From 209a8605278bba73a57e0d2e493c8cf0a9271faa Mon Sep 17 00:00:00 2001 From: Vlatko Kosturjak Date: Tue, 20 Nov 2012 12:54:07 +0100 Subject: [PATCH 1/2] Initial import of zsh completion script --- extra/shutils/_sqlmap.py | 178 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 extra/shutils/_sqlmap.py diff --git a/extra/shutils/_sqlmap.py b/extra/shutils/_sqlmap.py new file mode 100644 index 000000000..cf38e8696 --- /dev/null +++ b/extra/shutils/_sqlmap.py @@ -0,0 +1,178 @@ +#compdef sqlmap.py + +# sqlmap completion commands. written by kost +# put this file in your zsh completion dir and restart your shell. Zsh completion dir is usually +# located somehwere in /usr/share/zsh/ or /usr/local/share/zsh + +local curcontext="$curcontext" state line + +_arguments -C -s \ + '(- *)'{--help,-h}'[Show basic help message and exit]' \ + '(- *)'-hh'[Show advanced help message and exit]' \ + '(-v)'-v+'[Verbosity level: 0-6 (default 1)]:Verbosity level (0-6) - default 1' \ + '(-d)'-d+'[Direct connection to the database]' \ + '(-u,--url)'{-u+,--url=-}'[Target url]' \ + '(-g)'-g+'[Process Google dork results as target urls]' \ + '(--data)'--data=-'[Data string to be sent through POST]' \ + '(-l)'-l+'[Parse targets from Burp or WebScarab proxy logs]:LOGFILE:_files' \ + '(-m)'-m+'[Scan multiple targets enlisted in a given textual file]:BULKFILE:_files' \ + '(-r)'-r+'[Load HTTP request from a file]:REQUESTFILE:_files' \ + '(-s)'-s+'[Load session from a stored (.sqlite) file]:SESSIONFILE:_files' \ + '(-c)'-c+'[Load options from a configuration INI file]:CONFIGFILE:_files' \ + '(--param-del)'--param-del=-'[Character used for splitting parameter values]:PDEL' \ + '(--cookie)'--cookie=-'[HTTP Cookie header]:COOKIE' \ + '(--load-cookies)'--load-cookies=-'[File containing cookies in Netscape/wget format]:COOKIEFILE:_files' \ + '(--drop-set-cookie)'--drop-set-cookie'[Ignore Set-Cookie header from response]' \ + '(--user-agent)'--user-agent=-'[HTTP User-Agent header]:HTTP User Agent' \ + '(--random-agent)'--random-agent'[Use randomly selected HTTP User-Agent header]' \ + '(--randomize)'--randomize=-'[Randomly change value for given parameter(s)]:RPARAM' \ + '(--force-ssl)'--force-ssl'[Force usage of SSL/HTTPS requests]' \ + '(--host)'--host=-'[HTTP Host header]:Host Header' \ + '(--referer)'--referer=-'[HTTP Referer header]:REFERER' \ + '(--headers)'--headers=-'[Extra headers (e.g. Accept-Language: fr\nETag: 123)]:HEADERS' \ + '(--auth-type)'--auth-type=-'[HTTP authentication type (Basic, Digest or NTLM)]:ATYPE' \ + '(--auth-cred)'--auth-cred=-'[HTTP authentication credentials (name:password)]:ACRED' \ + '(--auth-cert)'--auth-cert=-'[HTTP authentication certificate (key_file,cert_file)]:ACERT:_files' \ + '(--proxy)'--proxy=-'[Use a HTTP proxy to connect to the target url]:PROXY' \ + '(--proxy-cred)'--proxy-cred=-'[HTTP proxy authentication credentials (name:password)]:PCRED' \ + '(--ignore-proxy)'--ignore-proxy'[Ignore system default HTTP proxy]' \ + '(--delay)'--delay=-'[Delay in seconds between each HTTP request]:DELAY' \ + '(--timeout)'--timeout=-'[Seconds to wait before timeout connection (default 30)]:TIMEOUT' \ + '(--retries)'--retries=-'[Retries when the connection timeouts (default 3)]:RETRIES' \ + '(--scope)'--scope=-'[Regexp to filter targets from provided proxy log]:SCOPE' \ + '(--safe-url)'--safe-url=-'[Url address to visit frequently during testing]:SAFURL' \ + '(--safe-freq)'--safe-freq=-'[Test requests between two visits to a given safe url]:SAFREQ' \ + '(--skip-urlencode)'--skip-urlencode'[Skip URL encoding of payload data]' \ + '(--eval)'--eval=-'[Evaluate provided Python code before the request (e.g.]:EVALCODE' \ + '(-o)'-o'[Turn on all optimization switches]' \ + '(--predict-output)'--predict-output'[Predict common queries output]' \ + '(--keep-alive)'--keep-alive'[Use persistent HTTP(s) connections]' \ + '(--null-connection)'--null-connection'[Retrieve page length without actual HTTP response body]' \ + '(--threads)'--threads=-'[Max number of concurrent HTTP(s) requests (default 1)]:THREADS' \ + '(-p)'-p+'[Testable parameter(s)]:TESTPARAMETER' \ + '(--dbms)'--dbms=-'[Force back-end DBMS to this value]:DBMS:->list-dbms' \ + '(--os)'--os=-'[Force back-end DBMS operating system to this value]:OS:->list-os' \ + '(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \ + '(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \ + '(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \ + '(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \ + '(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \ + '(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \ + '(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \ + '(--tamper)'--tamper=-'[Use given script(s) for tampering injection data]:TAMPER' \ + '(--level)'--level=-'[Level of tests to perform (1-5, default 1)]:LEVEL (1-5), default 1' \ + '(--risk)'--risk=-'[Risk of tests to perform (0-3, default 1)]:RISK (0-3), default 1' \ + '(--string)'--string=-'[String to match when query is evaluated to True]:STRING' \ + '(--not-string)'--not-string=-'[String to match when query is evaluated to False]:NOTSTRING' \ + '(--regexp)'--regexp=-'[Regexp to match when query is evaluated to True]:REGEXP' \ + '(--code)'--code=-'[HTTP code to match when query is evaluated to True]' \ + '(--text-only)'--text-only'[Compare pages based only on the textual content]' \ + '(--titles)'--titles'[Compare pages based only on their titles]' \ + '(--technique)'--technique=-'[SQL injection techniques to test for (default "BEUST")]:TECH:->list-techniques' \ + '(--time-sec)'--time-sec=-'[Seconds to delay the DBMS response (default 5)]:TIMESEC' \ + '(--union-cols)'--union-cols=-'[Range of columns to test for UNION query SQL injection]:UCOLS' \ + '(--union-char)'--union-char=-'[Character to use for bruteforcing number of columns]:UCHAR' \ + '(--dns-domain)'--dns-domain=-'[Domain name used for DNS exfiltration attack]:DNSDOMAIN' \ + '(--second-order)'--second-order=-'[Resulting page url searched for second-order response]:SECONDORDER' \ + '(-f,--fingerprint)'{-f,--fingerprint}'[Perform an extensive DBMS version fingerprint]' \ + '(-a,--all)'{-a,--all}'[Retrieve everything]' \ + '(-b,--banner)'{-b,--banner}'[Retrieve DBMS banner]' \ + '(--current-user)'--current-user'[Retrieve DBMS current user]' \ + '(--current-db)'--current-db'[Retrieve DBMS current database]' \ + '(--hostname)'--hostname'[Retrieve DBMS server hostname]' \ + '(--is-dba)'--is-dba'[Detect if the DBMS current user is DBA]' \ + '(--users)'--users'[Enumerate DBMS users]' \ + '(--passwords)'--passwords'[Enumerate DBMS users password hashes]' \ + '(--privileges)'--privileges'[Enumerate DBMS users privileges]' \ + '(--roles)'--roles'[Enumerate DBMS users roles]' \ + '(--dbs)'--dbs'[Enumerate DBMS databases]' \ + '(--tables)'--tables'[Enumerate DBMS database tables]' \ + '(--columns)'--columns'[Enumerate DBMS database table columns]' \ + '(--schema)'--schema'[Enumerate DBMS schema]' \ + '(--count)'--count'[Retrieve number of entries for table(s)]' \ + '(--dump)'--dump'[Dump DBMS database table entries]' \ + '(--dump-all)'--dump-all'[Dump all DBMS databases tables entries]' \ + '(--search)'--search'[Search column(s), table(s) and/or database name(s)]' \ + '(-D)'-D+'[DBMS database to enumerate]:DB' \ + '(-T)'-T+'[DBMS database table to enumerate]:TBL' \ + '(-C)'-C+'[DBMS database table column to enumerate]:COL' \ + '(-U)'-U+'[DBMS user to enumerate]:USER' \ + '(--exclude-sysdbs)'--exclude-sysdbs'[Exclude DBMS system databases when enumerating tables]' \ + '(--start)'--start=-'[First query output entry to retrieve]:LIMITSTART' \ + '(--stop)'--stop=-'[Last query output entry to retrieve]:LIMITSTOP' \ + '(--first)'--first=-'[First query output word character to retrieve]:FIRSTCHAR' \ + '(--last)'--last=-'[Last query output word character to retrieve]:LASTCHAR' \ + '(--sql-query)'--sql-query=-'[SQL statement to be executed]:QUERY' \ + '(--sql-shell)'--sql-shell'[Prompt for an interactive SQL shell]' \ + '(--sql-file)'--sql-file=-'[Execute SQL statements from given file(s)]:SQLFILE:_files' \ + '(--common-tables)'--common-tables'[Check existence of common tables]' \ + '(--common-columns)'--common-columns'[Check existence of common columns]' \ + '(--udf-inject)'--udf-inject'[Inject custom user-defined functions]' \ + '(--shared-lib)'--shared-lib=-'[Local path of the shared library]:SHLIB' \ + '(--file-read)'--file-read=-'[Read a file from the back-end DBMS file system]:RFILE' \ + '(--file-write)'--file-write=-'[Write a local file on the back-end DBMS file system]:WFILE' \ + '(--file-dest)'--file-dest=-'[Back-end DBMS absolute filepath to write to]:DFILE' \ + '(--os-cmd)'--os-cmd=-'[Execute an operating system command]:OSCMD' \ + '(--os-shell)'--os-shell'[Prompt for an interactive operating system shell]' \ + '(--os-pwn)'--os-pwn'[Prompt for an out-of-band shell, meterpreter or VNC]' \ + '(--os-smbrelay)'--os-smbrelay'[One click prompt for an OOB shell, meterpreter or VNC]' \ + '(--os-bof)'--os-bof'[Stored procedure buffer overflow exploitation]' \ + '(--priv-esc)'--priv-esc'[Database process user privilege escalation]' \ + '(--msf-path)'--msf-path=-'[Local path where Metasploit Framework is installed]:MSFPATH' \ + '(--tmp-path)'--tmp-path=-'[Remote absolute path of temporary files directory]:TMPPATH' \ + '(--reg-read)'--reg-read'[Read a Windows registry key value]' \ + '(--reg-add)'--reg-add'[Write a Windows registry key value data]' \ + '(--reg-del)'--reg-del'[Delete a Windows registry key value]' \ + '(--reg-key)'--reg-key=-'[Windows registry key]:REGKEY' \ + '(--reg-value)'--reg-value=-'[Windows registry key value]:REGVAL' \ + '(--reg-data)'--reg-data=-'[Windows registry key value data]:REGDATA' \ + '(--reg-type)'--reg-type=-'[Windows registry key value type]:REGTYPE' \ + '(-t)'-t+'[Log all HTTP traffic into a textual file]:TRAFFICFILE' \ + '(--batch)'--batch'[Never ask for user input, use the default behaviour]' \ + '(--charset)'--charset=-'[Force character encoding used for data retrieval]:CHARSET' \ + '(--check-tor)'--check-tor'[Check to see if Tor is used properly]' \ + '(--crawl)'--crawl=-'[Crawl the website starting from the target url]:CRAWLDEPTH' \ + '(--csv-del)'--csv-del=-'[Delimiting character used in CSV output (default is ,)]:CSVDEL' \ + '(--dbms-cred)'--dbms-cred=-'[DBMS authentication credentials (user:password)]:DBMS authentication credentials' \ + '(--eta)'--eta'[Display for each output the estimated time of arrival]' \ + '(--flush-session)'--flush-session'[Flush session files for current target]' \ + '(--forms)'--forms'[Parse and test forms on target url]' \ + '(--fresh-queries)'--fresh-queries'[Ignores query results stored in session file]' \ + '(--hex)'--hex'[Uses DBMS hex function(s) for data retrieval]' \ + '(--output-dir)'--output-dir=-'[Custom output directory path]:ODIR' \ + '(--parse-errors)'--parse-errors'[Parse and display DBMS error messages from responses]' \ + '(--replicate)'--replicate'[Replicate dumped data into a sqlite3 database]' \ + '(--save)'--save'[Save options to a configuration INI file]' \ + '(--tor)'--tor'[Use Tor anonymity network]' \ + '(--tor-port)'--tor-port=-'[Set Tor proxy port other than default]:TORPORT' \ + '(--tor-type)'--tor-type=-'[Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)]:TORTYPE' \ + '(--update)'--update'[Update sqlmap]' \ + '(-z)'-z+'[Use short mnemonics (e.g. flu,bat,ban,tec=EU)]:MNEMONICS' \ + '(--check-payload)'--check-payload'[Offline WAF/IPS/IDS payload detection testing]' \ + '(--check-waf)'--check-waf'[Check for existence of WAF/IPS/IDS protection]' \ + '(--cleanup)'--cleanup'[Clean up the DBMS by sqlmap specific UDF and tables]' \ + '(--dependencies)'--dependencies'[Check for missing (non-core) sqlmap dependencies]' \ + '(--disable-coloring)'--disable-coloring'[Disable console output coloring]' \ + '(--gpage)'--gpage=-'[Use Google dork results from specified page number]:GOOGLEPAGE' \ + '(--mobile)'--mobile'[Imitate smartphone through HTTP User-Agent header]' \ + '(--page-rank)'--page-rank'[Display page rank (PR) for Google dork results]' \ + '(--purge-output)'--purge-output'[Safely remove all content from output directory]' \ + '(--smart)'--smart'[Conduct through tests only if positive heuristic(s)]' \ + '(--test-filter)'--test-filter=-'[Select tests by payloads and/or titles (e.g. ROW)]:test-filter' \ + '(--wizard)'--wizard'[Simple wizard interface for beginner users]' && return 0 + +case "$state" in + list-dbms) + _values -S : 'DBMS' 'access' 'db2' 'firebird' 'maxdb' 'mssqlserver' 'mysql' 'oracle' 'postgresql' \ + 'sqlite' 'sybase' + ;; + list-os) + _values -S : 'os' 'Linux' 'Windows' + ;; + list-techniques) + _values -S : 'technique' \ + 'B[Boolean]' 'E[Error]' 'U[Union]' 'S[Stacked]' 'T[Time]' + ;; +esac + +return 0 From 735cfeee265b16b40c0f61592390f3dfaa634372 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Nov 2012 14:33:03 +0100 Subject: [PATCH 2/2] Update extra/shutils/_sqlmap.py Minor language fix --- extra/shutils/_sqlmap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extra/shutils/_sqlmap.py b/extra/shutils/_sqlmap.py index cf38e8696..433ca3c24 100644 --- a/extra/shutils/_sqlmap.py +++ b/extra/shutils/_sqlmap.py @@ -2,7 +2,7 @@ # sqlmap completion commands. written by kost # put this file in your zsh completion dir and restart your shell. Zsh completion dir is usually -# located somehwere in /usr/share/zsh/ or /usr/local/share/zsh +# located somewhere in /usr/share/zsh/ or /usr/local/share/zsh local curcontext="$curcontext" state line