mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
429 lines
11 KiB
Plaintext
429 lines
11 KiB
Plaintext
[Target]
|
|
|
|
# Target URL.
|
|
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
|
url =
|
|
|
|
# Parse targets from Burp or WebScarab logs
|
|
# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
|
|
# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
|
|
# 'conversations/' folder path
|
|
list =
|
|
|
|
# Load HTTP request from a file
|
|
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
|
|
requestFile =
|
|
|
|
# Rather than providing a target url, let Google return target
|
|
# hosts as result of your Google dork expression. For a list of Google
|
|
# dorks see Johnny Long Google Hacking Database at
|
|
# http://johnny.ihackstuff.com/ghdb.php.
|
|
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
|
|
googleDork =
|
|
|
|
[Request]
|
|
|
|
# HTTP method to perform HTTP requests.
|
|
# Valid: GET or POST
|
|
# Default: GET
|
|
method = GET
|
|
|
|
# Data string to be sent through POST. It is mandatory only when
|
|
# HTTP method is set to POST.
|
|
data =
|
|
|
|
# HTTP Cookie header.
|
|
cookie =
|
|
|
|
# URL-encode generated cookie injections.
|
|
# Valid: True or False
|
|
cookieUrlencode = False
|
|
|
|
# Ignore Set-Cookie header from response
|
|
# Valid: True or False
|
|
dropSetCookie = False
|
|
|
|
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
|
|
# at each HTTP request
|
|
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
|
|
agent =
|
|
|
|
# Load a random HTTP User-Agent header from file
|
|
# Example: ./txt/user-agents.txt
|
|
userAgentsFile =
|
|
|
|
# HTTP Referer header. Useful to fake the HTTP Referer header value at
|
|
# each HTTP request.
|
|
referer =
|
|
|
|
# Extra HTTP headers
|
|
# Note: There must be a space at the beginning of each header line.
|
|
headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
|
|
Accept-Language: en-us,en;q=0.5
|
|
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
|
|
|
|
# HTTP Authentication type. Useful only if the target url requires
|
|
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
|
# Valid: Basic, Digest or NTLM
|
|
aType =
|
|
|
|
# HTTP Authentication credentials. Useful only if the target url requires
|
|
# HTTP Basic, Digest or NTLM authentication and you have such data.
|
|
# Syntax: username:password
|
|
aCred =
|
|
|
|
# HTTPs Authentication certificate. Useful only if the target url requires
|
|
# logon certificate and you have such data.
|
|
# Syntax: key_file,cert_file
|
|
aCert =
|
|
|
|
# Use a HTTP proxy to connect to the target url.
|
|
# Syntax: http://address:port
|
|
proxy =
|
|
|
|
# Maximum number of concurrent HTTP requests (handled with Python threads)
|
|
# to be used in the inference SQL injection attack.
|
|
# Valid: integer
|
|
# Default: 1
|
|
threads = 1
|
|
|
|
# Delay in seconds between each HTTP request.
|
|
# Valid: float
|
|
# Default: 0
|
|
delay = 0
|
|
|
|
# Seconds to wait before timeout connection.
|
|
# Valid: float
|
|
# Default: 30
|
|
timeout = 30
|
|
|
|
# Maximum number of retries when the HTTP connection timeouts.
|
|
# Valid: integer
|
|
# Default: 3
|
|
retries = 3
|
|
|
|
# Regular expression for filtering targets from provided Burp
|
|
# or WebScarab proxy log.
|
|
# Example: (google|yahoo)
|
|
scope =
|
|
|
|
[Injection]
|
|
|
|
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
|
|
# parameters and HTTP User-Agent are tested by sqlmap.
|
|
testParameter =
|
|
|
|
# Force back-end DBMS to this value. If this option is set, the back-end
|
|
# DBMS identification process will be minimized as needed.
|
|
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
|
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
|
|
dbms =
|
|
|
|
# Force back-end DBMS operating system to this value. If this option is
|
|
# set, the back-end DBMS identification process will be minimized as
|
|
# needed.
|
|
# If not set, sqlmap will detect back-end DBMS operating system
|
|
# automatically by default.
|
|
# Valid: linux, windows
|
|
os =
|
|
|
|
# Injection payload prefix string
|
|
prefix =
|
|
|
|
# Injection payload postfix string
|
|
postfix =
|
|
|
|
# String to match within the page content when the query is valid, only
|
|
# needed if the page content dynamically changes at each refresh,
|
|
# consequently changing the MD5 hash of the page which is the method used
|
|
# by default to determine if a query was valid or not. Refer to the user's
|
|
# manual for further details.
|
|
string =
|
|
|
|
# Regular expression to match within the page content when the query is
|
|
# valid, only needed if the needed if the page content dynamically changes
|
|
# at each refresh, consequently changing the MD5 hash of the page which is
|
|
# the method used by default to determine if a query was valid or not.
|
|
# Refer to the user's manual for further details.
|
|
# Valid: regular expression with Python syntax
|
|
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
|
|
regexp =
|
|
|
|
# String to be excluded by the page content before calculating the page
|
|
# MD5 hash
|
|
eString =
|
|
|
|
# Regular expression matches to be excluded by the page content before
|
|
# calculating the page MD5 hash
|
|
# Valid: regular expression with Python syntax
|
|
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
|
|
eRegexp =
|
|
|
|
[Techniques]
|
|
|
|
# Test for stacked queries (multiple statements) support.
|
|
# Valid: True or False
|
|
stackedTest = False
|
|
|
|
# Test for time based blind SQL injection.
|
|
# Valid: True or False
|
|
timeTest = False
|
|
|
|
# Seconds to delay the response from the DBMS.
|
|
# Valid: integer
|
|
# Default: 5
|
|
timeSec = 5
|
|
|
|
# Test for UNION query (inband) SQL injection.
|
|
# Valid: True or False
|
|
unionTest = False
|
|
|
|
# Technique to test for UNION query SQL injection
|
|
# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY
|
|
# clause (ob)
|
|
# Valid: NULL, OrderBy
|
|
# Default: NULL
|
|
uTech = NULL
|
|
|
|
# Use the UNION query (inband) SQL injection to retrieve the queries
|
|
# output. No need to go blind.
|
|
# Valid: True or False
|
|
unionUse = False
|
|
|
|
|
|
[Fingerprint]
|
|
|
|
# Perform an extensive back-end database management system fingerprint
|
|
# based on various techniques.
|
|
# Valid: True or False
|
|
extensiveFp = False
|
|
|
|
|
|
[Enumeration]
|
|
|
|
# Retrieve back-end database management system banner.
|
|
# Valid: True or False
|
|
getBanner = False
|
|
|
|
# Retrieve back-end database management system current user.
|
|
# Valid: True or False
|
|
getCurrentUser = False
|
|
|
|
# Retrieve back-end database management system current database.
|
|
# Valid: True or False
|
|
getCurrentDb = False
|
|
|
|
# Detect if the DBMS current user is DBA.
|
|
# Valid: True or False
|
|
isDba = False
|
|
|
|
# Enumerate back-end database management system users.
|
|
# Valid: True or False
|
|
getUsers = False
|
|
|
|
# Enumerate back-end database management system users password hashes.
|
|
# Valid: True or False
|
|
getPasswordHashes = False
|
|
|
|
# Enumerate back-end database management system users privileges.
|
|
# Valid: True or False
|
|
getPrivileges = False
|
|
|
|
# Enumerate back-end database management system databases.
|
|
# Valid: True or False
|
|
getDbs = False
|
|
|
|
# Enumerate back-end database management system database tables.
|
|
# Optional: db
|
|
# Valid: True or False
|
|
getTables = False
|
|
|
|
# Enumerate back-end database management system database table columns.
|
|
# Requires: db and tbl
|
|
# Valid: True or False
|
|
getColumns = False
|
|
|
|
# Dump back-end database management system database table entries.
|
|
# Requires: db and tbl
|
|
# Optional: col
|
|
# Valid: True or False
|
|
dumpTable = False
|
|
|
|
# Dump all back-end database management system databases tables entries.
|
|
# Valid: True or False
|
|
dumpAll = False
|
|
|
|
# Back-end database management system database to enumerate.
|
|
db =
|
|
|
|
# Back-end database management system database table to enumerate.
|
|
tbl =
|
|
|
|
# Back-end database management system database table column to enumerate.
|
|
col =
|
|
|
|
# Back-end database management system database user to enumerate.
|
|
user =
|
|
|
|
# Exclude DBMS system databases when enumerating tables.
|
|
# Valid: True or False
|
|
excludeSysDbs = False
|
|
|
|
# First query output entry to retrieve
|
|
# Valid: integer
|
|
# Default: 0 (sqlmap will start to retrieve the query output entries from
|
|
# the first)
|
|
limitStart = 0
|
|
|
|
# Last query output entry to retrieve
|
|
# Valid: integer
|
|
# Default: 0 (sqlmap will detect the number of query output entries and
|
|
# retrieve them until the last)
|
|
limitStop = 0
|
|
|
|
# First query output word character to retrieve
|
|
# Valid: integer
|
|
# Default: 0 (sqlmap will enumerate the query output from the first
|
|
# character)
|
|
firstChar = 0
|
|
|
|
# Last query output word character to retrieve
|
|
# Valid: integer
|
|
# Default: 0 (sqlmap will enumerate the query output until the last
|
|
# character)
|
|
lastChar = 0
|
|
|
|
# SQL statement to be executed.
|
|
# Example: SELECT 'foo', 'bar'
|
|
query =
|
|
|
|
# Prompt for an interactive SQL shell.
|
|
# Valid: True or False
|
|
sqlShell = False
|
|
|
|
|
|
[User-defined function]
|
|
|
|
# Inject custom user-defined functions
|
|
# Valid: True or False
|
|
udfInject = False
|
|
|
|
# Local path of the shared library
|
|
shLib =
|
|
|
|
|
|
[File system]
|
|
|
|
# Read a specific file from the back-end DBMS underlying file system.
|
|
# Examples: /etc/passwd or C:\boot.ini
|
|
rFile =
|
|
|
|
# Write a local file to a specific path on the back-end DBMS underlying
|
|
# file system.
|
|
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
|
|
wFile =
|
|
|
|
# Back-end DBMS absolute filepath to write the file to.
|
|
dFile =
|
|
|
|
|
|
[Takeover]
|
|
|
|
# Execute an operating system command.
|
|
# Valid: operating system command
|
|
osCmd =
|
|
|
|
# Prompt for an interactive operating system shell.
|
|
# Valid: True or False
|
|
osShell = False
|
|
|
|
# Prompt for an out-of-band shell, meterpreter or VNC.
|
|
# Valid: True or False
|
|
osPwn = False
|
|
|
|
# One click prompt for an out-of-band shell, meterpreter or VNC.
|
|
# Valid: True or False
|
|
osSmb = False
|
|
|
|
# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored
|
|
# procedure heap-based buffer overflow (MS09-004) exploitation.
|
|
# Valid: True or False
|
|
osBof = False
|
|
|
|
# Local User privilege escalation by abusing Windows access tokens using
|
|
# Meterpreter incognito extension.
|
|
# Note: Use in conjunction with osPwn or osSmb. It will force the payload
|
|
# to be Meterpreter.
|
|
privEsc = False
|
|
|
|
# Local path where Metasploit Framework 3 is installed.
|
|
# Valid: file system path
|
|
msfPath =
|
|
|
|
# Remote absolute path of temporary files directory.
|
|
# Valid: absolute file system path
|
|
tmpPath =
|
|
|
|
|
|
[Windows]
|
|
|
|
# Read a Windows registry key value
|
|
regRead = False
|
|
|
|
# Write a Windows registry key value data
|
|
regAdd = False
|
|
|
|
# Delete a Windows registry key value
|
|
regDel = False
|
|
|
|
# Windows registry key
|
|
regKey =
|
|
|
|
# Windows registry key value
|
|
regVal =
|
|
|
|
# Windows registry key value data
|
|
regData =
|
|
|
|
# Windows registry key value type
|
|
regType =
|
|
|
|
|
|
[Miscellaneous]
|
|
|
|
# Save and resume all data retrieved on a session file.
|
|
sessionFile =
|
|
|
|
# Retrieve each query output length and calculate the estimated time of
|
|
# arrival in real time.
|
|
# Valid: True or False
|
|
eta = False
|
|
|
|
# Use google dork results from specified page number
|
|
# Valid: integer
|
|
# Default: 1
|
|
googlePage = 1
|
|
|
|
# Update Microsoft SQL Server XML signature file.
|
|
# Valid: True or False
|
|
updateAll = False
|
|
|
|
# Never ask for user input, use the default behaviour.
|
|
# Valid: True or False
|
|
batch = False
|
|
|
|
# Clean up the DBMS by sqlmap specific UDF and tables
|
|
# Valid: True or False
|
|
cleanup = False
|
|
|
|
# Verbosity level.
|
|
# Valid: integer between 0 and 5
|
|
# 0: Show only warning and error messages
|
|
# 1: Show also info messages
|
|
# 2: Show also debug messages
|
|
# 3: Show also HTTP requests
|
|
# 4: Show also HTTP responses headers
|
|
# 5: Show also HTTP responses page content
|
|
# Default: 1
|
|
verbose = 1
|