Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Advanced help output

By: a guest on Jul 3rd, 2012  |  syntax: None  |  size: 11.77 KB  |  hits: 104  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. $ python sqlmap.py -hh
  2.  
  3.     sqlmap/1.0-dev (8b8677b938) - automatic SQL injection and database takeover tool
  4.     http://www.sqlmap.org
  5.  
  6. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  7.  
  8. [*] starting at 12:34:52
  9.  
  10. Usage: python sqlmap.py [options]
  11.  
  12. Options:
  13.   --version             show program's version number and exit
  14.   -h, --help            show this help message and exit
  15.   -hh                   Show advanced help
  16.   -v VERBOSE            Verbosity level: 0-6 (default 1)
  17.  
  18.   Target:
  19.     At least one of these options has to be specified to set the source to get target urls from
  20.  
  21.     -d DIRECT           Direct connection to the database
  22.     -u URL, --url=URL   Target url
  23.     -l LOGFILE          Parse targets from Burp or WebScarab proxy logs
  24.     -m BULKFILE         Scan multiple targets enlisted in a given textual file
  25.     -r REQUESTFILE      Load HTTP request from a file
  26.     -g GOOGLEDORK       Process Google dork results as target urls
  27.     -c CONFIGFILE       Load options from a configuration INI file
  28.  
  29.   Request:
  30.     These options can be used to specify how to connect to the target url
  31.  
  32.     --data=DATA         Data string to be sent through POST
  33.     --param-del=PDEL    Character used for splitting parameter values
  34.     --cookie=COOKIE     HTTP Cookie header
  35.     --load-cookies=LOC  File containing cookies in Netscape/wget format
  36.     --cookie-urlencode  URL Encode generated cookie injections
  37.     --drop-set-cookie   Ignore Set-Cookie header from response
  38.     --user-agent=AGENT  HTTP User-Agent header
  39.     --random-agent      Use randomly selected HTTP User-Agent header
  40.     --randomize=RPARAM  Randomly change value for given parameter(s)
  41.     --force-ssl         Force usage of SSL/HTTPS requests
  42.     --host=HOST         HTTP Host header
  43.     --referer=REFERER   HTTP Referer header
  44.     --headers=HEADERS   Extra headers (e.g. "Accept-Language: fr\nETag: 123")
  45.     --auth-type=ATYPE   HTTP authentication type (Basic, Digest or NTLM)
  46.     --auth-cred=ACRED   HTTP authentication credentials (name:password)
  47.     --auth-cert=ACERT   HTTP authentication certificate (key_file,cert_file)
  48.     --proxy=PROXY       Use a HTTP proxy to connect to the target url
  49.     --proxy-cred=PCRED  HTTP proxy authentication credentials (name:password)
  50.     --ignore-proxy      Ignore system default HTTP proxy
  51.     --delay=DELAY       Delay in seconds between each HTTP request
  52.     --timeout=TIMEOUT   Seconds to wait before timeout connection (default 30)
  53.     --retries=RETRIES   Retries when the connection timeouts (default 3)
  54.     --scope=SCOPE       Regexp to filter targets from provided proxy log
  55.     --safe-url=SAFURL   Url address to visit frequently during testing
  56.     --safe-freq=SAFREQ  Test requests between two visits to a given safe url
  57.     --skip-urlencode    Skip URL encoding of POST data
  58.     --eval=EVALCODE     Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()")
  59.  
  60.   Optimization:
  61.     These options can be used to optimize the performance of sqlmap
  62.  
  63.     -o                  Turn on all optimization switches
  64.     --predict-output    Predict common queries output
  65.     --keep-alive        Use persistent HTTP(s) connections
  66.     --null-connection   Retrieve page length without actual HTTP response body
  67.     --threads=THREADS   Max number of concurrent HTTP(s) requests (default 1)
  68.  
  69.   Injection:
  70.     These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts
  71.  
  72.     -p TESTPARAMETER    Testable parameter(s)
  73.     --dbms=DBMS         Force back-end DBMS to this value
  74.     --os=OS             Force back-end DBMS operating system to this value
  75.     --invalid-bignum    Use big numbers for invalidating values
  76.     --invalid-logical   Use logical operations for invalidating values
  77.     --no-cast           Turn off payload casting mechanism
  78.     --prefix=PREFIX     Injection payload prefix string
  79.     --suffix=SUFFIX     Injection payload suffix string
  80.     --skip=SKIP         Skip testing for given parameter(s)
  81.     --tamper=TAMPER     Use given script(s) for tampering injection data
  82.  
  83.   Detection:
  84.     These options can be used to specify how to parse and compare page content from HTTP responses when using blind SQL injection technique
  85.  
  86.     --level=LEVEL       Level of tests to perform (1-5, default 1)
  87.     --risk=RISK         Risk of tests to perform (0-3, default 1)
  88.     --string=STRING     String to match in the response when query is valid
  89.     --regexp=REGEXP     Regexp to match in the response when query is valid
  90.     --code=CODE         HTTP response code to match when the query is valid
  91.     --text-only         Compare pages based only on the textual content
  92.     --titles            Compare pages based only on their titles
  93.  
  94.   Techniques:
  95.     These options can be used to tweak testing of specific SQL injection techniques
  96.  
  97.     --technique=TECH    SQL injection techniques to test for (default "BEUST")
  98.     --time-sec=TIMESEC  Seconds to delay the DBMS response (default 5)
  99.     --union-cols=UCOLS  Range of columns to test for UNION query SQL injection
  100.     --union-char=UCHAR  Character to use for bruteforcing number of columns
  101.     --dns-domain=DNAME  Domain name used for DNS exfiltration attack
  102.  
  103.   Fingerprint:
  104.     -f, --fingerprint   Perform an extensive DBMS version fingerprint
  105.  
  106.   Enumeration:
  107.     These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements
  108.  
  109.     -b, --banner        Retrieve DBMS banner
  110.     --current-user      Retrieve DBMS current user
  111.     --current-db        Retrieve DBMS current database
  112.     --is-dba            Detect if the DBMS current user is DBA
  113.     --users             Enumerate DBMS users
  114.     --passwords         Enumerate DBMS users password hashes
  115.     --privileges        Enumerate DBMS users privileges
  116.     --roles             Enumerate DBMS users roles
  117.     --dbs               Enumerate DBMS databases
  118.     --tables            Enumerate DBMS database tables
  119.     --columns           Enumerate DBMS database table columns
  120.     --schema            Enumerate DBMS schema
  121.     --count             Retrieve number of entries for table(s)
  122.     --dump              Dump DBMS database table entries
  123.     --dump-all          Dump all DBMS databases tables entries
  124.     --search            Search column(s), table(s) and/or database name(s)
  125.     -D DB               DBMS database to enumerate
  126.     -T TBL              DBMS database table to enumerate
  127.     -C COL              DBMS database table column to enumerate
  128.     -U USER             DBMS user to enumerate
  129.     --exclude-sysdbs    Exclude DBMS system databases when enumerating tables
  130.     --start=LIMITSTART  First query output entry to retrieve
  131.     --stop=LIMITSTOP    Last query output entry to retrieve
  132.     --first=FIRSTCHAR   First query output word character to retrieve
  133.     --last=LASTCHAR     Last query output word character to retrieve
  134.     --sql-query=QUERY   SQL statement to be executed
  135.     --sql-shell         Prompt for an interactive SQL shell
  136.  
  137.   Brute force:
  138.     These options can be used to run brute force checks
  139.  
  140.     --common-tables     Check existence of common tables
  141.     --common-columns    Check existence of common columns
  142.  
  143.   User-defined function injection:
  144.     These options can be used to create custom user-defined functions
  145.  
  146.     --udf-inject        Inject custom user-defined functions
  147.     --shared-lib=SHLIB  Local path of the shared library
  148.  
  149.   File system access:
  150.     These options can be used to access the back-end database management system underlying file system
  151.  
  152.     --file-read=RFILE   Read a file from the back-end DBMS file system
  153.     --file-write=WFILE  Write a local file on the back-end DBMS file system
  154.     --file-dest=DFILE   Back-end DBMS absolute filepath to write to
  155.  
  156.   Operating system access:
  157.     These options can be used to access the back-end database management system underlying operating system
  158.  
  159.     --os-cmd=OSCMD      Execute an operating system command
  160.     --os-shell          Prompt for an interactive operating system shell
  161.     --os-pwn            Prompt for an out-of-band shell, meterpreter or VNC
  162.     --os-smbrelay       One click prompt for an OOB shell, meterpreter or VNC
  163.     --os-bof            Stored procedure buffer overflow exploitation
  164.     --priv-esc          Database process' user privilege escalation
  165.     --msf-path=MSFPATH  Local path where Metasploit Framework is installed
  166.     --tmp-path=TMPPATH  Remote absolute path of temporary files directory
  167.  
  168.   Windows registry access:
  169.     These options can be used to access the back-end database management system Windows registry
  170.  
  171.     --reg-read          Read a Windows registry key value
  172.     --reg-add           Write a Windows registry key value data
  173.     --reg-del           Delete a Windows registry key value
  174.     --reg-key=REGKEY    Windows registry key
  175.     --reg-value=REGVAL  Windows registry key value
  176.     --reg-data=REGDATA  Windows registry key value data
  177.     --reg-type=REGTYPE  Windows registry key value type
  178.  
  179.   General:
  180.     These options can be used to set some general working parameters
  181.  
  182.     -t TRAFFICFILE      Log all HTTP traffic into a textual file
  183.     --batch             Never ask for user input, use the default behaviour
  184.     --charset=CHARSET   Force character encoding used for data retrieval
  185.     --check-tor         Check to see if Tor is used properly
  186.     --crawl=CRAWLDEPTH  Crawl the website starting from the target url
  187.     --csv-del=CSVDEL    Delimiting character used in CSV output (default ",")
  188.     --dbms-cred=DCRED   DBMS authentication credentials (user:password)
  189.     --eta               Display for each output the estimated time of arrival
  190.     --flush-session     Flush session file for current target
  191.     --forms             Parse and test forms on target url
  192.     --fresh-queries     Ignores query results stored in session file
  193.     --hex               Uses DBMS hex function(s) for data retrieval
  194.     --output-dir=ODIR   Custom output directory path
  195.     --parse-errors      Parse and display DBMS error messages from responses
  196.     --replicate         Replicate dumped data into a sqlite3 database
  197.     --save              Save options to a configuration INI file
  198.     --tor               Use Tor anonymity network
  199.     --tor-port=TORPORT  Set Tor proxy port other than default
  200.     --tor-type=TORTYPE  Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)
  201.     --update            Update sqlmap
  202.  
  203.   Miscellaneous:
  204.     -z MNEMONICS        Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
  205.     --beep              Sound alert when SQL injection found
  206.     --check-payload     Offline WAF/IPS/IDS payload detection testing
  207.     --check-waf         Check for existence of WAF/IPS/IDS protection
  208.     --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
  209.     --dependencies      Check for missing sqlmap dependencies
  210.     --disable-hash      Disable password hash cracking mechanism
  211.     --disable-like      Disable LIKE search of identificator names
  212.     --gpage=GOOGLEPAGE  Use Google dork results from specified page number
  213.     --mobile            Imitate smartphone through HTTP User-Agent header
  214.     --page-rank         Display page rank (PR) for Google dork results
  215.     --purge-output      Safely remove all content from output directory
  216.     --smart             Conduct through tests only if positive heuristic(s)
  217.     --test-filter=TSTF  Select tests by payloads and/or titles (e.g. ROW)
  218.     --wizard            Simple wizard interface for beginner users
  219.  
  220. [*] shutting down at 12:34:52
create a new version of this paste RAW Paste Data