sqlmap/lib/parse/cmdline.py

#!/usr/bin/env python

"""
$Id$

This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>

sqlmap is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 2 of the License.

sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
details.

You should have received a copy of the GNU General Public License along
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
"""


from optparse import OptionError
from optparse import OptionGroup
from optparse import OptionParser

from lib.core.data import logger
from lib.core.settings import VERSION_STRING


def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    usage = "sqlmap.py [options] {-u \"<URL>\" | -g \"<google dork>\" | -c \"<config file>\"}"
    parser = OptionParser(usage=usage, version=VERSION_STRING)

    try:
        # Request options
        request = OptionGroup(parser, "Request", "These options have to "
                              "be specified to set the target url, HTTP "
                              "method, how to connect to the target url "
                              "or Google dorking results in general.")

        request.add_option("-u", "--url", dest="url", help="Target url")

        request.add_option("-l", dest="list", help="List of targets")

        request.add_option("-g", dest="googleDork",
                           help="Process Google dork results as target urls")

        request.add_option("-p", dest="testParameter",
                           help="Testable parameter(s)")

        request.add_option("--method", dest="method", default="GET",
                           help="HTTP method, GET or POST (default: GET)")

        request.add_option("--data", dest="data",
                           help="Data string to be sent through POST")

        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header")

        request.add_option("--referer", dest="referer",
                           help="HTTP Referer header")

        request.add_option("--user-agent", dest="agent",
                           help="HTTP User-Agent header")

        request.add_option("-a", dest="userAgentsFile",
                           help="Load a random HTTP User-Agent "
                                "header from file")

        request.add_option("--auth-type", dest="aType",
                           help="HTTP Authentication type, value: "
                                "Basic or Digest")

        request.add_option("--auth-cred", dest="aCred",
                           help="HTTP Authentication credentials, value: "
                                "name:password")

        request.add_option("--proxy", dest="proxy",
                           help="Use a HTTP proxy to connect to the target url")

        request.add_option("--threads", dest="threads", type="int",
                           help="Maximum number of concurrent HTTP "
                                "requests (default 1)")

        request.add_option("--delay", dest="delay", type="float",
                           help="Delay in seconds between each HTTP request")


        # Injection options
        injection = OptionGroup(parser, "Injection")

        injection.add_option("--string", dest="string",
                             help="String to match in page when the "
                                  "query is valid")

        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to this value")

        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can "
                                 "be used to test for specific SQL injection "
                                 "technique or to use one of them to exploit "
                                 "the affected parameter(s) rather than using "
                                 "the default blind SQL injection technique.")

        techniques.add_option("--time-test", dest="timeTest",
                              action="store_true",
                              help="Test for Time based blind SQL injection")

        techniques.add_option("--union-test", dest="unionTest",
                              action="store_true",
                              help="Test for UNION query (inband) SQL injection")

        techniques.add_option("--union-use", dest="unionUse",
                              action="store_true",
                              help="Use the UNION query (inband) SQL injection "
                                   "to retrieve the queries output. No "
                                   "need to go blind")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
                               action="store_true",
                               help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                  "be used to enumerate the back-end database "
                                  "management system information, structure "
                                  "and data contained in the tables. Moreover "
                                  "you can run your own SQL SELECT queries.")

        enumeration.add_option("-b", "--banner", dest="getBanner",
                               action="store_true", help="Retrieve DBMS banner")

        enumeration.add_option("--current-user", dest="getCurrentUser",
                               action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db", dest="getCurrentDb",
                               action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--users", dest="getUsers", action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords", dest="getPasswordHashes",
                               action="store_true",
                               help="Enumerate DBMS users password hashes (opt: -U)")

        enumeration.add_option("--privileges", dest="getPrivileges",
                               action="store_true",
                               help="Enumerate DBMS users privileges (opt: -U)")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true",
                               help="Enumerate DBMS database tables (opt: -D)")

        enumeration.add_option("--columns", dest="getColumns", action="store_true",
                               help="Enumerate DBMS database table columns "
                                    "(req:-T opt:-D)")

        enumeration.add_option("--dump", dest="dumpTable", action="store_true",
                               help="Dump DBMS database table entries "
                                    "(req: -T, opt: -D, -C, --start, --stop)")

        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option("-D", dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl",
                               help="DBMS database table to enumerate")

        enumeration.add_option("-C", dest="col",
                               help="DBMS database table column to enumerate")

        enumeration.add_option("-U", dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
                               action="store_true",
                               help="Exclude DBMS system databases when "
                                    "enumerating tables")

        enumeration.add_option("--start", dest="limitStart", type="int",
                               help="First table entry to dump")

        enumeration.add_option("--stop", dest="limitStop", type="int",
                               help="Last table entry to dump")

        enumeration.add_option("--sql-query", dest="query",
                               help="SQL SELECT query to be executed")

        enumeration.add_option("--sql-shell", dest="sqlShell",
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

        # File system options
        filesystem = OptionGroup(parser, "File system access", "These options "
                                 "can be used to access the back-end database "
                                 "management system file system taking "
                                 "advantage of native DBMS functions or "
                                 "specific DBMS design weaknesses.")

        filesystem.add_option("--read-file", dest="rFile",
                              help="Read a specific OS file content (only on MySQL)")

        filesystem.add_option("--write-file", dest="wFile",
                              help="Write to a specific OS file (not yet available)")

        # Takeover options
        takeover = OptionGroup(parser, "Operating system access", "This "
                               "option can be used to access the back-end "
                               "database management system operating "
                               "system taking advantage of specific DBMS "
                               "design weaknesses.")

        takeover.add_option("--os-shell", dest="osShell", action="store_true",
                            help="Prompt for an interactive OS shell "
                                 "(only on PHP/MySQL environment with a "
                                 "writable directory within the web "
                                 "server document root for the moment)")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                 help="Retrieve each query output length and "
                                      "calculate the estimated time of arrival "
                                      "in real time")

        miscellaneous.add_option("-v", dest="verbose", type="int",
                                 help="Verbosity level: 0-5 (default 0)")

        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
                                help="Update sqlmap to the latest stable version")

        miscellaneous.add_option("-s", dest="sessionFile",
                                 help="Save and resume all data retrieved "
                                      "on a session file")

        miscellaneous.add_option("-c", dest="configFile",
                                 help="Load options from a configuration INI file")

        miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                 help="Save options on a configuration INI file")

        miscellaneous.add_option("--batch", dest="batch", action="store_true",
                                 help="Never ask for user input, use the default behaviour")

        parser.add_option_group(request)
        parser.add_option_group(injection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(miscellaneous)

        (args, _) = parser.parse_args()

        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
            errMsg  = "missing a mandatory parameter ('-u', '-g', '-c' or '--update'), "
            errMsg += "-h for help"
            parser.error(errMsg)

        return args
    except (OptionError, TypeError), e:
        parser.error(e)

    debugMsg = "parsing command line"
    logger.debug(debugMsg)
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`This file is part of the sqlmap project, http://sqlmap.sourceforge.net.`

			`Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>`
			`and Daniele Bellucci <daniele.bellucci@gmail.com>`

			`sqlmap is free software; you can redistribute it and/or modify it under`
			`the terms of the GNU General Public License as published by the Free`
			`Software Foundation version 2 of the License.`

			`sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY`
			`WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`FOR A PARTICULAR PURPOSE. See the GNU General Public License for more`
			`details.`

			`You should have received a copy of the GNU General Public License along`
			`with sqlmap; if not, write to the Free Software Foundation, Inc., 51`
			`Franklin St, Fifth Floor, Boston, MA 02110-1301 USA`
			`"""`



			`from optparse import OptionError`
			`from optparse import OptionGroup`
			`from optparse import OptionParser`

			`from lib.core.data import logger`
			`from lib.core.settings import VERSION_STRING`


			`def cmdLineParser():`
			`"""`
			`This function parses the command line parameters and arguments`
			`"""`

Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation 2008-11-28 01:33:33 +03:00			`usage = "sqlmap.py [options] {-u \"<URL>\" \| -g \"<google dork>\" \| -c \"<config file>\"}"`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`parser = OptionParser(usage=usage, version=VERSION_STRING)`

			`try:`
			`# Request options`
			`request = OptionGroup(parser, "Request", "These options have to "`
			`"be specified to set the target url, HTTP "`
			`"method, how to connect to the target url "`
			`"or Google dorking results in general.")`

			`request.add_option("-u", "--url", dest="url", help="Target url")`

Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation 2008-11-28 01:33:33 +03:00			`request.add_option("-l", dest="list", help="List of targets")`
Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 20:56:09 +03:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`request.add_option("-g", dest="googleDork",`
			`help="Process Google dork results as target urls")`

			`request.add_option("-p", dest="testParameter",`
			`help="Testable parameter(s)")`

			`request.add_option("--method", dest="method", default="GET",`
			`help="HTTP method, GET or POST (default: GET)")`

			`request.add_option("--data", dest="data",`
			`help="Data string to be sent through POST")`

			`request.add_option("--cookie", dest="cookie",`
			`help="HTTP Cookie header")`

			`request.add_option("--referer", dest="referer",`
			`help="HTTP Referer header")`

			`request.add_option("--user-agent", dest="agent",`
			`help="HTTP User-Agent header")`

			`request.add_option("-a", dest="userAgentsFile",`
			`help="Load a random HTTP User-Agent "`
			`"header from file")`

			`request.add_option("--auth-type", dest="aType",`
			`help="HTTP Authentication type, value: "`
			`"Basic or Digest")`

			`request.add_option("--auth-cred", dest="aCred",`
			`help="HTTP Authentication credentials, value: "`
			`"name:password")`

			`request.add_option("--proxy", dest="proxy",`
			`help="Use a HTTP proxy to connect to the target url")`

			`request.add_option("--threads", dest="threads", type="int",`
			`help="Maximum number of concurrent HTTP "`
			`"requests (default 1)")`

sqlmap 0.6.3-rc1: * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request. * Minor bug fix to handle session.error and session.timeout in HTTP requests. * Updated documentation. 2008-11-09 19:57:47 +03:00			`request.add_option("--delay", dest="delay", type="float",`
			`help="Delay in seconds between each HTTP request")`


After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`# Injection options`
			`injection = OptionGroup(parser, "Injection")`

			`injection.add_option("--string", dest="string",`
			`help="String to match in page when the "`
			`"query is valid")`

			`injection.add_option("--dbms", dest="dbms",`
			`help="Force back-end DBMS to this value")`

Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. 2008-11-12 03:36:50 +03:00			`# Techniques options`
			`techniques = OptionGroup(parser, "Techniques", "These options can "`
			`"be used to test for specific SQL injection "`
			`"technique or to use one of them to exploit "`
			`"the affected parameter(s) rather than using "`
			`"the default blind SQL injection technique.")`

			`techniques.add_option("--time-test", dest="timeTest",`
			`action="store_true",`
			`help="Test for Time based blind SQL injection")`

			`techniques.add_option("--union-test", dest="unionTest",`
			`action="store_true",`
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation 2008-11-28 01:33:33 +03:00			`help="Test for UNION query (inband) SQL injection")`
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. 2008-11-12 03:36:50 +03:00
			`techniques.add_option("--union-use", dest="unionUse",`
			`action="store_true",`
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation 2008-11-28 01:33:33 +03:00			`help="Use the UNION query (inband) SQL injection "`
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. 2008-11-12 03:36:50 +03:00			`"to retrieve the queries output. No "`
			`"need to go blind")`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`# Fingerprint options`
			`fingerprint = OptionGroup(parser, "Fingerprint")`

			`fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",`
			`action="store_true",`
Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<-- 2008-11-16 02:41:31 +03:00			`help="Perform an extensive DBMS version fingerprint")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`# Enumeration options`
			`enumeration = OptionGroup(parser, "Enumeration", "These options can "`
			`"be used to enumerate the back-end database "`
			`"management system information, structure "`
			`"and data contained in the tables. Moreover "`
			`"you can run your own SQL SELECT queries.")`

			`enumeration.add_option("-b", "--banner", dest="getBanner",`
			`action="store_true", help="Retrieve DBMS banner")`

			`enumeration.add_option("--current-user", dest="getCurrentUser",`
			`action="store_true",`
			`help="Retrieve DBMS current user")`

			`enumeration.add_option("--current-db", dest="getCurrentDb",`
			`action="store_true",`
			`help="Retrieve DBMS current database")`

			`enumeration.add_option("--users", dest="getUsers", action="store_true",`
			`help="Enumerate DBMS users")`

			`enumeration.add_option("--passwords", dest="getPasswordHashes",`
			`action="store_true",`
			`help="Enumerate DBMS users password hashes (opt: -U)")`

			`enumeration.add_option("--privileges", dest="getPrivileges",`
			`action="store_true",`
			`help="Enumerate DBMS users privileges (opt: -U)")`

			`enumeration.add_option("--dbs", dest="getDbs", action="store_true",`
			`help="Enumerate DBMS databases")`

			`enumeration.add_option("--tables", dest="getTables", action="store_true",`
			`help="Enumerate DBMS database tables (opt: -D)")`

			`enumeration.add_option("--columns", dest="getColumns", action="store_true",`
			`help="Enumerate DBMS database table columns "`
Minor enhancement to be able to enumerate table columns and dump table entries also if the database name is not provided by using the current database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle. Minor bug fix so that when the user provide as SELECT statement to be processed an asterisk, now it also work if in the FROM there is no database name specified. Minor layout adjustments. 2008-11-13 01:53:25 +03:00			`"(req:-T opt:-D)")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`enumeration.add_option("--dump", dest="dumpTable", action="store_true",`
			`help="Dump DBMS database table entries "`
Minor enhancement to be able to enumerate table columns and dump table entries also if the database name is not provided by using the current database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle. Minor bug fix so that when the user provide as SELECT statement to be processed an asterisk, now it also work if in the FROM there is no database name specified. Minor layout adjustments. 2008-11-13 01:53:25 +03:00			`"(req: -T, opt: -D, -C, --start, --stop)")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",`
			`help="Dump all DBMS databases tables entries")`

			`enumeration.add_option("-D", dest="db",`
			`help="DBMS database to enumerate")`

			`enumeration.add_option("-T", dest="tbl",`
			`help="DBMS database table to enumerate")`

			`enumeration.add_option("-C", dest="col",`
			`help="DBMS database table column to enumerate")`

			`enumeration.add_option("-U", dest="user",`
			`help="DBMS user to enumerate")`

			`enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",`
			`action="store_true",`
			`help="Exclude DBMS system databases when "`
			`"enumerating tables")`

			`enumeration.add_option("--start", dest="limitStart", type="int",`
			`help="First table entry to dump")`

			`enumeration.add_option("--stop", dest="limitStop", type="int",`
			`help="Last table entry to dump")`

			`enumeration.add_option("--sql-query", dest="query",`
			`help="SQL SELECT query to be executed")`

			`enumeration.add_option("--sql-shell", dest="sqlShell",`
			`action="store_true",`
			`help="Prompt for an interactive SQL shell")`

			`# File system options`
			`filesystem = OptionGroup(parser, "File system access", "These options "`
			`"can be used to access the back-end database "`
			`"management system file system taking "`
			`"advantage of native DBMS functions or "`
			`"specific DBMS design weaknesses.")`

			`filesystem.add_option("--read-file", dest="rFile",`
			`help="Read a specific OS file content (only on MySQL)")`

			`filesystem.add_option("--write-file", dest="wFile",`
			`help="Write to a specific OS file (not yet available)")`

			`# Takeover options`
			`takeover = OptionGroup(parser, "Operating system access", "This "`
			`"option can be used to access the back-end "`
			`"database management system operating "`
			`"system taking advantage of specific DBMS "`
			`"design weaknesses.")`

			`takeover.add_option("--os-shell", dest="osShell", action="store_true",`
			`help="Prompt for an interactive OS shell "`
			`"(only on PHP/MySQL environment with a "`
			`"writable directory within the web "`
			`"server document root for the moment)")`

			`# Miscellaneous options`
			`miscellaneous = OptionGroup(parser, "Miscellaneous")`

			`miscellaneous.add_option("--eta", dest="eta", action="store_true",`
			`help="Retrieve each query output length and "`
			`"calculate the estimated time of arrival "`
			`"in real time")`

			`miscellaneous.add_option("-v", dest="verbose", type="int",`
			`help="Verbosity level: 0-5 (default 0)")`

			`miscellaneous.add_option("--update", dest="updateAll", action="store_true",`
			`help="Update sqlmap to the latest stable version")`

			`miscellaneous.add_option("-s", dest="sessionFile",`
			`help="Save and resume all data retrieved "`
			`"on a session file")`

			`miscellaneous.add_option("-c", dest="configFile",`
			`help="Load options from a configuration INI file")`

			`miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",`
			`help="Save options on a configuration INI file")`

			`miscellaneous.add_option("--batch", dest="batch", action="store_true",`
			`help="Never ask for user input, use the default behaviour")`

			`parser.add_option_group(request)`
			`parser.add_option_group(injection)`
Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. 2008-11-12 03:36:50 +03:00			`parser.add_option_group(techniques)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`parser.add_option_group(fingerprint)`
			`parser.add_option_group(enumeration)`
			`parser.add_option_group(filesystem)`
			`parser.add_option_group(takeover)`
			`parser.add_option_group(miscellaneous)`

			`(args, _) = parser.parse_args()`

Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 20:56:09 +03:00			`if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`errMsg = "missing a mandatory parameter ('-u', '-g', '-c' or '--update'), "`
			`errMsg += "-h for help"`
			`parser.error(errMsg)`

			`return args`
			`except (OptionError, TypeError), e:`
			`parser.error(e)`

			`debugMsg = "parsing command line"`
			`logger.debug(debugMsg)`