From e20d460809677a321b07c3f43c50a44a5bb5b7e4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 29 Mar 2011 11:42:55 +0000
Subject: [PATCH] Bernardo will kill me (added --wizard for total beginners)

---
 lib/core/option.py     | 57 ++++++++++++++++++++++++++++++++++++++++++
 lib/core/optiondict.py |  1 +
 lib/parse/cmdline.py   | 11 +++++---
 sqlmap.conf            |  4 +++
 4 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 3bb98bd5f..71c781d32 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1265,6 +1265,62 @@ def __setKnowledgeBaseAttributes(flushAll=True):
         kb.userAgents      = None
         kb.wordlist        = None
 
+def __useWizardInterface():
+    """
+    Presents simple wizard interface for beginner users
+    """
+
+    if not conf.wizard:
+        return
+
+    logger.info("starting wizard interface")
+
+    while not conf.url:
+        message = "[1] Please enter full target URL ('-u'): "
+        conf.url = readInput(message, default=None)
+
+    message = "[2] POST data ('--data') [Enter for None]: "
+    conf.data = readInput(message, default=None)
+
+    message = "[3] Injection difficulty ('--level'/'--risk') [Please choose: 1-Normal(default), 2-Medium, 3-Hard]: "
+    choice = readInput(message, default=1)
+    if choice == '2':
+        conf.risk = conf.level = 3
+    elif choice == '3':
+        conf.risk = conf.level = 5
+    else:
+        conf.risk = conf.level = 1
+
+    message = "[4] Enumeration ('--banner'/'--current-user'/...) [Please choose: 1-Basic(default), 2-Smart, 3-All]: "
+    choice = readInput(message, default=1)
+    if choice == '2':
+        conf.getBanner = True
+        conf.getCurrentUser = True
+        conf.getCurrentDb = True
+        conf.isDba = True
+        conf.getUsers = True
+        conf.getDbs = True
+        conf.getTables = True
+        conf.excludeSysDbs = True
+    elif choice == '3':
+        conf.getBanner = True
+        conf.getCurrentUser = True
+        conf.getCurrentDb = True
+        conf.isDba = True
+        conf.getUsers = True
+        conf.getPasswordHashes = True
+        conf.getPrivileges = True
+        conf.getRoles = True
+        conf.dumpAll = True
+    else:
+        conf.getBanner = True
+        conf.getCurrentUser = True
+        conf.getCurrentDb = True
+        conf.isDba = True
+
+    conf.batch = True
+    print
+
 def __saveCmdline():
     """
     Saves the command line options on a sqlmap configuration INI file
@@ -1433,6 +1489,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False):
     __setKnowledgeBaseAttributes()
     __mergeOptions(inputOptions, overrideOptions)
     __setVerbosity()
+    __useWizardInterface()
     __saveCmdline()
     __setRequestFromFile()
     __cleanupOptions()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index a1f2ececa..571544cf2 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -165,6 +165,7 @@ optDict = {
                                "parseErrors":       "boolean",
                                "replicate":         "boolean",
                                "tor":               "boolean",
+                               "wizard":            "boolean",
                                "verbose":           "integer"
                              },
           }
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 8b6354235..9cd1c68fb 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -505,6 +505,10 @@ def cmdLineParser():
                                   action="store_true", default=False,
                                   help="Use default Tor (Vidalia/Privoxy/Polipo) proxy address")
 
+        miscellaneous.add_option("--wizard", dest="wizard",
+                                  action="store_true", default=False,
+                                  help="Simple wizard interface for beginner users")
+
         # Hidden and/or experimental options
         parser.add_option("--profile", dest="profile", action="store_true",
                           default=False, help=SUPPRESS_HELP)
@@ -553,10 +557,9 @@ def cmdLineParser():
 
         (args, _) = parser.parse_args(args)
 
-        if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile \
-            and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest \
-            and not args.realTest:
-            errMsg  = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
+        if not any([args.direct, args.url, args.list, args.googleDork, args.configFile, \
+            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]):
+            errMsg  = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), "
             errMsg += "-h for help"
             parser.error(errMsg)
 
diff --git a/sqlmap.conf b/sqlmap.conf
index fe646ae9c..43720b769 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -539,6 +539,10 @@ replicate = False
 # Valid: True or False
 tor = False
 
+# Simple wizard interface for beginner users.
+# Valid: True or False
+wizard = False
+
 # Verbosity level.
 # Valid: integer between 0 and 6
 # 0: Show only error and critical messages