diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 115346d99..3a5dcb26c 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -81,11 +81,11 @@ def cmdLineParser(): help="HTTP Cookie header") request.add_option("--cookie-urlencode", dest="cookieUrlencode", - action="store_true", + action="store_true", default=False, help="URL Encode generated cookie injections") request.add_option("--drop-set-cookie", dest="dropSetCookie", - action="store_true", + action="store_true", default=False, help="Ignore Set-Cookie header from response") request.add_option("--user-agent", dest="agent", @@ -114,7 +114,7 @@ def cmdLineParser(): "key_file,cert_file)") request.add_option("--keep-alive", dest="keepAlive", action="store_true", - help="Use persistent HTTP(s) connections") + default=False, help="Use persistent HTTP(s) connections") request.add_option("--proxy", dest="proxy", help="Use a HTTP proxy to connect to the target url") @@ -122,10 +122,9 @@ def cmdLineParser(): request.add_option("--proxy-cred", dest="pCred", help="Proxy authentication credentials " "(name:password)") - - request.add_option("--ignore-proxy", dest="ignoreProxy", - action="store_true", - help="Ignore system default HTTP proxy") + + request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", + default=False, help="Ignore system default HTTP proxy") request.add_option("--threads", dest="threads", type="int", default=1, help="Maximum number of concurrent HTTP " @@ -198,7 +197,7 @@ def cmdLineParser(): help="Use defined string for space instead of standard ' '") injection.add_option("--use-between", dest="useBetween", - action="store_true", + action="store_true", default=False, help="Use operator BETWEEN instead of default '>'") # Techniques options @@ -209,12 +208,12 @@ def cmdLineParser(): "the default blind SQL injection technique.") techniques.add_option("--stacked-test", dest="stackedTest", - action="store_true", + action="store_true", default=False, help="Test for stacked queries (multiple " "statements) support") techniques.add_option("--time-test", dest="timeTest", - action="store_true", + action="store_true", default=False, help="Test for time based blind SQL injection") techniques.add_option("--time-sec", dest="timeSec", @@ -223,14 +222,14 @@ def cmdLineParser(): "(default 5)") techniques.add_option("--union-test", dest="unionTest", - action="store_true", + action="store_true", default=False, help="Test for UNION query (inband) SQL injection") techniques.add_option("--union-tech", dest="uTech", help="Technique to test for UNION query SQL injection") techniques.add_option("--union-use", dest="unionUse", - action="store_true", + action="store_true", default=False, help="Use the UNION query (inband) SQL injection " "to retrieve the queries output. No " "need to go blind") @@ -239,7 +238,7 @@ def cmdLineParser(): fingerprint = OptionGroup(parser, "Fingerprint") fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", - action="store_true", + action="store_true", default=False, help="Perform an extensive DBMS version fingerprint") # Enumeration options @@ -250,52 +249,52 @@ def cmdLineParser(): "you can run your own SQL statements.") enumeration.add_option("-b", "--banner", dest="getBanner", - action="store_true", help="Retrieve DBMS banner") + action="store_true", default=False, help="Retrieve DBMS banner") enumeration.add_option("--current-user", dest="getCurrentUser", - action="store_true", + action="store_true", default=False, help="Retrieve DBMS current user") enumeration.add_option("--current-db", dest="getCurrentDb", - action="store_true", + action="store_true", default=False, help="Retrieve DBMS current database") enumeration.add_option("--is-dba", dest="isDba", - action="store_true", + action="store_true", default=False, help="Detect if the DBMS current user is DBA") enumeration.add_option("--users", dest="getUsers", action="store_true", - help="Enumerate DBMS users") + default=False, help="Enumerate DBMS users") enumeration.add_option("--passwords", dest="getPasswordHashes", - action="store_true", + action="store_true", default=False, help="Enumerate DBMS users password hashes") enumeration.add_option("--privileges", dest="getPrivileges", - action="store_true", + action="store_true", default=False, help="Enumerate DBMS users privileges") enumeration.add_option("--roles", dest="getRoles", - action="store_true", + action="store_true", default=False, help="Enumerate DBMS users roles") enumeration.add_option("--dbs", dest="getDbs", action="store_true", - help="Enumerate DBMS databases") + default=False, help="Enumerate DBMS databases") enumeration.add_option("--tables", dest="getTables", action="store_true", - help="Enumerate DBMS database tables") + default=False, help="Enumerate DBMS database tables") enumeration.add_option("--columns", dest="getColumns", action="store_true", - help="Enumerate DBMS database table columns") + default=False, help="Enumerate DBMS database table columns") enumeration.add_option("--dump", dest="dumpTable", action="store_true", - help="Dump DBMS database table entries") + default=False, help="Dump DBMS database table entries") enumeration.add_option("--dump-all", dest="dumpAll", action="store_true", - help="Dump all DBMS databases tables entries") + default=False, help="Dump all DBMS databases tables entries") enumeration.add_option("--search", dest="search", action="store_true", - help="Search column(s), table(s) and/or database name(s)") + default=False, help="Search column(s), table(s) and/or database name(s)") enumeration.add_option("-D", dest="db", help="DBMS database to enumerate") @@ -310,7 +309,7 @@ def cmdLineParser(): help="DBMS user to enumerate") enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", - action="store_true", + action="store_true", default=False, help="Exclude DBMS system databases when " "enumerating tables") @@ -330,7 +329,7 @@ def cmdLineParser(): help="SQL statement to be executed") enumeration.add_option("--sql-shell", dest="sqlShell", - action="store_true", + action="store_true", default=False, help="Prompt for an interactive SQL shell") # User-defined function options @@ -339,7 +338,7 @@ def cmdLineParser(): "functions.") udf.add_option("--udf-inject", dest="udfInject", action="store_true", - help="Inject custom user-defined functions") + default=False, help="Inject custom user-defined functions") udf.add_option("--shared-lib", dest="shLib", help="Local path of the shared library") @@ -370,23 +369,28 @@ def cmdLineParser(): takeover.add_option("--os-cmd", dest="osCmd", help="Execute an operating system command") - takeover.add_option("--os-shell", dest="osShell", action="store_true", + takeover.add_option("--os-shell", dest="osShell", + action="store_true", default=False, help="Prompt for an interactive operating " "system shell") - takeover.add_option("--os-pwn", dest="osPwn", action="store_true", + takeover.add_option("--os-pwn", dest="osPwn", + action="store_true", default=False, help="Prompt for an out-of-band shell, " "meterpreter or VNC") - takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true", + takeover.add_option("--os-smbrelay", dest="osSmb", + action="store_true", default=False, help="One click prompt for an OOB shell, " "meterpreter or VNC") - takeover.add_option("--os-bof", dest="osBof", action="store_true", + takeover.add_option("--os-bof", dest="osBof", + action="store_true", default=False, help="Stored procedure buffer overflow " "exploitation") - takeover.add_option("--priv-esc", dest="privEsc", action="store_true", + takeover.add_option("--priv-esc", dest="privEsc", + action="store_true", default=False, help="Database process' user privilege escalation") takeover.add_option("--msf-path", dest="msfPath", @@ -403,13 +407,16 @@ def cmdLineParser(): "database management system Windows " "registry.") - windows.add_option("--reg-read", dest="regRead", action="store_true", + windows.add_option("--reg-read", dest="regRead", + action="store_true", default=False, help="Read a Windows registry key value") - windows.add_option("--reg-add", dest="regAdd", action="store_true", + windows.add_option("--reg-add", dest="regAdd", + action="store_true", default=False, help="Write a Windows registry key value data") - windows.add_option("--reg-del", dest="regDel", action="store_true", + windows.add_option("--reg-del", dest="regDel", + action="store_true", default=False, help="Delete a Windows registry key value") windows.add_option("--reg-key", dest="regKey", @@ -427,7 +434,8 @@ def cmdLineParser(): # Miscellaneous options miscellaneous = OptionGroup(parser, "Miscellaneous") - miscellaneous.add_option("-o", dest="optimize", action="store_true", + miscellaneous.add_option("-o", dest="optimize", + action="store_true", default=False, help="General optimization switch") miscellaneous.add_option("-x", dest="xmlFile", @@ -437,50 +445,57 @@ def cmdLineParser(): help="Save and resume all data retrieved " "on a session file") - miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true", + miscellaneous.add_option("--flush-session", dest="flushSession", + action="store_true", default=False, help="Flush session file for current target") - miscellaneous.add_option("--eta", dest="eta", action="store_true", + miscellaneous.add_option("--eta", dest="eta", + action="store_true", default=False, help="Display for each output the " "estimated time of arrival") miscellaneous.add_option("--gpage", dest="googlePage", type="int", help="Use google dork results from specified page number") - miscellaneous.add_option("--update", dest="updateAll", action="store_true", + miscellaneous.add_option("--update", dest="updateAll", + action="store_true", default=False, help="Update sqlmap") - miscellaneous.add_option("--save", dest="saveCmdline", action="store_true", + miscellaneous.add_option("--save", dest="saveCmdline", + action="store_true", default=False, help="Save options on a configuration INI file") - miscellaneous.add_option("--batch", dest="batch", action="store_true", + miscellaneous.add_option("--batch", dest="batch", + action="store_true", default=False, help="Never ask for user input, use the default behaviour") - miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true", + miscellaneous.add_option("--cleanup", dest="cleanup", + action="store_true", default=False, help="Clean up the DBMS by sqlmap specific " "UDF and tables") - miscellaneous.add_option("--replicate", dest="replicate", action="store_true", + miscellaneous.add_option("--replicate", dest="replicate", + action="store_true", default=False, help="Replicate dumped data into a sqlite3 database") # Hidden and/or experimental options parser.add_option("--profile", dest="profile", action="store_true", - help=SUPPRESS_HELP) + default=False, help=SUPPRESS_HELP) parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10, help=SUPPRESS_HELP) parser.add_option("--common-prediction", dest="useCommonPrediction", action="store_true", - help=SUPPRESS_HELP) + default=False, help=SUPPRESS_HELP) parser.add_option("--null-connection", dest="useNullConnection", action="store_true", - help=SUPPRESS_HELP) + default=False, help=SUPPRESS_HELP) parser.add_option("--smoke-test", dest="smokeTest", action="store_true", - help=SUPPRESS_HELP) + default=False, help=SUPPRESS_HELP) parser.add_option("--live-test", dest="liveTest", action="store_true", - help=SUPPRESS_HELP) + default=False, help=SUPPRESS_HELP) parser.add_option_group(target) parser.add_option_group(request)