2010-03-12 02:54:07 +03:00
|
|
|
# At least one of these options has to be specified to set the source to
|
|
|
|
# get target urls from.
|
2008-12-04 20:40:03 +03:00
|
|
|
[Target]
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-03-27 02:23:25 +03:00
|
|
|
# Direct connection to the database.
|
2010-11-14 02:30:38 +03:00
|
|
|
# Examples:
|
|
|
|
# mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME
|
|
|
|
# oracle://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_SID
|
2010-03-27 02:23:25 +03:00
|
|
|
direct =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Target URL.
|
|
|
|
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
2009-04-22 16:44:16 +04:00
|
|
|
url =
|
2008-11-20 20:56:09 +03:00
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
# Parse targets from Burp or WebScarab logs
|
2008-11-28 01:33:33 +03:00
|
|
|
# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
|
|
|
|
# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
|
|
|
|
# 'conversations/' folder path
|
2011-05-11 00:48:34 +04:00
|
|
|
logFile =
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-01-14 23:42:45 +03:00
|
|
|
# Load HTTP request from a file
|
|
|
|
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
|
|
|
|
requestFile =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Rather than providing a target url, let Google return target
|
|
|
|
# hosts as result of your Google dork expression. For a list of Google
|
|
|
|
# dorks see Johnny Long Google Hacking Database at
|
|
|
|
# http://johnny.ihackstuff.com/ghdb.php.
|
|
|
|
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
|
|
|
|
googleDork =
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
|
|
|
|
# These options can be used to specify how to connect to the target url.
|
2008-12-04 20:40:03 +03:00
|
|
|
[Request]
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-02-12 22:50:27 +03:00
|
|
|
# Data string to be sent through POST.
|
2008-10-15 19:38:22 +04:00
|
|
|
data =
|
|
|
|
|
2011-10-07 02:03:33 +04:00
|
|
|
# Character used for splitting cookie values
|
|
|
|
pDel =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# HTTP Cookie header.
|
|
|
|
cookie =
|
|
|
|
|
2012-03-07 18:48:45 +04:00
|
|
|
# File containing cookies in Netscape/wget format
|
2012-07-24 17:34:50 +04:00
|
|
|
loadCookies =
|
2012-03-07 18:48:45 +04:00
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
# Ignore Set-Cookie header from response
|
|
|
|
# Valid: True or False
|
|
|
|
dropSetCookie = False
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
|
|
|
|
# at each HTTP request
|
|
|
|
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
|
2011-02-02 17:51:12 +03:00
|
|
|
agent =
|
|
|
|
|
|
|
|
# Use randomly selected HTTP User-Agent header
|
|
|
|
# Valid: True or False
|
|
|
|
randomAgent = False
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-12-20 16:52:41 +04:00
|
|
|
# HTTP Host header.
|
|
|
|
host =
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
# HTTP Referer header. Useful to fake the HTTP Referer header value at
|
|
|
|
# each HTTP request.
|
|
|
|
referer =
|
|
|
|
|
2011-12-20 16:52:41 +04:00
|
|
|
# Randomly change value for the given parameter
|
|
|
|
rParam =
|
|
|
|
|
2012-02-08 13:11:57 +04:00
|
|
|
# Force usage of SSL/HTTPS requests
|
|
|
|
# Valid: True or False
|
|
|
|
forceSSL = False
|
|
|
|
|
2008-12-09 00:24:24 +03:00
|
|
|
# Extra HTTP headers
|
|
|
|
headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
|
|
|
|
Accept-Language: en-us,en;q=0.5
|
|
|
|
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# HTTP Authentication type. Useful only if the target url requires
|
2009-12-15 17:16:25 +03:00
|
|
|
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
|
|
|
# Valid: Basic, Digest or NTLM
|
2008-10-15 19:38:22 +04:00
|
|
|
aType =
|
|
|
|
|
2010-10-15 14:28:06 +04:00
|
|
|
# HTTP authentication credentials. Useful only if the target url requires
|
2009-12-15 17:16:25 +03:00
|
|
|
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
2008-10-15 19:38:22 +04:00
|
|
|
# Syntax: username:password
|
|
|
|
aCred =
|
|
|
|
|
2010-03-12 15:23:05 +03:00
|
|
|
# HTTP Authentication certificate. Useful only if the target url requires
|
2010-01-07 15:59:09 +03:00
|
|
|
# logon certificate and you have such data.
|
|
|
|
# Syntax: key_file,cert_file
|
|
|
|
aCert =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Use a HTTP proxy to connect to the target url.
|
2009-07-09 15:25:35 +04:00
|
|
|
# Syntax: http://address:port
|
2008-10-15 19:38:22 +04:00
|
|
|
proxy =
|
|
|
|
|
2010-10-15 14:28:06 +04:00
|
|
|
# HTTP proxy authentication credentials. Useful only if the proxy requires
|
|
|
|
# HTTP Basic or Digest authentication and you have such data.
|
|
|
|
# Syntax: username:password
|
|
|
|
pCred =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Ignore system default HTTP proxy.
|
2010-03-03 19:19:17 +03:00
|
|
|
# Valid: True or False
|
|
|
|
ignoreProxy = False
|
|
|
|
|
2008-11-09 19:57:47 +03:00
|
|
|
# Delay in seconds between each HTTP request.
|
|
|
|
# Valid: float
|
|
|
|
# Default: 0
|
|
|
|
delay = 0
|
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
# Seconds to wait before timeout connection.
|
|
|
|
# Valid: float
|
2008-12-19 23:48:33 +03:00
|
|
|
# Default: 30
|
|
|
|
timeout = 30
|
2008-12-04 20:40:03 +03:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Maximum number of retries when the HTTP connection timeouts.
|
|
|
|
# Valid: integer
|
|
|
|
# Default: 3
|
|
|
|
retries = 3
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Regular expression for filtering targets from provided Burp.
|
2010-01-10 00:08:47 +03:00
|
|
|
# or WebScarab proxy log.
|
|
|
|
# Example: (google|yahoo)
|
|
|
|
scope =
|
2010-01-09 23:44:50 +03:00
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Url address to visit frequently during testing.
|
2010-04-16 16:44:47 +04:00
|
|
|
# Example: http://192.168.1.121/index.html
|
|
|
|
safUrl =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Test requests between two visits to a given safe url (default 0).
|
2010-04-16 16:44:47 +04:00
|
|
|
# Valid: integer
|
|
|
|
# Default: 0
|
|
|
|
saFreq = 0
|
|
|
|
|
2012-09-26 17:25:01 +04:00
|
|
|
# Skip URL encoding of payload data
|
2012-05-25 03:30:33 +04:00
|
|
|
# Valid: True or False
|
|
|
|
skipUrlEncode = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Evaluate provided Python code before the request.
|
2011-11-21 21:39:18 +04:00
|
|
|
# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
|
2011-11-21 20:41:02 +04:00
|
|
|
evalCode =
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
|
2010-10-17 04:07:53 +04:00
|
|
|
# These options can be used to optimize the performance of sqlmap.
|
|
|
|
[Optimization]
|
|
|
|
|
|
|
|
# Use all optimization options.
|
|
|
|
# Valid: True or False
|
|
|
|
optimize = False
|
|
|
|
|
|
|
|
# Predict common queries output.
|
|
|
|
# Valid: True or False
|
|
|
|
predictOutput = False
|
|
|
|
|
|
|
|
# Use persistent HTTP(s) connections.
|
|
|
|
keepAlive = False
|
|
|
|
|
|
|
|
# Retrieve page length without actual HTTP response body.
|
|
|
|
# Valid: True or False
|
|
|
|
nullConnection = False
|
|
|
|
|
|
|
|
# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
|
|
|
|
# to be used in the inference SQL injection attack.
|
|
|
|
# Valid: integer
|
|
|
|
# Default: 1
|
|
|
|
threads = 1
|
|
|
|
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to specify which parameters to test for,
|
2010-11-08 13:11:43 +03:00
|
|
|
# provide custom injection payloads and optional tampering scripts.
|
2008-10-15 19:38:22 +04:00
|
|
|
[Injection]
|
|
|
|
|
2008-12-04 20:40:03 +03:00
|
|
|
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
|
|
|
|
# parameters and HTTP User-Agent are tested by sqlmap.
|
|
|
|
testParameter =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Force back-end DBMS to this value. If this option is set, the back-end
|
|
|
|
# DBMS identification process will be minimized as needed.
|
|
|
|
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
2010-10-17 04:07:53 +04:00
|
|
|
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
|
|
|
|
# access, firebird, maxdb, sybase
|
2008-10-15 19:38:22 +04:00
|
|
|
dbms =
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Force back-end DBMS operating system to this value. If this option is
|
|
|
|
# set, the back-end DBMS identification process will be minimized as
|
|
|
|
# needed.
|
|
|
|
# If not set, sqlmap will detect back-end DBMS operating system
|
|
|
|
# automatically by default.
|
|
|
|
# Valid: linux, windows
|
|
|
|
os =
|
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
# Use big numbers for invalidating values.
|
|
|
|
# Valid: True or False
|
|
|
|
invalidBignum = False
|
2008-12-09 00:24:24 +03:00
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
# Use logical operations for invalidating values.
|
2011-10-24 04:40:06 +04:00
|
|
|
# Valid: True or False
|
2012-04-26 00:29:07 +04:00
|
|
|
invalidLogical = False
|
2012-03-30 14:50:01 +04:00
|
|
|
|
|
|
|
# Turn off payload casting mechanism
|
|
|
|
# Valid: True or False
|
|
|
|
noCast = False
|
2011-10-24 04:40:06 +04:00
|
|
|
|
2012-07-16 13:07:47 +04:00
|
|
|
# Turn off string unescaping mechanism
|
|
|
|
# Valid: True or False
|
|
|
|
noUnescape = False
|
|
|
|
|
2012-04-26 00:29:07 +04:00
|
|
|
# Injection payload prefix string.
|
|
|
|
prefix =
|
|
|
|
|
|
|
|
# Injection payload suffix string.
|
|
|
|
suffix =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Skip testing for given parameter(s).
|
2011-08-29 17:29:42 +04:00
|
|
|
skip =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Use given script(s) for tampering injection data.
|
2010-11-08 13:11:43 +03:00
|
|
|
tamper =
|
|
|
|
|
|
|
|
|
|
|
|
# These options can be used to specify how to parse and compare page
|
|
|
|
# content from HTTP responses when using blind SQL injection technique.
|
|
|
|
[Detection]
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Level of tests to perform.
|
2010-11-28 21:10:54 +03:00
|
|
|
# The higher the value is, the higher the number of HTTP(s) requests are
|
|
|
|
# as well as the better chances to detect a tricky SQL injection.
|
|
|
|
# Valid: Integer between 1 and 5
|
|
|
|
# Default: 1
|
|
|
|
level = 1
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Risk of tests to perform.
|
2010-11-28 21:10:54 +03:00
|
|
|
# Note: boolean-based blind SQL injection tests with AND are considered
|
|
|
|
# risk 1, with OR are considered risk 3.
|
|
|
|
# Valid: Integer between 0 and 3
|
|
|
|
# Default: 1
|
|
|
|
risk = 1
|
|
|
|
|
2012-07-07 13:41:52 +04:00
|
|
|
# String to match within the raw response when the query is evaluated to
|
|
|
|
# True, only needed if the page content dynamically changes at each refresh.
|
2010-11-17 12:15:40 +03:00
|
|
|
# Refer to the user's manual for further details.
|
2008-12-05 18:34:13 +03:00
|
|
|
string =
|
|
|
|
|
2012-07-26 14:06:02 +04:00
|
|
|
# String to match within the raw response when the query is evaluated to
|
|
|
|
# False, only needed if the page content dynamically changes at each refresh.
|
|
|
|
# Refer to the user's manual for further details.
|
|
|
|
notString =
|
|
|
|
|
2011-08-12 20:48:11 +04:00
|
|
|
# Regular expression to match within the raw response when the query is
|
2012-07-07 13:41:52 +04:00
|
|
|
# evaluated to True, only needed if the needed if the page content
|
|
|
|
# dynamically changes at each refresh.
|
2008-12-05 18:34:13 +03:00
|
|
|
# Refer to the user's manual for further details.
|
|
|
|
# Valid: regular expression with Python syntax
|
|
|
|
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
|
|
|
|
regexp =
|
|
|
|
|
2012-07-07 13:41:52 +04:00
|
|
|
# HTTP response code to match when the query is True.
|
2012-01-05 14:24:27 +04:00
|
|
|
# Valid: Integer
|
2011-08-12 20:48:11 +04:00
|
|
|
# Example: 200 (assuming any False statement returns a different response
|
|
|
|
# code)
|
2012-01-05 14:24:27 +04:00
|
|
|
# code =
|
2011-08-12 20:48:11 +04:00
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Compare pages based only on the textual content.
|
2010-05-12 15:30:32 +04:00
|
|
|
# Valid: True or False
|
2010-10-17 04:07:53 +04:00
|
|
|
textOnly = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Compare pages based only on their titles.
|
2011-06-11 03:18:43 +04:00
|
|
|
# Valid: True or False
|
|
|
|
titles = False
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
|
2011-03-08 01:04:17 +03:00
|
|
|
# These options can be used to tweak testing of specific SQL injection
|
|
|
|
# techniques.
|
2008-11-12 03:36:50 +03:00
|
|
|
[Techniques]
|
|
|
|
|
2011-04-06 18:41:44 +04:00
|
|
|
# SQL injection techniques to test for.
|
2011-04-07 14:00:47 +04:00
|
|
|
# Valid: a string composed by B, E, U, S and T where:
|
|
|
|
# B: Boolean-based blind SQL injection
|
|
|
|
# E: Error-based SQL injection
|
|
|
|
# U: UNION query SQL injection
|
|
|
|
# S: Stacked queries SQL injection
|
|
|
|
# T: Time-based blind SQL injection
|
|
|
|
# Example: ES (means test for error-based and stacked queries SQL
|
2011-04-06 18:41:44 +04:00
|
|
|
# injection types only)
|
2011-04-07 14:00:47 +04:00
|
|
|
# Default: BEUST (means test for all SQL injection types - recommended)
|
|
|
|
tech = BEUST
|
2011-04-06 18:41:44 +04:00
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Seconds to delay the response from the DBMS.
|
|
|
|
# Valid: integer
|
|
|
|
# Default: 5
|
|
|
|
timeSec = 5
|
|
|
|
|
2010-11-19 18:48:24 +03:00
|
|
|
# Range of columns to test for
|
|
|
|
# Valid: range of integers
|
2011-01-12 01:56:21 +03:00
|
|
|
# Example: 1-10
|
|
|
|
uCols =
|
2010-11-14 02:24:41 +03:00
|
|
|
|
2011-03-08 01:04:17 +03:00
|
|
|
# Character to use for bruteforcing number of columns
|
2010-11-19 17:56:20 +03:00
|
|
|
# Valid: string
|
2011-01-12 01:56:21 +03:00
|
|
|
# Example: NULL
|
|
|
|
uChar =
|
2010-11-19 17:56:20 +03:00
|
|
|
|
2012-05-27 22:41:06 +04:00
|
|
|
# Domain name used for DNS exfiltration attack
|
|
|
|
# Valid: string
|
2012-07-24 17:34:50 +04:00
|
|
|
dnsName =
|
2012-05-27 22:41:06 +04:00
|
|
|
|
2012-07-26 16:07:05 +04:00
|
|
|
# Resulting page url searched for second-order response
|
|
|
|
# Valid: string
|
|
|
|
secondOrder =
|
|
|
|
|
2008-11-12 03:36:50 +03:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
[Fingerprint]
|
|
|
|
|
|
|
|
# Perform an extensive back-end database management system fingerprint
|
|
|
|
# based on various techniques.
|
|
|
|
# Valid: True or False
|
|
|
|
extensiveFp = False
|
|
|
|
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to enumerate the back-end database
|
|
|
|
# management system information, structure and data contained in the
|
|
|
|
# tables. Moreover you can run your own SQL statements.
|
2008-10-15 19:38:22 +04:00
|
|
|
[Enumeration]
|
|
|
|
|
2012-10-05 12:24:09 +04:00
|
|
|
# Retrieve everything
|
|
|
|
# Valid: True or False
|
|
|
|
getAll = False
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Retrieve back-end database management system banner.
|
|
|
|
# Valid: True or False
|
|
|
|
getBanner = False
|
|
|
|
|
|
|
|
# Retrieve back-end database management system current user.
|
|
|
|
# Valid: True or False
|
|
|
|
getCurrentUser = False
|
|
|
|
|
|
|
|
# Retrieve back-end database management system current database.
|
|
|
|
# Valid: True or False
|
|
|
|
getCurrentDb = False
|
|
|
|
|
2012-07-12 03:01:57 +04:00
|
|
|
# Retrieve back-end database management system server hostname.
|
|
|
|
# Valid: True or False
|
|
|
|
getHostname = False
|
|
|
|
|
2008-12-18 23:41:11 +03:00
|
|
|
# Detect if the DBMS current user is DBA.
|
|
|
|
# Valid: True or False
|
|
|
|
isDba = False
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Enumerate back-end database management system users.
|
|
|
|
# Valid: True or False
|
|
|
|
getUsers = False
|
|
|
|
|
|
|
|
# Enumerate back-end database management system users password hashes.
|
|
|
|
# Valid: True or False
|
|
|
|
getPasswordHashes = False
|
|
|
|
|
|
|
|
# Enumerate back-end database management system users privileges.
|
|
|
|
# Valid: True or False
|
|
|
|
getPrivileges = False
|
|
|
|
|
2010-03-25 18:46:06 +03:00
|
|
|
# Enumerate back-end database management system users roles.
|
|
|
|
# Valid: True or False
|
|
|
|
getRoles = False
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Enumerate back-end database management system databases.
|
|
|
|
# Valid: True or False
|
|
|
|
getDbs = False
|
|
|
|
|
|
|
|
# Enumerate back-end database management system database tables.
|
|
|
|
# Optional: db
|
|
|
|
# Valid: True or False
|
|
|
|
getTables = False
|
|
|
|
|
|
|
|
# Enumerate back-end database management system database table columns.
|
2011-04-29 03:59:00 +04:00
|
|
|
# Optional: db, tbl, col
|
2008-10-15 19:38:22 +04:00
|
|
|
# Valid: True or False
|
|
|
|
getColumns = False
|
|
|
|
|
2011-04-29 03:59:00 +04:00
|
|
|
# Enumerate back-end database management system schema.
|
|
|
|
# Valid: True or False
|
|
|
|
getSchema = False
|
|
|
|
|
2011-04-30 04:22:22 +04:00
|
|
|
# Retrieve number of entries for table(s).
|
|
|
|
# Valid: True or False
|
|
|
|
getCount = False
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Dump back-end database management system database table entries.
|
2010-03-12 02:54:07 +03:00
|
|
|
# Requires: tbl and/or col
|
|
|
|
# Optional: db
|
2008-10-15 19:38:22 +04:00
|
|
|
# Valid: True or False
|
|
|
|
dumpTable = False
|
|
|
|
|
|
|
|
# Dump all back-end database management system databases tables entries.
|
|
|
|
# Valid: True or False
|
|
|
|
dumpAll = False
|
|
|
|
|
2010-05-07 17:40:57 +04:00
|
|
|
# Search column(s), table(s) and/or database name(s).
|
|
|
|
# Requires: db, tbl or col
|
|
|
|
# Valid: True or False
|
|
|
|
search = False
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
# Back-end database management system database to enumerate.
|
|
|
|
db =
|
|
|
|
|
|
|
|
# Back-end database management system database table to enumerate.
|
|
|
|
tbl =
|
|
|
|
|
|
|
|
# Back-end database management system database table column to enumerate.
|
|
|
|
col =
|
|
|
|
|
|
|
|
# Back-end database management system database user to enumerate.
|
|
|
|
user =
|
|
|
|
|
|
|
|
# Exclude DBMS system databases when enumerating tables.
|
|
|
|
# Valid: True or False
|
|
|
|
excludeSysDbs = False
|
|
|
|
|
2009-04-25 00:12:52 +04:00
|
|
|
# First query output entry to retrieve
|
2008-11-09 19:57:47 +03:00
|
|
|
# Valid: integer
|
2009-04-25 00:12:52 +04:00
|
|
|
# Default: 0 (sqlmap will start to retrieve the query output entries from
|
|
|
|
# the first)
|
2008-10-26 19:10:28 +03:00
|
|
|
limitStart = 0
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2009-04-25 00:12:52 +04:00
|
|
|
# Last query output entry to retrieve
|
2008-11-09 19:57:47 +03:00
|
|
|
# Valid: integer
|
2009-04-25 00:12:52 +04:00
|
|
|
# Default: 0 (sqlmap will detect the number of query output entries and
|
|
|
|
# retrieve them until the last)
|
2008-10-26 19:10:28 +03:00
|
|
|
limitStop = 0
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2009-09-26 03:03:45 +04:00
|
|
|
# First query output word character to retrieve
|
|
|
|
# Valid: integer
|
|
|
|
# Default: 0 (sqlmap will enumerate the query output from the first
|
|
|
|
# character)
|
|
|
|
firstChar = 0
|
|
|
|
|
|
|
|
# Last query output word character to retrieve
|
|
|
|
# Valid: integer
|
|
|
|
# Default: 0 (sqlmap will enumerate the query output until the last
|
|
|
|
# character)
|
|
|
|
lastChar = 0
|
|
|
|
|
2009-12-15 17:16:25 +03:00
|
|
|
# SQL statement to be executed.
|
2008-10-15 19:38:22 +04:00
|
|
|
# Example: SELECT 'foo', 'bar'
|
2010-05-28 18:09:20 +04:00
|
|
|
query =
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
# Prompt for an interactive SQL shell.
|
|
|
|
# Valid: True or False
|
|
|
|
sqlShell = False
|
|
|
|
|
2012-07-10 03:27:08 +04:00
|
|
|
# Execute SQL statements from given file(s).
|
|
|
|
sqlFile =
|
|
|
|
|
2010-11-09 19:59:36 +03:00
|
|
|
|
|
|
|
# These options can be used to run brute force checks.
|
|
|
|
[Brute force]
|
|
|
|
|
2010-10-15 19:37:15 +04:00
|
|
|
# Check existence of common tables.
|
|
|
|
# Valid: True or False
|
2010-11-11 10:57:44 +03:00
|
|
|
commonTables = False
|
2010-10-15 19:37:15 +04:00
|
|
|
|
2010-11-09 19:59:36 +03:00
|
|
|
# Check existence of common columns.
|
|
|
|
# Valid: True or False
|
2010-11-11 10:57:44 +03:00
|
|
|
commonColumns = False
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-10-17 04:07:53 +04:00
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to create custom user-defined functions.
|
2009-09-26 03:03:45 +04:00
|
|
|
[User-defined function]
|
|
|
|
|
|
|
|
# Inject custom user-defined functions
|
|
|
|
# Valid: True or False
|
|
|
|
udfInject = False
|
|
|
|
|
|
|
|
# Local path of the shared library
|
|
|
|
shLib =
|
|
|
|
|
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to access the back-end database management
|
|
|
|
# system underlying file system.
|
2008-10-15 19:38:22 +04:00
|
|
|
[File system]
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Read a specific file from the back-end DBMS underlying file system.
|
2008-11-09 19:57:47 +03:00
|
|
|
# Examples: /etc/passwd or C:\boot.ini
|
2008-10-15 19:38:22 +04:00
|
|
|
rFile =
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Write a local file to a specific path on the back-end DBMS underlying
|
|
|
|
# file system.
|
2008-10-15 19:38:22 +04:00
|
|
|
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
|
|
|
|
wFile =
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Back-end DBMS absolute filepath to write the file to.
|
|
|
|
dFile =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to access the back-end database management
|
|
|
|
# system underlying operating system.
|
2008-10-15 19:38:22 +04:00
|
|
|
[Takeover]
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Execute an operating system command.
|
|
|
|
# Valid: operating system command
|
|
|
|
osCmd =
|
|
|
|
|
|
|
|
# Prompt for an interactive operating system shell.
|
2008-10-15 19:38:22 +04:00
|
|
|
# Valid: True or False
|
|
|
|
osShell = False
|
|
|
|
|
2009-04-22 15:48:07 +04:00
|
|
|
# Prompt for an out-of-band shell, meterpreter or VNC.
|
|
|
|
# Valid: True or False
|
|
|
|
osPwn = False
|
|
|
|
|
|
|
|
# One click prompt for an out-of-band shell, meterpreter or VNC.
|
|
|
|
# Valid: True or False
|
|
|
|
osSmb = False
|
|
|
|
|
|
|
|
# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored
|
|
|
|
# procedure heap-based buffer overflow (MS09-004) exploitation.
|
|
|
|
# Valid: True or False
|
|
|
|
osBof = False
|
|
|
|
|
2010-03-13 01:43:35 +03:00
|
|
|
# Database process' user privilege escalation.
|
|
|
|
# Note: Use in conjunction with osPwn, osSmb or osBof. It will force the
|
|
|
|
# payload to be Meterpreter.
|
2009-04-22 15:48:07 +04:00
|
|
|
privEsc = False
|
|
|
|
|
2011-09-12 21:26:22 +04:00
|
|
|
# Local path where Metasploit Framework is installed.
|
2009-04-22 15:48:07 +04:00
|
|
|
# Valid: file system path
|
|
|
|
msfPath =
|
|
|
|
|
|
|
|
# Remote absolute path of temporary files directory.
|
|
|
|
# Valid: absolute file system path
|
|
|
|
tmpPath =
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-03-12 02:54:07 +03:00
|
|
|
# These options can be used to access the back-end database management
|
|
|
|
# system Windows registry.
|
2009-09-26 03:03:45 +04:00
|
|
|
[Windows]
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Read a Windows registry key value.
|
2010-10-17 04:07:53 +04:00
|
|
|
# Valid: True or False
|
2009-09-26 03:03:45 +04:00
|
|
|
regRead = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Write a Windows registry key value data.
|
2010-10-17 04:07:53 +04:00
|
|
|
# Valid: True or False
|
2009-09-26 03:03:45 +04:00
|
|
|
regAdd = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Delete a Windows registry key value.
|
2010-10-17 04:07:53 +04:00
|
|
|
# Valid: True or False
|
2009-09-26 03:03:45 +04:00
|
|
|
regDel = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Windows registry key.
|
2009-09-26 03:03:45 +04:00
|
|
|
regKey =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Windows registry key value.
|
2009-09-26 03:03:45 +04:00
|
|
|
regVal =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Windows registry key value data.
|
2009-09-26 03:03:45 +04:00
|
|
|
regData =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Windows registry key value type.
|
2009-09-26 03:03:45 +04:00
|
|
|
regType =
|
|
|
|
|
|
|
|
|
2010-11-16 17:11:32 +03:00
|
|
|
# These options can be used to set some general working parameters.
|
|
|
|
[General]
|
|
|
|
|
2011-02-27 15:17:41 +03:00
|
|
|
# Log all HTTP traffic into a textual file.
|
|
|
|
trafficFile =
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
# Never ask for user input, use the default behaviour.
|
|
|
|
# Valid: True or False
|
|
|
|
batch = False
|
|
|
|
|
|
|
|
# Force character encoding used for data retrieval.
|
|
|
|
charset =
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Check to see if Tor is used properly.
|
2011-11-30 21:39:41 +04:00
|
|
|
# Valid: True or False
|
|
|
|
checkTor = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Crawl the website starting from the target url.
|
2011-07-06 09:44:47 +04:00
|
|
|
# Valid: integer
|
|
|
|
# Default: 0
|
|
|
|
crawlDepth = 0
|
|
|
|
|
2011-11-30 21:39:41 +04:00
|
|
|
# Delimiting character used in CSV output.
|
|
|
|
# Default: ,
|
|
|
|
csvDel = ,
|
|
|
|
|
2012-07-02 03:22:34 +04:00
|
|
|
# DBMS authentication credentials (user:password). Useful if you want to
|
|
|
|
# run SQL statements as another user, the back-end database management
|
|
|
|
# system is PostgreSQL or Microsoft SQL Server and the parameter is
|
|
|
|
# vulnerable by stacked queries SQL injection or you are connecting directly
|
|
|
|
# to the DBMS (-d switch).
|
|
|
|
# Syntax: username:password
|
2012-07-24 17:34:50 +04:00
|
|
|
dbmsCred =
|
2012-07-02 03:22:34 +04:00
|
|
|
|
2011-05-18 02:55:22 +04:00
|
|
|
# Retrieve each query output length and calculate the estimated time of
|
|
|
|
# arrival in real time.
|
|
|
|
# Valid: True or False
|
|
|
|
eta = False
|
2010-11-16 17:11:32 +03:00
|
|
|
|
2012-07-04 22:28:18 +04:00
|
|
|
# Flush session files for current target.
|
2010-11-16 17:11:32 +03:00
|
|
|
# Valid: True or False
|
|
|
|
flushSession = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Parse and test forms on target url.
|
2011-07-06 09:44:47 +04:00
|
|
|
# Valid: True or False
|
|
|
|
forms = False
|
|
|
|
|
2011-03-24 13:08:47 +03:00
|
|
|
# Ignores query results stored in session file.
|
|
|
|
# Valid: True or False
|
|
|
|
freshQueries = False
|
|
|
|
|
2012-03-01 13:10:24 +04:00
|
|
|
# Uses DBMS hex function(s) for data retrieval.
|
2012-02-21 15:44:48 +04:00
|
|
|
# Valid: True or False
|
|
|
|
hexConvert = False
|
|
|
|
|
2012-07-03 02:50:23 +04:00
|
|
|
# Custom output directory path.
|
|
|
|
oDir =
|
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
# Parse and display DBMS error messages from responses.
|
|
|
|
# Valid: True or False
|
|
|
|
parseErrors = False
|
|
|
|
|
|
|
|
# Replicate dumped data into a sqlite3 database.
|
|
|
|
# Valid: True or False
|
|
|
|
replicate = False
|
|
|
|
|
2011-12-16 03:19:55 +04:00
|
|
|
# Use Use Tor anonymity network.
|
2011-07-06 09:44:47 +04:00
|
|
|
# Valid: True or False
|
|
|
|
tor = False
|
|
|
|
|
2012-02-21 15:44:48 +04:00
|
|
|
# Set Tor proxy port other than default.
|
2012-01-05 14:24:27 +04:00
|
|
|
# Valid: integer
|
|
|
|
# torPort =
|
2011-12-23 14:57:09 +04:00
|
|
|
|
2011-12-16 03:19:55 +04:00
|
|
|
# Set Tor proxy type.
|
|
|
|
# Valid: HTTP, SOCKS4, SOCKS5
|
|
|
|
torType = HTTP
|
|
|
|
|
2010-11-16 17:11:32 +03:00
|
|
|
# Update sqlmap.
|
|
|
|
# Valid: True or False
|
2011-02-03 15:21:29 +03:00
|
|
|
updateAll = False
|
2010-11-16 17:11:32 +03:00
|
|
|
|
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
[Miscellaneous]
|
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
# Offline WAF/IPS/IDS payload detection testing.
|
2010-11-16 17:09:09 +03:00
|
|
|
checkPayload = False
|
2010-11-08 15:36:48 +03:00
|
|
|
|
2011-07-06 09:44:47 +04:00
|
|
|
# Check for existence of WAF/IPS/IDS protection.
|
|
|
|
checkWaf = False
|
|
|
|
|
2011-03-19 21:28:51 +03:00
|
|
|
# Clean up the DBMS by sqlmap specific UDF and tables.
|
2010-10-17 04:07:53 +04:00
|
|
|
# Valid: True or False
|
2010-11-16 17:09:09 +03:00
|
|
|
cleanup = False
|
2010-03-04 16:01:18 +03:00
|
|
|
|
2011-06-27 12:21:33 +04:00
|
|
|
# Show which sqlmap dependencies are not available.
|
|
|
|
# Valid: True or False
|
|
|
|
dependencies = False
|
|
|
|
|
2012-08-16 00:31:25 +04:00
|
|
|
# Disable console output coloring.
|
|
|
|
# Valid: True or False
|
|
|
|
disableColoring = False
|
|
|
|
|
2011-03-23 14:57:57 +03:00
|
|
|
# Use Google dork results from specified page number.
|
2010-01-02 05:02:12 +03:00
|
|
|
# Valid: integer
|
2008-12-02 02:07:41 +03:00
|
|
|
# Default: 1
|
2010-01-02 05:02:12 +03:00
|
|
|
googlePage = 1
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-04-29 23:27:23 +04:00
|
|
|
# Imitate smartphone through HTTP User-Agent header.
|
|
|
|
# Valid: True or False
|
|
|
|
mobile = False
|
|
|
|
|
2011-03-23 14:57:57 +03:00
|
|
|
# Display page rank (PR) for Google dork results.
|
|
|
|
# Valid: True or False
|
|
|
|
pageRank = False
|
|
|
|
|
2011-07-10 19:16:58 +04:00
|
|
|
# Conduct through tests only if positive heuristic(s).
|
|
|
|
# Valid: True or False
|
|
|
|
smart = False
|
|
|
|
|
2012-06-14 18:36:53 +04:00
|
|
|
# Select tests by payloads and/or titles (e.g. ROW)
|
2012-07-24 17:43:29 +04:00
|
|
|
testFilter =
|
2012-06-14 18:36:53 +04:00
|
|
|
|
2011-03-29 15:42:55 +04:00
|
|
|
# Simple wizard interface for beginner users.
|
|
|
|
# Valid: True or False
|
|
|
|
wizard = False
|
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
# Verbosity level.
|
2010-11-08 01:34:29 +03:00
|
|
|
# Valid: integer between 0 and 6
|
2011-03-12 01:02:38 +03:00
|
|
|
# 0: Show only error and critical messages
|
2010-11-08 01:34:29 +03:00
|
|
|
# 1: Show also warning and info messages
|
2011-01-21 00:49:34 +03:00
|
|
|
# 2: Show also debug messages
|
|
|
|
# 3: Show also payloads injected
|
2010-11-08 01:34:29 +03:00
|
|
|
# 4: Show also HTTP requests
|
2011-01-21 00:49:34 +03:00
|
|
|
# 5: Show also HTTP responses' headers
|
|
|
|
# 6: Show also HTTP responses' page content
|
2010-01-02 05:02:12 +03:00
|
|
|
# Default: 1
|
2010-01-09 23:44:50 +03:00
|
|
|
verbose = 1
|