diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 86a222219..6ca4e3662 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -127,6 +127,7 @@ optDict = { "db": "string", "tbl": "string", "col": "string", + "excludeCol": "string", "user": "string", "excludeSysDbs": "boolean", "limitStart": "integer", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 0f75689c7..96dce8511 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -404,10 +404,13 @@ def cmdLineParser(): help="DBMS database to enumerate") enumeration.add_option("-T", dest="tbl", - help="DBMS database table to enumerate") + help="DBMS database table(s) to enumerate") enumeration.add_option("-C", dest="col", - help="DBMS database table column to enumerate") + help="DBMS database table column(s) to enumerate") + + enumeration.add_option("-X", dest="excludeCol", + help="DBMS database table column(s) to not enumerate") enumeration.add_option("-U", dest="user", help="DBMS user to enumerate") diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index a58ba80c4..c02689ccf 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -263,6 +263,10 @@ class Enumeration(GenericEnumeration): infoMsgTbl = "" infoMsgDb = "" colList = conf.col.split(",") + + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + origTbl = conf.tbl origDb = conf.db colCond = rootQuery.inband.condition diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index d51f21ac8..10de98918 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -181,6 +181,9 @@ class Enumeration(GenericEnumeration): else: colList = [] + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index df03dbf3c..9fe395098 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -399,10 +399,13 @@ class Databases: if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): conf.col = conf.col.upper() - colList = conf.col.split(",") + colList = conf.col.split(',') else: colList = [] + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index aa440a447..c3618a6b4 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -122,6 +122,17 @@ class Entries: columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] colList = sorted(filter(None, columns.keys())) + + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + + if not colList: + warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) + warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) + warnMsg += " (no usable column names)" + logger.warn(warnMsg) + continue + colNames = colString = ", ".join(column for column in colList) rootQuery = queries[Backend.getIdentifiedDbms()].dump_table @@ -420,7 +431,12 @@ class Entries: continue conf.tbl = table - conf.col = ",".join(column for column in filter(None, sorted(columns))) + colList = filter(None, sorted(columns)) + + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + + conf.col = ",".join(colList) kb.data.cachedColumns = {} kb.data.dumpedTable = {} diff --git a/plugins/generic/search.py b/plugins/generic/search.py index 8ffcb99c5..c500b9613 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -349,7 +349,7 @@ class Search: elif test[0] in ("q", "Q"): raise SqlmapUserQuitException else: - regex = "|".join(conf.col.split(",")) + regex = '|'.join(conf.col.split(',')) conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex)) message = "do you want to dump entries? [Y/n] " @@ -368,6 +368,10 @@ class Search: infoMsgTbl = "" infoMsgDb = "" colList = conf.col.split(",") + + if conf.excludeCol: + colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + origTbl = conf.tbl origDb = conf.db colCond = rootQuery.inband.condition diff --git a/sqlmap.conf b/sqlmap.conf index 049650ba1..df1a5c929 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -445,12 +445,15 @@ getComments = False # Back-end database management system database to enumerate. db = -# Back-end database management system database table to enumerate. +# Back-end database management system database table(s) to enumerate. tbl = -# Back-end database management system database table column to enumerate. +# Back-end database management system database table column(s) to enumerate. col = +# Back-end database management system database table column(s) to not enumerate. +excludeCol = + # Back-end database management system database user to enumerate. user =