Adding new switch ('--skip-static')

stamparm · stamparm · commit 17bfda1b9c77 · 2015-05-18T20:57:15.000+02:00
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -476,13 +476,18 @@ def start():
                             infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
+                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
                             check = checkDynParam(place, parameter, value)
 
                             if not check:
                                 warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                 logger.warn(warnMsg)
 
+                                if conf.skipStatic:
+                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
                             else:
                                 infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                 logger.info(infoMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -73,6 +73,7 @@
             "Injection":     {
                                "testParameter":     "string",
                                "skip":              "string",
+                               "skipStatic":        "boolean",
                                "dbms":              "string",
                                "dbmsCred":          "string",
                                "os":                "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -252,6 +252,9 @@ def cmdLineParser():
         injection.add_option("--skip", dest="skip",
                              help="Skip testing for given parameter(s)")
 
+        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
+                             help="Skip testing parameters that not appear dynamic")
+
         injection.add_option("--dbms", dest="dbms",
                              help="Force back-end DBMS to this value")
 
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -222,6 +222,10 @@ testParameter =
 # Skip testing for given parameter(s).
 skip =
 
+# Skip testing parameters that not appear dynamic.
+# Valid: True or False
+skipStatic = False
+
 # Force back-end DBMS to this value. If this option is set, the back-end
 # DBMS identification process will be minimized as needed.
 # If not set, sqlmap will detect back-end DBMS automatically by default.
