Detailed interpretation of SQLMAP Chinese Translation

    ___
   __H__

___ [']__ ___ ___ {1.5.5#stable}
|_ -| . [.] | .'| . |
|| [(]|||__,| |
||V... || http://sqlmap.org

Usage example: Python 3 sqlmap [options]

Options:
-h. -- help displays basic help information and exits
-Hhdisplay more detailed help information and exit
– version displays the program version number and exits
-v VERBOSE verbose level: 0-6 (default: 1)

Objectives:
Use at least one of these options to declare the target

-u URL, --url=URL   Target link(example "http://www.site.com/vuln.php?id=1")
-d DIRECT           Connection string for direct connection to database
-l LOGFILE          from Burp or WebScarab Resolve target in log file of
-m BULKFILE         Scan multiple targets given in the file
-r REQUESTFILE      Load from file HTTP request
-g GOOGLEDORK       take Google Dork Results as goals URL handle
-c CONFIGFILE       From configuration INI Load options in file

Request:
These options can be used to set how to connect target links

-A AGENT, --user..  HTTP User-Agent Value of header
-H HEADER, --hea..  Extra head(for example "X-Forwarded-For: 127.0.0.1")
--method=METHOD     Force use of the given HTTP method(for example PUT)
--data=DATA         To pass POST Sent data string(for example "id=1")
--param-del=PARA..  Characters used to split parameter values(for example &)
--cookie=COOKIE     HTTP Cookie Value of header(for example "PHPSESSID=a8d127e..")
--cookie-del=COO..  For segmentation cookie Character(for example ;)
--live-cookies=L..  Real time for loading the latest values cookie file
--load-cookies=L..  contain Netscape/wget Formatted cookie file
--drop-set-cookie   Ignore from response Set-Cookie head
--mobile            adopt HTTP User-Agent To pretend to be a cell phone
--random-agent      Use randomly selected HTTP User-Agent Head value
--host=HOST         HTTP Host Head value
--referer=REFERER   HTTP Referer Head value
--headers=HEADERS   Extra head(for example "Accept-Language: fr\nETag: 123")
--auth-type=AUTH..  HTTP Authentication type(Basic, abstract, bearing,...)
--auth-cred=AUTH..  HTTP Authentication credentials(name:password)
--auth-file=AUTH..  HTTP verification PEM certificate/Private key file
--ignore-code=IG..  Ignore problematic HTTP error code (For example 401)
--ignore-proxy      Ignore system default proxy settings
--ignore-redirects  Ignore redirection attempts
--ignore-timeouts   Ignore connection timeout
--proxy=PROXY       Use a proxy to connect to the target URL
--proxy-cred=PRO..  Proxy authentication credentials(full name:Meow meow)
--proxy-file=PRO..  Load agent list from file
--proxy-freq=PRO..  Switch proxy requests between given lists
--tor               use Tor anonymous network 
--tor-port=TORPORT  Setting default value is unexpected Tor Proxy port
--tor-type=TORTYPE  set up Tor Agent type(HTTP,SOCKS4 perhaps SOCKS5(default))
--check-tor         testing Tor Can I use it
--delay=DELAY       At all HTTP Delay between requests in seconds
--timeout=TIMEOUT   The number of seconds the connection timed out(Default 30)
--retries=RETRIES   Number of retries when the connection timed out(Default 3)
--randomize=RPARAM  Randomly change the value of a given parameter
--safe-url=SAFEURL  Frequent access to link addresses during testing
--safe-post=SAFE..  Send via a secure link POST data
--safe-req=SAFER..  Load security from file HTTP request
--safe-freq=SAFE..  Regular requests when accessing secure links
--skip-urlencode    Payload data skip URL code
--csrf-token=CSR..  Parameter is used to hold the inverse CSRF token
--csrf-url=CSRFURL  Access anti CSRF Token extracted URL address
--csrf-method=CS..  In opposition CSRF Used during token page access HTTP method
--csrf-retries=C..  Try again to recover CSFR token(Default 0)
--force-ssl         Mandatory use SSL/HTTPS
--chunked           use HTTP Fractional transfer coding(POST)request
--hpp               use HTTP Parameter pollution method
--eval=EVALCODE     Identify the provided before the request Python code
(e.g.
                    "import hashlib;id2=hashlib.md5(id).hexdigest()")

Optimization:
These options can be used to optimize the performance of SQL map

-o                  Turn on all optimization switches
--predict-output    Forecast common query output
--keep-alive        Using persistent HTTP(s)connect
--null-connection   In the absence of actual HTTP Retrieve page length in response to text
--threads=THREADS   Maximum concurrency HTTP(s)Number of requests(Default 1)

Injection:
These parameters can be used to specify the parameters to be tested, provide custom injection payload and optional tampering script

-p TESTPARAMETER    Testable parameters
--skip=SKIP         Skip testing given parameters
--skip-static       Skipping tests may not be a dynamic parameter
--param-exclude=..  Skip test parameters through regular expressions(for example "ses")
--param-filter=P..  Select testable parameters by location(for example "POST")
--dbms=DBMS         Force backend DBMS To provide a value
--dbms-cred=DBMS..  DBMS Authentication credentials(user:password)
--os=OS             Force backend DBMS Operating system to provide values
--invalid-bignum    Use large numbers to invalidate values
--invalid-logical   Use logical operators to invalidate values
--invalid-string    Use a random string to invalidate the value
--no-cast           Turn off the payload projection mechanism
--no-escape         Turn off string escape mechanism
--prefix=PREFIX     Inject payload prefix string
--suffix=SUFFIX     Inject payload suffix string
--tamper=TAMPER     Modify the injected data using the given script

Discovery:
These options can be used to customize the detection phase

--level=LEVEL       Test level to perform(1-5,Default 1)
--risk=RISK         Risk of tests to be performed(1-3,Default 1)
--string=STRING     The string that matches when the query is determined to be correct
--not-string=NOT..  The string that matches when the query is determined to be wrong
--regexp=REGEXP     The regular number of matches when the query is determined to be correct
--code=CODE         To match when the query is determined to be correct HTTP code
--smart             Perform a thorough test only when you can search
--text-only         Compare pages based on text content only
--titles            Compare pages by title content only

skill:
These options can be used to adjust the testing of specific SQL injection techniques

--technique=TECH..  To use SQL Injection technology(default"BEUSTQ")
--time-sec=TIMESEC  delay DBMS Seconds of response(Default 5)
--union-cols=UCOLS  union Range of the number of columns to attempt for union injection
--union-char=UCHAR  Characters used to brute force the number of columns
--union-from=UFROM  union Joint injection is used in FROM Partial table
--dns-domain=DNS..  Used DNS Domain name of leakage attack
--second-url=SEC..  Link to the results page used to search for the second phase response
--second-req=SEC..  Load phase II from file HTTP request

Fingerprint:
-f. -- fingerprint executes common DBMS version fingerprints

Enumeration:
These options can be used to enumerate back-end database management system information, structures, and data in tables

-a, --all           Retrieve all options
-b, --banner        retrieval DBMS fingerprint
--current-user      retrieval DBMS Current user
--current-db        retrieval DBMS Current database
--hostname          retrieval DBMS Service host name
--is-dba            testing DBMS Is the current user DBA
--users             enumeration DBMS user
--passwords         enumeration DBMS User password hash
--privileges        enumeration DBMS User rights
--roles             enumeration DBMS User role
--dbs               enumeration DBMS database
--tables            enumeration DBMS Database name, table name
--columns           enumeration DBMS Database name, table name, column name
--schema            enumeration DBMS schema
--count             Retrieves the number of entries in the data table
--dump              Transfer deposit DBMS Data table entry
--dump-all          Transfer all data table entries
--search            Search columns, tables, and/Or database name
--comments          Check during enumeration DBMS notes
--statements        Retrieve in DBMS Running on SQL sentence
-D DB               To enumerate DBMS database
-T TBL              To enumerate DBMS Database, data table
-C COL              To enumerate DBMS Database, data table, column
-X EXCLUDE          Database identifiers not enumerated
-U USER             enumeration DBMS user
--exclude-sysdbs    Exclude when enumerating tables DBMS System database
--pivot-column=P..  Column as the core
--where=DUMPWHERE   Used when transferring tables WHERE sentence
--start=LIMITSTART  To retrieve the entry of the first table transferred
--stop=LIMITSTOP    The entry of the last table to retrieve
--first=FIRSTCHAR   The first query result character to retrieve
--last=LASTCHAR     The last query result character to retrieve
--sql-query=SQLQ..  To execute SQL sentence
--sql-shell         Prompt interactive SQL shell
--sql-file=SQLFILE  Execute from given file SQL sentence

Mandatory:
These options can be used for forced detection

--common-tables     Detect whether the public table exists
--common-columns    Detect whether the public column exists
--common-files      Detect whether public files exist

User defined function injection:
These options can be used to create user-defined functions written

--udf-inject        User defined functions written by injection
--shared-lib=SHLIB  Local path to shared library

File system access:
These options can be used to access the underlying file system of the back-end database management system
– file read = file... Reads a file from the backend DBMS file system
– file write = fil... Write a local file to the backend DBMS file system
– file dest = file... The absolute path of the backend DBMS file to be written

Operating system access:
These options are used to access the background database management system and the underlying operating system

--os-cmd=OSCMD      Execute an operating system command
--os-shell          Prompt interactive operating system shell
--os-pwn            Prompt one OOB shell,Meterpreter perhaps VNC
--os-smbrelay       One click prompt OOB shell,Meterpreter perhaps VNC
--os-bof            Stored procedure buffer overflow utilization
--priv-esc          Database process user privilege promotion
--msf-path=MSFPATH  Metasploit Framework Local installation path
--tmp-path=TMPPATH  Remote absolute path to temporary file directory

Windows registry access:
These options can be used to access the Windows registry of the background database management system

--reg-read          Read one Windows The value of the registry key
--reg-add           Write a Windows Registry key data
--reg-del           Delete a Windows Registry keys 
--reg-key=REGKEY    Windows registry key 
--reg-value=REGVAL  Windows Registry keys 
--reg-data=REGDATA  Windows Registry key data
--reg-type=REGTYPE  Windows Registry key type

Usually:
These options can be used to set some general operating parameters

-s SESSIONFILE      From stored(.sqlite)File load session
-t TRAFFICFILE      Put all HTTP The traffic is recorded in a text file
--answers=ANSWERS   Set preliminary answers(for example"quit=N,follow=N")
--base64=BASE64P..  Parameter contains Base64 Encoded data
--base64-safe       use URL And file name security Base64 alphabet(RFC 4648)
--batch             Do not ask for user input, use the default option
--binary-fields=..  Result field with binary value(for example"digest")
--check-internet    Check the network connection before evaluating the target
--cleanup           from sqlmap Specific UDF And table cleanup DBMS
--crawl=CRAWLDEPTH  Grab site from target connection
--crawl-exclude=..  Exclude pages from the captured results by regularization(for example"logout")
--csv-del=CSVDEL    CSV Separator used when exporting(default",")
--charset=CHARSET   SQL Character set used in blind annotation(for example"0123456789abcdef")
--dump-format=DU..  Format of transferred data(CSV(default),HTML or SQLITE)
--encoding=ENCOD..  Character set encoding for data retrieval(for example GBK)
--eta               Displays the estimated response time for each output
--flush-session     Refresh session file for current target
--forms             In target URL Analysis and survey form in
--fresh-queries     Ignore query results stored in the session file
--gpage=GOOGLEPAGE  Use the specified page number Google dork result
--har=HARFILE       Put all HTTP Flow recorded to HAR In the file
--hex               Use hexadecimal conversion during data retrieval
--output-dir=OUT..  Custom output directory path
--parse-errors      Parse and display from response DBMS error message
--preprocess=PRE..  Preprocess using the given script(request)
--postprocess=PO..  Preprocess with the given script(response)
--repair            Reloads entries with unknown character marks(?)
--save=SAVECONFIG   Jiang Xuan wants to keep it in INI In the configuration file
--scope=SCOPE       Regular expressions for filtering targets
--skip-heuristics   Skip vulnerability heuristics
--skip-waf          skip WAF/IPS Tentative detection of protection
--table-prefix=T..  Prefix used in temporary table(default: "sqlmap")
--test-filter=TE..  By payload and/Or title selection test(for example ROW)
--test-skip=TEST..  By payload and/Or title skip test(for example BENCHMARK)
--web-root=WEBROOT  Web Service document root directory(for example"/var/www")

Miscellaneous:
These options do not belong to other categories

-z MNEMONICS        Use short mnemonics(for example"flu,bat,ban,tec=EU")
--alert=ALERT       stay SQL Run host command prompt at injection time
--beep              Identify problems and/Or vulnerabilities
--dependencies      Missing check(Optional)of sqlmap Dependency
--disable-coloring  Disable console output color
--list-tampers      Show available tamper Script list
--offline           Working in offline mode(Use session data only)
--purge             from SQLmap Delete all contents from the data directory
--results-file=R..  In multi-objective mode CSV Location of the result file
--shell             Interactive shell Mode use sqlmap
--tmp-dir=TMPDIR    Local folder where temporary files are stored
--unstable          Adjust unstable connection options
--update            to update sqlmap
--wizard            Simple wizard interface for beginners

Tags: PHP Database

Posted on Wed, 22 Sep 2021 21:50:56 -0400 by compbry15