Updated sample configuration file and cmdline help

2024-11-22 01:26:42 +03:00 · 2010-10-17 00:07:53 +00:00 · 2010-10-17 00:07:53 +00:00 · cd0fe8dde0
commit cd0fe8dde0
parent 64b9f94fcf
2 changed files with 45 additions and 15 deletions
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -108,7 +108,7 @@ def cmdLineParser():
        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           default=False, help="Ignore system default HTTP proxy")

-        request.add_option("--delay", dest="delay", type="float",
+        request.add_option("--delay", dest="delay", type="float", default=0,
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout", dest="timeout", type="float", default=30,
@ -147,8 +147,8 @@ def cmdLineParser():
                          default=False, help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads", dest="threads", type="int", default=1,
-                           help="Maximum number of concurrent HTTP "
-                                "requests (default 1)")
+                           help="Maximum number of concurrent HTTP(s) "
+                                "requests (def 1)")

        # Injection options
        injection = OptionGroup(parser, "Injection", "These options can be "
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -85,9 +85,6 @@ aCred =
 # Syntax: key_file,cert_file
 aCert = 

-# Use persistent HTTP(s) connections
-keepAlive = False
-
 # Use a HTTP proxy to connect to the target url.
 # Syntax: http://address:port
 proxy = 
@ -101,12 +98,6 @@ pCred =
 # Valid: True or False
 ignoreProxy = False

-# Maximum number of concurrent HTTP requests (handled with Python threads)
-# to be used in the inference SQL injection attack.
-# Valid: integer
-# Default: 1
-threads = 1
-
 # Delay in seconds between each HTTP request.
 # Valid: float
 # Default: 0
@ -137,6 +128,31 @@ safUrl =
 saFreq = 0


+# These options can be used to optimize the performance of sqlmap.
+[Optimization]
+
+# Use all optimization options.
+# Valid: True or False
+optimize = False
+
+# Predict common queries output.
+# Valid: True or False
+predictOutput = False
+
+# Use persistent HTTP(s) connections.
+keepAlive = False
+
+# Retrieve page length without actual HTTP response body.
+# Valid: True or False
+nullConnection = False
+
+# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
+# to be used in the inference SQL injection attack.
+# Valid: integer
+# Default: 1
+threads = 1
+
+
 # These options can be used to specify which parameters to test for,
 # provide custom injection payloads and how to parse and compare HTTP
 # responses page content when using the blind SQL injection technique.
@ -149,7 +165,8 @@ testParameter =
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.
-# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
+# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
+# access, firebird, maxdb, sybase
 dbms = 

 # Force back-end DBMS operating system to this value. If this option is
@ -196,9 +213,13 @@ eRegexp =
 # Valid: 0.0-1.0
 thold = 

-# Use operator BETWEEN instead of default '>'
+# Compare pages based only on their textual content
 # Valid: True or False
-useBetween = False
+textOnly = False
+
+# Use given script(s) for tampering injection data
+tamper = 
+

 # These options can be used to test for specific SQL injection technique
 # or to use one of them to exploit the affected parameter(s) rather than
@ -366,6 +387,7 @@ cExists = False
 # Valid: text file containing one table name per line
 tableFile = 

+
 # These options can be used to create custom user-defined functions.
 [User-defined function]

@ -438,12 +460,15 @@ tmpPath =
 [Windows]

 # Read a Windows registry key value
+# Valid: True or False
 regRead = False

 # Write a Windows registry key value data
+# Valid: True or False
 regAdd = False

 # Delete a Windows registry key value
+# Valid: True or False
 regDel = False

 # Windows registry key
@ -468,8 +493,13 @@ xmlFile =
 sessionFile = 

 # Flush session file for current target.
+# Valid: True or False
 flushSession = False

+# Parse and test forms on target url
+# Valid: True or False
+forms = False
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False