From 9d9a317c39dae4d4afede63d6e01d1c62fab9ef6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 11 Feb 2021 13:04:15 +0100 Subject: [PATCH] Updated Usage (markdown) --- Usage.md | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/Usage.md b/Usage.md index d8a0c24e2..f33ba1b3b 100644 --- a/Usage.md +++ b/Usage.md @@ -13,8 +13,8 @@ Options: At least one of these options has to be provided to define the target(s) - -d DIRECT Connection string for direct database connection -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") + -d DIRECT Connection string for direct database connection -l LOGFILE Parse target(s) from Burp or WebScarab proxy log file -m BULKFILE Scan multiple targets given in a textual file -r REQUESTFILE Load HTTP request from a file @@ -24,6 +24,8 @@ Options: Request: These options can be used to specify how to connect to the target URL + -A AGENT, --user.. HTTP User-Agent header value + -H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --method=METHOD Force usage of given HTTP method (e.g. PUT) --data=DATA Data string to be sent through POST (e.g. "id=1") --param-del=PARA.. Character used for splitting parameter values (e.g. &) @@ -32,11 +34,10 @@ Options: --live-cookies=L.. Live cookies file used for loading up-to-date values --load-cookies=L.. File containing cookies in Netscape/wget format --drop-set-cookie Ignore Set-Cookie header from response - --user-agent=AGENT HTTP User-Agent header value + --mobile Imitate smartphone through HTTP User-Agent header --random-agent Use randomly selected HTTP User-Agent header value --host=HOST HTTP Host header value --referer=REFERER HTTP Referer header value - -H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") --auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI) --auth-cred=AUTH.. HTTP authentication credentials (name:password) @@ -48,6 +49,7 @@ Options: --proxy=PROXY Use a proxy to connect to the target URL --proxy-cred=PRO.. Proxy authentication credentials (name:password) --proxy-file=PRO.. Load proxy list from a file + --proxy-freq=PRO.. Requests between change of proxy from a given list --tor Use Tor anonymity network --tor-port=TORPORT Set Tor proxy port other than default --tor-type=TORTYPE Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default)) @@ -59,11 +61,14 @@ Options: --safe-url=SAFEURL URL address to visit frequently during testing --safe-post=SAFE.. POST data to send to a safe URL --safe-req=SAFER.. Load safe HTTP request from a file - --safe-freq=SAFE.. Test requests between two visits to a given safe URL + --safe-freq=SAFE.. Regular requests between visits to a safe URL --skip-urlencode Skip URL encoding of payload data --csrf-token=CSR.. Parameter used to hold anti-CSRF token --csrf-url=CSRFURL URL address to visit for extraction of anti-CSRF token + --csrf-method=CS.. HTTP method to use during anti-CSRF token page visit + --csrf-retries=C.. Retries for anti-CSRF token retrieval (default 0) --force-ssl Force usage of SSL/HTTPS + --chunked Use HTTP chunked transfer encoded (POST) requests --hpp Use HTTP parameter pollution method --eval=EVALCODE Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()") @@ -85,6 +90,7 @@ Options: --skip=SKIP Skip testing for given parameter(s) --skip-static Skip testing parameters that not appear to be dynamic --param-exclude=.. Regexp to exclude parameters from testing (e.g. "ses") + --param-filter=P.. Select testable parameter(s) by place (e.g. "POST") --dbms=DBMS Force back-end DBMS to provided value --dbms-cred=DBMS.. DBMS authentication credentials (user:password) --os=OS Force back-end DBMS operating system to provided value @@ -106,6 +112,7 @@ Options: --not-string=NOT.. String to match when query is evaluated to False --regexp=REGEXP Regexp to match when query is evaluated to True --code=CODE HTTP code to match when query is evaluated to True + --smart Perform thorough tests only if positive heuristic(s) --text-only Compare pages based only on the textual content --titles Compare pages based only on their titles @@ -113,7 +120,7 @@ Options: These options can be used to tweak testing of specific SQL injection techniques - --technique=TECH SQL injection techniques to use (default "BEUSTQ") + --technique=TECH.. SQL injection techniques to use (default "BEUSTQ") --time-sec=TIMESEC Seconds to delay the DBMS response (default 5) --union-cols=UCOLS Range of columns to test for UNION query SQL injection --union-char=UCHAR Character to use for bruteforcing number of columns @@ -128,7 +135,7 @@ Options: Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the - tables. Moreover you can run your own SQL statements + tables -a, --all Retrieve everything -b, --banner Retrieve DBMS banner @@ -149,6 +156,7 @@ Options: --dump-all Dump all DBMS databases tables entries --search Search column(s), table(s) and/or database name(s) --comments Check for DBMS comments during enumeration + --statements Retrieve SQL statements being run on DBMS -D DB DBMS database to enumerate -T TBL DBMS database table(s) to enumerate -C COL DBMS database table column(s) to enumerate @@ -161,7 +169,7 @@ Options: --stop=LIMITSTOP Last dump table entry to retrieve --first=FIRSTCHAR First query output word character to retrieve --last=LASTCHAR Last query output word character to retrieve - --sql-query=QUERY SQL statement to be executed + --sql-query=SQLQ.. SQL statement to be executed --sql-shell Prompt for an interactive SQL shell --sql-file=SQLFILE Execute SQL statements from given file(s) @@ -170,6 +178,7 @@ Options: --common-tables Check existence of common tables --common-columns Check existence of common columns + --common-files Check existence of common files User-defined function injection: These options can be used to create custom user-defined functions @@ -217,9 +226,11 @@ Options: -t TRAFFICFILE Log all HTTP traffic into a textual file --answers=ANSWERS Set predefined answers (e.g. "quit=N,follow=N") --base64=BASE64P.. Parameter(s) containing Base64 encoded data + --base64-safe Use URL and filename safe Base64 alphabet (RFC 4648) --batch Never ask for user input, use the default behavior --binary-fields=.. Result fields having binary values (e.g. "digest") --check-internet Check Internet connection before assessing the target + --cleanup Clean up the DBMS from sqlmap specific UDF and tables --crawl=CRAWLDEPTH Crawl the website starting from the target URL --crawl-exclude=.. Regexp to exclude pages from crawling (e.g. "logout") --csv-del=CSVDEL Delimiting character used in CSV output (default ",") @@ -230,6 +241,7 @@ Options: --flush-session Flush session files for current target --forms Parse and test forms on target URL --fresh-queries Ignore query results stored in session file + --gpage=GOOGLEPAGE Use Google dork results from specified page number --har=HARFILE Log all HTTP traffic into a HAR file --hex Use hex conversion during data retrieval --output-dir=OUT.. Custom output directory path @@ -238,29 +250,30 @@ Options: --postprocess=PO.. Use given script(s) for postprocessing (response) --repair Redump entries having unknown character marker (?) --save=SAVECONFIG Save options to a configuration INI file - --scope=SCOPE Regexp to filter targets from provided proxy log + --scope=SCOPE Regexp for filtering targets + --skip-heuristics Skip heuristic detection of SQLi/XSS vulnerabilities + --skip-waf Skip heuristic detection of WAF/IPS protection + --table-prefix=T.. Prefix used for temporary tables (default: "sqlmap") --test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW) --test-skip=TEST.. Skip tests by payloads and/or titles (e.g. BENCHMARK) - --update Update sqlmap + --web-root=WEBROOT Web server document root directory (e.g. "/var/www") Miscellaneous: + These options do not fit into any other category + -z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU") --alert=ALERT Run host OS command(s) when SQL injection is found - --beep Beep on question and/or when SQL injection is found - --cleanup Clean up the DBMS from sqlmap specific UDF and tables + --beep Beep on question and/or when SQLi/XSS/FI is found --dependencies Check for missing (optional) sqlmap dependencies --disable-coloring Disable console output coloring - --gpage=GOOGLEPAGE Use Google dork results from specified page number - --identify-waf Make a thorough testing for a WAF/IPS protection --list-tampers Display list of available tamper scripts - --mobile Imitate smartphone through HTTP User-Agent header --offline Work in offline mode (only use session data) --purge Safely remove all content from sqlmap data directory + --results-file=R.. Location of CSV results file in multiple targets mode --shell Prompt for an interactive sqlmap shell - --skip-waf Skip heuristic detection of WAF/IPS protection - --smart Conduct thorough tests only if positive heuristic(s) --tmp-dir=TMPDIR Local directory for storing temporary files - --web-root=WEBROOT Web server document root directory (e.g. "/var/www") + --unstable Adjust options for unstable connections + --update Update sqlmap --wizard Simple wizard interface for beginner users ```