mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
added "Detection" part in help listing
This commit is contained in:
parent
0d0e2a2228
commit
4e6d1b5118
|
@ -154,9 +154,7 @@ def cmdLineParser():
|
|||
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||
"used to specify which parameters to test "
|
||||
"for, provide custom injection payloads and "
|
||||
"how to parse and compare HTTP responses "
|
||||
"page content when using the blind SQL "
|
||||
"injection technique.")
|
||||
"optional tampering scripts.")
|
||||
|
||||
injection.add_option("-p", dest="testParameter",
|
||||
help="Testable parameter(s)")
|
||||
|
@ -174,35 +172,44 @@ def cmdLineParser():
|
|||
injection.add_option("--postfix", dest="postfix",
|
||||
help="Injection payload postfix string")
|
||||
|
||||
injection.add_option("--string", dest="string",
|
||||
injection.add_option("--tamper", dest="tamper",
|
||||
help="Use given script(s) for tampering injection data")
|
||||
|
||||
|
||||
# Detection options
|
||||
detection = OptionGroup(parser, "Detection", "These options can be "
|
||||
"used to specify how to parse "
|
||||
"and compare page content from "
|
||||
"HTTP responses when using blind SQL "
|
||||
"injection technique.")
|
||||
|
||||
detection.add_option("--string", dest="string",
|
||||
help="String to match in page when the "
|
||||
"query is valid")
|
||||
|
||||
injection.add_option("--regexp", dest="regexp",
|
||||
detection.add_option("--regexp", dest="regexp",
|
||||
help="Regexp to match in page when the "
|
||||
"query is valid")
|
||||
|
||||
injection.add_option("--excl-str", dest="eString",
|
||||
detection.add_option("--excl-str", dest="eString",
|
||||
help="String to be excluded before comparing "
|
||||
"page contents")
|
||||
|
||||
injection.add_option("--excl-reg", dest="eRegexp",
|
||||
detection.add_option("--excl-reg", dest="eRegexp",
|
||||
help="Matches to be excluded before "
|
||||
"comparing page contents")
|
||||
|
||||
injection.add_option("--threshold", dest="thold", type="float",
|
||||
detection.add_option("--threshold", dest="thold", type="float",
|
||||
help="Page comparison threshold value (0.0-1.0)")
|
||||
|
||||
injection.add_option("--text-only", dest="textOnly",
|
||||
detection.add_option("--text-only", dest="textOnly",
|
||||
action="store_true", default=False,
|
||||
help="Compare pages based only on their textual content")
|
||||
|
||||
injection.add_option("--longest-common", dest="longestCommon",
|
||||
detection.add_option("--longest-common", dest="longestCommon",
|
||||
action="store_true", default=False,
|
||||
help="Compare pages based on their longest common match")
|
||||
|
||||
injection.add_option("--tamper", dest="tamper",
|
||||
help="Use given script(s) for tampering injection data")
|
||||
|
||||
# Techniques options
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can "
|
||||
|
@ -511,6 +518,7 @@ def cmdLineParser():
|
|||
parser.add_option_group(request)
|
||||
parser.add_option_group(optimization)
|
||||
parser.add_option_group(injection)
|
||||
parser.add_option_group(detection)
|
||||
parser.add_option_group(techniques)
|
||||
parser.add_option_group(fingerprint)
|
||||
parser.add_option_group(enumeration)
|
||||
|
|
14
sqlmap.conf
14
sqlmap.conf
|
@ -154,8 +154,7 @@ threads = 1
|
|||
|
||||
|
||||
# These options can be used to specify which parameters to test for,
|
||||
# provide custom injection payloads and how to parse and compare HTTP
|
||||
# responses page content when using the blind SQL injection technique.
|
||||
# provide custom injection payloads and optional tampering scripts.
|
||||
[Injection]
|
||||
|
||||
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
|
||||
|
@ -183,6 +182,14 @@ prefix =
|
|||
# Injection payload postfix string
|
||||
postfix =
|
||||
|
||||
# Use given script(s) for tampering injection data
|
||||
tamper =
|
||||
|
||||
|
||||
# These options can be used to specify how to parse and compare page
|
||||
# content from HTTP responses when using blind SQL injection technique.
|
||||
[Detection]
|
||||
|
||||
# String to match within the page content when the query is valid, only
|
||||
# needed if the page content dynamically changes at each refresh,
|
||||
# consequently changing the MD5 hash of the page which is the method used
|
||||
|
@ -221,9 +228,6 @@ textOnly = False
|
|||
# Valid: True or False
|
||||
longestCommon = False
|
||||
|
||||
# Use given script(s) for tampering injection data
|
||||
tamper =
|
||||
|
||||
|
||||
# These options can be used to test for specific SQL injection technique
|
||||
# or to use one of them to exploit the affected parameter(s) rather than
|
||||
|
|
Loading…
Reference in New Issue
Block a user