From cd0fe8dde0664066d785ec43c56e3b318da31ec2 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 17 Oct 2010 00:07:53 +0000
Subject: [PATCH] Updated sample configuration file and cmdline help

---
 lib/parse/cmdline.py |  6 ++---
 sqlmap.conf          | 54 ++++++++++++++++++++++++++++++++++----------
 2 files changed, 45 insertions(+), 15 deletions(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index efe16481f..abc96a2b1 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -108,7 +108,7 @@ def cmdLineParser():
         request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                            default=False, help="Ignore system default HTTP proxy")
 
-        request.add_option("--delay", dest="delay", type="float",
+        request.add_option("--delay", dest="delay", type="float", default=0,
                            help="Delay in seconds between each HTTP request")
 
         request.add_option("--timeout", dest="timeout", type="float", default=30,
@@ -147,8 +147,8 @@ def cmdLineParser():
                           default=False, help="Retrieve page length without actual HTTP response body")
 
         optimization.add_option("--threads", dest="threads", type="int", default=1,
-                           help="Maximum number of concurrent HTTP "
-                                "requests (default 1)")
+                           help="Maximum number of concurrent HTTP(s) "
+                                "requests (def 1)")
 
         # Injection options
         injection = OptionGroup(parser, "Injection", "These options can be "
diff --git a/sqlmap.conf b/sqlmap.conf
index 47d6dcd46..da68ded3b 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -85,9 +85,6 @@ aCred =
 # Syntax: key_file,cert_file
 aCert = 
 
-# Use persistent HTTP(s) connections
-keepAlive = False
-
 # Use a HTTP proxy to connect to the target url.
 # Syntax: http://address:port
 proxy = 
@@ -101,12 +98,6 @@ pCred =
 # Valid: True or False
 ignoreProxy = False
 
-# Maximum number of concurrent HTTP requests (handled with Python threads)
-# to be used in the inference SQL injection attack.
-# Valid: integer
-# Default: 1
-threads = 1
-
 # Delay in seconds between each HTTP request.
 # Valid: float
 # Default: 0
@@ -137,6 +128,31 @@ safUrl =
 saFreq = 0
 
 
+# These options can be used to optimize the performance of sqlmap.
+[Optimization]
+
+# Use all optimization options.
+# Valid: True or False
+optimize = False
+
+# Predict common queries output.
+# Valid: True or False
+predictOutput = False
+
+# Use persistent HTTP(s) connections.
+keepAlive = False
+
+# Retrieve page length without actual HTTP response body.
+# Valid: True or False
+nullConnection = False
+
+# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
+# to be used in the inference SQL injection attack.
+# Valid: integer
+# Default: 1
+threads = 1
+
+
 # These options can be used to specify which parameters to test for,
 # provide custom injection payloads and how to parse and compare HTTP
 # responses page content when using the blind SQL injection technique.
@@ -149,7 +165,8 @@ testParameter =
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.
-# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
+# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
+# access, firebird, maxdb, sybase
 dbms = 
 
 # Force back-end DBMS operating system to this value. If this option is
@@ -196,9 +213,13 @@ eRegexp =
 # Valid: 0.0-1.0
 thold = 
 
-# Use operator BETWEEN instead of default '>'
+# Compare pages based only on their textual content
 # Valid: True or False
-useBetween = False
+textOnly = False
+
+# Use given script(s) for tampering injection data
+tamper = 
+
 
 # These options can be used to test for specific SQL injection technique
 # or to use one of them to exploit the affected parameter(s) rather than
@@ -366,6 +387,7 @@ cExists = False
 # Valid: text file containing one table name per line
 tableFile = 
 
+
 # These options can be used to create custom user-defined functions.
 [User-defined function]
 
@@ -438,12 +460,15 @@ tmpPath =
 [Windows]
 
 # Read a Windows registry key value
+# Valid: True or False
 regRead = False
 
 # Write a Windows registry key value data
+# Valid: True or False
 regAdd = False
 
 # Delete a Windows registry key value
+# Valid: True or False
 regDel = False
 
 # Windows registry key
@@ -468,8 +493,13 @@ xmlFile =
 sessionFile = 
 
 # Flush session file for current target.
+# Valid: True or False
 flushSession = False
 
+# Parse and test forms on target url
+# Valid: True or False
+forms = False
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False