sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
48e0261e68
sqlmap/lib/parse/cmdline.py

508 lines
23 KiB
Python
Raw Normal View History

After the storm, a restore..
2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
propsets..
2008-10-15 19:56:32 +04:00
$Id$
After the storm, a restore..
2008-10-15 19:38:22 +04:00
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
Updated copyright
2010-03-03 18:26:27 +03:00
Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
After the storm, a restore..
2008-10-15 19:38:22 +04:00
sqlmap is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 2 of the License.
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
import sys
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from optparse import OptionError
from optparse import OptionGroup
from optparse import OptionParser
periodical commit
2010-05-21 13:35:36 +04:00
from optparse import SUPPRESS_HELP
After the storm, a restore..
2008-10-15 19:38:22 +04:00
utf8 decoding of program arguments
2010-05-28 15:48:44 +04:00
from lib.core.convert import utf8decode
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.data import logger
from lib.core.settings import VERSION_STRING
def cmdLineParser():
"""
This function parses the command line parameters and arguments
"""
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
usage = "%s [options]" % sys.argv[0]
After the storm, a restore..
2008-10-15 19:38:22 +04:00
parser = OptionParser(usage=usage, version=VERSION_STRING)
try:
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
parser.add_option("-v", dest="verbose", type="int", default=1,
Major bug fix
2008-12-18 00:35:04 +03:00
help="Verbosity level: 0-5 (default 1)")
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
# Target options
target = OptionGroup(parser, "Target", "At least one of these "
"options has to be specified to set the source "
"to get target urls from.")
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments.
2010-03-27 02:23:25 +03:00
target.add_option("-d", dest="direct", help="Direct "
"connection to the database")
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
target.add_option("-u", "--url", dest="url", help="Target url")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
target.add_option("-l", dest="list", help="Parse targets from Burp "
Minor layout adjustments
2010-01-10 00:08:47 +03:00
"or WebScarab proxy logs")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Minor code refactoring
2010-01-14 23:42:45 +03:00
target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file")
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
target.add_option("-g", dest="googleDork",
help="Process Google dork results as target urls")
Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.
2008-11-20 20:56:09 +03:00
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
target.add_option("-c", dest="configFile",
help="Load options from a configuration INI file")
Minor code refactoring
2010-01-14 23:42:45 +03:00
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
# Request options
request = OptionGroup(parser, "Request", "These options can be used "
"to specify how to connect to the target url.")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--method", dest="method", default="GET",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="HTTP method, GET or POST (default GET)")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--data", dest="data",
help="Data string to be sent through POST")
request.add_option("--cookie", dest="cookie",
help="HTTP Cookie header")
Minor code refactoring
2010-01-14 23:42:45 +03:00
request.add_option("--cookie-urlencode", dest="cookieUrlencode",
action="store_true",
minor update
2010-03-03 16:49:24 +03:00
help="URL Encode generated cookie injections")
Minor code refactoring
2010-01-14 23:42:45 +03:00
request.add_option("--drop-set-cookie", dest="dropSetCookie",
action="store_true",
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
help="Ignore Set-Cookie header from response")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--user-agent", dest="agent",
help="HTTP User-Agent header")
request.add_option("-a", dest="userAgentsFile",
help="Load a random HTTP User-Agent "
"header from file")
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
request.add_option("--referer", dest="referer",
help="HTTP Referer header")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
request.add_option("--headers", dest="headers",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Extra HTTP headers newline separated")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--auth-type", dest="aType",
Minor layout adjustment and typo fix
2010-03-12 15:23:05 +03:00
help="HTTP authentication type "
minor update of help text
2010-01-07 16:09:14 +03:00
"(Basic, Digest or NTLM)")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--auth-cred", dest="aCred",
Minor layout adjustment and typo fix
2010-03-12 15:23:05 +03:00
help="HTTP authentication credentials "
minor update of help text
2010-01-07 16:09:14 +03:00
"(name:password)")
implemented basic smoke testing mechanism
2010-07-30 16:49:25 +04:00
implementation of Feature #17
2010-01-07 15:59:09 +03:00
request.add_option("--auth-cert", dest="aCert",
Minor layout adjustment and typo fix
2010-03-12 15:23:05 +03:00
help="HTTP authentication certificate ("
implementation of Feature #17
2010-01-07 15:59:09 +03:00
"key_file,cert_file)")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Make --keep-alive public
2010-06-30 15:29:35 +04:00
request.add_option("--keep-alive", dest="keepAlive", action="store_true",
help="Use persistent HTTP(s) connections")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
request.add_option("--proxy", dest="proxy",
help="Use a HTTP proxy to connect to the target url")
added option --proxy-cred for setting proxy credentials (Feature #195)
2010-08-19 02:45:00 +04:00
request.add_option("--proxy-cred", dest="pCred",
help="Proxy authentication credentials "
"(name:password)")
Minor adjustments
2010-03-03 19:19:17 +03:00
request.add_option("--ignore-proxy", dest="ignoreProxy",
action="store_true",
help="Ignore system default HTTP proxy")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
request.add_option("--threads", dest="threads", type="int", default=1,
After the storm, a restore..
2008-10-15 19:38:22 +04:00
help="Maximum number of concurrent HTTP "
"requests (default 1)")
sqlmap 0.6.3-rc1: * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request. * Minor bug fix to handle session.error and session.timeout in HTTP requests. * Updated documentation.
2008-11-09 19:57:47 +03:00
request.add_option("--delay", dest="delay", type="float",
help="Delay in seconds between each HTTP request")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
request.add_option("--timeout", dest="timeout", type="float", default=30,
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
help="Seconds to wait before timeout connection "
Added preventive check for stacked queries support when executing DDL, DML & co. statements in SQL query and SQL shell. Minor improvements on this new feature. Increased default connection timeout to 30 seconds (needed for vmware machine not correctly synched).
2008-12-19 23:48:33 +03:00
"(default 30)")
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
request.add_option("--retries", dest="retries", type="int", default=3,
help="Retries when the connection timeouts "
"(default 3)")
Minor layout adjustments
2010-01-10 00:08:47 +03:00
added --scope feature regarding Feature #105
2010-01-09 23:44:50 +03:00
request.add_option("--scope", dest="scope",
Minor layout adjustments
2010-01-10 00:08:47 +03:00
help="Regexp to filter targets from provided proxy log")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 16:44:47 +04:00
request.add_option("--safe-url", dest="safUrl",
help="Url address to visit frequently during testing")
request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
help="Test requests between two visits to a given safe url")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Injection options
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
injection = OptionGroup(parser, "Injection", "These options can be "
"used to specify which parameters to test "
"for, provide custom injection payloads and "
"how to parse and compare HTTP responses "
"page content when using the blind SQL "
"injection technique.")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
injection.add_option("-p", dest="testParameter",
help="Testable parameter(s)")
Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content
2008-12-05 18:34:13 +03:00
injection.add_option("--dbms", dest="dbms",
help="Force back-end DBMS to this value")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
injection.add_option("--os", dest="os",
help="Force back-end DBMS operating system "
"to this value")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
injection.add_option("--prefix", dest="prefix",
help="Injection payload prefix string")
injection.add_option("--postfix", dest="postfix",
help="Injection payload postfix string")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
injection.add_option("--string", dest="string",
help="String to match in page when the "
"query is valid")
Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content
2008-12-05 18:34:13 +03:00
injection.add_option("--regexp", dest="regexp",
help="Regexp to match in page when the "
"query is valid")
injection.add_option("--excl-str", dest="eString",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="String to be excluded before comparing "
"page contents")
Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content
2008-12-05 18:34:13 +03:00
injection.add_option("--excl-reg", dest="eRegexp",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Matches to be excluded before "
"comparing page contents")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
fix for a Bug #200
2010-09-14 14:35:01 +04:00
injection.add_option("--threshold", dest="thold", type="float",
help="Page comparison threshold value (0.0-1.0)")
added --ratio option for direct manipulation of conf.matchRatio parameter
2010-08-10 23:53:29 +04:00
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
2010-05-12 15:30:32 +04:00
injection.add_option("--use-between", dest="useBetween",
action="store_true",
help="Use operator BETWEEN instead of default '>'")
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
# Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can "
"be used to test for specific SQL injection "
"technique or to use one of them to exploit "
"the affected parameter(s) rather than using "
"the default blind SQL injection technique.")
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option
2008-12-17 00:30:24 +03:00
techniques.add_option("--stacked-test", dest="stackedTest",
action="store_true",
help="Test for stacked queries (multiple "
"statements) support")
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
techniques.add_option("--time-test", dest="timeTest",
action="store_true",
Minor layout adjustments
2009-01-19 01:36:48 +03:00
help="Test for time based blind SQL injection")
Major bug fix
2008-12-18 00:35:04 +03:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
techniques.add_option("--time-sec", dest="timeSec",
type="int", default=5,
help="Seconds to delay the DBMS response "
"(default 5)")
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
techniques.add_option("--union-test", dest="unionTest",
action="store_true",
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation
2008-11-28 01:33:33 +03:00
help="Test for UNION query (inband) SQL injection")
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
Minor enhancement to support an option (--union-tech) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause.
2008-12-22 00:39:53 +03:00
techniques.add_option("--union-tech", dest="uTech",
help="Technique to test for UNION query SQL injection")
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
techniques.add_option("--union-use", dest="unionUse",
action="store_true",
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation
2008-11-28 01:33:33 +03:00
help="Use the UNION query (inband) SQL injection "
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
"to retrieve the queries output. No "
"need to go blind")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Fingerprint options
fingerprint = OptionGroup(parser, "Fingerprint")
fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
action="store_true",
Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<--
2008-11-16 02:41:31 +03:00
help="Perform an extensive DBMS version fingerprint")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Enumeration options
enumeration = OptionGroup(parser, "Enumeration", "These options can "
"be used to enumerate the back-end database "
"management system information, structure "
"and data contained in the tables. Moreover "
Minor adjustment to UNION query SQL injection detection function. Updated command line help message based upon recent developments. Updated copyright note of lib/contrib/multipartpost.py.
2008-12-21 19:35:03 +03:00
"you can run your own SQL statements.")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("-b", "--banner", dest="getBanner",
action="store_true", help="Retrieve DBMS banner")
enumeration.add_option("--current-user", dest="getCurrentUser",
action="store_true",
help="Retrieve DBMS current user")
enumeration.add_option("--current-db", dest="getCurrentDb",
action="store_true",
help="Retrieve DBMS current database")
Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator.
2008-12-18 23:41:11 +03:00
enumeration.add_option("--is-dba", dest="isDba",
action="store_true",
help="Detect if the DBMS current user is DBA")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--users", dest="getUsers", action="store_true",
help="Enumerate DBMS users")
enumeration.add_option("--passwords", dest="getPasswordHashes",
action="store_true",
Code cleanup
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users password hashes")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--privileges", dest="getPrivileges",
action="store_true",
Code cleanup
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS users privileges")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180. Minor enhancement to Firebird to determine if a DB user is a DBA. Minor code refactoring.
2010-03-25 18:46:06 +03:00
enumeration.add_option("--roles", dest="getRoles",
action="store_true",
help="Enumerate DBMS users roles")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dbs", dest="getDbs", action="store_true",
help="Enumerate DBMS databases")
enumeration.add_option("--tables", dest="getTables", action="store_true",
Code cleanup
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS database tables")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--columns", dest="getColumns", action="store_true",
Code cleanup
2010-03-03 21:57:09 +03:00
help="Enumerate DBMS database table columns")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump", dest="dumpTable", action="store_true",
Code cleanup
2010-03-03 21:57:09 +03:00
help="Dump DBMS database table entries")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
help="Dump all DBMS databases tables entries")
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: * --search -D foobar: searches all database names like the ones provided * --search -T foobar: searches all databases' table names like the ones provided (soon) * --search -C foobar: replaces --dump -C
2010-05-07 17:40:57 +04:00
enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("-D", dest="db",
help="DBMS database to enumerate")
enumeration.add_option("-T", dest="tbl",
help="DBMS database table to enumerate")
enumeration.add_option("-C", dest="col",
help="DBMS database table column to enumerate")
enumeration.add_option("-U", dest="user",
help="DBMS user to enumerate")
enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
action="store_true",
help="Exclude DBMS system databases when "
"enumerating tables")
enumeration.add_option("--start", dest="limitStart", type="int",
Minor layout adjustments
2009-04-25 00:12:52 +04:00
help="First query output entry to retrieve")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--stop", dest="limitStop", type="int",
Minor layout adjustments
2009-04-25 00:12:52 +04:00
help="Last query output entry to retrieve")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
enumeration.add_option("--first", dest="firstChar", type="int",
help="First query output word character to retrieve")
enumeration.add_option("--last", dest="lastChar", type="int",
help="Last query output word character to retrieve")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--sql-query", dest="query",
Minor adjustment to UNION query SQL injection detection function. Updated command line help message based upon recent developments. Updated copyright note of lib/contrib/multipartpost.py.
2008-12-21 19:35:03 +03:00
help="SQL statement to be executed")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
enumeration.add_option("--sql-shell", dest="sqlShell",
action="store_true",
help="Prompt for an interactive SQL shell")
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
# User-defined function options
udf = OptionGroup(parser, "User-defined function injection", "These "
"options can be used to create custom user-defined "
"functions.")
udf.add_option("--udf-inject", dest="udfInject", action="store_true",
help="Inject custom user-defined functions")
udf.add_option("--shared-lib", dest="shLib",
help="Local path of the shared library")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# File system options
filesystem = OptionGroup(parser, "File system access", "These options "
"can be used to access the back-end database "
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
"management system underlying file system.")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
filesystem.add_option("--read-file", dest="rFile",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Read a file from the back-end DBMS "
"file system")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
filesystem.add_option("--write-file", dest="wFile",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Write a local file on the back-end "
"DBMS file system")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
filesystem.add_option("--dest-file", dest="dFile",
help="Back-end DBMS absolute filepath to "
"write to")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Takeover options
Minor layout adjustments
2010-03-12 02:54:07 +03:00
takeover = OptionGroup(parser, "Operating system access", "These "
"options can be used to access the back-end "
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
"database management system underlying "
"operating system.")
takeover.add_option("--os-cmd", dest="osCmd",
help="Execute an operating system command")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
takeover.add_option("--os-shell", dest="osShell", action="store_true",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Prompt for an interactive operating "
"system shell")
takeover.add_option("--os-pwn", dest="osPwn", action="store_true",
help="Prompt for an out-of-band shell, "
"meterpreter or VNC")
takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true",
help="One click prompt for an OOB shell, "
"meterpreter or VNC")
takeover.add_option("--os-bof", dest="osBof", action="store_true",
help="Stored procedure buffer overflow "
"exploitation")
takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why: 1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed 2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays. Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter. Minor layout adjustments.
2010-03-13 01:43:35 +03:00
help="Database process' user privilege escalation")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
takeover.add_option("--msf-path", dest="msfPath",
help="Local path where Metasploit Framework 3 "
"is installed")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
takeover.add_option("--tmp-path", dest="tmpPath",
help="Remote absolute path of temporary files "
"directory")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
# Windows registry options
Minor layout adjustments
2010-03-12 02:54:07 +03:00
windows = OptionGroup(parser, "Windows registry access", "These "
"options can be used to access the back-end "
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
"database management system Windows "
"registry.")
windows.add_option("--reg-read", dest="regRead", action="store_true",
help="Read a Windows registry key value")
windows.add_option("--reg-add", dest="regAdd", action="store_true",
help="Write a Windows registry key value data")
windows.add_option("--reg-del", dest="regDel", action="store_true",
help="Delete a Windows registry key value")
windows.add_option("--reg-key", dest="regKey",
help="Windows registry key")
windows.add_option("--reg-value", dest="regVal",
help="Windows registry key value")
windows.add_option("--reg-data", dest="regData",
help="Windows registry key value data")
windows.add_option("--reg-type", dest="regType",
help="Windows registry key value type")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Miscellaneous options
miscellaneous = OptionGroup(parser, "Miscellaneous")
minor update
2010-09-16 14:23:51 +04:00
miscellaneous.add_option("-o", dest="optimize", action="store_true",
help="General optimization switch")
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments.
2010-05-28 20:43:04 +04:00
miscellaneous.add_option("-x", dest="xmlFile",
help="Dump the data into an XML file")
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
miscellaneous.add_option("-s", dest="sessionFile",
help="Save and resume all data retrieved "
"on a session file")
periodical commit
2010-05-21 13:35:36 +04:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
help="Flush session file for current target")
periodical commit
2010-05-21 13:35:36 +04:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--eta", dest="eta", action="store_true",
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
help="Display for each output the "
"estimated time of arrival")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
miscellaneous.add_option("--gpage", dest="googlePage", type="int",
Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository.
2010-01-13 17:52:23 +03:00
help="Use google dork results from specified page number")
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--update", dest="updateAll", action="store_true",
documentation update
2010-03-03 16:59:29 +03:00
help="Update sqlmap")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
help="Save options on a configuration INI file")
miscellaneous.add_option("--batch", dest="batch", action="store_true",
help="Never ask for user input, use the default behaviour")
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true",
help="Clean up the DBMS by sqlmap specific "
"UDF and tables")
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2008-12-09 00:24:24 +03:00
update for Feature #61
2010-09-24 17:19:35 +04:00
miscellaneous.add_option("--replicate", dest="replicate", action="store_true",
help="Replicate dumped data into a sqlite database")
periodical commit
2010-05-21 13:35:36 +04:00
# Hidden and/or experimental options
parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
help=SUPPRESS_HELP)
parser.add_option("--common-prediction", dest="useCommonPrediction", action="store_true",
help=SUPPRESS_HELP)
added --null-connection as an experimental option
2010-09-16 14:01:33 +04:00
parser.add_option("--null-connection", dest="useNullConnection", action="store_true",
help=SUPPRESS_HELP)
implemented basic smoke testing mechanism
2010-07-30 16:49:25 +04:00
parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
help=SUPPRESS_HELP)
again minor update
2010-09-15 17:59:55 +04:00
parser.add_option("--live-test", dest="liveTest", action="store_true",
help=SUPPRESS_HELP)
sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.
2008-12-04 20:40:03 +03:00
parser.add_option_group(target)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
parser.add_option_group(request)
parser.add_option_group(injection)
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.
2008-11-12 03:36:50 +03:00
parser.add_option_group(techniques)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
parser.add_option_group(fingerprint)
parser.add_option_group(enumeration)
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
parser.add_option_group(udf)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
parser.add_option_group(filesystem)
parser.add_option_group(takeover)
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
parser.add_option_group(windows)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
parser.add_option_group(miscellaneous)
utf8 decoding of program arguments
2010-05-28 15:48:44 +04:00
(args, _) = parser.parse_args([utf8decode(arg) for arg in sys.argv])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
again minor update
2010-09-15 17:59:55 +04:00
if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\
and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest:
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments.
2010-03-27 02:23:25 +03:00
errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
After the storm, a restore..
2008-10-15 19:38:22 +04:00
errMsg += "-h for help"
parser.error(errMsg)
return args
except (OptionError, TypeError), e:
parser.error(e)
debugMsg = "parsing command line"
logger.debug(debugMsg)
Reference in New Issue Copy Permalink