2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2023-01-03 01:24:59 +03:00
Copyright ( c ) 2006 - 2023 sqlmap developers ( https : / / sqlmap . org / )
2017-10-11 15:50:46 +03:00
See the file ' LICENSE ' for copying permission
2008-10-15 19:38:22 +04:00
"""
2019-01-22 03:20:27 +03:00
from __future__ import print_function
2013-09-11 16:57:38 +04:00
import os
2014-12-21 07:15:42 +03:00
import re
2014-09-16 16:12:43 +04:00
import shlex
2008-12-12 22:06:31 +03:00
import sys
2019-06-11 02:45:23 +03:00
try :
from optparse import OptionError as ArgumentError
from optparse import OptionGroup
from optparse import OptionParser as ArgumentParser
from optparse import SUPPRESS_HELP as SUPPRESS
ArgumentParser . add_argument = ArgumentParser . add_option
def _add_argument_group ( self , * args , * * kwargs ) :
return self . add_option_group ( OptionGroup ( self , * args , * * kwargs ) )
ArgumentParser . add_argument_group = _add_argument_group
def _add_argument ( self , * args , * * kwargs ) :
return self . add_option ( * args , * * kwargs )
OptionGroup . add_argument = _add_argument
except ImportError :
from argparse import ArgumentParser
from argparse import ArgumentError
from argparse import SUPPRESS
finally :
def get_actions ( instance ) :
for attr in ( " option_list " , " _group_actions " , " _actions " ) :
if hasattr ( instance , attr ) :
return getattr ( instance , attr )
def get_groups ( parser ) :
return getattr ( parser , " option_groups " , None ) or getattr ( parser , " _action_groups " )
2008-10-15 19:38:22 +04:00
2019-09-27 22:35:21 +03:00
def get_all_options ( parser ) :
retVal = set ( )
for option in get_actions ( parser ) :
if hasattr ( option , " option_strings " ) :
retVal . update ( option . option_strings )
else :
retVal . update ( option . _long_opts )
retVal . update ( option . _short_opts )
for group in get_groups ( parser ) :
for option in get_actions ( group ) :
if hasattr ( option , " option_strings " ) :
retVal . update ( option . option_strings )
else :
retVal . update ( option . _long_opts )
retVal . update ( option . _short_opts )
return retVal
2019-06-06 14:08:56 +03:00
from lib . core . common import checkOldOptions
2013-08-27 15:55:38 +04:00
from lib . core . common import checkSystemEncoding
2016-06-10 19:41:41 +03:00
from lib . core . common import dataToStdout
2011-06-15 15:58:50 +04:00
from lib . core . common import expandMnemonics
2019-05-03 01:48:46 +03:00
from lib . core . common import getSafeExString
2019-03-28 18:04:38 +03:00
from lib . core . compat import xrange
2019-05-06 01:54:21 +03:00
from lib . core . convert import getUnicode
2014-09-16 16:12:43 +04:00
from lib . core . data import cmdLineOptions
from lib . core . data import conf
2008-10-15 19:38:22 +04:00
from lib . core . data import logger
2011-06-16 15:42:13 +04:00
from lib . core . defaults import defaults
2019-06-06 14:08:56 +03:00
from lib . core . dicts import DEPRECATED_OPTIONS
2014-09-16 16:12:43 +04:00
from lib . core . enums import AUTOCOMPLETE_TYPE
from lib . core . exception import SqlmapShellQuitException
2019-12-04 01:30:28 +03:00
from lib . core . exception import SqlmapSilentQuitException
2014-12-15 11:11:40 +03:00
from lib . core . exception import SqlmapSyntaxException
2019-07-16 15:02:16 +03:00
from lib . core . option import _createHomeDirectories
2012-07-03 14:09:18 +04:00
from lib . core . settings import BASIC_HELP_ITEMS
2013-02-28 23:20:08 +04:00
from lib . core . settings import DUMMY_URL
2020-02-03 18:54:00 +03:00
from lib . core . settings import IGNORED_OPTIONS
2019-02-19 02:21:37 +03:00
from lib . core . settings import INFERENCE_UNKNOWN_CHAR
2011-03-29 03:09:19 +04:00
from lib . core . settings import IS_WIN
2012-07-24 17:43:29 +04:00
from lib . core . settings import MAX_HELP_OPTION_LENGTH
2013-03-20 14:44:09 +04:00
from lib . core . settings import VERSION_STRING
2014-09-16 16:12:43 +04:00
from lib . core . shell import autoCompletion
from lib . core . shell import clearHistory
from lib . core . shell import loadHistory
from lib . core . shell import saveHistory
2019-05-02 01:45:44 +03:00
from thirdparty . six . moves import input as _input
2008-10-15 19:38:22 +04:00
2015-09-10 16:01:30 +03:00
def cmdLineParser ( argv = None ) :
2008-10-15 19:38:22 +04:00
"""
This function parses the command line parameters and arguments
"""
2015-09-10 16:01:30 +03:00
if not argv :
argv = sys . argv
2013-08-27 15:55:38 +04:00
checkSystemEncoding ( )
2017-06-29 16:33:34 +03:00
# Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
_ = getUnicode ( os . path . basename ( argv [ 0 ] ) , encoding = sys . stdin . encoding )
2013-09-11 16:57:38 +04:00
2019-05-02 01:45:44 +03:00
usage = " %s %s [options] " % ( " %s " % os . path . basename ( sys . executable ) if not IS_WIN else " " , " \" %s \" " % _ if " " in _ else _ )
2019-06-11 02:45:23 +03:00
parser = ArgumentParser ( usage = usage )
2008-10-15 19:38:22 +04:00
try :
2019-07-12 15:19:25 +03:00
parser . add_argument ( " --hh " , dest = " advancedHelp " , action = " store_true " ,
help = " Show advanced help message and exit " )
2012-07-03 14:09:18 +04:00
2019-07-12 15:19:25 +03:00
parser . add_argument ( " --version " , dest = " showVersion " , action = " store_true " ,
help = " Show program ' s version number and exit " )
2013-03-20 14:44:09 +04:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " -v " , dest = " verbose " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Verbosity level: 0-6 (default %d ) " % defaults . verbose )
2008-12-18 00:35:04 +03:00
2008-12-04 20:40:03 +03:00
# Target options
2019-07-12 15:19:25 +03:00
target = parser . add_argument_group ( " Target " , " At least one of these options has to be provided to define the target(s) " )
2008-12-04 20:40:03 +03:00
2019-07-12 15:19:25 +03:00
target . add_argument ( " -u " , " --url " , dest = " url " ,
help = " Target URL (e.g. \" http://www.site.com/vuln.php?id=1 \" ) " )
2008-10-15 19:38:22 +04:00
2019-11-21 13:36:13 +03:00
target . add_argument ( " -d " , dest = " direct " ,
help = " Connection string for direct database connection " )
2019-07-12 15:19:25 +03:00
target . add_argument ( " -l " , dest = " logFile " ,
help = " Parse target(s) from Burp or WebScarab proxy log file " )
2008-10-15 19:38:22 +04:00
2019-07-12 15:19:25 +03:00
target . add_argument ( " -m " , dest = " bulkFile " ,
help = " Scan multiple targets given in a textual file " )
2011-05-11 12:46:40 +04:00
2019-06-11 02:45:23 +03:00
target . add_argument ( " -r " , dest = " requestFile " ,
2019-07-12 15:19:25 +03:00
help = " Load HTTP request from a file " )
2010-01-14 23:42:45 +03:00
2019-06-11 02:45:23 +03:00
target . add_argument ( " -g " , dest = " googleDork " ,
2019-07-12 15:19:25 +03:00
help = " Process Google dork results as target URLs " )
2008-11-20 20:56:09 +03:00
2019-06-11 02:45:23 +03:00
target . add_argument ( " -c " , dest = " configFile " ,
2019-07-12 15:19:25 +03:00
help = " Load options from a configuration INI file " )
2010-01-14 23:42:45 +03:00
2008-12-04 20:40:03 +03:00
# Request options
2019-07-12 15:19:25 +03:00
request = parser . add_argument_group ( " Request " , " These options can be used to specify how to connect to the target URL " )
2008-10-15 19:38:22 +04:00
2019-11-11 16:18:50 +03:00
request . add_argument ( " -A " , " --user-agent " , dest = " agent " ,
help = " HTTP User-Agent header value " )
request . add_argument ( " -H " , " --header " , dest = " header " ,
help = " Extra header (e.g. \" X-Forwarded-For: 127.0.0.1 \" ) " )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --method " , dest = " method " ,
2019-07-12 15:19:25 +03:00
help = " Force usage of given HTTP method (e.g. PUT) " )
2014-11-21 11:41:39 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --data " , dest = " data " ,
2019-07-12 15:19:25 +03:00
help = " Data string to be sent through POST (e.g. \" id=1 \" ) " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --param-del " , dest = " paramDel " ,
2019-07-12 15:19:25 +03:00
help = " Character used for splitting parameter values (e.g. &) " )
2011-10-07 02:03:33 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --cookie " , dest = " cookie " ,
2019-07-12 15:19:25 +03:00
help = " HTTP Cookie header value (e.g. \" PHPSESSID=a8d127e.. \" ) " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --cookie-del " , dest = " cookieDel " ,
2019-07-12 15:19:25 +03:00
help = " Character used for splitting cookie values (e.g. ;) " )
2013-07-31 22:41:19 +04:00
2020-10-29 15:51:11 +03:00
request . add_argument ( " --live-cookies " , dest = " liveCookies " ,
help = " Live cookies file used for loading up-to-date values " )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --load-cookies " , dest = " loadCookies " ,
2019-07-12 15:19:25 +03:00
help = " File containing cookies in Netscape/wget format " )
2012-03-07 18:48:45 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --drop-set-cookie " , dest = " dropSetCookie " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Ignore Set-Cookie header from response " )
2008-10-15 19:38:22 +04:00
2019-08-13 15:55:26 +03:00
request . add_argument ( " --mobile " , dest = " mobile " , action = " store_true " ,
help = " Imitate smartphone through HTTP User-Agent header " )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --random-agent " , dest = " randomAgent " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use randomly selected HTTP User-Agent header value " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --host " , dest = " host " ,
2019-07-12 15:19:25 +03:00
help = " HTTP Host header value " )
2011-12-20 16:52:41 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --referer " , dest = " referer " ,
2019-07-12 15:19:25 +03:00
help = " HTTP Referer header value " )
2010-01-02 05:02:12 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --headers " , dest = " headers " ,
2019-07-12 15:19:25 +03:00
help = " Extra headers (e.g. \" Accept-Language: fr \\ nETag: 123 \" ) " )
2008-12-09 00:24:24 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --auth-type " , dest = " authType " ,
2021-03-11 22:41:05 +03:00
help = " HTTP authentication type (Basic, Digest, Bearer, ...) " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --auth-cred " , dest = " authCred " ,
2019-07-12 15:19:25 +03:00
help = " HTTP authentication credentials (name:password) " )
2010-07-30 16:49:25 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --auth-file " , dest = " authFile " ,
2019-07-12 15:19:25 +03:00
help = " HTTP authentication PEM cert/private key file " )
2008-10-15 19:38:22 +04:00
2023-01-24 14:00:23 +03:00
request . add_argument ( " --abort-code " , dest = " abortCode " ,
help = " Abort on (problematic) HTTP error code(s) (e.g. 401) " )
2019-07-17 14:20:24 +03:00
request . add_argument ( " --ignore-code " , dest = " ignoreCode " ,
2023-01-24 14:00:23 +03:00
help = " Ignore (problematic) HTTP error code(s) (e.g. 401) " )
2014-10-13 11:19:25 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --ignore-proxy " , dest = " ignoreProxy " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Ignore system default proxy settings " )
2016-10-14 00:17:54 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --ignore-redirects " , dest = " ignoreRedirects " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Ignore redirection attempts " )
2016-11-25 15:32:28 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --ignore-timeouts " , dest = " ignoreTimeouts " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Ignore connection timeouts " )
2016-10-14 00:17:54 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --proxy " , dest = " proxy " ,
2019-07-12 15:19:25 +03:00
help = " Use a proxy to connect to the target URL " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --proxy-cred " , dest = " proxyCred " ,
2019-07-12 15:19:25 +03:00
help = " Proxy authentication credentials (name:password) " )
2010-09-27 17:23:29 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --proxy-file " , dest = " proxyFile " ,
2019-07-12 15:19:25 +03:00
help = " Load proxy list from a file " )
2013-08-09 16:13:48 +04:00
2020-12-27 01:04:48 +03:00
request . add_argument ( " --proxy-freq " , dest = " proxyFreq " , type = int ,
help = " Requests between change of proxy from a given list " )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --tor " , dest = " tor " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use Tor anonymity network " )
2013-04-30 16:11:56 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --tor-port " , dest = " torPort " ,
2019-07-12 15:19:25 +03:00
help = " Set Tor proxy port other than default " )
2013-04-30 16:11:56 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --tor-type " , dest = " torType " ,
2019-07-12 15:19:25 +03:00
help = " Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default)) " )
2013-04-30 16:11:56 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --check-tor " , dest = " checkTor " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check to see if Tor is used properly " )
2013-04-30 16:11:56 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --delay " , dest = " delay " , type = float ,
2019-07-12 15:19:25 +03:00
help = " Delay in seconds between each HTTP request " )
2008-11-09 19:57:47 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --timeout " , dest = " timeout " , type = float ,
2019-07-12 15:19:25 +03:00
help = " Seconds to wait before timeout connection (default %d ) " % defaults . timeout )
2008-12-04 20:40:03 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --retries " , dest = " retries " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Retries when the connection timeouts (default %d ) " % defaults . retries )
2010-01-10 00:08:47 +03:00
2021-11-01 23:50:16 +03:00
request . add_argument ( " --retry-on " , dest = " retryOn " ,
help = " Retry request on regexp matching content (e.g. \" drop \" ) " )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --randomize " , dest = " rParam " ,
2019-07-12 15:19:25 +03:00
help = " Randomly change value for given parameter(s) " )
2013-04-02 19:34:56 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --safe-url " , dest = " safeUrl " ,
2019-07-12 15:19:25 +03:00
help = " URL address to visit frequently during testing " )
2010-04-16 16:44:47 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --safe-post " , dest = " safePost " ,
2019-07-12 15:19:25 +03:00
help = " POST data to send to a safe URL " )
2015-04-21 00:55:59 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --safe-req " , dest = " safeReqFile " ,
2019-07-12 15:19:25 +03:00
help = " Load safe HTTP request from a file " )
2015-04-22 17:28:54 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --safe-freq " , dest = " safeFreq " , type = int ,
2020-01-07 13:48:02 +03:00
help = " Regular requests between visits to a safe URL " )
2010-04-16 16:44:47 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --skip-urlencode " , dest = " skipUrlEncode " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Skip URL encoding of payload data " )
2012-05-25 03:30:33 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --csrf-token " , dest = " csrfToken " ,
2019-07-12 15:19:25 +03:00
help = " Parameter used to hold anti-CSRF token " )
2014-10-23 13:23:53 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --csrf-url " , dest = " csrfUrl " ,
2019-07-12 15:19:25 +03:00
help = " URL address to visit for extraction of anti-CSRF token " )
2014-10-23 13:23:53 +04:00
2019-09-09 14:56:37 +03:00
request . add_argument ( " --csrf-method " , dest = " csrfMethod " ,
help = " HTTP method to use during anti-CSRF token page visit " )
2022-10-17 12:52:22 +03:00
request . add_argument ( " --csrf-data " , dest = " csrfData " ,
help = " POST data to send during anti-CSRF token page visit " )
2020-06-10 13:49:35 +03:00
request . add_argument ( " --csrf-retries " , dest = " csrfRetries " , type = int ,
help = " Retries for anti-CSRF token retrieval (default %d ) " % defaults . csrfRetries )
2019-06-11 02:45:23 +03:00
request . add_argument ( " --force-ssl " , dest = " forceSSL " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Force usage of SSL/HTTPS " )
2013-04-30 15:56:38 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --chunked " , dest = " chunked " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use HTTP chunked transfer encoded (POST) requests " )
2019-03-19 16:07:39 +03:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --hpp " , dest = " hpp " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use HTTP parameter pollution method " )
2013-04-30 16:32:11 +04:00
2019-06-11 02:45:23 +03:00
request . add_argument ( " --eval " , dest = " evalCode " ,
2019-07-12 15:19:25 +03:00
help = " Evaluate provided Python code before the request (e.g. \" import hashlib;id2=hashlib.md5(id).hexdigest() \" ) " )
2019-04-19 14:54:48 +03:00
2010-10-17 01:52:16 +04:00
# Optimization options
2019-06-11 02:45:23 +03:00
optimization = parser . add_argument_group ( " Optimization " , " These options can be used to optimize the performance of sqlmap " )
2010-10-17 01:52:16 +04:00
2019-06-11 02:45:23 +03:00
optimization . add_argument ( " -o " , dest = " optimize " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Turn on all optimization switches " )
2010-10-17 01:52:16 +04:00
2019-06-11 02:45:23 +03:00
optimization . add_argument ( " --predict-output " , dest = " predictOutput " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Predict common queries output " )
2010-10-17 01:52:16 +04:00
2019-06-11 02:45:23 +03:00
optimization . add_argument ( " --keep-alive " , dest = " keepAlive " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use persistent HTTP(s) connections " )
2010-10-17 01:52:16 +04:00
2019-06-11 02:45:23 +03:00
optimization . add_argument ( " --null-connection " , dest = " nullConnection " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve page length without actual HTTP response body " )
2010-10-17 01:52:16 +04:00
2019-06-11 02:45:23 +03:00
optimization . add_argument ( " --threads " , dest = " threads " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Max number of concurrent HTTP(s) requests (default %d ) " % defaults . threads )
2010-10-17 01:52:16 +04:00
2008-10-15 19:38:22 +04:00
# Injection options
2019-06-11 02:45:23 +03:00
injection = parser . add_argument_group ( " Injection " , " These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " -p " , dest = " testParameter " ,
2019-07-12 15:19:25 +03:00
help = " Testable parameter(s) " )
2008-12-04 20:40:03 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --skip " , dest = " skip " ,
2019-07-12 15:19:25 +03:00
help = " Skip testing for given parameter(s) " )
2013-04-04 16:21:57 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --skip-static " , dest = " skipStatic " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Skip testing parameters that not appear to be dynamic " )
2015-05-18 21:57:15 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --param-exclude " , dest = " paramExclude " ,
2019-07-12 15:19:25 +03:00
help = " Regexp to exclude parameters from testing (e.g. \" ses \" ) " )
2016-12-26 01:16:44 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --param-filter " , dest = " paramFilter " ,
2019-07-12 15:19:25 +03:00
help = " Select testable parameter(s) by place (e.g. \" POST \" ) " )
2019-05-17 12:00:51 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --dbms " , dest = " dbms " ,
2019-07-12 15:19:25 +03:00
help = " Force back-end DBMS to provided value " )
2008-12-05 18:34:13 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --dbms-cred " , dest = " dbmsCred " ,
2019-07-12 15:19:25 +03:00
help = " DBMS authentication credentials (user:password) " )
2013-04-30 16:05:50 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --os " , dest = " os " ,
2019-07-12 15:19:25 +03:00
help = " Force back-end DBMS operating system to provided value " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --invalid-bignum " , dest = " invalidBignum " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use big numbers for invalidating values " )
2008-12-09 00:24:24 +03:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --invalid-logical " , dest = " invalidLogical " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use logical operations for invalidating values " )
2012-03-30 14:50:01 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --invalid-string " , dest = " invalidString " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use random strings for invalidating values " )
2014-01-24 00:56:06 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --no-cast " , dest = " noCast " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Turn off payload casting mechanism " )
2011-10-24 04:40:06 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --no-escape " , dest = " noEscape " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Turn off string escaping mechanism " )
2012-07-16 13:07:47 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --prefix " , dest = " prefix " ,
2019-07-12 15:19:25 +03:00
help = " Injection payload prefix string " )
2012-04-26 00:29:07 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --suffix " , dest = " suffix " ,
2019-07-12 15:19:25 +03:00
help = " Injection payload suffix string " )
2012-04-26 00:29:07 +04:00
2019-06-11 02:45:23 +03:00
injection . add_argument ( " --tamper " , dest = " tamper " ,
2019-07-12 15:19:25 +03:00
help = " Use given script(s) for tampering injection data " )
2010-11-08 13:11:43 +03:00
# Detection options
2019-06-11 02:45:23 +03:00
detection = parser . add_argument_group ( " Detection " , " These options can be used to customize the detection phase " )
2010-11-08 13:11:43 +03:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --level " , dest = " level " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Level of tests to perform (1-5, default %d ) " % defaults . level )
2010-11-28 21:10:54 +03:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --risk " , dest = " risk " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Risk of tests to perform (1-3, default %d ) " % defaults . risk )
2010-11-28 21:10:54 +03:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --string " , dest = " string " ,
2019-07-12 15:19:25 +03:00
help = " String to match when query is evaluated to True " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --not-string " , dest = " notString " ,
2019-07-12 15:19:25 +03:00
help = " String to match when query is evaluated to False " )
2012-07-26 14:06:02 +04:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --regexp " , dest = " regexp " ,
2019-07-12 15:19:25 +03:00
help = " Regexp to match when query is evaluated to True " )
2008-12-05 18:34:13 +03:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --code " , dest = " code " , type = int ,
2019-07-12 15:19:25 +03:00
help = " HTTP code to match when query is evaluated to True " )
2011-08-12 20:48:11 +04:00
2019-08-13 15:55:26 +03:00
detection . add_argument ( " --smart " , dest = " smart " , action = " store_true " ,
help = " Perform thorough tests only if positive heuristic(s) " )
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --text-only " , dest = " textOnly " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Compare pages based only on the textual content " )
2010-10-12 23:41:29 +04:00
2019-06-11 02:45:23 +03:00
detection . add_argument ( " --titles " , dest = " titles " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Compare pages based only on their titles " )
2011-06-11 03:18:43 +04:00
2008-11-12 03:36:50 +03:00
# Techniques options
2019-06-11 02:45:23 +03:00
techniques = parser . add_argument_group ( " Techniques " , " These options can be used to tweak testing of specific SQL injection techniques " )
2008-11-12 03:36:50 +03:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --technique " , dest = " technique " ,
2019-07-12 15:19:25 +03:00
help = " SQL injection techniques to use (default \" %s \" ) " % defaults . technique )
2011-04-06 18:41:44 +04:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --time-sec " , dest = " timeSec " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Seconds to delay the DBMS response (default %d ) " % defaults . timeSec )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --union-cols " , dest = " uCols " ,
2019-07-12 15:19:25 +03:00
help = " Range of columns to test for UNION query SQL injection " )
2010-11-14 02:24:41 +03:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --union-char " , dest = " uChar " ,
2019-07-12 15:19:25 +03:00
help = " Character to use for bruteforcing number of columns " )
2010-11-19 17:56:20 +03:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --union-from " , dest = " uFrom " ,
2019-07-12 15:19:25 +03:00
help = " Table to use in FROM part of UNION query SQL injection " )
2013-03-21 14:28:44 +04:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --dns-domain " , dest = " dnsDomain " ,
2019-07-12 15:19:25 +03:00
help = " Domain name used for DNS exfiltration attack " )
2012-05-27 22:41:06 +04:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --second-url " , dest = " secondUrl " ,
2019-07-12 15:19:25 +03:00
help = " Resulting page URL searched for second-order response " )
2012-07-26 16:07:05 +04:00
2019-06-11 02:45:23 +03:00
techniques . add_argument ( " --second-req " , dest = " secondReq " ,
2019-07-12 15:19:25 +03:00
help = " Load second-order HTTP request from file " )
2018-06-19 17:23:17 +03:00
2008-10-15 19:38:22 +04:00
# Fingerprint options
2019-06-11 02:45:23 +03:00
fingerprint = parser . add_argument_group ( " Fingerprint " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
fingerprint . add_argument ( " -f " , " --fingerprint " , dest = " extensiveFp " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Perform an extensive DBMS version fingerprint " )
2008-10-15 19:38:22 +04:00
# Enumeration options
2019-11-20 19:28:25 +03:00
enumeration = parser . add_argument_group ( " Enumeration " , " These options can be used to enumerate the back-end database management system information, structure and data contained in the tables " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -a " , " --all " , dest = " getAll " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve everything " )
2012-10-05 12:24:09 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -b " , " --banner " , dest = " getBanner " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve DBMS banner " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --current-user " , dest = " getCurrentUser " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve DBMS current user " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --current-db " , dest = " getCurrentDb " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve DBMS current database " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --hostname " , dest = " getHostname " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve DBMS server hostname " )
2012-07-12 03:01:57 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --is-dba " , dest = " isDba " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Detect if the DBMS current user is DBA " )
2008-12-18 23:41:11 +03:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --users " , dest = " getUsers " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS users " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --passwords " , dest = " getPasswordHashes " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS users password hashes " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --privileges " , dest = " getPrivileges " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS users privileges " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --roles " , dest = " getRoles " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS users roles " )
2010-03-25 18:46:06 +03:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --dbs " , dest = " getDbs " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS databases " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --tables " , dest = " getTables " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS database tables " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --columns " , dest = " getColumns " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS database table columns " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --schema " , dest = " getSchema " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Enumerate DBMS schema " )
2011-04-29 03:59:00 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --count " , dest = " getCount " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve number of entries for table(s) " )
2011-04-30 04:22:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --dump " , dest = " dumpTable " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Dump DBMS database table entries " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --dump-all " , dest = " dumpAll " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Dump all DBMS databases tables entries " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --search " , dest = " search " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Search column(s), table(s) and/or database name(s) " )
2010-05-07 17:40:57 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --comments " , dest = " getComments " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check for DBMS comments during enumeration " )
2013-07-29 20:25:27 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --statements " , dest = " getStatements " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Retrieve SQL statements being run on DBMS " )
2019-05-29 16:52:33 +03:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -D " , dest = " db " ,
2019-07-12 15:19:25 +03:00
help = " DBMS database to enumerate " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -T " , dest = " tbl " ,
2019-07-12 15:19:25 +03:00
help = " DBMS database table(s) to enumerate " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -C " , dest = " col " ,
2019-07-12 15:19:25 +03:00
help = " DBMS database table column(s) to enumerate " )
2014-01-13 13:05:49 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -X " , dest = " exclude " ,
2019-07-12 15:19:25 +03:00
help = " DBMS database identifier(s) to not enumerate " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " -U " , dest = " user " ,
2019-07-12 15:19:25 +03:00
help = " DBMS user to enumerate " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --exclude-sysdbs " , dest = " excludeSysDbs " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Exclude DBMS system databases when enumerating tables " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --pivot-column " , dest = " pivotColumn " ,
2019-07-12 15:19:25 +03:00
help = " Pivot column name " )
2016-05-03 13:37:10 +03:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --where " , dest = " dumpWhere " ,
2019-07-12 15:19:25 +03:00
help = " Use WHERE condition while table dumping " )
2014-02-11 19:20:45 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --start " , dest = " limitStart " , type = int ,
2019-07-12 15:19:25 +03:00
help = " First dump table entry to retrieve " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --stop " , dest = " limitStop " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Last dump table entry to retrieve " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --first " , dest = " firstChar " , type = int ,
2019-07-12 15:19:25 +03:00
help = " First query output word character to retrieve " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --last " , dest = " lastChar " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Last query output word character to retrieve " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --sql-query " , dest = " sqlQuery " ,
2019-07-12 15:19:25 +03:00
help = " SQL statement to be executed " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --sql-shell " , dest = " sqlShell " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Prompt for an interactive SQL shell " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
enumeration . add_argument ( " --sql-file " , dest = " sqlFile " ,
2019-07-12 15:19:25 +03:00
help = " Execute SQL statements from given file(s) " )
2012-07-10 03:27:08 +04:00
2014-12-15 15:07:38 +03:00
# Brute force options
2019-06-11 02:45:23 +03:00
brute = parser . add_argument_group ( " Brute force " , " These options can be used to run brute force checks " )
2010-11-09 19:15:55 +03:00
2019-06-11 02:45:23 +03:00
brute . add_argument ( " --common-tables " , dest = " commonTables " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check existence of common tables " )
2010-09-30 16:35:45 +04:00
2019-06-11 02:45:23 +03:00
brute . add_argument ( " --common-columns " , dest = " commonColumns " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check existence of common columns " )
2010-09-30 16:35:45 +04:00
2019-06-27 18:28:43 +03:00
brute . add_argument ( " --common-files " , dest = " commonFiles " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check existence of common files " )
2019-06-27 18:28:43 +03:00
2009-09-26 03:03:45 +04:00
# User-defined function options
2019-06-11 02:45:23 +03:00
udf = parser . add_argument_group ( " User-defined function injection " , " These options can be used to create custom user-defined functions " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
udf . add_argument ( " --udf-inject " , dest = " udfInject " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Inject custom user-defined functions " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
udf . add_argument ( " --shared-lib " , dest = " shLib " ,
2019-07-12 15:19:25 +03:00
help = " Local path of the shared library " )
2008-12-09 00:24:24 +03:00
2008-10-15 19:38:22 +04:00
# File system options
2019-06-11 02:45:23 +03:00
filesystem = parser . add_argument_group ( " File system access " , " These options can be used to access the back-end database management system underlying file system " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
filesystem . add_argument ( " --file-read " , dest = " fileRead " ,
2019-07-12 15:19:25 +03:00
help = " Read a file from the back-end DBMS file system " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
filesystem . add_argument ( " --file-write " , dest = " fileWrite " ,
2019-07-12 15:19:25 +03:00
help = " Write a local file on the back-end DBMS file system " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
filesystem . add_argument ( " --file-dest " , dest = " fileDest " ,
2019-07-12 15:19:25 +03:00
help = " Back-end DBMS absolute filepath to write to " )
2008-12-09 00:24:24 +03:00
2008-10-15 19:38:22 +04:00
# Takeover options
2019-06-11 02:45:23 +03:00
takeover = parser . add_argument_group ( " Operating system access " , " These options can be used to access the back-end database management system underlying operating system " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --os-cmd " , dest = " osCmd " ,
2019-07-12 15:19:25 +03:00
help = " Execute an operating system command " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --os-shell " , dest = " osShell " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Prompt for an interactive operating system shell " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --os-pwn " , dest = " osPwn " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Prompt for an OOB shell, Meterpreter or VNC " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --os-smbrelay " , dest = " osSmb " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " One click prompt for an OOB shell, Meterpreter or VNC " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --os-bof " , dest = " osBof " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Stored procedure buffer overflow "
2009-04-22 15:48:07 +04:00
" exploitation " )
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --priv-esc " , dest = " privEsc " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Database process user privilege escalation " )
2009-04-22 15:48:07 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --msf-path " , dest = " msfPath " ,
2019-07-12 15:19:25 +03:00
help = " Local path where Metasploit Framework is installed " )
2008-10-15 19:38:22 +04:00
2019-06-11 02:45:23 +03:00
takeover . add_argument ( " --tmp-path " , dest = " tmpPath " ,
2019-07-12 15:19:25 +03:00
help = " Remote absolute path of temporary files directory " )
2008-12-09 00:24:24 +03:00
2009-09-26 03:03:45 +04:00
# Windows registry options
2019-06-11 02:45:23 +03:00
windows = parser . add_argument_group ( " Windows registry access " , " These options can be used to access the back-end database management system Windows registry " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-read " , dest = " regRead " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Read a Windows registry key value " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-add " , dest = " regAdd " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Write a Windows registry key value data " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-del " , dest = " regDel " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Delete a Windows registry key value " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-key " , dest = " regKey " ,
2019-07-12 15:19:25 +03:00
help = " Windows registry key " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-value " , dest = " regVal " ,
2019-07-12 15:19:25 +03:00
help = " Windows registry key value " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-data " , dest = " regData " ,
2019-07-12 15:19:25 +03:00
help = " Windows registry key value data " )
2009-09-26 03:03:45 +04:00
2019-06-11 02:45:23 +03:00
windows . add_argument ( " --reg-type " , dest = " regType " ,
2019-07-12 15:19:25 +03:00
help = " Windows registry key value type " )
2009-09-26 03:03:45 +04:00
2010-11-16 17:11:32 +03:00
# General options
2019-06-11 02:45:23 +03:00
general = parser . add_argument_group ( " General " , " These options can be used to set some general working parameters " )
2010-11-16 17:11:32 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " -s " , dest = " sessionFile " ,
2019-07-12 15:19:25 +03:00
help = " Load session from a stored (.sqlite) file " )
2013-03-15 20:22:33 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " -t " , dest = " trafficFile " ,
2019-07-12 15:19:25 +03:00
help = " Log all HTTP traffic into a textual file " )
2010-11-16 17:11:32 +03:00
2023-01-23 18:40:41 +03:00
general . add_argument ( " --abort-on-empty " , dest = " abortOnEmpty " , action = " store_true " ,
help = " Abort data retrieval on empty results " )
2019-08-13 15:55:26 +03:00
general . add_argument ( " --answers " , dest = " answers " ,
help = " Set predefined answers (e.g. \" quit=N,follow=N \" ) " )
2020-04-16 00:32:15 +03:00
general . add_argument ( " --base64 " , dest = " base64Parameter " ,
help = " Parameter(s) containing Base64 encoded data " )
2020-08-10 23:26:03 +03:00
general . add_argument ( " --base64-safe " , dest = " base64Safe " , action = " store_true " ,
2020-09-04 13:45:33 +03:00
help = " Use URL and filename safe Base64 alphabet (RFC 4648) " )
2020-08-10 23:26:03 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --batch " , dest = " batch " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Never ask for user input, use the default behavior " )
2011-05-18 02:55:22 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --binary-fields " , dest = " binaryFields " ,
2019-07-12 15:19:25 +03:00
help = " Result fields having binary values (e.g. \" digest \" ) " )
2016-05-03 13:52:46 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --check-internet " , dest = " checkInternet " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check Internet connection before assessing the target " )
2017-05-08 00:12:42 +03:00
2019-08-13 15:55:26 +03:00
general . add_argument ( " --cleanup " , dest = " cleanup " , action = " store_true " ,
help = " Clean up the DBMS from sqlmap specific UDF and tables " )
2019-06-11 02:45:23 +03:00
general . add_argument ( " --crawl " , dest = " crawlDepth " , type = int ,
2019-07-12 15:19:25 +03:00
help = " Crawl the website starting from the target URL " )
2015-04-06 23:07:22 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --crawl-exclude " , dest = " crawlExclude " ,
2019-07-12 15:19:25 +03:00
help = " Regexp to exclude pages from crawling (e.g. \" logout \" ) " )
2011-07-06 09:44:47 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --csv-del " , dest = " csvDel " ,
2019-07-12 15:19:25 +03:00
help = " Delimiting character used in CSV output (default \" %s \" ) " % defaults . csvDel )
2011-11-30 21:39:41 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --charset " , dest = " charset " ,
2019-07-12 15:19:25 +03:00
help = " Blind SQL injection charset (e.g. \" 0123456789abcdef \" ) " )
2017-09-21 15:35:24 +03:00
2022-11-21 02:03:36 +03:00
general . add_argument ( " --dump-file " , dest = " dumpFile " ,
help = " Store dumped data to a custom file " )
2019-06-11 02:45:23 +03:00
general . add_argument ( " --dump-format " , dest = " dumpFormat " ,
2019-07-12 15:19:25 +03:00
help = " Format of dumped data (CSV (default), HTML or SQLITE) " )
2012-11-28 13:58:18 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --encoding " , dest = " encoding " ,
2019-07-12 15:19:25 +03:00
help = " Character encoding used for data retrieval (e.g. GBK) " )
2017-09-21 15:35:24 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --eta " , dest = " eta " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Display for each output the estimated time of arrival " )
2010-11-16 17:11:32 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --flush-session " , dest = " flushSession " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Flush session files for current target " )
2011-05-18 02:55:22 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --forms " , dest = " forms " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Parse and test forms on target URL " )
2011-07-06 09:44:47 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --fresh-queries " , dest = " freshQueries " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Ignore query results stored in session file " )
2010-11-16 17:11:32 +03:00
2019-08-13 15:55:26 +03:00
general . add_argument ( " --gpage " , dest = " googlePage " , type = int ,
help = " Use Google dork results from specified page number " )
2019-06-11 02:45:23 +03:00
general . add_argument ( " --har " , dest = " harFile " ,
2019-07-12 15:19:25 +03:00
help = " Log all HTTP traffic into a HAR file " )
2017-07-03 17:55:24 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --hex " , dest = " hexConvert " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Use hex conversion during data retrieval " )
2012-02-21 15:44:48 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --output-dir " , dest = " outputDir " , action = " store " ,
2019-07-12 15:19:25 +03:00
help = " Custom output directory path " )
2012-07-03 02:50:23 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --parse-errors " , dest = " parseErrors " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Parse and display DBMS error messages from responses " )
2011-07-06 09:44:47 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --preprocess " , dest = " preprocess " ,
2020-09-21 18:11:11 +03:00
help = " Use given script(s) for preprocessing (request) " )
2020-09-21 18:04:44 +03:00
general . add_argument ( " --postprocess " , dest = " postprocess " ,
2020-09-21 18:11:11 +03:00
help = " Use given script(s) for postprocessing (response) " )
2019-03-04 17:24:12 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --repair " , dest = " repair " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Redump entries having unknown character marker ( %s ) " % INFERENCE_UNKNOWN_CHAR )
2019-02-19 02:21:37 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --save " , dest = " saveConfig " ,
2019-07-12 15:19:25 +03:00
help = " Save options to a configuration INI file " )
2010-11-16 17:11:32 +03:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --scope " , dest = " scope " ,
2020-03-05 00:43:50 +03:00
help = " Regexp for filtering targets " )
2013-04-30 16:32:11 +04:00
2020-11-10 00:11:11 +03:00
general . add_argument ( " --skip-heuristics " , dest = " skipHeuristics " , action = " store_true " ,
2021-03-11 22:14:27 +03:00
help = " Skip heuristic detection of vulnerabilities " )
2020-11-10 00:11:11 +03:00
2019-08-13 15:55:26 +03:00
general . add_argument ( " --skip-waf " , dest = " skipWaf " , action = " store_true " ,
help = " Skip heuristic detection of WAF/IPS protection " )
2019-08-13 16:22:02 +03:00
general . add_argument ( " --table-prefix " , dest = " tablePrefix " ,
help = " Prefix used for temporary tables (default: \" %s \" ) " % defaults . tablePrefix )
2019-06-11 02:45:23 +03:00
general . add_argument ( " --test-filter " , dest = " testFilter " ,
2019-07-12 15:19:25 +03:00
help = " Select tests by payloads and/or titles (e.g. ROW) " )
2013-04-30 16:32:11 +04:00
2019-06-11 02:45:23 +03:00
general . add_argument ( " --test-skip " , dest = " testSkip " ,
2019-07-12 15:19:25 +03:00
help = " Skip tests by payloads and/or titles (e.g. BENCHMARK) " )
2015-10-01 12:57:33 +03:00
2019-08-13 15:55:26 +03:00
general . add_argument ( " --web-root " , dest = " webRoot " ,
help = " Web server document root directory (e.g. \" /var/www \" ) " )
2010-11-16 17:11:32 +03:00
2010-10-16 03:26:48 +04:00
# Miscellaneous options
2019-08-13 15:55:26 +03:00
miscellaneous = parser . add_argument_group ( " Miscellaneous " , " These options do not fit into any other category " )
2010-09-16 14:23:51 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " -z " , dest = " mnemonics " ,
2019-07-12 15:19:25 +03:00
help = " Use short mnemonics (e.g. \" flu,bat,ban,tec=EU \" ) " )
2011-06-15 15:58:50 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --alert " , dest = " alert " ,
2019-07-12 15:19:25 +03:00
help = " Run host OS command(s) when SQL injection is found " )
2012-12-11 15:48:58 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --beep " , dest = " beep " , action = " store_true " ,
2021-03-11 22:14:27 +03:00
help = " Beep on question and/or when vulnerability is found " )
2012-12-11 15:02:06 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --dependencies " , dest = " dependencies " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Check for missing (optional) sqlmap dependencies " )
2011-06-27 12:21:33 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --disable-coloring " , dest = " disableColoring " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Disable console output coloring " )
2012-08-16 00:31:25 +04:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --list-tampers " , dest = " listTampers " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Display list of available tamper scripts " )
2018-07-31 03:18:33 +03:00
2022-03-25 21:10:46 +03:00
miscellaneous . add_argument ( " --no-logging " , dest = " noLogging " , action = " store_true " ,
help = " Disable logging to a file " )
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --offline " , dest = " offline " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Work in offline mode (only use session data) " )
2015-07-10 17:10:24 +03:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --purge " , dest = " purge " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Safely remove all content from sqlmap data directory " )
2012-04-23 18:24:23 +04:00
2019-11-01 19:27:30 +03:00
miscellaneous . add_argument ( " --results-file " , dest = " resultsFile " ,
help = " Location of CSV results file in multiple targets mode " )
2021-02-11 15:00:54 +03:00
miscellaneous . add_argument ( " --shell " , dest = " shell " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Prompt for an interactive sqlmap shell " )
2016-05-31 15:55:56 +03:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --tmp-dir " , dest = " tmpDir " ,
2019-07-12 15:19:25 +03:00
help = " Local directory for storing temporary files " )
2014-09-16 16:12:43 +04:00
2019-10-23 15:41:14 +03:00
miscellaneous . add_argument ( " --unstable " , dest = " unstable " , action = " store_true " ,
help = " Adjust options for unstable connections " )
2019-08-13 15:55:26 +03:00
miscellaneous . add_argument ( " --update " , dest = " updateAll " , action = " store_true " ,
help = " Update sqlmap " )
2017-03-01 12:07:26 +03:00
2019-06-11 02:45:23 +03:00
miscellaneous . add_argument ( " --wizard " , dest = " wizard " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = " Simple wizard interface for beginner users " )
2011-03-29 15:42:55 +04:00
2010-05-21 13:35:36 +04:00
# Hidden and/or experimental options
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --crack " , dest = " hashFile " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS ) # "Load and crack hashes from a file (standalone)"
2018-12-17 19:38:47 +03:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --dummy " , dest = " dummy " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2013-02-28 23:20:08 +04:00
2021-03-04 01:08:00 +03:00
parser . add_argument ( " --yuge " , dest = " yuge " , action = " store_true " ,
help = SUPPRESS )
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --murphy-rate " , dest = " murphyRate " , type = int ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2016-09-27 15:03:59 +03:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --debug " , dest = " debug " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2019-05-08 13:28:50 +03:00
2021-01-21 12:14:24 +03:00
parser . add_argument ( " --deprecations " , dest = " deprecations " , action = " store_true " ,
help = SUPPRESS )
2020-03-13 00:36:12 +03:00
parser . add_argument ( " --disable-multi " , dest = " disableMulti " , action = " store_true " ,
help = SUPPRESS )
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --disable-precon " , dest = " disablePrecon " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2015-12-02 14:05:40 +03:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --disable-stats " , dest = " disableStats " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2017-02-14 15:14:35 +03:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --profile " , dest = " profile " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2021-02-22 00:49:57 +03:00
parser . add_argument ( " --localhost " , dest = " localhost " , action = " store_true " ,
help = SUPPRESS )
2010-05-21 13:35:36 +04:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --force-dbms " , dest = " forceDbms " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2017-08-28 13:30:42 +03:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --force-dns " , dest = " forceDns " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2010-05-21 13:35:36 +04:00
2019-07-18 12:58:40 +03:00
parser . add_argument ( " --force-partial " , dest = " forcePartial " , action = " store_true " ,
help = SUPPRESS )
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --force-pivoting " , dest = " forcePivoting " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2018-04-17 18:08:57 +03:00
2021-12-31 11:44:05 +03:00
parser . add_argument ( " --ignore-stdin " , dest = " ignoreStdin " , action = " store_true " ,
help = SUPPRESS )
2020-01-08 12:37:59 +03:00
parser . add_argument ( " --non-interactive " , dest = " nonInteractive " , action = " store_true " ,
help = SUPPRESS )
2019-11-20 18:46:24 +03:00
parser . add_argument ( " --gui " , dest = " gui " , action = " store_true " ,
help = SUPPRESS )
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --smoke-test " , dest = " smokeTest " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2010-07-30 16:49:25 +04:00
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --vuln-test " , dest = " vulnTest " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2019-04-19 14:28:11 +03:00
2022-11-29 17:12:18 +03:00
parser . add_argument ( " --disable-json " , dest = " disableJson " , action = " store_true " ,
help = SUPPRESS )
2017-04-10 15:50:17 +03:00
# API options
2019-06-11 02:45:23 +03:00
parser . add_argument ( " --api " , dest = " api " , action = " store_true " ,
2019-07-12 15:19:25 +03:00
help = SUPPRESS )
2008-10-15 19:38:22 +04:00
2019-07-12 15:19:25 +03:00
parser . add_argument ( " --taskid " , dest = " taskid " ,
help = SUPPRESS )
2019-06-11 02:45:23 +03:00
2019-07-12 15:19:25 +03:00
parser . add_argument ( " --database " , dest = " database " ,
help = SUPPRESS )
2012-07-24 17:34:50 +04:00
2019-06-11 02:45:23 +03:00
# Dirty hack to display longer options without breaking into two lines
if hasattr ( parser , " formatter " ) :
def _ ( self , * args ) :
retVal = parser . formatter . _format_option_strings ( * args )
if len ( retVal ) > MAX_HELP_OPTION_LENGTH :
retVal = ( " %% . %d s.. " % ( MAX_HELP_OPTION_LENGTH - parser . formatter . indent_increment ) ) % retVal
return retVal
parser . formatter . _format_option_strings = parser . formatter . format_option_strings
parser . formatter . format_option_strings = type ( parser . formatter . format_option_strings ) ( _ , parser )
else :
def _format_action_invocation ( self , action ) :
retVal = self . __format_action_invocation ( action )
if len ( retVal ) > MAX_HELP_OPTION_LENGTH :
retVal = ( " %% . %d s.. " % ( MAX_HELP_OPTION_LENGTH - self . _indent_increment ) ) % retVal
return retVal
parser . formatter_class . __format_action_invocation = parser . formatter_class . _format_action_invocation
parser . formatter_class . _format_action_invocation = _format_action_invocation
2012-07-24 17:34:50 +04:00
2016-05-24 16:18:19 +03:00
# Dirty hack for making a short option '-hh'
2019-06-11 02:45:23 +03:00
if hasattr ( parser , " get_option " ) :
option = parser . get_option ( " --hh " )
option . _short_opts = [ " -hh " ]
option . _long_opts = [ ]
else :
for action in get_actions ( parser ) :
if action . option_strings == [ " --hh " ] :
action . option_strings = [ " -hh " ]
break
2012-07-03 14:09:18 +04:00
2019-07-12 15:19:25 +03:00
# Dirty hack for inherent help message of switch '-h'
2019-06-11 02:45:23 +03:00
if hasattr ( parser , " get_option " ) :
option = parser . get_option ( " -h " )
option . help = option . help . capitalize ( ) . replace ( " this help " , " basic help " )
else :
for action in get_actions ( parser ) :
if action . option_strings == [ " -h " , " --help " ] :
action . help = action . help . capitalize ( ) . replace ( " this help " , " basic help " )
break
2012-07-03 14:49:35 +04:00
2015-09-10 16:01:30 +03:00
_ = [ ]
2012-07-03 14:29:42 +04:00
advancedHelp = True
2015-07-07 10:24:16 +03:00
extraHeaders = [ ]
2020-08-28 15:46:59 +03:00
auxIndexes = { }
2011-02-20 00:06:24 +03:00
2017-06-29 16:33:34 +03:00
# Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
2015-09-10 16:01:30 +03:00
for arg in argv :
2017-06-29 16:33:34 +03:00
_ . append ( getUnicode ( arg , encoding = sys . stdin . encoding ) )
2011-02-20 00:06:24 +03:00
2015-09-10 16:01:30 +03:00
argv = _
2019-06-06 14:08:56 +03:00
checkOldOptions ( argv )
2012-11-28 14:10:57 +04:00
2019-11-20 18:46:24 +03:00
if " --gui " in argv :
2019-11-21 13:41:46 +03:00
from lib . core . gui import runGui
2019-12-04 01:30:28 +03:00
2019-11-20 18:46:24 +03:00
runGui ( parser )
2012-07-03 14:09:18 +04:00
2019-12-04 01:30:28 +03:00
raise SqlmapSilentQuitException
2019-11-21 17:58:04 +03:00
2021-02-11 15:00:54 +03:00
elif " --shell " in argv :
2019-07-16 15:02:16 +03:00
_createHomeDirectories ( )
2014-09-16 18:21:29 +04:00
parser . usage = " "
2014-09-16 16:12:43 +04:00
cmdLineOptions . sqlmapShell = True
2019-09-27 22:35:21 +03:00
commands = set ( ( " x " , " q " , " exit " , " quit " , " clear " ) )
commands . update ( get_all_options ( parser ) )
2014-09-16 16:12:43 +04:00
2019-09-27 22:35:21 +03:00
autoCompletion ( AUTOCOMPLETE_TYPE . SQLMAP , commands = commands )
2014-09-16 16:12:43 +04:00
while True :
command = None
2021-02-11 15:00:54 +03:00
prompt = " sqlmap > "
2014-09-16 16:12:43 +04:00
try :
2019-05-14 17:08:12 +03:00
# Note: in Python2 command should not be converted to Unicode before passing to shlex (Reference: https://bugs.python.org/issue1170)
2021-02-11 15:00:54 +03:00
command = _input ( prompt ) . strip ( )
2014-09-16 16:12:43 +04:00
except ( KeyboardInterrupt , EOFError ) :
2019-01-22 03:28:24 +03:00
print ( )
2014-09-16 16:12:43 +04:00
raise SqlmapShellQuitException
2021-02-11 15:00:54 +03:00
command = re . sub ( r " (?i) \ Anew \ s+ " , " " , command or " " )
2014-09-16 16:12:43 +04:00
if not command :
continue
elif command . lower ( ) == " clear " :
2016-02-23 11:57:06 +03:00
clearHistory ( )
2016-06-10 19:41:41 +03:00
dataToStdout ( " [i] history cleared \n " )
2014-09-16 17:17:50 +04:00
saveHistory ( AUTOCOMPLETE_TYPE . SQLMAP )
2014-09-16 16:12:43 +04:00
elif command . lower ( ) in ( " x " , " q " , " exit " , " quit " ) :
raise SqlmapShellQuitException
elif command [ 0 ] != ' - ' :
2021-02-11 15:00:54 +03:00
if not re . search ( r " (?i) \ A( \ ?|help) \ Z " , command ) :
dataToStdout ( " [!] invalid option(s) provided \n " )
dataToStdout ( " [i] valid example: ' -u http://www.site.com/vuln.php?id=1 --banner ' \n " )
2014-09-16 16:12:43 +04:00
else :
2014-09-16 17:17:50 +04:00
saveHistory ( AUTOCOMPLETE_TYPE . SQLMAP )
loadHistory ( AUTOCOMPLETE_TYPE . SQLMAP )
2014-09-16 16:12:43 +04:00
break
2014-12-15 11:11:40 +03:00
try :
for arg in shlex . split ( command ) :
argv . append ( getUnicode ( arg , encoding = sys . stdin . encoding ) )
2019-01-22 02:40:48 +03:00
except ValueError as ex :
2019-05-03 01:48:46 +03:00
raise SqlmapSyntaxException ( " something went wrong during command line parsing ( ' %s ' ) " % getSafeExString ( ex ) )
2014-09-16 16:12:43 +04:00
2020-05-14 18:48:07 +03:00
longOptions = set ( re . findall ( r " \ - \ -([^= ]+?)= " , parser . format_help ( ) ) )
longSwitches = set ( re . findall ( r " \ - \ -([^= ]+?) \ s " , parser . format_help ( ) ) )
2014-09-16 18:18:13 +04:00
for i in xrange ( len ( argv ) ) :
2020-05-14 20:20:16 +03:00
# Reference: https://en.wiktionary.org/wiki/-
2020-12-18 13:38:54 +03:00
argv [ i ] = re . sub ( u " \\ A( \u2010 | \u2013 | \u2212 | \u2014 | \u4e00 | \u1680 | \uFE63 | \uFF0D )+ " , lambda match : ' - ' * len ( match . group ( 0 ) ) , argv [ i ] )
2020-05-14 18:48:07 +03:00
# Reference: https://unicode-table.com/en/sets/quotation-marks/
2022-03-21 17:31:13 +03:00
argv [ i ] = argv [ i ] . strip ( u " \u00AB \u2039 \u00BB \u203A \u201E \u201C \u201F \u201D \u2019 \u275D \u275E \u276E \u276F \u2E42 \u301D \u301E \u301F \uFF02 \u201A \u2018 \u201B \u275B \u275C " )
2020-05-14 18:48:07 +03:00
2014-09-16 18:18:13 +04:00
if argv [ i ] == " -hh " :
argv [ i ] = " -h "
2019-10-04 14:51:12 +03:00
elif i == 1 and re . search ( r " \ A(http|www \ .| \ w[ \ w.-]+ \ . \ w { 2,}) " , argv [ i ] ) is not None :
2019-10-01 16:37:09 +03:00
argv [ i ] = " --url= %s " % argv [ i ]
2016-11-18 00:34:10 +03:00
elif len ( argv [ i ] ) > 1 and all ( ord ( _ ) in xrange ( 0x2018 , 0x2020 ) for _ in ( ( argv [ i ] . split ( ' = ' , 1 ) [ - 1 ] . strip ( ) or ' ' ) [ 0 ] , argv [ i ] [ - 1 ] ) ) :
2020-05-14 18:15:33 +03:00
dataToStdout ( " [!] copy-pasting illegal (non-console) quote characters from Internet is illegal ( %s ) \n " % argv [ i ] )
2016-10-14 00:07:11 +03:00
raise SystemExit
2017-01-16 15:53:46 +03:00
elif len ( argv [ i ] ) > 1 and u " \uff0c " in argv [ i ] . split ( ' = ' , 1 ) [ - 1 ] :
2020-05-14 18:15:33 +03:00
dataToStdout ( " [!] copy-pasting illegal (non-console) comma characters from Internet is illegal ( %s ) \n " % argv [ i ] )
raise SystemExit
2015-08-19 22:00:16 +03:00
elif re . search ( r " \ A- \ w=.+ " , argv [ i ] ) :
2016-06-10 19:41:41 +03:00
dataToStdout ( " [!] potentially miswritten (illegal ' = ' ) short option detected ( ' %s ' ) \n " % argv [ i ] )
raise SystemExit
2019-11-21 12:46:26 +03:00
elif re . search ( r " \ A- \ w { 3,} " , argv [ i ] ) :
if argv [ i ] . strip ( ' - ' ) . split ( ' = ' ) [ 0 ] in ( longOptions | longSwitches ) :
argv [ i ] = " - %s " % argv [ i ]
2020-02-03 18:54:00 +03:00
elif argv [ i ] in IGNORED_OPTIONS :
argv [ i ] = " "
2019-06-06 14:08:56 +03:00
elif argv [ i ] in DEPRECATED_OPTIONS :
argv [ i ] = " "
2020-11-20 14:52:02 +03:00
elif argv [ i ] . startswith ( " --data-raw " ) :
argv [ i ] = argv [ i ] . replace ( " --data-raw " , " --data " , 1 )
2021-03-11 22:41:05 +03:00
elif argv [ i ] . startswith ( " --auth-creds " ) :
argv [ i ] = argv [ i ] . replace ( " --auth-creds " , " --auth-cred " , 1 )
2020-11-24 16:07:30 +03:00
elif argv [ i ] . startswith ( " --drop-cookie " ) :
argv [ i ] = argv [ i ] . replace ( " --drop-cookie " , " --drop-set-cookie " , 1 )
2023-07-06 11:43:43 +03:00
elif re . search ( r " \ A--tamper[^= \ s] " , argv [ i ] ) :
argv [ i ] = " "
continue
2022-10-07 21:12:12 +03:00
elif re . search ( r " \ A(--(tamper|ignore-code|skip))(?!-) " , argv [ i ] ) :
2020-09-07 00:21:12 +03:00
key = re . search ( r " \ -? \ -( \ w+) \ b " , argv [ i ] ) . group ( 1 )
2020-08-28 15:46:59 +03:00
index = auxIndexes . get ( key , None )
if index is None :
index = i if ' = ' in argv [ i ] else ( i + 1 if i + 1 < len ( argv ) and not argv [ i + 1 ] . startswith ( ' - ' ) else None )
auxIndexes [ key ] = index
2018-09-24 15:00:58 +03:00
else :
2020-08-28 15:46:59 +03:00
delimiter = ' , '
argv [ index ] = " %s %s %s " % ( argv [ index ] , delimiter , argv [ i ] . split ( ' = ' ) [ 1 ] if ' = ' in argv [ i ] else ( argv [ i + 1 ] if i + 1 < len ( argv ) and not argv [ i + 1 ] . startswith ( ' - ' ) else " " ) )
2018-09-24 15:00:58 +03:00
argv [ i ] = " "
2020-08-28 15:24:43 +03:00
elif argv [ i ] in ( " -H " , " --header " ) or any ( argv [ i ] . startswith ( " %s = " % _ ) for _ in ( " -H " , " --header " ) ) :
if ' = ' in argv [ i ] :
extraHeaders . append ( argv [ i ] . split ( ' = ' , 1 ) [ 1 ] )
elif i + 1 < len ( argv ) :
2015-07-07 10:24:16 +03:00
extraHeaders . append ( argv [ i + 1 ] )
2019-12-10 15:54:29 +03:00
elif argv [ i ] == " --deps " :
argv [ i ] = " --dependencies "
2020-08-05 23:43:32 +03:00
elif argv [ i ] == " --disable-colouring " :
argv [ i ] = " --disable-coloring "
2019-04-18 12:18:00 +03:00
elif argv [ i ] == " -r " :
for j in xrange ( i + 2 , len ( argv ) ) :
value = argv [ j ]
if os . path . isfile ( value ) :
argv [ i + 1 ] + = " , %s " % value
argv [ j ] = ' '
else :
break
2014-12-21 07:15:42 +03:00
elif re . match ( r " \ A \ d+! \ Z " , argv [ i ] ) and argv [ max ( 0 , i - 1 ) ] == " --threads " or re . match ( r " \ A--threads.+ \ d+! \ Z " , argv [ i ] ) :
argv [ i ] = argv [ i ] [ : - 1 ]
conf . skipThreadCheck = True
2014-09-16 18:18:13 +04:00
elif argv [ i ] == " --version " :
2019-01-22 03:20:27 +03:00
print ( VERSION_STRING . split ( ' / ' ) [ - 1 ] )
2014-09-16 18:18:13 +04:00
raise SystemExit
2016-10-05 18:01:58 +03:00
elif argv [ i ] in ( " -h " , " --help " ) :
2014-09-16 18:18:13 +04:00
advancedHelp = False
2019-06-11 02:45:23 +03:00
for group in get_groups ( parser ) [ : ] :
2014-09-16 18:18:13 +04:00
found = False
2019-06-11 02:45:23 +03:00
for option in get_actions ( group ) :
2014-09-16 18:18:13 +04:00
if option . dest not in BASIC_HELP_ITEMS :
2019-06-11 02:45:23 +03:00
option . help = SUPPRESS
2014-09-16 18:18:13 +04:00
else :
found = True
if not found :
2019-06-11 02:45:23 +03:00
get_groups ( parser ) . remove ( group )
2020-12-17 15:50:33 +03:00
elif ' = ' in argv [ i ] and not argv [ i ] . startswith ( ' - ' ) and argv [ i ] . split ( ' = ' ) [ 0 ] in longOptions and re . search ( r " \ A- { 1,2} \ w " , argv [ i - 1 ] ) is None :
2019-09-27 22:59:20 +03:00
dataToStdout ( " [!] detected usage of long-option without a starting hyphen ( ' %s ' ) \n " % argv [ i ] )
raise SystemExit
2014-09-16 18:18:13 +04:00
2016-09-29 12:19:25 +03:00
for verbosity in ( _ for _ in argv if re . search ( r " \ A \ -v+ \ Z " , _ ) ) :
try :
if argv . index ( verbosity ) == len ( argv ) - 1 or not argv [ argv . index ( verbosity ) + 1 ] . isdigit ( ) :
2020-09-16 15:28:32 +03:00
conf . verbose = verbosity . count ( ' v ' )
2016-09-29 12:19:25 +03:00
del argv [ argv . index ( verbosity ) ]
except ( IndexError , ValueError ) :
pass
2012-07-03 14:21:40 +04:00
try :
2019-06-11 02:45:23 +03:00
( args , _ ) = parser . parse_known_args ( argv ) if hasattr ( parser , " parse_known_args " ) else parser . parse_args ( argv )
2019-01-22 02:40:48 +03:00
except UnicodeEncodeError as ex :
2019-05-15 01:12:00 +03:00
dataToStdout ( " \n [!] %s \n " % getUnicode ( ex . object . encode ( " unicode-escape " ) ) )
2014-10-31 03:01:35 +03:00
raise SystemExit
2012-07-03 14:21:40 +04:00
except SystemExit :
2014-09-16 18:18:13 +04:00
if " -h " in argv and not advancedHelp :
2016-06-10 19:41:41 +03:00
dataToStdout ( " \n [!] to see full list of options run with ' -hh ' \n " )
2012-07-03 14:21:40 +04:00
raise
2008-10-15 19:38:22 +04:00
2015-07-07 10:24:16 +03:00
if extraHeaders :
if not args . headers :
args . headers = " "
delimiter = " \\ n " if " \\ n " in args . headers else " \n "
args . headers + = delimiter + delimiter . join ( extraHeaders )
2012-07-03 14:09:18 +04:00
# Expand given mnemonic options (e.g. -z "ign,flu,bat")
2014-09-16 16:12:43 +04:00
for i in xrange ( len ( argv ) - 1 ) :
if argv [ i ] == " -z " :
expandMnemonics ( argv [ i + 1 ] , parser , args )
2011-06-15 15:58:50 +04:00
2013-02-28 23:20:08 +04:00
if args . dummy :
args . url = args . url or DUMMY_URL
2021-12-31 11:44:05 +03:00
if hasattr ( sys . stdin , " fileno " ) and not any ( ( os . isatty ( sys . stdin . fileno ( ) ) , args . api , args . ignoreStdin , " GITHUB_ACTIONS " in os . environ ) ) :
2021-10-08 17:24:54 +03:00
args . stdinPipe = iter ( sys . stdin . readline , None )
else :
args . stdinPipe = None
2020-10-14 12:34:52 +03:00
2021-09-29 18:23:38 +03:00
if not any ( ( args . direct , args . url , args . logFile , args . bulkFile , args . googleDork , args . configFile , args . requestFile , args . updateAll , args . smokeTest , args . vulnTest , args . wizard , args . dependencies , args . purge , args . listTampers , args . hashFile , args . stdinPipe ) ) :
2021-02-11 15:00:54 +03:00
errMsg = " missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). "
2018-07-31 03:18:33 +03:00
errMsg + = " Use -h for basic and -hh for advanced help \n "
2008-10-15 19:38:22 +04:00
parser . error ( errMsg )
return args
2011-03-29 03:09:19 +04:00
2019-06-11 02:45:23 +03:00
except ( ArgumentError , TypeError ) as ex :
2019-01-22 04:08:02 +03:00
parser . error ( ex )
2008-10-15 19:38:22 +04:00
2012-02-22 14:40:11 +04:00
except SystemExit :
2011-03-29 03:12:04 +04:00
# Protection against Windows dummy double clicking
2021-02-01 23:34:26 +03:00
if IS_WIN and " --non-interactive " not in sys . argv :
2016-06-10 19:41:41 +03:00
dataToStdout ( " \n Press Enter to continue... " )
2019-05-02 01:45:44 +03:00
_input ( )
2011-03-29 03:09:19 +04:00
raise
2008-10-15 19:38:22 +04:00
debugMsg = " parsing command line "
logger . debug ( debugMsg )