From 17bfda1b9c77b9eae2c109a1794bcd24cde2b8fb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 18 May 2015 20:57:15 +0200
Subject: [PATCH] Adding new switch ('--skip-static')

---
 lib/controller/controller.py | 7 ++++++-
 lib/core/optiondict.py       | 1 +
 lib/parse/cmdline.py         | 3 +++
 sqlmap.conf                  | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index b217438a9..3fb86150d 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -476,13 +476,18 @@ def start():
                             infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
+                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
                             check = checkDynParam(place, parameter, value)
 
                             if not check:
                                 warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                 logger.warn(warnMsg)
 
+                                if conf.skipStatic:
+                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
                             else:
                                 infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                 logger.info(infoMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 3fbc3de47..49eae9230 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -73,6 +73,7 @@ optDict = {
             "Injection":     {
                                "testParameter":     "string",
                                "skip":              "string",
+                               "skipStatic":        "boolean",
                                "dbms":              "string",
                                "dbmsCred":          "string",
                                "os":                "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index d252fe4fa..60cadde7b 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -252,6 +252,9 @@ def cmdLineParser():
         injection.add_option("--skip", dest="skip",
                              help="Skip testing for given parameter(s)")
 
+        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
+                             help="Skip testing parameters that not appear dynamic")
+
         injection.add_option("--dbms", dest="dbms",
                              help="Force back-end DBMS to this value")
 
diff --git a/sqlmap.conf b/sqlmap.conf
index 7f9e3d5f4..0fc5fb728 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -222,6 +222,10 @@ testParameter =
 # Skip testing for given parameter(s).
 skip =
 
+# Skip testing parameters that not appear dynamic.
+# Valid: True or False
+skipStatic = False
+
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.