Advertisement
Guest User

sqlmap

a guest
Aug 28th, 2015
552
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. sqlmap/0.9 - automatic SQL injection and database takeover tool
  2. http://sqlmap.sourceforge.net
  3.  
  4. Usage: python /usr/local/bin/sqlmap [options]
  5.  
  6. Options:
  7. --version show program's version number and exit
  8. -h, --help show this help message and exit
  9. -v VERBOSE Verbosity level: 0-6 (default 1)
  10.  
  11. Target:
  12. At least one of these options has to be specified to set the source to
  13. get target urls from.
  14.  
  15. -d DIRECT Direct connection to the database
  16. -u URL, --url=URL Target url
  17. -l LIST Parse targets from Burp or WebScarab proxy logs
  18. -r REQUESTFILE Load HTTP request from a file
  19. -g GOOGLEDORK Process Google dork results as target urls
  20. -c CONFIGFILE Load options from a configuration INI file
  21.  
  22. Request:
  23. These options can be used to specify how to connect to the target url.
  24.  
  25. --data=DATA Data string to be sent through POST
  26. --cookie=COOKIE HTTP Cookie header
  27. --cookie-urlencode URL Encode generated cookie injections
  28. --drop-set-cookie Ignore Set-Cookie header from response
  29. --user-agent=AGENT HTTP User-Agent header
  30. --random-agent Use randomly selected HTTP User-Agent header
  31. --referer=REFERER HTTP Referer header
  32. --headers=HEADERS Extra HTTP headers newline separated
  33. --auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM)
  34. --auth-cred=ACRED HTTP authentication credentials (name:password)
  35. --auth-cert=ACERT HTTP authentication certificate (key_file,cert_file)
  36. --proxy=PROXY Use a HTTP proxy to connect to the target url
  37. --proxy-cred=PCRED HTTP proxy authentication credentials (name:password)
  38. --ignore-proxy Ignore system default HTTP proxy
  39. --delay=DELAY Delay in seconds between each HTTP request
  40. --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
  41. --retries=RETRIES Retries when the connection timeouts (default 3)
  42. --scope=SCOPE Regexp to filter targets from provided proxy log
  43. --safe-url=SAFURL Url address to visit frequently during testing
  44. --safe-freq=SAFREQ Test requests between two visits to a given safe url
  45.  
  46. Optimization:
  47. These options can be used to optimize the performance of sqlmap.
  48.  
  49. -o Turn on all optimization switches
  50. --predict-output Predict common queries output
  51. --keep-alive Use persistent HTTP(s) connections
  52. --null-connection Retrieve page length without actual HTTP response body
  53. --threads=THREADS Max number of concurrent HTTP(s) requests (default 1)
  54.  
  55. Injection:
  56. These options can be used to specify which parameters to test for,
  57. provide custom injection payloads and optional tampering scripts.
  58.  
  59. -p TESTPARAMETER Testable parameter(s)
  60. --dbms=DBMS Force back-end DBMS to this value
  61. --os=OS Force back-end DBMS operating system to this value
  62. --prefix=PREFIX Injection payload prefix string
  63. --suffix=SUFFIX Injection payload suffix string
  64. --tamper=TAMPER Use given script(s) for tampering injection data
  65.  
  66. Detection:
  67. These options can be used to specify how to parse and compare page
  68. content from HTTP responses when using blind SQL injection technique.
  69.  
  70. --level=LEVEL Level of tests to perform (1-5, default 1)
  71. --risk=RISK Risk of tests to perform (0-3, default 1)
  72. --string=STRING String to match in page when the query is valid
  73. --regexp=REGEXP Regexp to match in page when the query is valid
  74. --text-only Compare pages based only on the textual content
  75.  
  76. Techniques:
  77. These options can be used to tweak testing of specific SQL injection
  78. techniques.
  79.  
  80. --technique=TECH SQL injection techniques to test for (default BEUST)
  81. --time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
  82. --union-cols=UCOLS Range of columns to test for UNION query SQL injection
  83. --union-char=UCHAR Character to use for bruteforcing number of columns
  84.  
  85. Fingerprint:
  86. -f, --fingerprint Perform an extensive DBMS version fingerprint
  87.  
  88. Enumeration:
  89. These options can be used to enumerate the back-end database
  90. management system information, structure and data contained in the
  91. tables. Moreover you can run your own SQL statements.
  92.  
  93. -b, --banner Retrieve DBMS banner
  94. --current-user Retrieve DBMS current user
  95. --current-db Retrieve DBMS current database
  96. --is-dba Detect if the DBMS current user is DBA
  97. --users Enumerate DBMS users
  98. --passwords Enumerate DBMS users password hashes
  99. --privileges Enumerate DBMS users privileges
  100. --roles Enumerate DBMS users roles
  101. --dbs Enumerate DBMS databases
  102. --tables Enumerate DBMS database tables
  103. --columns Enumerate DBMS database table columns
  104. --dump Dump DBMS database table entries
  105. --dump-all Dump all DBMS databases tables entries
  106. --search Search column(s), table(s) and/or database name(s)
  107. -D DB DBMS database to enumerate
  108. -T TBL DBMS database table to enumerate
  109. -C COL DBMS database table column to enumerate
  110. -U USER DBMS user to enumerate
  111. --exclude-sysdbs Exclude DBMS system databases when enumerating tables
  112. --start=LIMITSTART First query output entry to retrieve
  113. --stop=LIMITSTOP Last query output entry to retrieve
  114. --first=FIRSTCHAR First query output word character to retrieve
  115. --last=LASTCHAR Last query output word character to retrieve
  116. --sql-query=QUERY SQL statement to be executed
  117. --sql-shell Prompt for an interactive SQL shell
  118.  
  119. Brute force:
  120. These options can be used to run brute force checks.
  121.  
  122. --common-tables Check existence of common tables
  123. --common-columns Check existence of common columns
  124.  
  125. User-defined function injection:
  126. These options can be used to create custom user-defined functions.
  127.  
  128. --udf-inject Inject custom user-defined functions
  129. --shared-lib=SHLIB Local path of the shared library
  130.  
  131. File system access:
  132. These options can be used to access the back-end database management
  133. system underlying file system.
  134.  
  135. --file-read=RFILE Read a file from the back-end DBMS file system
  136. --file-write=WFILE Write a local file on the back-end DBMS file system
  137. --file-dest=DFILE Back-end DBMS absolute filepath to write to
  138.  
  139. Operating system access:
  140. These options can be used to access the back-end database management
  141. system underlying operating system.
  142.  
  143. --os-cmd=OSCMD Execute an operating system command
  144. --os-shell Prompt for an interactive operating system shell
  145. --os-pwn Prompt for an out-of-band shell, meterpreter or VNC
  146. --os-smbrelay One click prompt for an OOB shell, meterpreter or VNC
  147. --os-bof Stored procedure buffer overflow exploitation
  148. --priv-esc Database process' user privilege escalation
  149. --msf-path=MSFPATH Local path where Metasploit Framework 3 is installed
  150. --tmp-path=TMPPATH Remote absolute path of temporary files directory
  151.  
  152. Windows registry access:
  153. These options can be used to access the back-end database management
  154. system Windows registry.
  155.  
  156. --reg-read Read a Windows registry key value
  157. --reg-add Write a Windows registry key value data
  158. --reg-del Delete a Windows registry key value
  159. --reg-key=REGKEY Windows registry key
  160. --reg-value=REGVAL Windows registry key value
  161. --reg-data=REGDATA Windows registry key value data
  162. --reg-type=REGTYPE Windows registry key value type
  163.  
  164. General:
  165. These options can be used to set some general working parameters.
  166.  
  167. -t TRAFFICFILE Log all HTTP traffic into a textual file
  168. -s SESSIONFILE Save and resume all data retrieved on a session file
  169. --flush-session Flush session file for current target
  170. --fresh-queries Ignores query results stored in session file
  171. --eta Display for each output the estimated time of arrival
  172. --update Update sqlmap
  173. --save Save options on a configuration INI file
  174. --batch Never ask for user input, use the default behaviour
  175.  
  176. Miscellaneous:
  177. --beep Alert when sql injection found
  178. --check-payload IDS detection testing of injection payloads
  179. --cleanup Clean up the DBMS by sqlmap specific UDF and tables
  180. --forms Parse and test forms on target url
  181. --gpage=GOOGLEPAGE Use Google dork results from specified page number
  182. --page-rank Display page rank (PR) for Google dork results
  183. --parse-errors Parse DBMS error messages from response pages
  184. --replicate Replicate dumped data into a sqlite3 database
  185. --tor Use default Tor (Vidalia/Privoxy/Polipo) proxy address
  186. --wizard Simple wizard interface for beginner users
Advertisement
RAW Paste Data Copied
Advertisement