Added hidden (for the moment) switch --technique

lib/controller/checks.py

@@ -101,6 +101,15 @@ def checkSqlInjection(place, parameter, value):
         stype = test.stype
         clause = test.clause
 
+        # Skip test if the user's wants to test only for a specific
+        # technique
+        if isinstance(conf.technique, int) and stype != conf.technique:
+            debugMsg = "skipping test '%s' because the user " % title
+            debugMsg += "specified to test only for "
+            debugMsg += "%s" % PAYLOAD.SQLINJECTION[conf.technique]
+            logger.debug(debugMsg)
+            continue
+
         # Skip test if the risk is higher than the provided (or default)
         # value
         # Parse test's <risk>

lib/core/option.py

@@ -552,6 +552,15 @@ def __setOS():
         errMsg += "you."
         raise sqlmapUnsupportedDBMSException, errMsg
 
+def __setTechnique():
+    if not isinstance(conf.technique, int):
+        return
+
+    if conf.technique < 0 or conf.technique > 5:
+        errMsg = "the value of --technique must be an integer "
+        errMsg += "between 0 and 5"
+        raise sqlmapSyntaxException, errMsg
+
 def __setDBMS():
     """
     Force the back-end DBMS option.
@@ -1383,6 +1392,7 @@ def init(inputOptions=advancedDict()):
         __urllib2Opener()
         __findPageForms()
         __setDBMS()
+        __setTechnique()
 
     __setThreads()
     __setOS()

lib/parse/cmdline.py

@@ -529,6 +529,9 @@ def cmdLineParser():
         parser.add_option("--live-test", dest="liveTest", action="store_true",
                           default=False, help=SUPPRESS_HELP)
 
+        parser.add_option("--technique", dest="technique", type="int",
+                          default=False, help=SUPPRESS_HELP)
+
         parser.add_option_group(target)
         parser.add_option_group(request)
         parser.add_option_group(optimization)