Sqlmap Help Information

Source: Internet
Author: User
Tags auth http authentication http cookie sqlite

Usage:sqlmap.py [Options]

Options:
-H,--help displays basic help information and exits
-HH Display advanced help information and exit
--version Display the program version number and exit
-V VERBOSE verbose level 0-6 (default 1)

Goal:
At least one of the options must be provided to define the stated target

-D Direct connection string for connecting directly to the database
-u URL,--url=url destination URL (e.g. "http://www.site.com/vuln.php?id=1")
-L LOGFILE the target from the burp or webscarab agent log file
-X Sitemapurl the destination from the remote site map XML file
-M bulkfile scans a text file for a given number of targets
-R RequestFile loading HTTP requests from a file
-G googledork processing Google dork results as target URLs
-c configfile loading options from INI configuration file

Request:
These options can be used to specify how to connect to the destination URL

--method=method enforces the use of the given HTTP method (e.g. PUT)
--data=data data string sent via post
--param-del=para. The character used to split the parameter value
--cookie=cookie HTTP Cookie Value
--cookie-del=coo. The character used to split the cookie value
--load-cookies=l. Netscape/wget format files that contain cookies
--drop-set-cookie Ignore Set-cookie from response
--user-agent=agent HTTP user-agent Value
--random-agent using a randomly selected HTTP user-agent value
--host=host HTTP Host Value
--referer=referer HTTP referer Value
-H HEADER,--hea. Extension header (e.g. "x-forwarded-for:127.0.0.1")
--headers=headers extension head (e.g. "accept-language:fr\netag:123")
--auth-type=auth. HTTP Authentication Type (Basic, Digest, NTLM, or PKI)
--auth-cred=auth. HTTP Authentication Certificate (Name:password)
--auth-file=auth. HTTP authentication Pem cert/private key file
--ignore-401 Ignore HTTP Error 401 (unauthorized)
--proxy=proxy using a proxy to connect to the destination URL
--proxy-cred=pro. Proxy authentication Credentials (Name:password)
--proxy-file=pro. Load Agent list from file
--ignore-proxy Ignore system default proxy settings
--tor using Tor anonymous network
--tor-port=torport Setting the default Tor proxy port
--tor-type=tortype setting Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)
--check-tor Check if Tor is used correctly
--delay=delay the number of seconds to delay between each HTTP request
--timeout=timeout number of seconds to wait before timeout connection (default 30)
--retries=retries number of retries when connection timeout (default 3)
--randomize=rparam random change value for a given parameter
--safe-url=safeurl URL addresses that are frequently accessed during testing
--safe-post=safe. Post data sent to the secure URL
--safe-req=safer. Load a secure HTTP request from a file
--safe-freq=safe. The number of test requests between two accesses to a given secure URL
--skip-urlencode Skip URL encoding of attack payload data
--CSRF-TOKEN=CSR. Parameters to hold the CSRF token
ANTI-CSRF token extracted from the URL address of the--csrf-url=csrfurl access
--force-ssl Mandatory use of Ssl/https
--HPP methods for using HTTP parameter contamination
--eval=evalcode evaluates the provided Python code (e.g. "Import hashlib;id2=hashlib.md5 (ID)" Before the request. Hexdigest () ")

Optimization:
These options can be used to optimize the performance of Sqlmap

-O Turn on all optimization switches
--predict-output predicting common query output
--keep-alive using a persistent HTTP (s) connection
--null-connection retrieving the actual page length outside the HTTP response body
--threads=threads Maximum number of concurrent HTTP (s) requests (default 1)

Injection:
These options can be used to specify which parameters to test, provide a custom injection attack payload, and an optional tamper script.

-p testparameter parameters that can be tested
--skip=skip skipping tests for a given parameter
--skip-static Skip Test No dynamic parameters are present
--dbms=dbms forced back-end database management system for this value
--dbms-cred=dbms. DBMS authentication Credentials (User:password)
--os=os Mandatory Backend Database management system for this value
--invalid-bignum using large numbers for invalid values
--invalid-logical using logical operations to invalidate values
--invalid-string using a random string to invalidate a value
--no-cast shutdown attack Load casting mechanism
--no-escape closing the string escape mechanism
--prefix=prefix prefix string to inject attack payload
--suffix=suffix the suffix string injected into the attack payload
--tamper=tamper using the given script to tamper with the injected data

Found:
These options can be used to customize the detection level

Test level performed by--level=level (1-5, default 1)
Test risk performed by--risk=risk (1-3, default 1)
--string=string the string to match when the query is evaluated as true
--not-string=not. The string to match when the query is evaluated as false
--regexp=regexp the regular expression to match when the query is evaluated as true
--code=code the HTTP code to match when the query is evaluated as true
--text-only based on text content comparison page only
--titles based on their title comparison page only

Technology:
These options can be used to adjust test-specific SQL injection techniques

SQL injection technology used by--technique=tech (default "BEUSTQ")
--time-sec=timesec number of seconds to delay DBMS response (default 5)
--union-cols=ucols testing the range of columns for a federated query SQL injection
--union-char=uchar characters used for brute force number of columns
--union-from=ufrom table for federated query SQL injection from section
--dns-domain=dns. Domain name used for DNS bleed-out attacks
--second-order=s. URL of the page that searches for second-order response results

Fingerprint:
-F,--fingerprint demonstrates a broad version of the DBMS fingerprint

Enumeration:
These options can be used to enumerate the information, structure, and data of the back-end database management system contained in the table. In addition, you can run your own SQL statements.

-A,--all retrieve all content
-B,--banner retrieving DBMS Banner
--current-user retrieving the current user of the DBMS
--current-db retrieving the current DBMS database
--hostname retrieving the DBMS server host name
--IS-DBA detecting whether the DBMS current user is DBA
--users Enumerating DBMS users
--passwords enumeration of DBMS user password hashes
--privileges Enumerating DBMS User rights
--roles Enumerating DBMS user roles
--dbs Enumerating DBMS databases
--tables Enumerating DBMS data tables
--columns Enumerating DBMS data columns
--schema Enumerating the DBMS schemas
--count Retrieve table Record Count
--dump Dump DBMS data table records
--dump-all dump all DBMS data sheet records
--search Search column, table, or database name
--comments Retrieving DBMS annotations
-D DB enumerated DBMS database
-T TBL enumerated DBMS data table
DBMS data columns for-C COL Enumeration
-X Excludecol DBMS data columns that are not enumerated
-U user enumeration of DBMS users
--exclude-sysdbs to exclude DBMS system databases when enumerating tables
--pivot-column=p. Pivot Column Name
Where condition used when--where=dumpwhere a dump table
First query output entry for--start=limitstart retrieval
Last query output entry for--stop=limitstop retrieval
--first=firstchar the first query output character retrieved
--last=lastchar the last query output character retrieved
--sql-query=query the SQL statement to execute
--sql-shell get an Interactive SQL shell
--sql-file=sqlfile executing SQL statements from a given file

Brute Force hack:
These options can be used to run brute force check

--common-tables checking for the presence of common tables
--common-columns checking for the presence of common columns

User-defined function injection:
These options can be used to create custom user-defined functions

--udf-inject injecting user-defined functions
--shared-lib=shlib local path to shared library

File system access:
These options can be used to access the basic file system of the backend database management system

--file-read=rfile reading files from the file system of the backend database management system
--file-write=wfile writing local files to the file system in the back-end database management system
--file-dest=dfile the absolute path to the file written to the back-end database management system

Operating system access:
These options can be used to access the underlying operating system of the back-end database management system

--os-cmd=oscmd executing operating system commands
--os-shell get an interactive operating system shell
--os-pwn get an OOB shell, Meterpreter or VNC
--os-smbrelay One-click Get an OOB shell, Meterpreter or VNC
--os-bof stored Procedure Buffer Overflow utilization
--PRIV-ESC Database Process User privilege elevation
--msf-path=msfpath loading the local path of the installed Metasploit framework
--tmp-path=tmppath remote Absolute path to temporary file directory

Windows Registry access:
These options can be used to access the Windows registry of the backend database management system

--reg-read reading Windows registry key values
--reg-add writing Windows registry key-value data
--reg-del deleting Windows registry key values
--reg-key=regkey Windows registry key
--reg-value=regval Windows registry key values
--reg-data=regdata Windows registry key value data
--reg-type=regtype Windows registry key value type

General:
These options can be used to set some common working parameters

-S Sessionfile load session from SQLite store file
-T trafficfile log all HTTP traffic to a text file
--batch never ask for user input, use default behavior
--binary-fields=. A field with a binary value (e.g. "Digest")
--charset=charset force a character encoding for data retrieval
--crawl=crawldepth crawl site from Target URL
--crawl-exclude=. Use regular expressions to exclude crawling Web pages (e.g. "logout")
--csv-del=csvdel the delimiter character used in the CSV output (default ",")
--dump-format=du. Format of Dump data (CSV (default), HTML or SQLITE)
--eta shows the estimated time of arrival for each output
--flush-session Flush session file for current target
--forms parsing and testing the form on the destination URL
--fresh-queries Ignore query results stored in the session file
--hex data retrieval using the DBMS hex function
--output-dir=out. Custom Output directory path
--parse-errors parsing and displaying DBMS error messages from the response
--save=saveconfig save options to ini config file
--scope=scope filtering the target from the provided proxy log with regular expressions
--test-filter=te. Select test by attack payload or title
--test-skip=test. Skip test by attack payload or title (e.g. BENCHMARK)
--update Update Sqlmap

Miscellaneous:
-Z mnemonics using short mnemonics (e.g. "Flu,bat,ban,tec=eu")
--alert=alert running operating system commands when SQL injection is found
--answers=answers set the answer to the question (e.g. "quit=n,follow=n")
--beep beep When a problem is encountered or SQL injection is found
--cleanup cleanup of Sqlmap generated UDFs and tables in the DBMS
--dependencies checking for missing non-core sqlmap dependencies
--disable-coloring Disabling console output coloring
--gpage=googlepage using Google dork results from a specific page number
--identify-waf Comprehensive test of waf/ips/ids protection
--mobile emulate smartphones via HTTP user-agent
--offline working in offline mode (using session data only)
--page-rank for Google dork Results Display page rank (PR)
--purge-output Safely remove all content from the output directory
Heuristic detection of--SKIP-WAF skip waf/ips/ids protection
--smart only thorough testing of positive heuristics
--sqlmap-shell get an interactive sqlmap shell
--tmp-dir=tmpdir Local directory for storing temporary files
--wizard Simple Wizard Interface for novice users

Sqlmap Help Information

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.