sqlmap/sqlmap.conf

498 lines
13 KiB
Plaintext
Raw Normal View History

2010-03-12 02:54:07 +03:00
# At least one of these options has to be specified to set the source to
# get target urls from.
[Target]
2008-10-15 19:38:22 +04:00
# Direct connection to the database.
# Example: mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME
direct =
2008-10-15 19:38:22 +04:00
# Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
url =
# Parse targets from Burp or WebScarab logs
# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
# 'conversations/' folder path
list =
2008-10-15 19:38:22 +04:00
2010-01-14 23:42:45 +03:00
# Load HTTP request from a file
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
requestFile =
2008-10-15 19:38:22 +04:00
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google
# dorks see Johnny Long Google Hacking Database at
# http://johnny.ihackstuff.com/ghdb.php.
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
googleDork =
2010-03-12 02:54:07 +03:00
# These options can be used to specify how to connect to the target url.
[Request]
2008-10-15 19:38:22 +04:00
# HTTP method to perform HTTP requests.
# Valid: GET or POST
# Default: GET
method = GET
# Data string to be sent through POST. It is mandatory only when
# HTTP method is set to POST.
data =
# HTTP Cookie header.
cookie =
2010-01-14 23:42:45 +03:00
# URL-encode generated cookie injections.
# Valid: True or False
cookieUrlencode = False
# Ignore Set-Cookie header from response
# Valid: True or False
dropSetCookie = False
2008-10-15 19:38:22 +04:00
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
# at each HTTP request
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
agent =
2008-10-15 19:38:22 +04:00
# Load a random HTTP User-Agent header from file
# Example: ./txt/user-agents.txt
2008-10-15 19:38:22 +04:00
userAgentsFile =
# HTTP Referer header. Useful to fake the HTTP Referer header value at
# each HTTP request.
referer =
# Extra HTTP headers
# Note: There must be a space at the beginning of each header line.
headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
2008-10-15 19:38:22 +04:00
# HTTP Authentication type. Useful only if the target url requires
# HTTP Basic, Digest or NTLM authentication and you have such data.
# Valid: Basic, Digest or NTLM
2008-10-15 19:38:22 +04:00
aType =
2010-10-15 14:28:06 +04:00
# HTTP authentication credentials. Useful only if the target url requires
# HTTP Basic, Digest or NTLM authentication and you have such data.
2008-10-15 19:38:22 +04:00
# Syntax: username:password
aCred =
2010-03-12 15:23:05 +03:00
# HTTP Authentication certificate. Useful only if the target url requires
2010-01-07 15:59:09 +03:00
# logon certificate and you have such data.
# Syntax: key_file,cert_file
aCert =
2010-06-30 15:29:35 +04:00
# Use persistent HTTP(s) connections
keepAlive = False
2008-10-15 19:38:22 +04:00
# Use a HTTP proxy to connect to the target url.
# Syntax: http://address:port
2008-10-15 19:38:22 +04:00
proxy =
2010-10-15 14:28:06 +04:00
# HTTP proxy authentication credentials. Useful only if the proxy requires
# HTTP Basic or Digest authentication and you have such data.
# Syntax: username:password
pCred =
2010-03-03 19:19:17 +03:00
# Ignore system default HTTP proxy
# Valid: True or False
ignoreProxy = False
2008-10-15 19:38:22 +04:00
# Maximum number of concurrent HTTP requests (handled with Python threads)
# to be used in the inference SQL injection attack.
# Valid: integer
2008-10-15 19:38:22 +04:00
# Default: 1
threads = 1
# Delay in seconds between each HTTP request.
# Valid: float
# Default: 0
delay = 0
# Seconds to wait before timeout connection.
# Valid: float
# Default: 30
timeout = 30
# Maximum number of retries when the HTTP connection timeouts.
# Valid: integer
# Default: 3
retries = 3
2010-01-10 00:08:47 +03:00
# Regular expression for filtering targets from provided Burp
# or WebScarab proxy log.
# Example: (google|yahoo)
scope =
# Url address to visit frequently during testing
# Example: http://192.168.1.121/index.html
safUrl =
# Test requests between two visits to a given safe url (default 0)
# Valid: integer
# Default: 0
saFreq = 0
2010-03-12 02:54:07 +03:00
# These options can be used to specify which parameters to test for,
# provide custom injection payloads and how to parse and compare HTTP
# responses page content when using the blind SQL injection technique.
2008-10-15 19:38:22 +04:00
[Injection]
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
# parameters and HTTP User-Agent are tested by sqlmap.
testParameter =
2008-10-15 19:38:22 +04:00
# Force back-end DBMS to this value. If this option is set, the back-end
# DBMS identification process will be minimized as needed.
# If not set, sqlmap will detect back-end DBMS automatically by default.
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
2008-10-15 19:38:22 +04:00
dbms =
# Force back-end DBMS operating system to this value. If this option is
# set, the back-end DBMS identification process will be minimized as
# needed.
# If not set, sqlmap will detect back-end DBMS operating system
# automatically by default.
# Valid: linux, windows
os =
# Injection payload prefix string
prefix =
# Injection payload postfix string
postfix =
# String to match within the page content when the query is valid, only
# needed if the page content dynamically changes at each refresh,
# consequently changing the MD5 hash of the page which is the method used
# by default to determine if a query was valid or not. Refer to the user's
# manual for further details.
string =
# Regular expression to match within the page content when the query is
# valid, only needed if the needed if the page content dynamically changes
# at each refresh, consequently changing the MD5 hash of the page which is
# the method used by default to determine if a query was valid or not.
# Refer to the user's manual for further details.
# Valid: regular expression with Python syntax
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
regexp =
# String to be excluded by the page content before calculating the page
2010-10-15 14:28:06 +04:00
# MD5 hash.
eString =
# Regular expression matches to be excluded by the page content before
# calculating the page MD5 hash
# Valid: regular expression with Python syntax
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
eRegexp =
2010-10-15 14:28:06 +04:00
# Page comparison threshold value.
2010-09-14 14:35:01 +04:00
# Valid: 0.0-1.0
thold =
# Use operator BETWEEN instead of default '>'
# Valid: True or False
useBetween = False
2010-03-12 02:54:07 +03:00
# These options can be used to test for specific SQL injection technique
# or to use one of them to exploit the affected parameter(s) rather than
# using the default blind SQL injection technique.
[Techniques]
# Test for stacked queries (multiple statements) support.
# Valid: True or False
stackedTest = False
2009-01-19 01:36:48 +03:00
# Test for time based blind SQL injection.
# Valid: True or False
timeTest = False
# Seconds to delay the response from the DBMS.
# Valid: integer
# Default: 5
timeSec = 5
# Test for UNION query (inband) SQL injection.
# Valid: True or False
unionTest = False
# Technique to test for UNION query SQL injection
# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY
# clause (ob)
# Valid: NULL, OrderBy
# Default: NULL
uTech = NULL
# Use the UNION query (inband) SQL injection to retrieve the queries
# output. No need to go blind.
# Valid: True or False
unionUse = False
2008-10-15 19:38:22 +04:00
[Fingerprint]
# Perform an extensive back-end database management system fingerprint
# based on various techniques.
# Valid: True or False
extensiveFp = False
2010-03-12 02:54:07 +03:00
# These options can be used to enumerate the back-end database
# management system information, structure and data contained in the
# tables. Moreover you can run your own SQL statements.
2008-10-15 19:38:22 +04:00
[Enumeration]
# Retrieve back-end database management system banner.
# Valid: True or False
getBanner = False
# Retrieve back-end database management system current user.
# Valid: True or False
getCurrentUser = False
# Retrieve back-end database management system current database.
# Valid: True or False
getCurrentDb = False
# Detect if the DBMS current user is DBA.
# Valid: True or False
isDba = False
2008-10-15 19:38:22 +04:00
# Enumerate back-end database management system users.
# Valid: True or False
getUsers = False
# Enumerate back-end database management system users password hashes.
# Valid: True or False
getPasswordHashes = False
# Enumerate back-end database management system users privileges.
# Valid: True or False
getPrivileges = False
# Enumerate back-end database management system users roles.
# Valid: True or False
getRoles = False
2008-10-15 19:38:22 +04:00
# Enumerate back-end database management system databases.
# Valid: True or False
getDbs = False
# Enumerate back-end database management system database tables.
# Optional: db
# Valid: True or False
getTables = False
# Enumerate back-end database management system database table columns.
2010-03-03 21:57:09 +03:00
# Requires: tbl
# Optional: db, col
2008-10-15 19:38:22 +04:00
# Valid: True or False
getColumns = False
# Dump back-end database management system database table entries.
2010-03-12 02:54:07 +03:00
# Requires: tbl and/or col
# Optional: db
2008-10-15 19:38:22 +04:00
# Valid: True or False
dumpTable = False
# Dump all back-end database management system databases tables entries.
# Valid: True or False
dumpAll = False
# Search column(s), table(s) and/or database name(s).
# Requires: db, tbl or col
# Valid: True or False
search = False
2008-10-15 19:38:22 +04:00
# Back-end database management system database to enumerate.
db =
# Back-end database management system database table to enumerate.
tbl =
# Back-end database management system database table column to enumerate.
col =
# Back-end database management system database user to enumerate.
user =
# Exclude DBMS system databases when enumerating tables.
# Valid: True or False
excludeSysDbs = False
2009-04-25 00:12:52 +04:00
# First query output entry to retrieve
# Valid: integer
2009-04-25 00:12:52 +04:00
# Default: 0 (sqlmap will start to retrieve the query output entries from
# the first)
limitStart = 0
2008-10-15 19:38:22 +04:00
2009-04-25 00:12:52 +04:00
# Last query output entry to retrieve
# Valid: integer
2009-04-25 00:12:52 +04:00
# Default: 0 (sqlmap will detect the number of query output entries and
# retrieve them until the last)
limitStop = 0
2008-10-15 19:38:22 +04:00
# First query output word character to retrieve
# Valid: integer
# Default: 0 (sqlmap will enumerate the query output from the first
# character)
firstChar = 0
# Last query output word character to retrieve
# Valid: integer
# Default: 0 (sqlmap will enumerate the query output until the last
# character)
lastChar = 0
# SQL statement to be executed.
2008-10-15 19:38:22 +04:00
# Example: SELECT 'foo', 'bar'
2010-05-28 18:09:20 +04:00
query =
2008-10-15 19:38:22 +04:00
# Prompt for an interactive SQL shell.
# Valid: True or False
sqlShell = False
2010-03-12 02:54:07 +03:00
# These options can be used to create custom user-defined functions.
[User-defined function]
# Inject custom user-defined functions
# Valid: True or False
udfInject = False
# Local path of the shared library
shLib =
2010-03-12 02:54:07 +03:00
# These options can be used to access the back-end database management
# system underlying file system.
2008-10-15 19:38:22 +04:00
[File system]
# Read a specific file from the back-end DBMS underlying file system.
# Examples: /etc/passwd or C:\boot.ini
2008-10-15 19:38:22 +04:00
rFile =
# Write a local file to a specific path on the back-end DBMS underlying
# file system.
2008-10-15 19:38:22 +04:00
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
wFile =
# Back-end DBMS absolute filepath to write the file to.
dFile =
2008-10-15 19:38:22 +04:00
2010-03-12 02:54:07 +03:00
# These options can be used to access the back-end database management
# system underlying operating system.
2008-10-15 19:38:22 +04:00
[Takeover]
# Execute an operating system command.
# Valid: operating system command
osCmd =
# Prompt for an interactive operating system shell.
2008-10-15 19:38:22 +04:00
# Valid: True or False
osShell = False
# Prompt for an out-of-band shell, meterpreter or VNC.
# Valid: True or False
osPwn = False
# One click prompt for an out-of-band shell, meterpreter or VNC.
# Valid: True or False
osSmb = False
# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored
# procedure heap-based buffer overflow (MS09-004) exploitation.
# Valid: True or False
osBof = False
# Database process' user privilege escalation.
# Note: Use in conjunction with osPwn, osSmb or osBof. It will force the
# payload to be Meterpreter.
privEsc = False
# Local path where Metasploit Framework 3 is installed.
# Valid: file system path
msfPath =
# Remote absolute path of temporary files directory.
# Valid: absolute file system path
tmpPath =
2008-10-15 19:38:22 +04:00
2010-03-12 02:54:07 +03:00
# These options can be used to access the back-end database management
# system Windows registry.
[Windows]
# Read a Windows registry key value
regRead = False
# Write a Windows registry key value data
regAdd = False
# Delete a Windows registry key value
regDel = False
# Windows registry key
regKey =
# Windows registry key value
regVal =
# Windows registry key value data
regData =
# Windows registry key value type
regType =
2008-10-15 19:38:22 +04:00
[Miscellaneous]
# Dump the data into an XML file.
xmlFile =
# Save and resume all data retrieved on a session file.
sessionFile =
2010-03-04 16:01:18 +03:00
# Flush session file for current target.
flushSession = False
2008-10-15 19:38:22 +04:00
# Retrieve each query output length and calculate the estimated time of
# arrival in real time.
# Valid: True or False
eta = False
# Use google dork results from specified page number
# Valid: integer
# Default: 1
googlePage = 1
2008-10-15 19:38:22 +04:00
2010-03-03 16:59:29 +03:00
# Update sqlmap.
2008-10-15 19:38:22 +04:00
# Valid: True or False
updateAll = False
# Never ask for user input, use the default behaviour.
# Valid: True or False
batch = False
# Clean up the DBMS by sqlmap specific UDF and tables
# Valid: True or False
cleanup = False
# Verbosity level.
# Valid: integer between 0 and 5
# 0: Show only warning and error messages
# 1: Show also info messages
# 2: Show also debug messages
# 3: Show also HTTP requests
# 4: Show also HTTP responses headers
# 5: Show also HTTP responses page content
# Default: 1
verbose = 1