Skip to content
Navigation Menu
{{ message }}
forked from sqlmapproject/sqlmap
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_sqlmap.py
More file actions
177 lines (172 loc) · 12.1 KB
/
Copy path_sqlmap.py
File metadata and controls
177 lines (172 loc) · 12.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#compdef sqlmap.py
# sqlmap completion commands. written by kost
# put this file in your zsh completion dir and restart your shell. Zsh completion dir is usually
# located somewhere in /usr/share/zsh/ or /usr/local/share/zsh
local curcontext="$curcontext" state line
_arguments -C -s \
'(- *)'{--help,-h}'[Show basic help message and exit]' \
'(- *)'-hh'[Show advanced help message and exit]' \
'(-v)'-v+'[Verbosity level: 0-6 (default 1)]:Verbosity level (0-6) - default 1' \
'(-d)'-d+'[Direct connection to the database]' \
'(-u,--url)'{-u+,--url=-}'[Target url]' \
'(-g)'-g+'[Process Google dork results as target urls]' \
'(--data)'--data=-'[Data string to be sent through POST]' \
'(-l)'-l+'[Parse targets from Burp or WebScarab proxy logs]:LOGFILE:_files' \
'(-m)'-m+'[Scan multiple targets enlisted in a given textual file]:BULKFILE:_files' \
'(-r)'-r+'[Load HTTP request from a file]:REQUESTFILE:_files' \
'(-s)'-s+'[Load session from a stored (.sqlite) file]:SESSIONFILE:_files' \
'(-c)'-c+'[Load options from a configuration INI file]:CONFIGFILE:_files' \
'(--param-del)'--param-del=-'[Character used for splitting parameter values]:PDEL' \
'(--cookie)'--cookie=-'[HTTP Cookie header]:COOKIE' \
'(--load-cookies)'--load-cookies=-'[File containing cookies in Netscape/wget format]:COOKIEFILE:_files' \
'(--drop-set-cookie)'--drop-set-cookie'[Ignore Set-Cookie header from response]' \
'(--user-agent)'--user-agent=-'[HTTP User-Agent header]:HTTP User Agent' \
'(--random-agent)'--random-agent'[Use randomly selected HTTP User-Agent header]' \
'(--randomize)'--randomize=-'[Randomly change value for given parameter(s)]:RPARAM' \
'(--force-ssl)'--force-ssl'[Force usage of SSL/HTTPS requests]' \
'(--host)'--host=-'[HTTP Host header]:Host Header' \
'(--referer)'--referer=-'[HTTP Referer header]:REFERER' \
'(--headers)'--headers=-'[Extra headers (e.g. Accept-Language: fr\nETag: 123)]:HEADERS' \
'(--auth-type)'--auth-type=-'[HTTP authentication type (Basic, Digest or NTLM)]:ATYPE' \
'(--auth-cred)'--auth-cred=-'[HTTP authentication credentials (name:password)]:ACRED' \
'(--auth-cert)'--auth-cert=-'[HTTP authentication certificate (key_file,cert_file)]:ACERT:_files' \
'(--proxy)'--proxy=-'[Use a HTTP proxy to connect to the target url]:PROXY' \
'(--proxy-cred)'--proxy-cred=-'[HTTP proxy authentication credentials (name:password)]:PCRED' \
'(--ignore-proxy)'--ignore-proxy'[Ignore system default HTTP proxy]' \
'(--delay)'--delay=-'[Delay in seconds between each HTTP request]:DELAY' \
'(--timeout)'--timeout=-'[Seconds to wait before timeout connection (default 30)]:TIMEOUT' \
'(--retries)'--retries=-'[Retries when the connection timeouts (default 3)]:RETRIES' \
'(--scope)'--scope=-'[Regexp to filter targets from provided proxy log]:SCOPE' \
'(--safe-url)'--safe-url=-'[Url address to visit frequently during testing]:SAFURL' \
'(--safe-freq)'--safe-freq=-'[Test requests between two visits to a given safe url]:SAFREQ' \
'(--skip-urlencode)'--skip-urlencode'[Skip URL encoding of payload data]' \
'(--eval)'--eval=-'[Evaluate provided Python code before the request (e.g.]:EVALCODE' \
'(-o)'-o'[Turn on all optimization switches]' \
'(--predict-output)'--predict-output'[Predict common queries output]' \
'(--keep-alive)'--keep-alive'[Use persistent HTTP(s) connections]' \
'(--null-connection)'--null-connection'[Retrieve page length without actual HTTP response body]' \
'(--threads)'--threads=-'[Max number of concurrent HTTP(s) requests (default 1)]:THREADS' \
'(-p)'-p+'[Testable parameter(s)]:TESTPARAMETER' \
'(--dbms)'--dbms=-'[Force back-end DBMS to this value]:DBMS:->list-dbms' \
'(--os)'--os=-'[Force back-end DBMS operating system to this value]:OS:->list-os' \
'(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
'(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
'(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
'(--no-escape)'--no-unescape'[Turn off string escaping mechanism]' \
'(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
'(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
'(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
'(--tamper)'--tamper=-'[Use given script(s) for tampering injection data]:TAMPER' \
'(--level)'--level=-'[Level of tests to perform (1-5, default 1)]:LEVEL (1-5), default 1' \
'(--risk)'--risk=-'[Risk of tests to perform (0-3, default 1)]:RISK (0-3), default 1' \
'(--string)'--string=-'[String to match when query is evaluated to True]:STRING' \
'(--not-string)'--not-string=-'[String to match when query is evaluated to False]:NOTSTRING' \
'(--regexp)'--regexp=-'[Regexp to match when query is evaluated to True]:REGEXP' \
'(--code)'--code=-'[HTTP code to match when query is evaluated to True]' \
'(--text-only)'--text-only'[Compare pages based only on the textual content]' \
'(--titles)'--titles'[Compare pages based only on their titles]' \
'(--technique)'--technique=-'[SQL injection techniques to test for (default "BEUSTQ")]:TECH:->list-techniques' \
'(--time-sec)'--time-sec=-'[Seconds to delay the DBMS response (default 5)]:TIMESEC' \
'(--union-cols)'--union-cols=-'[Range of columns to test for UNION query SQL injection]:UCOLS' \
'(--union-char)'--union-char=-'[Character to use for bruteforcing number of columns]:UCHAR' \
'(--dns-domain)'--dns-domain=-'[Domain name used for DNS exfiltration attack]:DNSDOMAIN' \
'(--second-order)'--second-order=-'[Resulting page url searched for second-order response]:SECONDORDER' \
'(-f,--fingerprint)'{-f,--fingerprint}'[Perform an extensive DBMS version fingerprint]' \
'(-a,--all)'{-a,--all}'[Retrieve everything]' \
'(-b,--banner)'{-b,--banner}'[Retrieve DBMS banner]' \
'(--current-user)'--current-user'[Retrieve DBMS current user]' \
'(--current-db)'--current-db'[Retrieve DBMS current database]' \
'(--hostname)'--hostname'[Retrieve DBMS server hostname]' \
'(--is-dba)'--is-dba'[Detect if the DBMS current user is DBA]' \
'(--users)'--users'[Enumerate DBMS users]' \
'(--passwords)'--passwords'[Enumerate DBMS users password hashes]' \
'(--privileges)'--privileges'[Enumerate DBMS users privileges]' \
'(--roles)'--roles'[Enumerate DBMS users roles]' \
'(--dbs)'--dbs'[Enumerate DBMS databases]' \
'(--tables)'--tables'[Enumerate DBMS database tables]' \
'(--columns)'--columns'[Enumerate DBMS database table columns]' \
'(--schema)'--schema'[Enumerate DBMS schema]' \
'(--count)'--count'[Retrieve number of entries for table(s)]' \
'(--dump)'--dump'[Dump DBMS database table entries]' \
'(--dump-all)'--dump-all'[Dump all DBMS databases tables entries]' \
'(--search)'--search'[Search column(s), table(s) and/or database name(s)]' \
'(-D)'-D+'[DBMS database to enumerate]:DB' \
'(-T)'-T+'[DBMS database table to enumerate]:TBL' \
'(-C)'-C+'[DBMS database table column to enumerate]:COL' \
'(-U)'-U+'[DBMS user to enumerate]:USER' \
'(--exclude-sysdbs)'--exclude-sysdbs'[Exclude DBMS system databases when enumerating tables]' \
'(--start)'--start=-'[First query output entry to retrieve]:LIMITSTART' \
'(--stop)'--stop=-'[Last query output entry to retrieve]:LIMITSTOP' \
'(--first)'--first=-'[First query output word character to retrieve]:FIRSTCHAR' \
'(--last)'--last=-'[Last query output word character to retrieve]:LASTCHAR' \
'(--sql-query)'--sql-query=-'[SQL statement to be executed]:QUERY' \
'(--sql-shell)'--sql-shell'[Prompt for an interactive SQL shell]' \
'(--sql-file)'--sql-file=-'[Execute SQL statements from given file(s)]:SQLFILE:_files' \
'(--common-tables)'--common-tables'[Check existence of common tables]' \
'(--common-columns)'--common-columns'[Check existence of common columns]' \
'(--udf-inject)'--udf-inject'[Inject custom user-defined functions]' \
'(--shared-lib)'--shared-lib=-'[Local path of the shared library]:SHLIB' \
'(--file-read)'--file-read=-'[Read a file from the back-end DBMS file system]:RFILE' \
'(--file-write)'--file-write=-'[Write a local file on the back-end DBMS file system]:WFILE' \
'(--file-dest)'--file-dest=-'[Back-end DBMS absolute filepath to write to]:DFILE' \
'(--os-cmd)'--os-cmd=-'[Execute an operating system command]:OSCMD' \
'(--os-shell)'--os-shell'[Prompt for an interactive operating system shell]' \
'(--os-pwn)'--os-pwn'[Prompt for an out-of-band shell, meterpreter or VNC]' \
'(--os-smbrelay)'--os-smbrelay'[One click prompt for an OOB shell, meterpreter or VNC]' \
'(--os-bof)'--os-bof'[Stored procedure buffer overflow exploitation]' \
'(--priv-esc)'--priv-esc'[Database process user privilege escalation]' \
'(--msf-path)'--msf-path=-'[Local path where Metasploit Framework is installed]:MSFPATH' \
'(--tmp-path)'--tmp-path=-'[Remote absolute path of temporary files directory]:TMPPATH' \
'(--reg-read)'--reg-read'[Read a Windows registry key value]' \
'(--reg-add)'--reg-add'[Write a Windows registry key value data]' \
'(--reg-del)'--reg-del'[Delete a Windows registry key value]' \
'(--reg-key)'--reg-key=-'[Windows registry key]:REGKEY' \
'(--reg-value)'--reg-value=-'[Windows registry key value]:REGVAL' \
'(--reg-data)'--reg-data=-'[Windows registry key value data]:REGDATA' \
'(--reg-type)'--reg-type=-'[Windows registry key value type]:REGTYPE' \
'(-t)'-t+'[Log all HTTP traffic into a textual file]:TRAFFICFILE' \
'(--batch)'--batch'[Never ask for user input, use the default behaviour]' \
'(--charset)'--charset=-'[Force character encoding used for data retrieval]:CHARSET' \
'(--check-tor)'--check-tor'[Check to see if Tor is used properly]' \
'(--crawl)'--crawl=-'[Crawl the website starting from the target url]:CRAWLDEPTH' \
'(--csv-del)'--csv-del=-'[Delimiting character used in CSV output (default is ,)]:CSVDEL' \
'(--dbms-cred)'--dbms-cred=-'[DBMS authentication credentials (user:password)]:DBMS authentication credentials' \
'(--eta)'--eta'[Display for each output the estimated time of arrival]' \
'(--flush-session)'--flush-session'[Flush session files for current target]' \
'(--forms)'--forms'[Parse and test forms on target url]' \
'(--fresh-queries)'--fresh-queries'[Ignores query results stored in session file]' \
'(--hex)'--hex'[Uses DBMS hex function(s) for data retrieval]' \
'(--output-dir)'--output-dir=-'[Custom output directory path]:ODIR' \
'(--parse-errors)'--parse-errors'[Parse and display DBMS error messages from responses]' \
'(--save)'--save'[Save options to a configuration INI file]' \
'(--tor)'--tor'[Use Tor anonymity network]' \
'(--tor-port)'--tor-port=-'[Set Tor proxy port other than default]:TORPORT' \
'(--tor-type)'--tor-type=-'[Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)]:TORTYPE' \
'(--update)'--update'[Update sqlmap]' \
'(-z)'-z+'[Use short mnemonics (e.g. flu,bat,ban,tec=EU)]:MNEMONICS' \
'(--check-payload)'--check-payload'[Offline WAF/IPS/IDS payload detection testing]' \
'(--check-waf)'--check-waf'[Check for existence of WAF/IPS/IDS protection]' \
'(--cleanup)'--cleanup'[Clean up the DBMS by sqlmap specific UDF and tables]' \
'(--dependencies)'--dependencies'[Check for missing (non-core) sqlmap dependencies]' \
'(--disable-coloring)'--disable-coloring'[Disable console output coloring]' \
'(--gpage)'--gpage=-'[Use Google dork results from specified page number]:GOOGLEPAGE' \
'(--mobile)'--mobile'[Imitate smartphone through HTTP User-Agent header]' \
'(--page-rank)'--page-rank'[Display page rank (PR) for Google dork results]' \
'(--purge-output)'--purge-output'[Safely remove all content from output directory]' \
'(--smart)'--smart'[Conduct through tests only if positive heuristic(s)]' \
'(--test-filter)'--test-filter=-'[Select tests by payloads and/or titles (e.g. ROW)]:test-filter' \
'(--wizard)'--wizard'[Simple wizard interface for beginner users]' && return 0
case "$state" in
list-dbms)
_values -S : 'DBMS' 'access' 'db2' 'firebird' 'maxdb' 'mssqlserver' 'mysql' 'oracle' 'postgresql' \
'sqlite' 'sybase'
;;
list-os)
_values -S : 'os' 'Linux' 'Windows'
;;
list-techniques)
_values -S : 'technique' \
'B[Boolean]' 'E[Error]' 'U[Union]' 'S[Stacked]' 'T[Time]'
;;
esac
return 0
You can’t perform that action at this time.