Adding new switch ('--skip-static')

2024-11-22 01:26:42 +03:00 · 2015-05-18 20:57:15 +02:00 · 2015-05-18 20:57:15 +02:00 · 17bfda1b9c
commit 17bfda1b9c
parent e8f87bfa41
4 changed files with 14 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -476,13 +476,18 @@ def start():
                            infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)

-                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
+                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
                            check = checkDynParam(place, parameter, value)

                            if not check:
                                warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                logger.warn(warnMsg)

+                                if conf.skipStatic:
+                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
                            else:
                                infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                logger.info(infoMsg)
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -73,6 +73,7 @@ optDict = {
            "Injection":     {
                               "testParameter":     "string",
                               "skip":              "string",
+                               "skipStatic":        "boolean",
                               "dbms":              "string",
                               "dbmsCred":          "string",
                               "os":                "string",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -252,6 +252,9 @@ def cmdLineParser():
        injection.add_option("--skip", dest="skip",
                             help="Skip testing for given parameter(s)")

+        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
+                             help="Skip testing parameters that not appear dynamic")
+
        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to this value")

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -222,6 +222,10 @@ testParameter =
 # Skip testing for given parameter(s).
 skip =

+# Skip testing parameters that not appear dynamic.
+# Valid: True or False
+skipStatic = False
+
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.