From b9d9f18939f39465614488d14d2bc32dfff2e39e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Nov 2010 14:09:09 +0000 Subject: [PATCH] added General cmdline group --- lib/core/optiondict.py | 27 +++++----- lib/parse/cmdline.py | 111 +++++++++++++++++++++-------------------- sqlmap.conf | 68 +++++++++++++------------ 3 files changed, 109 insertions(+), 97 deletions(-) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index f2be2112b..62fc1a752 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -21,6 +21,17 @@ optDict = { "configFile": "string" }, + "General": { + "xmlFile": "string", + "sessionFile": "string", + "trafficFile": "string", + "flushSession": "boolean", + "forms": "boolean", + "eta": "boolean", + "updateAll": "boolean", + "batch": "boolean" + }, + "Request": { "method": "string", "data": "string", @@ -152,19 +163,11 @@ optDict = { }, "Miscellaneous": { - "xmlFile": "string", - "sessionFile": "string", - "trafficFile": "string", - "flushSession": "boolean", - "forms": "boolean", - "eta": "boolean", - "googlePage": "integer", - "updateAll": "boolean", - "batch": "boolean", - "cleanup": "boolean", - "replicate": "boolean", - "checkPayload": "boolean", "beep": "boolean", + "checkPayload": "boolean", + "cleanup": "boolean", + "googlePage": "integer", + "replicate": "boolean", "verbose": "integer" }, } diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 4b411d4c6..59805547c 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -52,6 +52,42 @@ def cmdLineParser(): target.add_option("-c", dest="configFile", help="Load options from a configuration INI file") + # General options + general = OptionGroup(parser, "General", "These options can be used " + "to set some general working parameters. " ) + + general.add_option("-x", dest="xmlFile", + help="Dump the data into an XML file") + + general.add_option("-s", dest="sessionFile", + help="Save and resume all data retrieved " + "on a session file") + + general.add_option("-t", dest="trafficFile", + help="Log all HTTP traffic into a " + "textual file") + + general.add_option("--flush-session", dest="flushSession", + action="store_true", default=False, + help="Flush session file for current target") + + general.add_option("--eta", dest="eta", + action="store_true", default=False, + help="Display for each output the " + "estimated time of arrival") + + general.add_option("--update", dest="updateAll", + action="store_true", default=False, + help="Update sqlmap") + + general.add_option("--save", dest="saveCmdline", + action="store_true", default=False, + help="Save options on a configuration INI file") + + general.add_option("--batch", dest="batch", + action="store_true", default=False, + help="Never ask for user input, use the default behaviour") + # Request options request = OptionGroup(parser, "Request", "These options can be used " "to specify how to connect to the target url.") @@ -457,65 +493,33 @@ def cmdLineParser(): # Miscellaneous options miscellaneous = OptionGroup(parser, "Miscellaneous") - miscellaneous.add_option("-x", dest="xmlFile", - help="Dump the data into an XML file") - - miscellaneous.add_option("-s", dest="sessionFile", - help="Save and resume all data retrieved " - "on a session file") - - miscellaneous.add_option("-t", dest="trafficFile", - help="Log all HTTP traffic into a " - "textual file") - - miscellaneous.add_option("--flush-session", dest="flushSession", - action="store_true", default=False, - help="Flush session file for current target") - - miscellaneous.add_option("--forms", dest="forms", - action="store_true", default=False, - help="Parse and test forms on target url") - - miscellaneous.add_option("--eta", dest="eta", - action="store_true", default=False, - help="Display for each output the " - "estimated time of arrival") - - miscellaneous.add_option("--gpage", dest="googlePage", type="int", - help="Use google dork results from specified page number") - - miscellaneous.add_option("--update", dest="updateAll", + miscellaneous.add_option("--beep", dest="beep", action="store_true", default=False, - help="Update sqlmap") - - miscellaneous.add_option("--save", dest="saveCmdline", - action="store_true", default=False, - help="Save options on a configuration INI file") - - miscellaneous.add_option("--batch", dest="batch", - action="store_true", default=False, - help="Never ask for user input, use the default behaviour") - - miscellaneous.add_option("--cleanup", dest="cleanup", - action="store_true", default=False, - help="Clean up the DBMS by sqlmap specific " - "UDF and tables") - - miscellaneous.add_option("--replicate", dest="replicate", - action="store_true", default=False, - help="Replicate dumped data into a sqlite3 database") + help="Alert when sql injection found") miscellaneous.add_option("--check-payload", dest="checkPayload", - action="store_true", default=False, - help="IDS detection testing of injection payload") + action="store_true", default=False, + help="IDS detection testing of injection payload") - miscellaneous.add_option("--beep", dest="beep", - action="store_true", default=False, - help="Alert with audio beep when sql injection found") + miscellaneous.add_option("--cleanup", dest="cleanup", + action="store_true", default=False, + help="Clean up the DBMS by sqlmap specific " + "UDF and tables") + + miscellaneous.add_option("--forms", dest="forms", + action="store_true", default=False, + help="Parse and test forms on target url") + + miscellaneous.add_option("--gpage", dest="googlePage", type="int", + help="Use google dork results from specified page number") miscellaneous.add_option("--parse-errors", dest="parseErrors", - action="store_true", default=False, - help="Try to parse and report error messages") + action="store_true", default=False, + help="Try to parse and report error messages") + + miscellaneous.add_option("--replicate", dest="replicate", + action="store_true", default=False, + help="Replicate dumped data into a sqlite3 database") # Hidden and/or experimental options parser.add_option("--profile", dest="profile", action="store_true", @@ -531,6 +535,7 @@ def cmdLineParser(): default=False, help=SUPPRESS_HELP) parser.add_option_group(target) + parser.add_option_group(general) parser.add_option_group(request) parser.add_option_group(optimization) parser.add_option_group(injection) diff --git a/sqlmap.conf b/sqlmap.conf index f3a131685..406bd6d44 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -30,6 +30,36 @@ requestFile = googleDork = +# These options can be used to set some general working parameters. +[General] + +# Dump the data into an XML file. +xmlFile = + +# Save and resume all data retrieved on a session file. +sessionFile = + +# Log all HTTP traffic into a textual file. +trafficFile = + +# Flush session file for current target. +# Valid: True or False +flushSession = False + +# Retrieve each query output length and calculate the estimated time of +# arrival in real time. +# Valid: True or False +eta = False + +# Update sqlmap. +# Valid: True or False +updateAll = False + +# Never ask for user input, use the default behaviour. +# Valid: True or False +batch = False + + # These options can be used to specify how to connect to the target url. [Request] @@ -504,55 +534,29 @@ regType = [Miscellaneous] -# Dump the data into an XML file. -xmlFile = +# Alert with audio beep when sql injection found. +beep = False -# Save and resume all data retrieved on a session file. -sessionFile = +# IDS detection testing of injection payload. +checkPayload = False -# Log all HTTP traffic into a textual file. -trafficFile = - -# Flush session file for current target. +# Clean up the DBMS by sqlmap specific UDF and tables # Valid: True or False -flushSession = False +cleanup = False # Parse and test forms on target url # Valid: True or False forms = False -# Retrieve each query output length and calculate the estimated time of -# arrival in real time. -# Valid: True or False -eta = False - # Use google dork results from specified page number # Valid: integer # Default: 1 googlePage = 1 -# Update sqlmap. -# Valid: True or False -updateAll = False - -# Never ask for user input, use the default behaviour. -# Valid: True or False -batch = False - -# Clean up the DBMS by sqlmap specific UDF and tables -# Valid: True or False -cleanup = False - # Replicate dumped data into a sqlite3 database. # Valid: True or False replicate = False -# IDS detection testing of injection payload. -checkPayload = False - -# Alert with audio beep when sql injection found. -beep = False - # Verbosity level. # Valid: integer between 0 and 6 # 0: Show only critical messages