sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

added "Detection" part in help listing

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-08 10:11:43 +00:00
parent 0d0e2a2228
commit 4e6d1b5118
2 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/parse/cmdline.py
View File

@ -154,9 +154,7 @@ def cmdLineParser():
injection = OptionGroup(parser, "Injection", "These options can be " injection = OptionGroup(parser, "Injection", "These options can be "
"used to specify which parameters to test " "used to specify which parameters to test "
"for, provide custom injection payloads and " "for, provide custom injection payloads and "
"how to parse and compare HTTP responses " "optional tampering scripts.")
"page content when using the blind SQL "
"injection technique.")
injection.add_option("-p", dest="testParameter", injection.add_option("-p", dest="testParameter",
help="Testable parameter(s)") help="Testable parameter(s)")
@ -174,35 +172,44 @@ def cmdLineParser():
injection.add_option("--postfix", dest="postfix", injection.add_option("--postfix", dest="postfix",
help="Injection payload postfix string") help="Injection payload postfix string")
injection.add_option("--string", dest="string", injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data")
# Detection options
detection = OptionGroup(parser, "Detection", "These options can be "
"used to specify how to parse "
"and compare page content from "
"HTTP responses when using blind SQL "
"injection technique.")
detection.add_option("--string", dest="string",
help="String to match in page when the " help="String to match in page when the "
"query is valid") "query is valid")
injection.add_option("--regexp", dest="regexp", detection.add_option("--regexp", dest="regexp",
help="Regexp to match in page when the " help="Regexp to match in page when the "
"query is valid") "query is valid")
injection.add_option("--excl-str", dest="eString", detection.add_option("--excl-str", dest="eString",
help="String to be excluded before comparing " help="String to be excluded before comparing "
"page contents") "page contents")
injection.add_option("--excl-reg", dest="eRegexp", detection.add_option("--excl-reg", dest="eRegexp",
help="Matches to be excluded before " help="Matches to be excluded before "
"comparing page contents") "comparing page contents")
injection.add_option("--threshold", dest="thold", type="float", detection.add_option("--threshold", dest="thold", type="float",
help="Page comparison threshold value (0.0-1.0)") help="Page comparison threshold value (0.0-1.0)")
injection.add_option("--text-only", dest="textOnly", detection.add_option("--text-only", dest="textOnly",
action="store_true", default=False, action="store_true", default=False,
help="Compare pages based only on their textual content") help="Compare pages based only on their textual content")
injection.add_option("--longest-common", dest="longestCommon", detection.add_option("--longest-common", dest="longestCommon",
action="store_true", default=False, action="store_true", default=False,
help="Compare pages based on their longest common match") help="Compare pages based on their longest common match")
injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data")
# Techniques options # Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can " techniques = OptionGroup(parser, "Techniques", "These options can "
@ -511,6 +518,7 @@ def cmdLineParser():
parser.add_option_group(request) parser.add_option_group(request)
parser.add_option_group(optimization) parser.add_option_group(optimization)
parser.add_option_group(injection) parser.add_option_group(injection)
parser.add_option_group(detection)
parser.add_option_group(techniques) parser.add_option_group(techniques)
parser.add_option_group(fingerprint) parser.add_option_group(fingerprint)
parser.add_option_group(enumeration) parser.add_option_group(enumeration)

14
sqlmap.conf
View File

@ -154,8 +154,7 @@ threads = 1
# These options can be used to specify which parameters to test for, # These options can be used to specify which parameters to test for,
# provide custom injection payloads and how to parse and compare HTTP # provide custom injection payloads and optional tampering scripts.
# responses page content when using the blind SQL injection technique.
[Injection] [Injection]
# Testable parameter(s) comma separated. By default all GET/POST/Cookie # Testable parameter(s) comma separated. By default all GET/POST/Cookie
@ -183,6 +182,14 @@ prefix =
# Injection payload postfix string # Injection payload postfix string
postfix = postfix =
# Use given script(s) for tampering injection data
tamper =
# These options can be used to specify how to parse and compare page
# content from HTTP responses when using blind SQL injection technique.
[Detection]
# String to match within the page content when the query is valid, only # String to match within the page content when the query is valid, only
# needed if the page content dynamically changes at each refresh, # needed if the page content dynamically changes at each refresh,
# consequently changing the MD5 hash of the page which is the method used # consequently changing the MD5 hash of the page which is the method used
@ -221,9 +228,6 @@ textOnly = False
# Valid: True or False # Valid: True or False
longestCommon = False longestCommon = False
# Use given script(s) for tampering injection data
tamper =
# These options can be used to test for specific SQL injection technique # These options can be used to test for specific SQL injection technique
# or to use one of them to exploit the affected parameter(s) rather than # or to use one of them to exploit the affected parameter(s) rather than