Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cd0fe8d

Browse files
bdamelebdamele
committed
Updated sample configuration file and cmdline help
1 parent 64b9f94 commit cd0fe8d

2 files changed

Lines changed: 45 additions & 15 deletions

File tree

lib/parse/cmdline.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ def cmdLineParser():
108108
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
109109
default=False, help="Ignore system default HTTP proxy")
110110

111-
request.add_option("--delay", dest="delay", type="float",
111+
request.add_option("--delay", dest="delay", type="float", default=0,
112112
help="Delay in seconds between each HTTP request")
113113

114114
request.add_option("--timeout", dest="timeout", type="float", default=30,
@@ -147,8 +147,8 @@ def cmdLineParser():
147147
default=False, help="Retrieve page length without actual HTTP response body")
148148

149149
optimization.add_option("--threads", dest="threads", type="int", default=1,
150-
help="Maximum number of concurrent HTTP "
151-
"requests (default 1)")
150+
help="Maximum number of concurrent HTTP(s) "
151+
"requests (def 1)")
152152

153153
# Injection options
154154
injection = OptionGroup(parser, "Injection", "These options can be "

sqlmap.conf

Lines changed: 42 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,6 @@ aCred =
8585
# Syntax: key_file,cert_file
8686
aCert =
8787

88-
# Use persistent HTTP(s) connections
89-
keepAlive = False
90-
9188
# Use a HTTP proxy to connect to the target url.
9289
# Syntax: http://address:port
9390
proxy =
@@ -101,12 +98,6 @@ pCred =
10198
# Valid: True or False
10299
ignoreProxy = False
103100

104-
# Maximum number of concurrent HTTP requests (handled with Python threads)
105-
# to be used in the inference SQL injection attack.
106-
# Valid: integer
107-
# Default: 1
108-
threads = 1
109-
110101
# Delay in seconds between each HTTP request.
111102
# Valid: float
112103
# Default: 0
@@ -137,6 +128,31 @@ safUrl =
137128
saFreq = 0
138129

139130

131+
# These options can be used to optimize the performance of sqlmap.
132+
[Optimization]
133+
134+
# Use all optimization options.
135+
# Valid: True or False
136+
optimize = False
137+
138+
# Predict common queries output.
139+
# Valid: True or False
140+
predictOutput = False
141+
142+
# Use persistent HTTP(s) connections.
143+
keepAlive = False
144+
145+
# Retrieve page length without actual HTTP response body.
146+
# Valid: True or False
147+
nullConnection = False
148+
149+
# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
150+
# to be used in the inference SQL injection attack.
151+
# Valid: integer
152+
# Default: 1
153+
threads = 1
154+
155+
140156
# These options can be used to specify which parameters to test for,
141157
# provide custom injection payloads and how to parse and compare HTTP
142158
# responses page content when using the blind SQL injection technique.
@@ -149,7 +165,8 @@ testParameter =
149165
# Force back-end DBMS to this value. If this option is set, the back-end
150166
# DBMS identification process will be minimized as needed.
151167
# If not set, sqlmap will detect back-end DBMS automatically by default.
152-
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql
168+
# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
169+
# access, firebird, maxdb, sybase
153170
dbms =
154171

155172
# Force back-end DBMS operating system to this value. If this option is
@@ -196,9 +213,13 @@ eRegexp =
196213
# Valid: 0.0-1.0
197214
thold =
198215

199-
# Use operator BETWEEN instead of default '>'
216+
# Compare pages based only on their textual content
200217
# Valid: True or False
201-
useBetween = False
218+
textOnly = False
219+
220+
# Use given script(s) for tampering injection data
221+
tamper =
222+
202223

203224
# These options can be used to test for specific SQL injection technique
204225
# or to use one of them to exploit the affected parameter(s) rather than
@@ -366,6 +387,7 @@ cExists = False
366387
# Valid: text file containing one table name per line
367388
tableFile =
368389

390+
369391
# These options can be used to create custom user-defined functions.
370392
[User-defined function]
371393

@@ -438,12 +460,15 @@ tmpPath =
438460
[Windows]
439461

440462
# Read a Windows registry key value
463+
# Valid: True or False
441464
regRead = False
442465

443466
# Write a Windows registry key value data
467+
# Valid: True or False
444468
regAdd = False
445469

446470
# Delete a Windows registry key value
471+
# Valid: True or False
447472
regDel = False
448473

449474
# Windows registry key
@@ -468,8 +493,13 @@ xmlFile =
468493
sessionFile =
469494

470495
# Flush session file for current target.
496+
# Valid: True or False
471497
flushSession = False
472498

499+
# Parse and test forms on target url
500+
# Valid: True or False
501+
forms = False
502+
473503
# Retrieve each query output length and calculate the estimated time of
474504
# arrival in real time.
475505
# Valid: True or False

0 commit comments

Comments
 (0)