API tools faq
paste
Advertisement
Guest User

sqlmap

a guest
Aug 28th, 2015
660
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.10 KB | None | 0 0
raw download clone embed print report
  1. sqlmap/0.9 - automatic SQL injection and database takeover tool
  2. http://sqlmap.sourceforge.net
  3.  
  4. Usage: python /usr/local/bin/sqlmap [options]
  5.  
  6. Options:
  7. --version show program's version number and exit
  8. -h, --help show this help message and exit
  9. -v VERBOSE Verbosity level: 0-6 (default 1)
  10.  
  11. Target:
  12. At least one of these options has to be specified to set the source to
  13. get target urls from.
  14.  
  15. -d DIRECT Direct connection to the database
  16. -u URL, --url=URL Target url
  17. -l LIST Parse targets from Burp or WebScarab proxy logs
  18. -r REQUESTFILE Load HTTP request from a file
  19. -g GOOGLEDORK Process Google dork results as target urls
  20. -c CONFIGFILE Load options from a configuration INI file
  21.  
  22. Request:
  23. These options can be used to specify how to connect to the target url.
  24.  
  25. --data=DATA Data string to be sent through POST
  26. --cookie=COOKIE HTTP Cookie header
  27. --cookie-urlencode URL Encode generated cookie injections
  28. --drop-set-cookie Ignore Set-Cookie header from response
  29. --user-agent=AGENT HTTP User-Agent header
  30. --random-agent Use randomly selected HTTP User-Agent header
  31. --referer=REFERER HTTP Referer header
  32. --headers=HEADERS Extra HTTP headers newline separated
  33. --auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM)
  34. --auth-cred=ACRED HTTP authentication credentials (name:password)
  35. --auth-cert=ACERT HTTP authentication certificate (key_file,cert_file)
  36. --proxy=PROXY Use a HTTP proxy to connect to the target url
  37. --proxy-cred=PCRED HTTP proxy authentication credentials (name:password)
  38. --ignore-proxy Ignore system default HTTP proxy
  39. --delay=DELAY Delay in seconds between each HTTP request
  40. --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
  41. --retries=RETRIES Retries when the connection timeouts (default 3)
  42. --scope=SCOPE Regexp to filter targets from provided proxy log
  43. --safe-url=SAFURL Url address to visit frequently during testing
  44. --safe-freq=SAFREQ Test requests between two visits to a given safe url
  45.  
  46. Optimization:
  47. These options can be used to optimize the performance of sqlmap.
  48.  
  49. -o Turn on all optimization switches
  50. --predict-output Predict common queries output
  51. --keep-alive Use persistent HTTP(s) connections
  52. --null-connection Retrieve page length without actual HTTP response body
  53. --threads=THREADS Max number of concurrent HTTP(s) requests (default 1)
  54.  
  55. Injection:
  56. These options can be used to specify which parameters to test for,
  57. provide custom injection payloads and optional tampering scripts.
  58.  
  59. -p TESTPARAMETER Testable parameter(s)
  60. --dbms=DBMS Force back-end DBMS to this value
  61. --os=OS Force back-end DBMS operating system to this value
  62. --prefix=PREFIX Injection payload prefix string
  63. --suffix=SUFFIX Injection payload suffix string
  64. --tamper=TAMPER Use given script(s) for tampering injection data
  65.  
  66. Detection:
  67. These options can be used to specify how to parse and compare page
  68. content from HTTP responses when using blind SQL injection technique.
  69.  
  70. --level=LEVEL Level of tests to perform (1-5, default 1)
  71. --risk=RISK Risk of tests to perform (0-3, default 1)
  72. --string=STRING String to match in page when the query is valid
  73. --regexp=REGEXP Regexp to match in page when the query is valid
  74. --text-only Compare pages based only on the textual content
  75.  
  76. Techniques:
  77. These options can be used to tweak testing of specific SQL injection
  78. techniques.
  79.  
  80. --technique=TECH SQL injection techniques to test for (default BEUST)
  81. --time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
  82. --union-cols=UCOLS Range of columns to test for UNION query SQL injection
  83. --union-char=UCHAR Character to use for bruteforcing number of columns
  84.  
  85. Fingerprint:
  86. -f, --fingerprint Perform an extensive DBMS version fingerprint
  87.  
  88. Enumeration:
  89. These options can be used to enumerate the back-end database
  90. management system information, structure and data contained in the
  91. tables. Moreover you can run your own SQL statements.
  92.  
  93. -b, --banner Retrieve DBMS banner
  94. --current-user Retrieve DBMS current user
  95. --current-db Retrieve DBMS current database
  96. --is-dba Detect if the DBMS current user is DBA
  97. --users Enumerate DBMS users
  98. --passwords Enumerate DBMS users password hashes
  99. --privileges Enumerate DBMS users privileges
  100. --roles Enumerate DBMS users roles
  101. --dbs Enumerate DBMS databases
  102. --tables Enumerate DBMS database tables
  103. --columns Enumerate DBMS database table columns
  104. --dump Dump DBMS database table entries
  105. --dump-all Dump all DBMS databases tables entries
  106. --search Search column(s), table(s) and/or database name(s)
  107. -D DB DBMS database to enumerate
  108. -T TBL DBMS database table to enumerate
  109. -C COL DBMS database table column to enumerate
  110. -U USER DBMS user to enumerate
  111. --exclude-sysdbs Exclude DBMS system databases when enumerating tables
  112. --start=LIMITSTART First query output entry to retrieve
  113. --stop=LIMITSTOP Last query output entry to retrieve
  114. --first=FIRSTCHAR First query output word character to retrieve
  115. --last=LASTCHAR Last query output word character to retrieve
  116. --sql-query=QUERY SQL statement to be executed
  117. --sql-shell Prompt for an interactive SQL shell
  118.  
  119. Brute force:
  120. These options can be used to run brute force checks.
  121.  
  122. --common-tables Check existence of common tables
  123. --common-columns Check existence of common columns
  124.  
  125. User-defined function injection:
  126. These options can be used to create custom user-defined functions.
  127.  
  128. --udf-inject Inject custom user-defined functions
  129. --shared-lib=SHLIB Local path of the shared library
  130.  
  131. File system access:
  132. These options can be used to access the back-end database management
  133. system underlying file system.
  134.  
  135. --file-read=RFILE Read a file from the back-end DBMS file system
  136. --file-write=WFILE Write a local file on the back-end DBMS file system
  137. --file-dest=DFILE Back-end DBMS absolute filepath to write to
  138.  
  139. Operating system access:
  140. These options can be used to access the back-end database management
  141. system underlying operating system.
  142.  
  143. --os-cmd=OSCMD Execute an operating system command
  144. --os-shell Prompt for an interactive operating system shell
  145. --os-pwn Prompt for an out-of-band shell, meterpreter or VNC
  146. --os-smbrelay One click prompt for an OOB shell, meterpreter or VNC
  147. --os-bof Stored procedure buffer overflow exploitation
  148. --priv-esc Database process' user privilege escalation
  149. --msf-path=MSFPATH Local path where Metasploit Framework 3 is installed
  150. --tmp-path=TMPPATH Remote absolute path of temporary files directory
  151.  
  152. Windows registry access:
  153. These options can be used to access the back-end database management
  154. system Windows registry.
  155.  
  156. --reg-read Read a Windows registry key value
  157. --reg-add Write a Windows registry key value data
  158. --reg-del Delete a Windows registry key value
  159. --reg-key=REGKEY Windows registry key
  160. --reg-value=REGVAL Windows registry key value
  161. --reg-data=REGDATA Windows registry key value data
  162. --reg-type=REGTYPE Windows registry key value type
  163.  
  164. General:
  165. These options can be used to set some general working parameters.
  166.  
  167. -t TRAFFICFILE Log all HTTP traffic into a textual file
  168. -s SESSIONFILE Save and resume all data retrieved on a session file
  169. --flush-session Flush session file for current target
  170. --fresh-queries Ignores query results stored in session file
  171. --eta Display for each output the estimated time of arrival
  172. --update Update sqlmap
  173. --save Save options on a configuration INI file
  174. --batch Never ask for user input, use the default behaviour
  175.  
  176. Miscellaneous:
  177. --beep Alert when sql injection found
  178. --check-payload IDS detection testing of injection payloads
  179. --cleanup Clean up the DBMS by sqlmap specific UDF and tables
  180. --forms Parse and test forms on target url
  181. --gpage=GOOGLEPAGE Use Google dork results from specified page number
  182. --page-rank Display page rank (PR) for Google dork results
  183. --parse-errors Parse DBMS error messages from response pages
  184. --replicate Replicate dumped data into a sqlite3 database
  185. --tor Use default Tor (Vidalia/Privoxy/Polipo) proxy address
  186. --wizard Simple wizard interface for beginner users
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!