sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-22 05:46:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated Usage (markdown)

Browse Source
This commit is contained in:
stamparm 2013-03-15 08:41:56 -07:00
parent 24942d686a
commit 33cb0593de
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Usage.md
View File

@ -1,6 +1,6 @@
# Usage # Usage
Usage: python sqlmap.py [options] Usage: sqlmap.py [options]
Options: Options:
-h, --help Show basic help message and exit -h, --help Show basic help message and exit
@ -16,6 +16,7 @@
-l LOGFILE Parse targets from Burp or WebScarab proxy logs -l LOGFILE Parse targets from Burp or WebScarab proxy logs
-m BULKFILE Scan multiple targets enlisted in a given textual file -m BULKFILE Scan multiple targets enlisted in a given textual file
-r REQUESTFILE Load HTTP request from a file -r REQUESTFILE Load HTTP request from a file
-s SESSIONFILE Load session from a stored (.sqlite) file
-g GOOGLEDORK Process Google dork results as target urls -g GOOGLEDORK Process Google dork results as target urls
-c CONFIGFILE Load options from a configuration INI file -c CONFIGFILE Load options from a configuration INI file
@ -69,7 +70,7 @@
--invalid-bignum Use big numbers for invalidating values --invalid-bignum Use big numbers for invalidating values
--invalid-logical Use logical operations for invalidating values --invalid-logical Use logical operations for invalidating values
--no-cast Turn off payload casting mechanism --no-cast Turn off payload casting mechanism
--no-unescape Turn off string unescaping mechanism --no-escape Turn off string escaping mechanism
--prefix=PREFIX Injection payload prefix string --prefix=PREFIX Injection payload prefix string
--suffix=SUFFIX Injection payload suffix string --suffix=SUFFIX Injection payload suffix string
--skip=SKIP Skip testing for given parameter(s) --skip=SKIP Skip testing for given parameter(s)
@ -92,7 +93,7 @@
These options can be used to tweak testing of specific SQL injection These options can be used to tweak testing of specific SQL injection
techniques techniques
--technique=TECH SQL injection techniques to test for (default "BEUST") --technique=TECH SQL injection techniques to use (default "BEUSTQ")
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5) --time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
--union-cols=UCOLS Range of columns to test for UNION query SQL injection --union-cols=UCOLS Range of columns to test for UNION query SQL injection
--union-char=UCHAR Character to use for bruteforcing number of columns --union-char=UCHAR Character to use for bruteforcing number of columns
@ -193,6 +194,7 @@
--crawl=CRAWLDEPTH Crawl the website starting from the target url --crawl=CRAWLDEPTH Crawl the website starting from the target url
--csv-del=CSVDEL Delimiting character used in CSV output (default ",") --csv-del=CSVDEL Delimiting character used in CSV output (default ",")
--dbms-cred=DBMS.. DBMS authentication credentials (user:password) --dbms-cred=DBMS.. DBMS authentication credentials (user:password)
--dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE)
--eta Display for each output the estimated time of arrival --eta Display for each output the estimated time of arrival
--flush-session Flush session files for current target --flush-session Flush session files for current target
--forms Parse and test forms on target url --forms Parse and test forms on target url
@ -200,21 +202,24 @@
--hex Uses DBMS hex function(s) for data retrieval --hex Uses DBMS hex function(s) for data retrieval
--output-dir=ODIR Custom output directory path --output-dir=ODIR Custom output directory path
--parse-errors Parse and display DBMS error messages from responses --parse-errors Parse and display DBMS error messages from responses
--replicate Replicate dumped data into a sqlite3 database
--save Save options to a configuration INI file --save Save options to a configuration INI file
--tor Use Tor anonymity network --tor Use Tor anonymity network
--tor-port=TORPORT Set Tor proxy port other than default --tor-port=TORPORT Set Tor proxy port other than default
--tor-type=TORTYPE Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5) --tor-type=TORTYPE Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)
--update Update sqlmap --update Update sqlmap
Miscellaneous: Miscellaneous:
-z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU") -z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
--check-payload Offline WAF/IPS/IDS payload detection testing --alert=ALERT Run shell command(s) when SQL injection is found
--check-waf Check for existence of WAF/IPS/IDS protection --answers=ANSWERS Set question answers (e.g. "quit=N,follow=N")
--beep Make a beep sound when SQL injection is found
--check-waf Heuristically check for WAF/IPS/IDS protection
--cleanup Clean up the DBMS by sqlmap specific UDF and tables --cleanup Clean up the DBMS by sqlmap specific UDF and tables
--dependencies Check for missing sqlmap dependencies --dependencies Check for missing (non-core) sqlmap dependencies
--disable-coloring Disable console output coloring --disable-coloring Disable console output coloring
--gpage=GOOGLEPAGE Use Google dork results from specified page number --gpage=GOOGLEPAGE Use Google dork results from specified page number
--hpp Use HTTP parameter pollution
--identify-waf Make a through testing for a WAF/IPS/IDS protection
--mobile Imitate smartphone through HTTP User-Agent header --mobile Imitate smartphone through HTTP User-Agent header
--page-rank Display page rank (PR) for Google dork results --page-rank Display page rank (PR) for Google dork results
--purge-output Safely remove all content from output directory --purge-output Safely remove all content from output directory