sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 10:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

updated the FAQ

Bernardo Damele 2012-07-16 11:55:30 +01:00
parent 36d1833e0c
commit 1f1a442f89
1 changed files with 60 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
FAQ.md

@ -2,85 +2,81 @@
## What is sqlmap? ## What is sqlmap?
sqlmap is an open source penetration testing tool that automates the sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
process of detecting and exploiting SQL injection flaws and taking over
of database servers. It comes with a powerful detection engine, many niche
features for the ultimate penetration tester and a broad range of switches
lasting from database fingerprinting, over data fetching from the
database, to accessing the underlying file system and executing commands
on the operating system via out-of-band connections.
## How do I execute sqlmap? ## How do I execute sqlmap?
If you are running on a Unix/Linux system type the following command If you are running on a UNIX/Linux system type the following command from a terminal:
from a terminal:
python sqlmap.py -h python sqlmap.py -h
If you are running on a Windows system type the following command You can also see the detailed help message typing:
from a terminal:
python sqlmap.py -hh
If you are running on a Windows system type the following command from a terminal:
C:\Python27\python.exe sqlmap.py -h C:\Python27\python.exe sqlmap.py -h
Where `C:\Python27` is the path where you installed [Python](http://www.python.org) **>= 2.6**. Where `C:\Python27` is the path where you installed [Python](http://www.python.org) **>= 2.6** and **< 3.0**.
## Can I integrate sqlmap with a security tool I am developing? ## Can I integrate sqlmap with a security tool I am developing?
Yes. sqlmap is released under the terms of the GPLv2, which means that any **Yes**. sqlmap is released under the terms of the [GPLv2](http://www.gnu.org/licenses/gpl-2.0.html), which means that any derivative work must be distributed without further restrictions on the rights granted by the General Public License itself.
derivative work must be distributed without further restrictions on the
rights granted by the GPL itself. ## Can I integrate sqlmap with a commercial closed source security tool my company is developing?
We **might** consider to release you a copy under a commercial license - drop us an [email](dev@sqlmap.org) and we will discuss it through.
## Will you support other database management systems? ## Will you support other database management systems?
Yes. There are plans to support also Informix and Ingres at some We already support the major and some minor databases. We do have plans to extend support for some of them and support also new ones: Informix and Ingres at some point in time.
point of time.
## How can I occasionally contribute? ## How can I report bugs or request new features?
All help is greatly appreciated. First of all download the tool, make sure **Bug reports are welcome**!
you are running the latest development version from the Subversion Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues) or, alternatively, on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users).
repository, read the user's manual carefully, have fun with it during your
penetration tests. Guidelines:
If you find bugs or have ideas for possible improvements, feel free to
get in touch on the mailing list. Many people have contributed in different * Before you submit a bug report, search both open and closed issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
ways to the sqlmap development. * Make sure you can reproduce the bug with the latest development version of sqlmap.
**You** can be the next! * Your report should give detailed instructions for how to reproduce the problem. If sqlmap raises an unhandled exception, the traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
* If you are not sure whether something is a bug, or want to discuss a potential new feature before putting in an enhancement request, the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) is a good place to bring it up.
## Can I contribute occasionally to the development?
All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
Each patch should make one logical change. Please follow the existing stylistic conventions: wrap code to 76 columns when possible. Avoid tabbing, use four blank spaces instead. Before you put time into a nontrivial patch, it is worth discussing it on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) or privately by [email](dev@sqlmap.org).
Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS) have contributed in different ways to the sqlmap development. **You** can be the next!
## Can I actively contribute in the long-term development? ## Can I actively contribute in the long-term development?
Yes, we are looking for people who can write some clean Python code, are We are constantly seeking for people who can write some clean Python code, are up to do security research, know about web application security, database assessment and takeover, software refactoring and are motivated to join the development team.
up to do security research, know about web application security, database
assessment and takeover, software refactoring and are motivated to join If this sounds interesting to you, send us your [pull requests](https://help.github.com/articles/using-pull-requests) - we are open to discuss granting of push access to the main repository if you prove professionalism, motivation and ability to write proper Python code.
the development team.
If this sounds interesting to you, get in touch!
## How can I support the development? ## How can I support the development?
If you think that sqlmap is a great tool, it really played well during sqlmap is the result of numerous hours of passionated work from a small team of computer security enthusiasts. If you appreciated our work and you want to see sqlmap kept being developed, please consider making a [donation](https://www.paypal.com/uk/cgi-bin/webscr?cmd=_send-money&nav=1) to our efforts via [PayPal](https://www.paypal.com) to `dev@sqlmap.org`.
your penetration tests, or you simply like it, you, or your boss, can donate
some money to the developers via PayPal.
## Can you hack a site for me? ## Can you hack a site for me?
**No**. **No**.
## When sqlmap will switch to the Python 3? ## When sqlmap will switch to Python 3?
Currently there is no pressure on Python projects to switch to the new Currently there is no pressure on Python projects to switch to the new version of Python interpreter, as the process of switching, especially on larger projects can be cumbersome (due to the few backward incompatibilities). The switch will take place eventually, but currently it is a very [low priority task](https://github.com/sqlmapproject/sqlmap/issues/93).
version of Python interpreter, as the process of switching, especially on
larger projects can be cumbersome (due to the few backward incompatibilities).
The switch will take place eventually, but currently it's a very low priority task.
## What does `"WARNING unknown charset '...'"` mean? ## What does `WARNING unknown charset '...'` mean?
sqlmap needs to properly decode page content to be able to properly sqlmap needs to properly decode page content to be able to properly detect and deal with internationalized characters. In some cases web developers are doing mistakes when declaring used web page charset (e.g. `iso_8859` instead of standardized name `iso-8859`), which can cause problems. As a failsafe mechanism we have incorporated heuristic detection engine [chardet](http://chardet.feedparser.org/), so in most cases sqlmap will deal with this kind of problems automatically.
detect and deal with internationalized characters. In some cases web developers Nevertheless, you are strongly advised to report us back those typographic *mistakes* so we could handle them manually inside the code.
are doing mistakes when declaring used web page charset (e.g. `iso_8859` instead
of standardized name `iso-8859`), which can cause problems. As a failsafe mechanism
we've incorporated heuristic detection engine [chardet](http://chardet.feedparser.org/),
so in most cases sqlmap will deal with this kind of problems automatically.
Nevertheless, you are strongly advised to report us back those typographic "mistakes"
so we could handle them manually inside the code.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/737) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/737)
@ -89,9 +85,8 @@ Question(s):
## How to use sqlmap with `mod_rewrite` enabled? ## How to use sqlmap with `mod_rewrite` enabled?
Just put * to the place where sqlmap should check for injections in URI Just put `*` to the place where sqlmap should check for injections in URI itself. For example, `./sqlmap.py -u "www.site.com/id1/1*/id2/2"` sqlmap will try to inject the payloads just at that place marked with `*` character.
itself. In example: `./sqlmap.py -u "www.site.com/id1/1*/id2/2"` sqlmap This feature also applies to POST data.
will try to inject the payloads just at that place marked with * character.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/731) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/731)
@ -100,60 +95,48 @@ Question(s):
## Why is sqlmap not able to get password hashes in some cases? ## Why is sqlmap not able to get password hashes in some cases?
You most probably don't have enough permissions for querying on a system The session user most probably does not have enough permissions for querying on a system table containing password hashes.
table containing password hashes.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/714) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/714)
## What is `--text-only` switch? ## What is `--text-only` switch?
Switch `--text-only` is used for removing non-textual data (tags, Switch `--text-only` is used for removing non-textual data (tags, javascripts, styles, etc.) from the retrieved page content to further improve SQL injection detection capabilities.
javascripts, styles,...) from the retrieved page content to further
improve detection capabilities.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/699) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/699)
## I am getting `"CRITICAL connection timed"` while I am able to browse ## I am getting `[CRITICAL] connection timed` while I am able to browse the site normally?
the site normally?
There are few IDSes that filter out all sqlmap requests based on default There are few IDSes that filter out all sqlmap requests based on its default `User-Agent` HTTP header (e.g. `User-agent: sqlmap/1.0-dev`). To prevent this
User-Agent HTTP header used (e.g. `"User-agent: sqlmap/1.0-dev"`). To prevent this
kind of situations you are advised to use switch `--random-agent`. kind of situations you are advised to use switch `--random-agent`.
If you are getting those kind of messages for all targets then you If you are getting those kind of messages for all targets then you most probably need to properly set up your proxy settings (switches `--proxy`
most probably need to properly set up your proxy settings (switches `--proxy` and/or `--ignore-proxy`).
and/or `--ignore-proxy`)
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1241) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1241)
## Is it possible to use `"INSERT/UPDATE"` SQL commands via `--sql-query` ## Is it possible to use `INSERT/UPDATE` SQL commands via `--sql-query`, `--sql-shell` and `--sql-file`?
and/or `--sql-shell`?
It is possible to use those commands, but only if the stacked injection is supported It is possible to run those statements as well as any other statement on the target database given that stacked queries SQL injection is supported by the vulnerable application or you are connecting directly to the database with `-d` switch and the session user has such privileges (or a privilege escalation vector has been injected upfront).
by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
attacks are Microsoft SQL Server and PostgreSQL.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1237) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1237)
## I am getting `"finally: SyntaxError: invalid syntax"` when trying to run sqlmap? ## I am getting `finally: SyntaxError: invalid syntax` when trying to run sqlmap?
You are most probably using outdated version of Python. sqlmap is generally You are most probably using outdated version of Python. sqlmap is generally supported by Python versions 2.5, 2.6 and 2.7, while you are strongly
supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly advised to use version 2.7.
advised to use versions 2.6 and 2.7.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1231) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/1231)
## sqlmap is not able to detect/exploit injection while other commercial tools are? ## sqlmap is not able to detect/exploit injection while other commercial tools are?
In most of those kind of cases blatant error message detection is used by commercial In most of those kind of cases blatant error message detection is used by commercial tools leading to *false positive* claims. You have to be aware that a
tools making some "false positive" claims. You have to be aware that DBMS error message does not mean that the affected web application is vulnerable to SQL injection attacks. sqlmap goes several steps further and never claims
DBMS error message doesn't mean that the affected web application is vulnerable to an injection point without making through tests if it can be exploited on the first place.
SQL injection attacks. sqlmap goes several steps further and never claims
an injection point without making through tests if it can be exploited at the first place.
Question(s): Question(s):
[#1](http://thread.gmane.org/gmane.comp.security.sqlmap/970) [#1](http://thread.gmane.org/gmane.comp.security.sqlmap/970)