-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
Expand file tree
/
Copy pathsqlmap.conf
More file actions
256 lines (194 loc) · 6.65 KB
/
sqlmap.conf
File metadata and controls
256 lines (194 loc) · 6.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
[Request]
# Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
# PHP and MySQL (local)
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
# PHP and Oracle (local)
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
# PHP and PostgreSQL (local)
#url = http://127.0.0.1/sqlmap/pgsql/get_int.php?id=1
# PHP and Microsoft SQL Server (remote)
#url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
# PHP and MySQL (remote on Windows)
#url = http://127.0.0.1/sqlmap/mysql/win_get_int.php?id=1
# ASP and Microsoft SQL Server (local)
#url = http://192.168.192.10/sqlmap/get_str.asp?name=luther
# ASP and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.asp?id=1
# ASP.NET and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.aspx?id=1
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google
# dorks see Johnny Long Google Hacking Database at
# http://johnny.ihackstuff.com/ghdb.php.
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
googleDork =
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
# parameters and HTTP User-Agent are tested by sqlmap.
testParameter =
# HTTP method to perform HTTP requests.
# Valid: GET or POST
# Default: GET
method = GET
# Data string to be sent through POST. It is mandatory only when
# HTTP method is set to POST.
data =
# HTTP Cookie header.
cookie =
# HTTP Referer header. Useful to fake the HTTP Referer header value at
# each HTTP request.
referer =
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
# at each HTTP request
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
agent =
# Load a random HTTP User-Agent header from file
# Example: ./txt/user-agents.txt
userAgentsFile =
# HTTP Authentication type. Useful only if the target url requires
# HTTP Basic or Digest authentication and you have such data.
# Valid: Basic or Digest
aType =
# HTTP Authentication credentials. Useful only if the target url requires
# HTTP Basic or Digest authentication and you have such data.
# Syntax: username:password
aCred =
# Use a HTTP proxy to connect to the target url.
# Syntax: http://url:port
proxy =
# Maximum number of concurrent HTTP requests (handled with Python threads)
# to be used in the inference SQL injection attack.
# Valid: integer
# Default: 1
threads = 1
# Delay in seconds between each HTTP request.
# Valid: float
# Default: 0
delay = 0
[Injection]
# String to match in page when the query is valid, only needed if the
# page content dynamically changes at each refresh, consequently changing
# the MD5 of the page which is the method used by default to determine
# if a query was valid or not. Read the documentation for further
# details.
string =
# Force back-end DBMS to this value. If this option is set, the back-end
# DBMS identification process will be minimized as needed.
# If not set, sqlmap will detect back-end DBMS automatically by default.
# Valid: mssql, mysql, oracle, pgsql
dbms =
[Techniques]
# Test for Time based blind SQL injection.
# Valid: True or False
timeTest = False
# Test for UNION SELECT (inband) SQL injection.
# Valid: True or False
unionTest = False
# Use the UNION SELECT (inband) SQL injection to retrieve the queries
# output. No need to go blind.
# Valid: True or False
unionUse = False
[Fingerprint]
# Perform an extensive back-end database management system fingerprint
# based on various techniques.
# Valid: True or False
extensiveFp = False
[Enumeration]
# Retrieve back-end database management system banner.
# Valid: True or False
getBanner = False
# Retrieve back-end database management system current user.
# Valid: True or False
getCurrentUser = False
# Retrieve back-end database management system current database.
# Valid: True or False
getCurrentDb = False
# Enumerate back-end database management system users.
# Valid: True or False
getUsers = False
# Enumerate back-end database management system users password hashes.
# Valid: True or False
getPasswordHashes = False
# Enumerate back-end database management system users privileges.
# Valid: True or False
getPrivileges = False
# Enumerate back-end database management system databases.
# Valid: True or False
getDbs = False
# Enumerate back-end database management system database tables.
# Optional: db
# Valid: True or False
getTables = False
# Enumerate back-end database management system database table columns.
# Requires: db and tbl
# Valid: True or False
getColumns = False
# Dump back-end database management system database table entries.
# Requires: db and tbl
# Optional: col
# Valid: True or False
dumpTable = False
# Dump all back-end database management system databases tables entries.
# Valid: True or False
dumpAll = False
# Back-end database management system database to enumerate.
db =
# Back-end database management system database table to enumerate.
tbl =
# Back-end database management system database table column to enumerate.
col =
# Back-end database management system database user to enumerate.
user =
# Exclude DBMS system databases when enumerating tables.
# Valid: True or False
excludeSysDbs = False
# First table entry to dump (cursor start)
# Valid: integer
# Default: 0 (sqlmap will start to dump the table entries from the first)
limitStart = 0
# Last table entry to dump (cursor stop)
# Valid: integer
# Default: 0 (sqlmap will detect the number of table entries and dump
# until the last)
limitStop = 0
# SQL SELECT query to be executed.
# Example: SELECT 'foo', 'bar'
query =
# Prompt for an interactive SQL shell.
# Valid: True or False
sqlShell = False
[File system]
# Read a specific OS file content (only on MySQL).
# Examples: /etc/passwd or C:\boot.ini
rFile =
# Write to a specific OS file (not yet available).
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
wFile =
[Takeover]
# Prompt for an interactive OS shell (only on PHP/MySQL environment with a
# writable directory within the web server document root for the moment).
# Valid: True or False
osShell = False
[Miscellaneous]
# Retrieve each query output length and calculate the estimated time of
# arrival in real time.
# Valid: True or False
eta = False
# Verbosity level.
# Valid: integer between 0 and 5
# 0: Silent
# 1: Show info messages
# 2: Show also debug messages
# 3: Show also HTTP requests
# 4: Show also HTTP responses headers
# 5: Show also HTTP responses page content
# Default: 0
verbose = 0
# Update sqlmap to the latest stable version.
# Valid: True or False
updateAll = False
# Save and resume all data retrieved on a session file.
sessionFile =
# Never ask for user input, use the default behaviour.
# Valid: True or False
batch = False