2012-11-20 15:54:07 +04:00
|
|
|
#compdef sqlmap.py
|
|
|
|
|
|
|
|
# sqlmap completion commands. written by kost
|
|
|
|
# put this file in your zsh completion dir and restart your shell. Zsh completion dir is usually
|
2012-11-20 17:33:03 +04:00
|
|
|
# located somewhere in /usr/share/zsh/ or /usr/local/share/zsh
|
2012-11-20 15:54:07 +04:00
|
|
|
|
|
|
|
local curcontext="$curcontext" state line
|
|
|
|
|
|
|
|
_arguments -C -s \
|
|
|
|
'(- *)'{--help,-h}'[Show basic help message and exit]' \
|
|
|
|
'(- *)'-hh'[Show advanced help message and exit]' \
|
|
|
|
'(-v)'-v+'[Verbosity level: 0-6 (default 1)]:Verbosity level (0-6) - default 1' \
|
|
|
|
'(-d)'-d+'[Direct connection to the database]' \
|
|
|
|
'(-u,--url)'{-u+,--url=-}'[Target url]' \
|
|
|
|
'(-g)'-g+'[Process Google dork results as target urls]' \
|
|
|
|
'(--data)'--data=-'[Data string to be sent through POST]' \
|
|
|
|
'(-l)'-l+'[Parse targets from Burp or WebScarab proxy logs]:LOGFILE:_files' \
|
|
|
|
'(-m)'-m+'[Scan multiple targets enlisted in a given textual file]:BULKFILE:_files' \
|
|
|
|
'(-r)'-r+'[Load HTTP request from a file]:REQUESTFILE:_files' \
|
|
|
|
'(-s)'-s+'[Load session from a stored (.sqlite) file]:SESSIONFILE:_files' \
|
|
|
|
'(-c)'-c+'[Load options from a configuration INI file]:CONFIGFILE:_files' \
|
|
|
|
'(--param-del)'--param-del=-'[Character used for splitting parameter values]:PDEL' \
|
|
|
|
'(--cookie)'--cookie=-'[HTTP Cookie header]:COOKIE' \
|
|
|
|
'(--load-cookies)'--load-cookies=-'[File containing cookies in Netscape/wget format]:COOKIEFILE:_files' \
|
|
|
|
'(--drop-set-cookie)'--drop-set-cookie'[Ignore Set-Cookie header from response]' \
|
|
|
|
'(--user-agent)'--user-agent=-'[HTTP User-Agent header]:HTTP User Agent' \
|
|
|
|
'(--random-agent)'--random-agent'[Use randomly selected HTTP User-Agent header]' \
|
|
|
|
'(--randomize)'--randomize=-'[Randomly change value for given parameter(s)]:RPARAM' \
|
|
|
|
'(--force-ssl)'--force-ssl'[Force usage of SSL/HTTPS requests]' \
|
|
|
|
'(--host)'--host=-'[HTTP Host header]:Host Header' \
|
|
|
|
'(--referer)'--referer=-'[HTTP Referer header]:REFERER' \
|
|
|
|
'(--headers)'--headers=-'[Extra headers (e.g. Accept-Language: fr\nETag: 123)]:HEADERS' \
|
|
|
|
'(--auth-type)'--auth-type=-'[HTTP authentication type (Basic, Digest or NTLM)]:ATYPE' \
|
|
|
|
'(--auth-cred)'--auth-cred=-'[HTTP authentication credentials (name:password)]:ACRED' \
|
|
|
|
'(--auth-cert)'--auth-cert=-'[HTTP authentication certificate (key_file,cert_file)]:ACERT:_files' \
|
|
|
|
'(--proxy)'--proxy=-'[Use a HTTP proxy to connect to the target url]:PROXY' \
|
|
|
|
'(--proxy-cred)'--proxy-cred=-'[HTTP proxy authentication credentials (name:password)]:PCRED' \
|
|
|
|
'(--ignore-proxy)'--ignore-proxy'[Ignore system default HTTP proxy]' \
|
|
|
|
'(--delay)'--delay=-'[Delay in seconds between each HTTP request]:DELAY' \
|
|
|
|
'(--timeout)'--timeout=-'[Seconds to wait before timeout connection (default 30)]:TIMEOUT' \
|
|
|
|
'(--retries)'--retries=-'[Retries when the connection timeouts (default 3)]:RETRIES' \
|
|
|
|
'(--scope)'--scope=-'[Regexp to filter targets from provided proxy log]:SCOPE' \
|
|
|
|
'(--safe-url)'--safe-url=-'[Url address to visit frequently during testing]:SAFURL' \
|
|
|
|
'(--safe-freq)'--safe-freq=-'[Test requests between two visits to a given safe url]:SAFREQ' \
|
|
|
|
'(--skip-urlencode)'--skip-urlencode'[Skip URL encoding of payload data]' \
|
|
|
|
'(--eval)'--eval=-'[Evaluate provided Python code before the request (e.g.]:EVALCODE' \
|
|
|
|
'(-o)'-o'[Turn on all optimization switches]' \
|
|
|
|
'(--predict-output)'--predict-output'[Predict common queries output]' \
|
|
|
|
'(--keep-alive)'--keep-alive'[Use persistent HTTP(s) connections]' \
|
|
|
|
'(--null-connection)'--null-connection'[Retrieve page length without actual HTTP response body]' \
|
|
|
|
'(--threads)'--threads=-'[Max number of concurrent HTTP(s) requests (default 1)]:THREADS' \
|
|
|
|
'(-p)'-p+'[Testable parameter(s)]:TESTPARAMETER' \
|
|
|
|
'(--dbms)'--dbms=-'[Force back-end DBMS to this value]:DBMS:->list-dbms' \
|
|
|
|
'(--os)'--os=-'[Force back-end DBMS operating system to this value]:OS:->list-os' \
|
|
|
|
'(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
|
|
|
|
'(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
|
|
|
|
'(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
|
|
|
|
'(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \
|
|
|
|
'(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
|
|
|
|
'(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
|
|
|
|
'(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
|
|
|
|
'(--tamper)'--tamper=-'[Use given script(s) for tampering injection data]:TAMPER' \
|
|
|
|
'(--level)'--level=-'[Level of tests to perform (1-5, default 1)]:LEVEL (1-5), default 1' \
|
|
|
|
'(--risk)'--risk=-'[Risk of tests to perform (0-3, default 1)]:RISK (0-3), default 1' \
|
|
|
|
'(--string)'--string=-'[String to match when query is evaluated to True]:STRING' \
|
|
|
|
'(--not-string)'--not-string=-'[String to match when query is evaluated to False]:NOTSTRING' \
|
|
|
|
'(--regexp)'--regexp=-'[Regexp to match when query is evaluated to True]:REGEXP' \
|
|
|
|
'(--code)'--code=-'[HTTP code to match when query is evaluated to True]' \
|
|
|
|
'(--text-only)'--text-only'[Compare pages based only on the textual content]' \
|
|
|
|
'(--titles)'--titles'[Compare pages based only on their titles]' \
|
|
|
|
'(--technique)'--technique=-'[SQL injection techniques to test for (default "BEUST")]:TECH:->list-techniques' \
|
|
|
|
'(--time-sec)'--time-sec=-'[Seconds to delay the DBMS response (default 5)]:TIMESEC' \
|
|
|
|
'(--union-cols)'--union-cols=-'[Range of columns to test for UNION query SQL injection]:UCOLS' \
|
|
|
|
'(--union-char)'--union-char=-'[Character to use for bruteforcing number of columns]:UCHAR' \
|
|
|
|
'(--dns-domain)'--dns-domain=-'[Domain name used for DNS exfiltration attack]:DNSDOMAIN' \
|
|
|
|
'(--second-order)'--second-order=-'[Resulting page url searched for second-order response]:SECONDORDER' \
|
|
|
|
'(-f,--fingerprint)'{-f,--fingerprint}'[Perform an extensive DBMS version fingerprint]' \
|
|
|
|
'(-a,--all)'{-a,--all}'[Retrieve everything]' \
|
|
|
|
'(-b,--banner)'{-b,--banner}'[Retrieve DBMS banner]' \
|
|
|
|
'(--current-user)'--current-user'[Retrieve DBMS current user]' \
|
|
|
|
'(--current-db)'--current-db'[Retrieve DBMS current database]' \
|
|
|
|
'(--hostname)'--hostname'[Retrieve DBMS server hostname]' \
|
|
|
|
'(--is-dba)'--is-dba'[Detect if the DBMS current user is DBA]' \
|
|
|
|
'(--users)'--users'[Enumerate DBMS users]' \
|
|
|
|
'(--passwords)'--passwords'[Enumerate DBMS users password hashes]' \
|
|
|
|
'(--privileges)'--privileges'[Enumerate DBMS users privileges]' \
|
|
|
|
'(--roles)'--roles'[Enumerate DBMS users roles]' \
|
|
|
|
'(--dbs)'--dbs'[Enumerate DBMS databases]' \
|
|
|
|
'(--tables)'--tables'[Enumerate DBMS database tables]' \
|
|
|
|
'(--columns)'--columns'[Enumerate DBMS database table columns]' \
|
|
|
|
'(--schema)'--schema'[Enumerate DBMS schema]' \
|
|
|
|
'(--count)'--count'[Retrieve number of entries for table(s)]' \
|
|
|
|
'(--dump)'--dump'[Dump DBMS database table entries]' \
|
|
|
|
'(--dump-all)'--dump-all'[Dump all DBMS databases tables entries]' \
|
|
|
|
'(--search)'--search'[Search column(s), table(s) and/or database name(s)]' \
|
|
|
|
'(-D)'-D+'[DBMS database to enumerate]:DB' \
|
|
|
|
'(-T)'-T+'[DBMS database table to enumerate]:TBL' \
|
|
|
|
'(-C)'-C+'[DBMS database table column to enumerate]:COL' \
|
|
|
|
'(-U)'-U+'[DBMS user to enumerate]:USER' \
|
|
|
|
'(--exclude-sysdbs)'--exclude-sysdbs'[Exclude DBMS system databases when enumerating tables]' \
|
|
|
|
'(--start)'--start=-'[First query output entry to retrieve]:LIMITSTART' \
|
|
|
|
'(--stop)'--stop=-'[Last query output entry to retrieve]:LIMITSTOP' \
|
|
|
|
'(--first)'--first=-'[First query output word character to retrieve]:FIRSTCHAR' \
|
|
|
|
'(--last)'--last=-'[Last query output word character to retrieve]:LASTCHAR' \
|
|
|
|
'(--sql-query)'--sql-query=-'[SQL statement to be executed]:QUERY' \
|
|
|
|
'(--sql-shell)'--sql-shell'[Prompt for an interactive SQL shell]' \
|
|
|
|
'(--sql-file)'--sql-file=-'[Execute SQL statements from given file(s)]:SQLFILE:_files' \
|
|
|
|
'(--common-tables)'--common-tables'[Check existence of common tables]' \
|
|
|
|
'(--common-columns)'--common-columns'[Check existence of common columns]' \
|
|
|
|
'(--udf-inject)'--udf-inject'[Inject custom user-defined functions]' \
|
|
|
|
'(--shared-lib)'--shared-lib=-'[Local path of the shared library]:SHLIB' \
|
|
|
|
'(--file-read)'--file-read=-'[Read a file from the back-end DBMS file system]:RFILE' \
|
|
|
|
'(--file-write)'--file-write=-'[Write a local file on the back-end DBMS file system]:WFILE' \
|
|
|
|
'(--file-dest)'--file-dest=-'[Back-end DBMS absolute filepath to write to]:DFILE' \
|
|
|
|
'(--os-cmd)'--os-cmd=-'[Execute an operating system command]:OSCMD' \
|
|
|
|
'(--os-shell)'--os-shell'[Prompt for an interactive operating system shell]' \
|
|
|
|
'(--os-pwn)'--os-pwn'[Prompt for an out-of-band shell, meterpreter or VNC]' \
|
|
|
|
'(--os-smbrelay)'--os-smbrelay'[One click prompt for an OOB shell, meterpreter or VNC]' \
|
|
|
|
'(--os-bof)'--os-bof'[Stored procedure buffer overflow exploitation]' \
|
|
|
|
'(--priv-esc)'--priv-esc'[Database process user privilege escalation]' \
|
|
|
|
'(--msf-path)'--msf-path=-'[Local path where Metasploit Framework is installed]:MSFPATH' \
|
|
|
|
'(--tmp-path)'--tmp-path=-'[Remote absolute path of temporary files directory]:TMPPATH' \
|
|
|
|
'(--reg-read)'--reg-read'[Read a Windows registry key value]' \
|
|
|
|
'(--reg-add)'--reg-add'[Write a Windows registry key value data]' \
|
|
|
|
'(--reg-del)'--reg-del'[Delete a Windows registry key value]' \
|
|
|
|
'(--reg-key)'--reg-key=-'[Windows registry key]:REGKEY' \
|
|
|
|
'(--reg-value)'--reg-value=-'[Windows registry key value]:REGVAL' \
|
|
|
|
'(--reg-data)'--reg-data=-'[Windows registry key value data]:REGDATA' \
|
|
|
|
'(--reg-type)'--reg-type=-'[Windows registry key value type]:REGTYPE' \
|
|
|
|
'(-t)'-t+'[Log all HTTP traffic into a textual file]:TRAFFICFILE' \
|
|
|
|
'(--batch)'--batch'[Never ask for user input, use the default behaviour]' \
|
|
|
|
'(--charset)'--charset=-'[Force character encoding used for data retrieval]:CHARSET' \
|
|
|
|
'(--check-tor)'--check-tor'[Check to see if Tor is used properly]' \
|
|
|
|
'(--crawl)'--crawl=-'[Crawl the website starting from the target url]:CRAWLDEPTH' \
|
|
|
|
'(--csv-del)'--csv-del=-'[Delimiting character used in CSV output (default is ,)]:CSVDEL' \
|
|
|
|
'(--dbms-cred)'--dbms-cred=-'[DBMS authentication credentials (user:password)]:DBMS authentication credentials' \
|
|
|
|
'(--eta)'--eta'[Display for each output the estimated time of arrival]' \
|
|
|
|
'(--flush-session)'--flush-session'[Flush session files for current target]' \
|
|
|
|
'(--forms)'--forms'[Parse and test forms on target url]' \
|
|
|
|
'(--fresh-queries)'--fresh-queries'[Ignores query results stored in session file]' \
|
|
|
|
'(--hex)'--hex'[Uses DBMS hex function(s) for data retrieval]' \
|
|
|
|
'(--output-dir)'--output-dir=-'[Custom output directory path]:ODIR' \
|
|
|
|
'(--parse-errors)'--parse-errors'[Parse and display DBMS error messages from responses]' \
|
|
|
|
'(--replicate)'--replicate'[Replicate dumped data into a sqlite3 database]' \
|
|
|
|
'(--save)'--save'[Save options to a configuration INI file]' \
|
|
|
|
'(--tor)'--tor'[Use Tor anonymity network]' \
|
|
|
|
'(--tor-port)'--tor-port=-'[Set Tor proxy port other than default]:TORPORT' \
|
|
|
|
'(--tor-type)'--tor-type=-'[Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)]:TORTYPE' \
|
|
|
|
'(--update)'--update'[Update sqlmap]' \
|
|
|
|
'(-z)'-z+'[Use short mnemonics (e.g. flu,bat,ban,tec=EU)]:MNEMONICS' \
|
|
|
|
'(--check-payload)'--check-payload'[Offline WAF/IPS/IDS payload detection testing]' \
|
|
|
|
'(--check-waf)'--check-waf'[Check for existence of WAF/IPS/IDS protection]' \
|
|
|
|
'(--cleanup)'--cleanup'[Clean up the DBMS by sqlmap specific UDF and tables]' \
|
|
|
|
'(--dependencies)'--dependencies'[Check for missing (non-core) sqlmap dependencies]' \
|
|
|
|
'(--disable-coloring)'--disable-coloring'[Disable console output coloring]' \
|
|
|
|
'(--gpage)'--gpage=-'[Use Google dork results from specified page number]:GOOGLEPAGE' \
|
|
|
|
'(--mobile)'--mobile'[Imitate smartphone through HTTP User-Agent header]' \
|
|
|
|
'(--page-rank)'--page-rank'[Display page rank (PR) for Google dork results]' \
|
|
|
|
'(--purge-output)'--purge-output'[Safely remove all content from output directory]' \
|
|
|
|
'(--smart)'--smart'[Conduct through tests only if positive heuristic(s)]' \
|
|
|
|
'(--test-filter)'--test-filter=-'[Select tests by payloads and/or titles (e.g. ROW)]:test-filter' \
|
|
|
|
'(--wizard)'--wizard'[Simple wizard interface for beginner users]' && return 0
|
|
|
|
|
|
|
|
case "$state" in
|
|
|
|
list-dbms)
|
|
|
|
_values -S : 'DBMS' 'access' 'db2' 'firebird' 'maxdb' 'mssqlserver' 'mysql' 'oracle' 'postgresql' \
|
|
|
|
'sqlite' 'sybase'
|
|
|
|
;;
|
|
|
|
list-os)
|
|
|
|
_values -S : 'os' 'Linux' 'Windows'
|
|
|
|
;;
|
|
|
|
list-techniques)
|
|
|
|
_values -S : 'technique' \
|
|
|
|
'B[Boolean]' 'E[Error]' 'U[Union]' 'S[Stacked]' 'T[Time]'
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
return 0
|