sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
7f055924a7
sqlmap/sqlmap.conf
Bernardo Damele 7f055924a7 sqlmap 0.6.3-rc4: 
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00

273 lines
7.1 KiB
Plaintext
Raw Blame History

[Target]
# Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
# PHP and MySQL (local)
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
# PHP and Oracle (local)
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
# PHP and PostgreSQL (local)
#url = http://127.0.0.1/sqlmap/pgsql/get_int.php?id=1
# PHP and Microsoft SQL Server (remote)
#url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
# PHP and MySQL (remote on Windows)
#url = http://127.0.0.1/sqlmap/mysql/win_get_int.php?id=1
# ASP and Microsoft SQL Server (local)
#url = http://192.168.192.10/sqlmap/get_str.asp?name=luther
# ASP and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.asp?id=1
# ASP.NET and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.aspx?id=1
#url =
# Parse targets from Burp or WebScarab logs
# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
# 'conversations/' folder path
list =
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google
# dorks see Johnny Long Google Hacking Database at
# http://johnny.ihackstuff.com/ghdb.php.
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
googleDork =
[Request]
# HTTP method to perform HTTP requests.
# Valid: GET or POST
# Default: GET
method = GET
# Data string to be sent through POST. It is mandatory only when
# HTTP method is set to POST.
data =
# HTTP Cookie header.
cookie =
# HTTP Referer header. Useful to fake the HTTP Referer header value at
# each HTTP request.
referer =
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
# at each HTTP request
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
agent =
# Load a random HTTP User-Agent header from file
# Example: ./txt/user-agents.txt
userAgentsFile =
# HTTP Authentication type. Useful only if the target url requires
# HTTP Basic or Digest authentication and you have such data.
# Valid: Basic or Digest
aType =
# HTTP Authentication credentials. Useful only if the target url requires
# HTTP Basic or Digest authentication and you have such data.
# Syntax: username:password
aCred =
# Use a HTTP proxy to connect to the target url.
# Syntax: http://url:port
proxy =
# Maximum number of concurrent HTTP requests (handled with Python threads)
# to be used in the inference SQL injection attack.
# Valid: integer
# Default: 1
threads = 1
# Delay in seconds between each HTTP request.
# Valid: float
# Default: 0
delay = 0
# Seconds to wait before timeout connection.
# Valid: float
# Default: 10
timeout = 10
[Injection]
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
# parameters and HTTP User-Agent are tested by sqlmap.
testParameter =
# String to match in page when the query is valid, only needed if the
# page content dynamically changes at each refresh, consequently changing
# the MD5 of the page which is the method used by default to determine
# if a query was valid or not. Read the documentation for further
# details.
string =
# Force back-end DBMS to this value. If this option is set, the back-end
# DBMS identification process will be minimized as needed.
# If not set, sqlmap will detect back-end DBMS automatically by default.
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
dbms =
[Techniques]
# Test for Time based blind SQL injection.
# Valid: True or False
timeTest = False
# Test for UNION query (inband) SQL injection.
# Valid: True or False
unionTest = False
# Use the UNION query (inband) SQL injection to retrieve the queries
# output. No need to go blind.
# Valid: True or False
unionUse = False
[Fingerprint]
# Perform an extensive back-end database management system fingerprint
# based on various techniques.
# Valid: True or False
extensiveFp = False
[Enumeration]
# Retrieve back-end database management system banner.
# Valid: True or False
getBanner = False
# Retrieve back-end database management system current user.
# Valid: True or False
getCurrentUser = False
# Retrieve back-end database management system current database.
# Valid: True or False
getCurrentDb = False
# Enumerate back-end database management system users.
# Valid: True or False
getUsers = False
# Enumerate back-end database management system users password hashes.
# Valid: True or False
getPasswordHashes = False
# Enumerate back-end database management system users privileges.
# Valid: True or False
getPrivileges = False
# Enumerate back-end database management system databases.
# Valid: True or False
getDbs = False
# Enumerate back-end database management system database tables.
# Optional: db
# Valid: True or False
getTables = False
# Enumerate back-end database management system database table columns.
# Requires: db and tbl
# Valid: True or False
getColumns = False
# Dump back-end database management system database table entries.
# Requires: db and tbl
# Optional: col
# Valid: True or False
dumpTable = False
# Dump all back-end database management system databases tables entries.
# Valid: True or False
dumpAll = False
# Back-end database management system database to enumerate.
db =
# Back-end database management system database table to enumerate.
tbl =
# Back-end database management system database table column to enumerate.
col =
# Back-end database management system database user to enumerate.
user =
# Exclude DBMS system databases when enumerating tables.
# Valid: True or False
excludeSysDbs = False
# First table entry to dump (cursor start)
# Valid: integer
# Default: 0 (sqlmap will start to dump the table entries from the first)
limitStart = 0
# Last table entry to dump (cursor stop)
# Valid: integer
# Default: 0 (sqlmap will detect the number of table entries and dump
# until the last)
limitStop = 0
# SQL SELECT query to be executed.
# Example: SELECT 'foo', 'bar'
query =
# Prompt for an interactive SQL shell.
# Valid: True or False
sqlShell = False
[File system]
# Read a specific OS file content (only on MySQL).
# Examples: /etc/passwd or C:\boot.ini
rFile =
# Write to a specific OS file (not yet available).
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
wFile =
[Takeover]
# Prompt for an interactive OS shell (only on PHP/MySQL environment with a
# writable directory within the web server document root for the moment).
# Valid: True or False
osShell = False
[Miscellaneous]
# Retrieve each query output length and calculate the estimated time of
# arrival in real time.
# Valid: True or False
eta = False
# Verbosity level.
# Valid: integer between 0 and 5
# 0: Show only warning and error messages
# 1: Show also info messages
# 2: Show also debug messages
# 3: Show also HTTP requests
# 4: Show also HTTP responses headers
# 5: Show also HTTP responses page content
# Default: 1
verbose = 1
# Update sqlmap to the latest stable version.
# Valid: True or False
updateAll = False
# Save and resume all data retrieved on a session file.
sessionFile =
# Never ask for user input, use the default behaviour.
# Valid: True or False
batch = False
Reference in New Issue View Git Blame Copy Permalink