option("--second-req", dest="secondReq",
help="Load second-order HTTP request from file")
2008-10-15 19:38:22 +04:00
# Fingerprint options
fingerprint = OptionGroup(parser, "Fingerprint")
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", action="store_true",
help="Perform an extensive DBMS version fingerprint")
2008-10-15 19:38:22 +04:00
# Enumeration options
enumeration = OptionGroup(parser, "Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements")
2008-10-15 19:38:22 +04:00
enumeration.add_option("-a", "--all", dest="getAll", action="store_true",
help="Retrieve everything")
2012-10-05 12:24:09 +04:00
enumeration.add_option("-b", "--banner", dest="getBanner", action="store_true",
help="Retrieve DBMS banner")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--current-user", dest="getCurrentUser", action="store_true",
2008-10-15 19:38:22 +04:00
help="Retrieve DBMS current user")
enumeration.add_option("--current-db", dest="getCurrentDb", action="store_true",
2008-10-15 19:38:22 +04:00
help="Retrieve DBMS current database")
enumeration.add_option("--hostname", dest="getHostname", action="store_true",
help="Retrieve DBMS server hostname")
enumeration.add_option("--is-dba", dest="isDba", action="store_true",
help="Detect if the DBMS current user is DBA")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--users", dest="getUsers", action="store_true",
help="Enumerate DBMS users")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--passwords", dest="getPasswordHashes", action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users password hashes")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--privileges", dest="getPrivileges", action="store_true",
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users privileges")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--roles", dest="getRoles", action="store_true",
help="Enumerate DBMS users roles")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dbs", dest="getDbs", action="store_true",
help="Enumerate DBMS databases")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--tables", dest="getTables", action="store_true",
help="Enumerate DBMS database tables")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--columns", dest="getColumns", action="store_true",
help="Enumerate DBMS database table columns")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--schema", dest="getSchema", action="store_true",
help="Enumerate DBMS schema")
enumeration.add_option("--count", dest="getCount", action="store_true",
help="Retrieve number of entries for table(s)")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump", dest="dumpTable", action="store_true",
help="Dump DBMS database table entries")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
help="Dump all DBMS databases tables entries")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)")
2013-07-29 20:25:27 +04:00
enumeration.add_option("--comments", dest="getComments", action="store_true",
2018-06-07 01:46:54 +03:00
help="Check for DBMS comments during enumeration")
2013-07-29 20:25:27 +04:00
2008-10-15 19:38:22 +04:00
enumeration.add_option("-D", dest="db",
help="DBMS database to enumerate")
enumeration.add_option("-T", dest="tbl",
2014-01-13 13:05:49 +04:00
help="DBMS database table(s) to enumerate")
2008-10-15 19:38:22 +04:00
enumeration.add_option("-C", dest="col",
2014-01-13 13:05:49 +04:00
help="DBMS database table column(s) to enumerate")
2018-02-13 17:53:50 +03:00
enumeration.add_option("-X", dest="exclude",
help="DBMS database identifier(s) to not enumerate")
2008-10-15 19:38:22 +04:00
enumeration.add_option("-U", dest="user",
help="DBMS user to enumerate")
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", action="store_true",
help="Exclude DBMS system databases when enumerating tables")
2008-10-15 19:38:22 +04:00
2016-05-03 13:37:10 +03:00
enumeration.add_option("--pivot-column", dest="pivotColumn",
help="Pivot column name")
enumeration.add_option("--where", dest="dumpWhere",
help="Use WHERE condition while table dumping")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--start", dest="limitStart", type="int",
2017-03-01 13:09:55 +03:00
help="First dump table entry to retrieve")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--stop", dest="limitStop", type="int",
2017-03-01 13:09:55 +03:00
help="Last dump table entry to retrieve")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--first", dest="firstChar", type="int",
help="First query output word character to retrieve")
enumeration.add_option("--last", dest="lastChar", type="int",
help="Last query output word character to retrieve")
2019-04-30 15:04:39 +03:00
enumeration.add_option("--sql-query", dest="sqlQuery",
help="SQL statement to be executed")
2008-10-15 19:38:22 +04:00
enumeration.add_option("--sql-shell", dest="sqlShell", action="store_true",
2008-10-15 19:38:22 +04:00
help="Prompt for an interactive SQL shell")
2012-07-10 03:27:08 +04:00
enumeration.add_option("--sql-file", dest="sqlFile",
help="Execute SQL statements from given file(s)")
2014-12-15 15:07:38 +03:00
# Brute force options
brute = OptionGroup(parser, "Brute force", "These options can be used to run brute force checks")
brute.add_option("--common-tables", dest="commonTables", action="store_true",
help="Check existence of common tables")
2010-09-30 16:35:45 +04:00
brute.add_option("--common-columns", dest="commonColumns", action="store_true",
help="Check existence of common columns")
2010-09-30 16:35:45 +04:00
# User-defined function options
udf = OptionGroup(parser, "User-defined function injection", "These options can be used to create custom user-defined functions")
udf.add_option("--udf-inject", dest="udfInject", action="store_true",
help="Inject custom user-defined functions")
udf.add_option("--shared-lib", dest="shLib",
help="Local path of the shared library")
2008-10-15 19:38:22 +04:00
# File system options
filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system")
2008-10-15 19:38:22 +04:00
2018-08-28 15:31:20 +03:00
filesystem.add_option("--file-read", dest="fileRead",
help="Read a file from the back-end DBMS file system")
2008-10-15 19:38:22 +04:00
2018-08-28 15:31:20 +03:00
filesystem.add_option("--file-write", dest="fileWrite",
help="Write a local file on the back-end DBMS file system")
2008-10-15 19:38:22 +04:00
2018-08-28 15:31:20 +03:00
filesystem.add_option("--file-dest", dest="fileDest",
help="Back-end DBMS absolute filepath to write to")
2008-10-15 19:38:22 +04:00
# Takeover options
takeover = OptionGroup(parser, "Operating system access", "These options can be used to access the back-end database management system underlying operating system")
takeover.add_option("--os-cmd", dest="osCmd",
help="Execute an operating system command")
2008-10-15 19:38:22 +04:00
takeover.add_option("--os-shell", dest="osShell", action="store_true",
help="Prompt for an interactive operating system shell")
takeover.add_option("--os-pwn", dest="osPwn", action="store_true",
help="Prompt for an OOB shell, Meterpreter or VNC")
takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true",
help="One click prompt for an OOB shell, Meterpreter or VNC")
takeover.add_option("--os-bof", dest="osBof", action="store_true",
help="Stored procedure buffer overflow "
"exploitation")
takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
2013-05-21 00:18:12 +04:00
help="Database process user privilege escalation")
takeover.add_option("--msf-path", dest="msfPath",
help="Local path where Metasploit Framework is installed")
2008-10-15 19:38:22 +04:00
takeover.add_option("--tmp-path", dest="tmpPath",
help="Remote absolute path of temporary files directory")
# Windows registry options
windows = OptionGroup(parser, "Windows registry access", "These options can be used to access the back-end database management system Windows registry")
windows.add_option("--reg-read", dest="regRead", action="store_true",
help="Read a Windows registry key value")
windows.add_option("--reg-add", dest="regAdd", action="store_true",
help="Write a Windows registry key value data")
windows.add_option("--reg-del", dest="regDel", action="store_true",
help="Delete a Windows registry key value")
windows.add_option("--reg-key", dest="regKey",
help="Windows registry key")
windows.add_option("--reg-value", dest="regVal",
help="Windows registry key value")
windows.add_option("--reg-data", dest="regData",
help="Windows registry key value data")
windows.add_option("--reg-type", dest="regType",
help="Windows registry key value type")
2010-11-16 17:11:32 +03:00
# General options
general = OptionGroup(parser, "General", "These options can be used to set some general working parameters")
2010-11-16 17:11:32 +03:00
2013-03-15 20:22:33 +04:00
general.add_option("-s", dest="sessionFile",
help="Load session from a stored (.sqlite) file")
2013-03-15 20:22:33 +04:00
general.add_option("-t", dest="trafficFile",
help="Log all HTTP traffic into a textual file")
2010-11-16 17:11:32 +03:00
general.add_option("--batch", dest="batch", action="store_true",
help="Never ask for user input, use the default behavior")
2016-05-03 13:52:46 +03:00
general.add_option("--binary-fields", dest="binaryFields",
help="Result fields having binary values (e.g. \"digest\")")
2016-05-03 13:52:46 +03:00
general.add_option("--check-internet", dest="checkInternet", action="store_true",
help="Check Internet connection before assessing the target")
2017-05-08 00:12:42 +03:00
general.add_option("--crawl", dest="crawlDepth", type="int",
help="Crawl the website starting from the target URL")
2015-04-06 23:07:22 +03:00
general.add_option("--crawl-exclude", dest="crawlExclude",
help="Regexp to exclude pages from crawling (e.g. \"logout\")")
2011-11-30 21:39:41 +04:00
general.add_option("--csv-del", dest="csvDel",
help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel)
2011-11-30 21:39:41 +04:00
general.add_option("--charset", dest="charset",
help="Blind SQL injection charset (e.g. \"0123456789abcdef\")")
2012-11-28 13:58:18 +04:00
general.add_option("--dump-format", dest="dumpFormat",
help="Format of dumped data (CSV (default), HTML or SQLITE)")
2012-11-28 13:58:18 +04:00
general.add_option("--encoding", dest="encoding",
help="Character encoding used for data retrieval (e.g. GBK)")
general.add_option("--eta", dest="eta", action="store_true",
help="Display for each output the estimated time of arrival")
2010-11-16 17:11:32 +03:00
general.add_option("--flush-session", dest="flushSession", action="store_true",
help="Flush session files for current target")
general.add_option("--forms", dest="forms", action="store_true",
help="Parse and test forms on target URL")
general.add_option("--fresh-queries", dest="freshQueries", action="store_true",
help="Ignore query results stored in session file")
2010-11-16 17:11:32 +03:00
2017-07-03 17:55:24 +03:00
general.add_option("--har", dest="harFile",
help="Log all HTTP traffic into a HAR file")
general.add_option("--hex", dest="hexConvert", action="store_true",
2018-06-07 01:46:54 +03:00
help="Use hex conversion during data retrieval")
general.add_option("--output-dir", dest="outputDir", action="store",
help="Custom output directory path")
2012-07-03 02:50:23 +04:00
general.add_option("--parse-errors", dest="parseErrors", action="store_true",
help="Parse and display DBMS error messages from responses")
2019-03-04 17:24:12 +03:00
general.add_option("--preprocess", dest="preprocess",
2019-04-19 14:54:48 +03:00
help="Use given script(s) for preprocessing of response data")
2019-03-04 17:24:12 +03:00
general.add_option("--repair", dest="repair", action="store_true",
help="Redump entries having unknown character marker (%s)" % INFERENCE_UNKNOWN_CHAR)
general.add_option("--save", dest="saveConfig",
help="Save options to a configuration INI file")
2010-11-16 17:11:32 +03:00
2013-04-30 16:32:11 +04:00
general.add_option("--scope", dest="scope",
help="Regexp to filter targets from provided proxy log")
general.add_option("--test-filter", dest="testFilter",
help="Select tests by payloads and/or titles (e.g. ROW)")
2015-10-01 12:57:33 +03:00
general.add_option("--test-skip", dest="testSkip",
help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")
general.add_option("--update", dest="updateAll", action="store_true",
help="Update sqlmap")
2010-11-16 17:11:32 +03:00
2010-10-16 03:26:48 +04:00
# Miscellaneous options
miscellaneous = OptionGroup(parser, "Miscellaneous")
2010-09-16 14:23:51 +04:00
2011-06-15 15:58:50 +04:00
miscellaneous.add_option("-z", dest="mnemonics",
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
2011-06-15 15:58:50 +04:00
2012-12-11 15:48:58 +04:00
miscellaneous.add_option("--alert", dest="alert",
help="Run host OS command(s) when SQL injection is found")
2012-12-11 15:48:58 +04:00
2012-11-21 13:16:13 +04:00
miscellaneous.add_option("--answers", dest="answers",
2018-10-15 03:15:05 +03:00
help="Set predefined answers (e.g. \"quit=N,follow=N\")")
2012-11-21 13:16:13 +04:00
2012-12-11 15:02:06 +04:00
miscellaneous.add_option("--beep", dest="beep", action="store_true",
help="Beep on question and/or when SQL injection is found")
2012-12-11 15:02:06 +04:00
miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true",
help="Clean up the DBMS from sqlmap specific UDF and tables")
2010-05-21 13:35:36 +04:00
miscellaneous.add_option("--dependencies", dest="dependencies", action="store_true",
2018-10-15 01:56:23 +03:00
help="Check for missing (optional) sqlmap dependencies")
miscellaneous.add_option("--disable-coloring", dest="disableColoring", action="store_true",
help="Disable console output coloring")
2012-08-16 00:31:25 +04:00
miscellaneous.add_option("--gpage", dest="googlePage", type="int",
help="Use Google dork results from specified page number")
2018-07-31 03:18:33 +03:00
miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
help="Display list of available tamper scripts")
miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
help="Imitate smartphone through HTTP User-Agent header")
2011-04-29 23:27:23 +04:00
miscellaneous.add_option("--offline", dest="offline", action="store_true",
help="Work in offline mode (only use session data)")
miscellaneous.add_option("--purge", dest="purge", action="store_true",
help="Safely remove all content from sqlmap data directory")
2012-04-23 18:24:23 +04:00
miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true",
2018-09-14 11:01:31 +03:00
help="Skip heuristic detection of WAF/IPS protection")
2016-05-31 15:55:56 +03:00
miscellaneous.add_option("--smart", dest="smart", action="store_true",
help="Conduct thorough tests only if positive heuristic(s)")
2011-07-10 19:16:58 +04:00
2014-09-16 16:12:43 +04:00
miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
help="Prompt for an interactive sqlmap shell")
2016-05-31 15:55:56 +03:00
miscellaneous.add_option("--tmp-dir", dest="tmpDir",
help="Local directory for storing temporary files")
2014-09-16 16:12:43 +04:00
2017-03-01 12:07:26 +03:00
miscellaneous.add_option("--web-root", dest="webRoot",
help="Web server document root directory (e.g. \"/var/www\")")
2017-03-01 12:07:26 +03:00
miscellaneous.add_option("--wizard", dest="wizard", action="store_true",
help="Simple wizard interface for beginner users")
2010-05-21 13:35:36 +04:00
# Hidden and/or experimental options
2019-04-17 15:22:36 +03:00
parser.add_option("--base64", dest="base64Parameter",
help=SUPPRESS_HELP)
# help="Parameter(s) containing Base64 encoded values")
2018-12-17 19:38:47 +03:00
parser.add_option("--crack", dest="hashFile",
help=SUPPRESS_HELP)
2018-12-17 19:48:22 +03:00
# help="Load and crack hashes from a file (standalone)")
2018-12-17 19:38:47 +03:00
parser.add_option("--dummy", dest="dummy", action="store_true",
help=SUPPRESS_HELP)
2016-09-27 15:03:59 +03:00
parser.add_option("--murphy-rate", dest="murphyRate", type="int",
help=SUPPRESS_HELP)
2019-05-08 13:28:50 +03:00
parser.add_option("--debug", dest="debug", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--disable-precon", dest="disablePrecon", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--disable-stats", dest="disableStats", action="store_true",
help=SUPPRESS_HELP)
2010-05-21 13:35:36 +04:00
parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP)
2010-05-21 13:35:36 +04:00
parser.add_option("--force-dbms", dest="forceDbms",
help=SUPPRESS_HELP)
2012-07-30 23:50:46 +04:00
parser.add_option("--force-dns", dest="forceDns", action="store_true",
help=SUPPRESS_HELP)
2010-05-21 13:35:36 +04:00
parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--force-threads", dest="forceThreads", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
help=SUPPRESS_HELP)
2010-09-15 17:59:55 +04:00
parser.add_option("--live-test", dest="liveTest", action="store_true",
help=SUPPRESS_HELP)
2010-09-15 17:59:55 +04:00
parser.add_option("--vuln-test", dest="vulnTest", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--stop-fail", dest="stopFail", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)
2017-04-10 15:50:17 +03:00
# API options
parser.add_option("--api", dest="api", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--taskid", dest="taskid", help=SUPPRESS_HELP)
parser.add_option("--database", dest="database", help=SUPPRESS_HELP)
parser.add_option_group(target)
2008-10-15 19:38:22 +04:00
parser.add_option_group(request)
parser.add_option_group(optimization)
2008-10-15 19:38:22 +04:00
parser.add_option_group(injection)
2010-11-08 13:11:43 +03:00
parser.add_option_group(detection)
parser.add_option_group(techniques)
2008-10-15 19:38:22 +04:00
parser.add_option_group(fingerprint)
parser.add_option_group(enumeration)
parser.add_option_group(brute)
parser.add_option_group(udf)
2008-10-15 19:38:22 +04:00
parser.add_option_group(filesystem)
parser.add_option_group(takeover)
parser.add_option_group(windows)
2010-11-16 17:11:32 +03:00
parser.add_option_group(general)
2008-10-15 19:38:22 +04:00
parser.add_option_group(miscellaneous)
2012-07-24 17:34:50 +04:00
# Dirty hack to display longer options without breaking into two lines
def _(self, *args):
retVal = parser.formatter._format_option_strings(*args)
if len(retVal) > MAX_HELP_OPTION_LENGTH:
retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal
return retVal
2012-07-24 17:34:50 +04:00
parser.formatter._format_option_strings = parser.formatter.format_option_strings
2019-04-30 14:20:31 +03:00
parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser)
2012-07-24 17:34:50 +04:00
2016-05-24 16:18:19 +03:00
# Dirty hack for making a short option '-hh'
2012-07-03 14:29:42 +04:00
option = parser.get_option("--hh")
option._short_opts = ["-hh"]
option._long_opts = []
2012-07-03 14:09:18 +04:00
2016-05-24 16:18:19 +03:00
# Dirty hack for inherent help message of switch '-h'
option = parser.get_option("-h")
option.help = option.help.capitalize().replace("this help", "basic help")
2012-07-03 14:49:35 +04:00
2015-09-10 16:01:30 +03:00
_ = []
2014-09-16 16:12:43 +04:00
prompt = False
2012-07-03 14:29:42 +04:00
advancedHelp = True
2015-07-07 10:24:16 +03:00
extraHeaders = []
tamperIndex = None
2017-06-29 16:33:34 +03:00
# Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
2015-09-10 16:01:30 +03:00
for arg in argv:
2017-06-29 16:33:34 +03:00
_.append(getUnicode(arg, encoding=sys.stdin.encoding))
2015-09-10 16:01:30 +03:00
argv = _
2019-05-24 15:18:18 +03:00
checkOldOptions(argv)
2012-11-28 14:10:57 +04:00
2014-09-16 18:18:13 +04:00
prompt = "--sqlmap-shell" in argv
2012-07-03 14:09:18 +04:00
2014-09-16 16:12:43 +04:00
if prompt:
2014-09-16 18:21:29 +04:00
parser.usage = ""
2014-09-16 16:12:43 +04:00
cmdLineOptions.sqlmapShell = True
_ = ["x", "q", "exit", "quit", "clear"]
2014-09-16 18:18:13 +04:00
for option in parser.option_list:
_.extend(option._long_opts)
_.extend(option._short_opts)
2014-09-16 16:12:43 +04:00
for group in parser.option_groups:
for option in group.option_list:
_.extend(option._long_opts)
_.extend(option._short_opts)
autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=_)
while True:
command = None
try:
2019-05-14 17:08:12 +03:00
# Note: in Python2 command should not be converted to Unicode before passing to shlex (Reference: https://bugs.python.org/issue1170)
2019-05-02 01:45:44 +03:00
command = _input("sqlmap-shell> ").strip()
2014-09-16 16:12:43 +04:00
except (KeyboardInterrupt, EOFError):
2019-01-22 03:28:24 +03:00
print()
2014-09-16 16:12:43 +04:00
raise SqlmapShellQuitException
if not command:
continue
elif command.lower() == "clear":
2016-02-23 11:57:06 +03:00
clearHistory()
2016-06-10 19:41:41 +03:00
dataToStdout("[i] history cleared\n")
2014-09-16 17:17:50 +04:00
saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
2014-09-16 16:12:43 +04:00
elif command.lower() in ("x", "q", "exit", "quit"):
raise SqlmapShellQuitException
elif command[0] != '-':
2016-06-10 19:41:41 +03:00
dataToStdout("[!] invalid option(s) provided\n")
dataToStdout("[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'\n")
2014-09-16 16:12:43 +04:00
else:
2014-09-16 17:17:50 +04:00
saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
2014-09-16 16:12:43 +04:00
break
2014-12-15 11:11:40 +03:00
try:
for arg in shlex.split(command):
argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
2019-01-22 02:40:48 +03:00
except ValueError as ex:
2019-05-03 01:48:46 +03:00
raise SqlmapSyntaxException("something went wrong during command line parsing ('%s')" % getSafeExString(ex))
2014-09-16 16:12:43 +04:00
2014-09-16 18:18:13 +04:00
for i in xrange(len(argv)):
if argv[i] == "-hh":
argv[i] = "-h"
2016-11-18 00:34:10 +03:00
elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):
2016-10-14 00:07:11 +03:00
dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is, well, illegal (%s)\n" % argv[i])
raise SystemExit
2017-01-16 15:53:46 +03:00
elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]:
dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is, well, illegal (%s)\n" % argv[i])
raise SystemExit
elif re.search(r"\A-\w=.+", argv[i]):
2016-06-10 19:41:41 +03:00
dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i])
raise SystemExit
elif argv[i].startswith("--tamper"):
if tamperIndex is None:
tamperIndex = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None)
else:
argv[tamperIndex] = "%s,%s" % (argv[tamperIndex], argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else ""))
argv[i] = ""
2015-07-07 10:24:16 +03:00
elif argv[i] == "-H":
if i + 1 < len(argv):
extraHeaders.append(argv[i + 1])
2019-04-18 12:18:00 +03:00
elif argv[i] == "-r":
for j in xrange(i + 2, len(argv)):
value = argv[j]
if os.path.isfile(value):
argv[i + 1] += ",%s" % value
argv[j] = ''
else:
break
elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]):
argv[i] = argv[i][:-1]
conf.skipThreadCheck = True
2014-09-16 18:18:13 +04:00
elif argv[i] == "--version":
2019-01-22 03:20:27 +03:00
print(VERSION_STRING.split('/')[-1])
2014-09-16 18:18:13 +04:00
raise SystemExit
elif argv[i] in ("-h", "--help"):
2014-09-16 18:18:13 +04:00
advancedHelp = False
for group in parser.option_groups[:]:
found = False
for option in group.option_list:
if option.dest not in BASIC_HELP_ITEMS:
option.help = SUPPRESS_HELP
else:
found = True
if not found:
parser.option_groups.remove(group)
for verbosity in (_ for _ in argv if re.search(r"\A\-v+\Z", _)):
try:
if argv.index(verbosity) == len(argv) - 1 or not argv[argv.index(verbosity) + 1].isdigit():
conf.verbose = verbosity.count('v') + 1
del argv[argv.index(verbosity)]
except (IndexError, ValueError):
pass
2012-07-03 14:21:40 +04:00
try:
2014-09-16 16:12:43 +04:00
(args, _) = parser.parse_args(argv)
2019-01-22 02:40:48 +03:00
except UnicodeEncodeError as ex:
2019-05-15 01:12:00 +03:00
dataToStdout("\n[!] %s\n" % getUnicode(ex.object.encode("unicode-escape")))
2014-10-31 03:01:35 +03:00
raise SystemExit
2012-07-03 14:21:40 +04:00
except SystemExit:
2014-09-16 18:18:13 +04:00
if "-h" in argv and not advancedHelp:
2016-06-10 19:41:41 +03:00
dataToStdout("\n[!] to see full list of options run with '-hh'\n")
2012-07-03 14:21:40 +04:00
raise
2008-10-15 19:38:22 +04:00
2015-07-07 10:24:16 +03:00
if extraHeaders:
if not args.headers:
args.headers = ""
delimiter = "\\n" if "\\n" in args.headers else "\n"
args.headers += delimiter + delimiter.join(extraHeaders)
2012-07-03 14:09:18 +04:00
# Expand given mnemonic options (e.g. -z "ign,flu,bat")
2014-09-16 16:12:43 +04:00
for i in xrange(len(argv) - 1):
if argv[i] == "-z":
expandMnemonics(argv[i + 1], parser, args)
2011-06-15 15:58:50 +04:00
if args.dummy:
args.url = args.url or DUMMY_URL
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)):
2018-07-31 03:18:33 +03:00
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
errMsg += "Use -h for basic and -hh for advanced help\n"
2008-10-15 19:38:22 +04:00
parser.error(errMsg)
return args
2011-03-29 03:09:19 +04:00
except (OptionError, TypeError) as ex:
parser.error(ex)
2008-10-15 19:38:22 +04:00
except SystemExit:
2011-03-29 03:12:04 +04:00
# Protection against Windows dummy double clicking
2011-03-29 03:09:19 +04:00
if IS_WIN:
2016-06-10 19:41:41 +03:00
dataToStdout("\nPress Enter to continue...")
2019-05-02 01:45:44 +03:00
_input()
2011-03-29 03:09:19 +04:00
raise
2008-10-15 19:38:22 +04:00
debugMsg = "parsing command line"
logger.debug(debugMsg)