sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-12-01 14:03:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor regrouping

Browse Source
This commit is contained in:
Miroslav Stampar 2019-08-13 14:55:26 +02:00
parent 412301bb18
commit bfe8785ed5
4 changed files with 62 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/core/optiondict.py
View File

@ -31,6 +31,7 @@ optDict = {
"loadCookies": "string", "loadCookies": "string",
"dropSetCookie": "boolean", "dropSetCookie": "boolean",
"agent": "string", "agent": "string",
"mobile": "boolean",
"randomAgent": "boolean", "randomAgent": "boolean",
"host": "string", "host": "string",
"referer": "string", "referer": "string",
@ -100,6 +101,7 @@ optDict = {
"notString": "string", "notString": "string",
"regexp": "string", "regexp": "string",
"code": "integer", "code": "integer",
"smart": "boolean",
"textOnly": "boolean", "textOnly": "boolean",
"titles": "boolean", "titles": "boolean",
}, },
@ -197,10 +199,12 @@ optDict = {
"General": { "General": {
"trafficFile": "string", "trafficFile": "string",
"answers": "string",
"batch": "boolean", "batch": "boolean",
"binaryFields": "string", "binaryFields": "string",
"charset": "string", "charset": "string",
"checkInternet": "boolean", "checkInternet": "boolean",
"cleanup": "boolean",
"crawlDepth": "integer", "crawlDepth": "integer",
"crawlExclude": "string", "crawlExclude": "string",
"csvDel": "string", "csvDel": "string",
@ -210,6 +214,7 @@ optDict = {
"flushSession": "boolean", "flushSession": "boolean",
"forms": "boolean", "forms": "boolean",
"freshQueries": "boolean", "freshQueries": "boolean",
"googlePage": "integer",
"harFile": "string", "harFile": "string",
"hexConvert": "boolean", "hexConvert": "boolean",
"outputDir": "string", "outputDir": "string",
@ -218,28 +223,23 @@ optDict = {
"repair": "boolean", "repair": "boolean",
"saveConfig": "string", "saveConfig": "string",
"scope": "string", "scope": "string",
"skipWaf": "boolean",
"testFilter": "string", "testFilter": "string",
"testSkip": "string", "testSkip": "string",
"updateAll": "boolean", "webRoot": "string",
}, },
"Miscellaneous": { "Miscellaneous": {
"alert": "string", "alert": "string",
"answers": "string",
"beep": "boolean", "beep": "boolean",
"cleanup": "boolean",
"dependencies": "boolean", "dependencies": "boolean",
"disableColoring": "boolean", "disableColoring": "boolean",
"googlePage": "integer",
"listTampers": "boolean", "listTampers": "boolean",
"mobile": "boolean",
"offline": "boolean", "offline": "boolean",
"purge": "boolean", "purge": "boolean",
"skipWaf": "boolean",
"smart": "boolean",
"tmpDir": "string", "tmpDir": "string",
"webRoot": "string",
"wizard": "boolean", "wizard": "boolean",
"updateAll": "boolean",
"verbose": "integer", "verbose": "integer",
}, },

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.8.9" VERSION = "1.3.8.10"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

46
lib/parse/cmdline.py
View File

@ -152,6 +152,9 @@ def cmdLineParser(argv=None):
request.add_argument("--user-agent", dest="agent", request.add_argument("--user-agent", dest="agent",
help="HTTP User-Agent header value") help="HTTP User-Agent header value")
request.add_argument("--mobile", dest="mobile", action="store_true",
help="Imitate smartphone through HTTP User-Agent header")
request.add_argument("--random-agent", dest="randomAgent", action="store_true", request.add_argument("--random-agent", dest="randomAgent", action="store_true",
help="Use randomly selected HTTP User-Agent header value") help="Use randomly selected HTTP User-Agent header value")
@ -344,6 +347,9 @@ def cmdLineParser(argv=None):
detection.add_argument("--code", dest="code", type=int, detection.add_argument("--code", dest="code", type=int,
help="HTTP code to match when query is evaluated to True") help="HTTP code to match when query is evaluated to True")
detection.add_argument("--smart", dest="smart", action="store_true",
help="Perform thorough tests only if positive heuristic(s)")
detection.add_argument("--text-only", dest="textOnly", action="store_true", detection.add_argument("--text-only", dest="textOnly", action="store_true",
help="Compare pages based only on the textual content") help="Compare pages based only on the textual content")
@ -585,6 +591,9 @@ def cmdLineParser(argv=None):
general.add_argument("-t", dest="trafficFile", general.add_argument("-t", dest="trafficFile",
help="Log all HTTP traffic into a textual file") help="Log all HTTP traffic into a textual file")
general.add_argument("--answers", dest="answers",
help="Set predefined answers (e.g. \"quit=N,follow=N\")")
general.add_argument("--batch", dest="batch", action="store_true", general.add_argument("--batch", dest="batch", action="store_true",
help="Never ask for user input, use the default behavior") help="Never ask for user input, use the default behavior")
@ -594,6 +603,9 @@ def cmdLineParser(argv=None):
general.add_argument("--check-internet", dest="checkInternet", action="store_true", general.add_argument("--check-internet", dest="checkInternet", action="store_true",
help="Check Internet connection before assessing the target") help="Check Internet connection before assessing the target")
general.add_argument("--cleanup", dest="cleanup", action="store_true",
help="Clean up the DBMS from sqlmap specific UDF and tables")
general.add_argument("--crawl", dest="crawlDepth", type=int, general.add_argument("--crawl", dest="crawlDepth", type=int,
help="Crawl the website starting from the target URL") help="Crawl the website starting from the target URL")
@ -624,6 +636,9 @@ def cmdLineParser(argv=None):
general.add_argument("--fresh-queries", dest="freshQueries", action="store_true", general.add_argument("--fresh-queries", dest="freshQueries", action="store_true",
help="Ignore query results stored in session file") help="Ignore query results stored in session file")
general.add_argument("--gpage", dest="googlePage", type=int,
help="Use Google dork results from specified page number")
general.add_argument("--har", dest="harFile", general.add_argument("--har", dest="harFile",
help="Log all HTTP traffic into a HAR file") help="Log all HTTP traffic into a HAR file")
@ -648,17 +663,20 @@ def cmdLineParser(argv=None):
general.add_argument("--scope", dest="scope", general.add_argument("--scope", dest="scope",
help="Regexp to filter targets from provided proxy log") help="Regexp to filter targets from provided proxy log")
general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
help="Skip heuristic detection of WAF/IPS protection")
general.add_argument("--test-filter", dest="testFilter", general.add_argument("--test-filter", dest="testFilter",
help="Select tests by payloads and/or titles (e.g. ROW)") help="Select tests by payloads and/or titles (e.g. ROW)")
general.add_argument("--test-skip", dest="testSkip", general.add_argument("--test-skip", dest="testSkip",
help="Skip tests by payloads and/or titles (e.g. BENCHMARK)") help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")
general.add_argument("--update", dest="updateAll", action="store_true", general.add_argument("--web-root", dest="webRoot",
help="Update sqlmap") help="Web server document root directory (e.g. \"/var/www\")")
# Miscellaneous options # Miscellaneous options
miscellaneous = parser.add_argument_group("Miscellaneous") miscellaneous = parser.add_argument_group("Miscellaneous", "These options do not fit into any other category")
miscellaneous.add_argument("-z", dest="mnemonics", miscellaneous.add_argument("-z", dest="mnemonics",
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
@ -666,50 +684,32 @@ def cmdLineParser(argv=None):
miscellaneous.add_argument("--alert", dest="alert", miscellaneous.add_argument("--alert", dest="alert",
help="Run host OS command(s) when SQL injection is found") help="Run host OS command(s) when SQL injection is found")
miscellaneous.add_argument("--answers", dest="answers",
help="Set predefined answers (e.g. \"quit=N,follow=N\")")
miscellaneous.add_argument("--beep", dest="beep", action="store_true", miscellaneous.add_argument("--beep", dest="beep", action="store_true",
help="Beep on question and/or when SQL injection is found") help="Beep on question and/or when SQL injection is found")
miscellaneous.add_argument("--cleanup", dest="cleanup", action="store_true",
help="Clean up the DBMS from sqlmap specific UDF and tables")
miscellaneous.add_argument("--dependencies", dest="dependencies", action="store_true", miscellaneous.add_argument("--dependencies", dest="dependencies", action="store_true",
help="Check for missing (optional) sqlmap dependencies") help="Check for missing (optional) sqlmap dependencies")
miscellaneous.add_argument("--disable-coloring", dest="disableColoring", action="store_true", miscellaneous.add_argument("--disable-coloring", dest="disableColoring", action="store_true",
help="Disable console output coloring") help="Disable console output coloring")
miscellaneous.add_argument("--gpage", dest="googlePage", type=int,
help="Use Google dork results from specified page number")
miscellaneous.add_argument("--list-tampers", dest="listTampers", action="store_true", miscellaneous.add_argument("--list-tampers", dest="listTampers", action="store_true",
help="Display list of available tamper scripts") help="Display list of available tamper scripts")
miscellaneous.add_argument("--mobile", dest="mobile", action="store_true",
help="Imitate smartphone through HTTP User-Agent header")
miscellaneous.add_argument("--offline", dest="offline", action="store_true", miscellaneous.add_argument("--offline", dest="offline", action="store_true",
help="Work in offline mode (only use session data)") help="Work in offline mode (only use session data)")
miscellaneous.add_argument("--purge", dest="purge", action="store_true", miscellaneous.add_argument("--purge", dest="purge", action="store_true",
help="Safely remove all content from sqlmap data directory") help="Safely remove all content from sqlmap data directory")
miscellaneous.add_argument("--skip-waf", dest="skipWaf", action="store_true",
help="Skip heuristic detection of WAF/IPS protection")
miscellaneous.add_argument("--smart", dest="smart", action="store_true",
help="Conduct thorough tests only if positive heuristic(s)")
miscellaneous.add_argument("--sqlmap-shell", dest="sqlmapShell", action="store_true", miscellaneous.add_argument("--sqlmap-shell", dest="sqlmapShell", action="store_true",
help="Prompt for an interactive sqlmap shell") help="Prompt for an interactive sqlmap shell")
miscellaneous.add_argument("--tmp-dir", dest="tmpDir", miscellaneous.add_argument("--tmp-dir", dest="tmpDir",
help="Local directory for storing temporary files") help="Local directory for storing temporary files")
miscellaneous.add_argument("--web-root", dest="webRoot", miscellaneous.add_argument("--update", dest="updateAll", action="store_true",
help="Web server document root directory (e.g. \"/var/www\")") help="Update sqlmap")
miscellaneous.add_argument("--wizard", dest="wizard", action="store_true", miscellaneous.add_argument("--wizard", dest="wizard", action="store_true",
help="Simple wizard interface for beginner users") help="Simple wizard interface for beginner users")

60
sqlmap.conf
View File

@ -67,6 +67,10 @@ dropSetCookie = False
# sqlmap will also test for SQL injection on the HTTP User-Agent value. # sqlmap will also test for SQL injection on the HTTP User-Agent value.
agent = agent =
# Imitate smartphone through HTTP User-Agent header.
# Valid: True or False
mobile = False
# Use randomly selected HTTP User-Agent header value. # Use randomly selected HTTP User-Agent header value.
# Valid: True or False # Valid: True or False
randomAgent = False randomAgent = False
@ -343,6 +347,10 @@ regexp =
# code) # code)
# code = # code =
# Conduct thorough tests only if positive heuristic(s).
# Valid: True or False
smart = False
# Compare pages based only on the textual content. # Compare pages based only on the textual content.
# Valid: True or False # Valid: True or False
textOnly = False textOnly = False
@ -683,6 +691,9 @@ sessionFile =
# Log all HTTP traffic into a textual file. # Log all HTTP traffic into a textual file.
trafficFile = trafficFile =
# Set predefined answers (e.g. "quit=N,follow=N").
answers =
# Never ask for user input, use the default behaviour. # Never ask for user input, use the default behaviour.
# Valid: True or False # Valid: True or False
batch = False batch = False
@ -693,6 +704,10 @@ binaryFields =
# Check Internet connection before assessing the target. # Check Internet connection before assessing the target.
checkInternet = False checkInternet = False
# Clean up the DBMS from sqlmap specific UDF and tables.
# Valid: True or False
cleanup = False
# Crawl the website starting from the target URL. # Crawl the website starting from the target URL.
# Valid: integer # Valid: integer
# Default: 0 # Default: 0
@ -729,6 +744,11 @@ forms = False
# Valid: True or False # Valid: True or False
freshQueries = False freshQueries = False
# Use Google dork results from specified page number.
# Valid: integer
# Default: 1
googlePage = 1
# Use hex conversion during data retrieval. # Use hex conversion during data retrieval.
# Valid: True or False # Valid: True or False
hexConvert = False hexConvert = False
@ -752,15 +772,18 @@ repair = False
# Example: (google|yahoo) # Example: (google|yahoo)
scope = scope =
# Skip heuristic detection of WAF/IPS protection.
# Valid: True or False
skipWaf = False
# Select tests by payloads and/or titles (e.g. ROW) # Select tests by payloads and/or titles (e.g. ROW)
testFilter = testFilter =
# Skip tests by payloads and/or titles (e.g. BENCHMARK) # Skip tests by payloads and/or titles (e.g. BENCHMARK)
testSkip = testSkip =
# Update sqlmap. # Web server document root directory (e.g. "/var/www").
# Valid: True or False webRoot =
updateAll = False
[Miscellaneous] [Miscellaneous]
@ -768,9 +791,6 @@ updateAll = False
# Run host OS command(s) when SQL injection is found. # Run host OS command(s) when SQL injection is found.
alert = alert =
# Set predefined answers (e.g. "quit=N,follow=N").
answers =
# Beep on question and/or when SQL injection is found. # Beep on question and/or when SQL injection is found.
# Valid: True or False # Valid: True or False
beep = False beep = False
@ -779,10 +799,6 @@ beep = False
# Valid: True or False # Valid: True or False
checkPayload = False checkPayload = False
# Clean up the DBMS from sqlmap specific UDF and tables.
# Valid: True or False
cleanup = False
# Check for missing (optional) sqlmap dependencies. # Check for missing (optional) sqlmap dependencies.
# Valid: True or False # Valid: True or False
dependencies = False dependencies = False
@ -791,41 +807,25 @@ dependencies = False
# Valid: True or False # Valid: True or False
disableColoring = False disableColoring = False
# Use Google dork results from specified page number.
# Valid: integer
# Default: 1
googlePage = 1
# Display list of available tamper scripts # Display list of available tamper scripts
# Valid: True or False # Valid: True or False
listTampers = False listTampers = False
# Imitate smartphone through HTTP User-Agent header.
# Valid: True or False
mobile = False
# Work in offline mode (only use session data) # Work in offline mode (only use session data)
# Valid: True or False # Valid: True or False
offline = False offline = False
# Skip heuristic detection of WAF/IPS protection.
# Valid: True or False
skipWaf = False
# Conduct thorough tests only if positive heuristic(s).
# Valid: True or False
smart = False
# Local directory for storing temporary files. # Local directory for storing temporary files.
tmpDir = tmpDir =
# Web server document root directory (e.g. "/var/www").
webRoot =
# Simple wizard interface for beginner users. # Simple wizard interface for beginner users.
# Valid: True or False # Valid: True or False
wizard = False wizard = False
# Update sqlmap.
# Valid: True or False
updateAll = False
# Verbosity level. # Verbosity level.
# Valid: integer between 0 and 6 # Valid: integer between 0 and 6
# 0: Show only error and critical messages # 0: Show only error and critical messages