mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Updated sample configuration file and cmdline help
This commit is contained in:
Bernardo Damele
parent
64b9f94fcf
commit
cd0fe8dde0
|
|
@ -108,7 +108,7 @@ def cmdLineParser():
|
||||||
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
|
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
|
||||||
default=False, help="Ignore system default HTTP proxy")
|
default=False, help="Ignore system default HTTP proxy")
|
||||||
|
|
||||||
request.add_option("--delay", dest="delay", type="float",
|
request.add_option("--delay", dest="delay", type="float", default=0,
|
||||||
help="Delay in seconds between each HTTP request")
|
help="Delay in seconds between each HTTP request")
|
||||||
|
|
||||||
request.add_option("--timeout", dest="timeout", type="float", default=30,
|
request.add_option("--timeout", dest="timeout", type="float", default=30,
|
||||||
|
|
@ -147,8 +147,8 @@ def cmdLineParser():
|
||||||
default=False, help="Retrieve page length without actual HTTP response body")
|
default=False, help="Retrieve page length without actual HTTP response body")
|
||||||
|
|
||||||
optimization.add_option("--threads", dest="threads", type="int", default=1,
|
optimization.add_option("--threads", dest="threads", type="int", default=1,
|
||||||
help="Maximum number of concurrent HTTP "
|
help="Maximum number of concurrent HTTP(s) "
|
||||||
"requests (default 1)")
|
"requests (def 1)")
|
||||||
|
|
||||||
# Injection options
|
# Injection options
|
||||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||||
|
|
|
||||||
54
sqlmap.conf
54
sqlmap.conf
|
|
@ -85,9 +85,6 @@ aCred =
|
||||||
# Syntax: key_file,cert_file
|
# Syntax: key_file,cert_file
|
||||||
aCert =
|
aCert =
|
||||||
|
|
||||||
# Use persistent HTTP(s) connections
|
|
||||||
keepAlive = False
|
|
||||||
|
|
||||||
# Use a HTTP proxy to connect to the target url.
|
# Use a HTTP proxy to connect to the target url.
|
||||||
# Syntax: http://address:port
|
# Syntax: http://address:port
|
||||||
proxy =
|
proxy =
|
||||||
|
|
@ -101,12 +98,6 @@ pCred =
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
ignoreProxy = False
|
ignoreProxy = False
|
||||||
|
|
||||||
# Maximum number of concurrent HTTP requests (handled with Python threads)
|
|
||||||
# to be used in the inference SQL injection attack.
|
|
||||||
# Valid: integer
|
|
||||||
# Default: 1
|
|
||||||
threads = 1
|
|
||||||
|
|
||||||
# Delay in seconds between each HTTP request.
|
# Delay in seconds between each HTTP request.
|
||||||
# Valid: float
|
# Valid: float
|
||||||
# Default: 0
|
# Default: 0
|
||||||
|
|
@ -137,6 +128,31 @@ safUrl =
|
||||||
saFreq = 0
|
saFreq = 0
|
||||||
|
|
||||||
|
|
||||||
|
# These options can be used to optimize the performance of sqlmap.
|
||||||
|
[Optimization]
|
||||||
|
|
||||||
|
# Use all optimization options.
|
||||||
|
# Valid: True or False
|
||||||
|
optimize = False
|
||||||
|
|
||||||
|
# Predict common queries output.
|
||||||
|
# Valid: True or False
|
||||||
|
predictOutput = False
|
||||||
|
|
||||||
|
# Use persistent HTTP(s) connections.
|
||||||
|
keepAlive = False
|
||||||
|
|
||||||
|
# Retrieve page length without actual HTTP response body.
|
||||||
|
# Valid: True or False
|
||||||
|
nullConnection = False
|
||||||
|
|
||||||
|
# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
|
||||||
|
# to be used in the inference SQL injection attack.
|
||||||
|
# Valid: integer
|
||||||
|
# Default: 1
|
||||||
|
threads = 1
|
||||||
|
|
||||||
|
|
||||||
# These options can be used to specify which parameters to test for,
|
# These options can be used to specify which parameters to test for,
|
||||||
# provide custom injection payloads and how to parse and compare HTTP
|
# provide custom injection payloads and how to parse and compare HTTP
|
||||||
# responses page content when using the blind SQL injection technique.
|
# responses page content when using the blind SQL injection technique.
|
||||||
|
|
@ -149,7 +165,8 @@ testParameter =
|
||||||
# Force back-end DBMS to this value. If this option is set, the back-end
|
# Force back-end DBMS to this value. If this option is set, the back-end
|
||||||
# DBMS identification process will be minimized as needed.
|
# DBMS identification process will be minimized as needed.
|
||||||
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
||||||
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
|
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
|
||||||
|
# access, firebird, maxdb, sybase
|
||||||
dbms =
|
dbms =
|
||||||
|
|
||||||
# Force back-end DBMS operating system to this value. If this option is
|
# Force back-end DBMS operating system to this value. If this option is
|
||||||
|
|
@ -196,9 +213,13 @@ eRegexp =
|
||||||
# Valid: 0.0-1.0
|
# Valid: 0.0-1.0
|
||||||
thold =
|
thold =
|
||||||
|
|
||||||
# Use operator BETWEEN instead of default '>'
|
# Compare pages based only on their textual content
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
useBetween = False
|
textOnly = False
|
||||||
|
|
||||||
|
# Use given script(s) for tampering injection data
|
||||||
|
tamper =
|
||||||
|
|
||||||
|
|
||||||
# These options can be used to test for specific SQL injection technique
|
# These options can be used to test for specific SQL injection technique
|
||||||
# or to use one of them to exploit the affected parameter(s) rather than
|
# or to use one of them to exploit the affected parameter(s) rather than
|
||||||
|
|
@ -366,6 +387,7 @@ cExists = False
|
||||||
# Valid: text file containing one table name per line
|
# Valid: text file containing one table name per line
|
||||||
tableFile =
|
tableFile =
|
||||||
|
|
||||||
|
|
||||||
# These options can be used to create custom user-defined functions.
|
# These options can be used to create custom user-defined functions.
|
||||||
[User-defined function]
|
[User-defined function]
|
||||||
|
|
||||||
|
|
@ -438,12 +460,15 @@ tmpPath =
|
||||||
[Windows]
|
[Windows]
|
||||||
|
|
||||||
# Read a Windows registry key value
|
# Read a Windows registry key value
|
||||||
|
# Valid: True or False
|
||||||
regRead = False
|
regRead = False
|
||||||
|
|
||||||
# Write a Windows registry key value data
|
# Write a Windows registry key value data
|
||||||
|
# Valid: True or False
|
||||||
regAdd = False
|
regAdd = False
|
||||||
|
|
||||||
# Delete a Windows registry key value
|
# Delete a Windows registry key value
|
||||||
|
# Valid: True or False
|
||||||
regDel = False
|
regDel = False
|
||||||
|
|
||||||
# Windows registry key
|
# Windows registry key
|
||||||
|
|
@ -468,8 +493,13 @@ xmlFile =
|
||||||
sessionFile =
|
sessionFile =
|
||||||
|
|
||||||
# Flush session file for current target.
|
# Flush session file for current target.
|
||||||
|
# Valid: True or False
|
||||||
flushSession = False
|
flushSession = False
|
||||||
|
|
||||||
|
# Parse and test forms on target url
|
||||||
|
# Valid: True or False
|
||||||
|
forms = False
|
||||||
|
|
||||||
# Retrieve each query output length and calculate the estimated time of
|
# Retrieve each query output length and calculate the estimated time of
|
||||||
# arrival in real time.
|
# arrival in real time.
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user