Details

Category: Vulnerabilities

Publisher: trickest

Created Date: 9/7/2021

Container: quay.io/trickest/sqlmap:de66b69

Source URL: https://github.com/sqlmapproject/sqlmap

Parameters

os
string
Command: --os - Force back-end DBMS operating system to provided value
all
boolean
Command: --all - Retrieve everything
dbs
boolean
Command: --dbs - Enumerate DBMS databases
eta
boolean
Command: --eta - Display for each output the estimated time of arrival
hex
boolean
Command: --hex - Use hex conversion during data retrieval
hpp
boolean
Command: --hpp - Use HTTP parameter pollution method
tor
boolean
Command: --tor - Use Tor anonymity network
url
string
required
Command: --url - Target URL (e.g. http://www.site.com/vuln.php?id=1)
code
string
Command: --code - HTTP code to match when query is evaluated to True
data
string
Command: --data - Data string to be sent through POST (e.g. id=1)
dbms
string
Command: --dbms - Force back-end DBMS to provided value
dump
boolean
Command: --dump - Dump DBMS database table entries
eval
string
Command: --eval - Evaluate provided Python code before the request (e.g. import hashlib;id2=hashlib.md5(id).hexdigest())
host
string
Command: --host - HTTP Host header value
last
string
Command: --last - Last query output word character to retrieve
risk
string
Command: --risk - Risk of tests to perform (1-3, default 1)
Command: --skip - Skip testing for given parameter(s)
stop
string
Command: --stop - Last dump table entry to retrieve
user
string
Command: -U - DBMS user to enumerate
alert
string
Command: --alert - Run host OS command(s) when SQL injection is found
count
boolean
Command: --count - Retrieve number of entries for table(s)
crawl
string
Command: --crawl - Crawl the website starting from the target URL
delay
string
Command: --delay - Delay in seconds between each HTTP request
first
string
Command: --first - First query output word character to retrieve
forms
boolean
Command: --forms - Parse and test forms on target URL
gpage
string
Command: --gpage - Use Google dork results from specified page number
level
string
Command: --level - Level of tests to perform (1-5, default 1)
proxy
string
Command: --proxy - Use a proxy to connect to the target URL
purge
boolean
Command: --purge - Safely remove all content from sqlmap data directory
roles
boolean
Command: --roles - Enumerate DBMS users roles
scope
string
Command: --scope - Regexp for filtering targets
smart
boolean
Command: --smart - Perform thorough tests only if positive heuristic(s)
start
string
Command: --start - First dump table entry to retrieve
table
string
Command: -T - DBMS database table(s) to enumerate
users
boolean
Command: --users - Enumerate DBMS users
where
string
Command: --where - Use WHERE condition while table dumping
Command: --banner - Retrieve DBMS banner
base64
string
Command: --base64 - Parameter(s) containing Base64 encoded data
column
string
Command: -C - DBMS database table column(s) to enumerate
cookie
string
Command: --cookie - HTTP Cookie header value (e.g. PHPSESSID=a8d127e..)
header
string
Command: --header - Extra header (e.g. X-Forwarded-For: 127.0.0.1)
is-dba
boolean
Command: --is-dba - Detect if the DBMS current user is DBA
method
string
Command: --method - Force usage of given HTTP method (e.g. PUT)
mobile
boolean
Command: --mobile - Imitate smartphone through HTTP User-Agent header
os-bof
boolean
Command: --os-bof - Stored procedure buffer overflow exploitation
os-cmd
boolean
Command: --os-cmd - Execute an operating system command
os-pwn
boolean
Command: --os-pwn - Prompt for an OOB shell, Meterpreter or VNC
prefix
string
Command: --prefix - Injection payload prefix string
regexp
string
Command: --regexp - Regexp to match when query is evaluated to True
repair
boolean
Command: --repair - Redump entries having unknown character marker (?)
schema
boolean
Command: --schema - Enumerate DBMS schema
search
boolean
Command: --search - Search column(s), table(s) and/or database name(s)
string
string
Command: --string - String to match when query is evaluated to True
suffix
string
Command: --suffix - Injection payload suffix string
tables
boolean
Command: --tables - Enumerate DBMS database tables
tamper
string
Command: --tamper - Use given script(s) for tampering injection data
titles
boolean
Command: --titles - Compare pages based only on their titles
answers
string
Command: --answers - Set predefined answers (e.g. quit=N,follow=N)
charset
string
Command: --charset - Blind SQL injection charset (e.g. 0123456789abcdef)
chunked
boolean
Command: --chunked - Use HTTP chunked transfer encoded (POST) requests
cleanup
boolean
Command: --cleanup - Clean up the DBMS from sqlmap specific UDF and tables
columns
boolean
Command: --columns - Enumerate DBMS database table columns
csv-del
string
Command: --csv-del - Delimiting character used in CSV output (default ,)
headers
string
Command: --headers - Extra headers (e.g. Accept-Language: fr ETag: 123)
no-cast
boolean
Command: --no-cast - Turn off payload casting mechanism
offline
boolean
Command: --offline - Work in offline mode (only use session data)
referer
string
Command: --referer - HTTP Referer header value
reg-add
boolean
Command: --reg-add - Write a Windows registry key value data
reg-del
boolean
Command: --reg-del - Delete a Windows registry key value
reg-key
string
Command: --reg-key - Windows registry key
retries
string
Command: --retries - Retries when the connection timeouts (default 3)
threads
string
Command: --threads - Max number of concurrent HTTP(s) requests (default 1)
timeout
string
Command: --timeout - Seconds to wait before timeout connection (default 30)
comments
boolean
Command: --comments - Check for DBMS comments during enumeration
csrf-url
string
Command: --csrf-url - URL address to visit for extraction of anti-CSRF token
database
string
Command: -D - DBMS database to enumerate
dump-all
boolean
Command: --dump-all - Dump all DBMS databases tables entries
encoding
string
Command: --encoding - Character encoding used for data retrieval (e.g. GBK)
hostname
boolean
Command: --hostname - Retrieve DBMS server hostname
log-file
file
Command: -l - Parse target(s) from Burp or WebScarab proxy log file
os-shell
boolean
Command: --os-shell - Prompt for an interactive operating system shell
priv-esc
boolean
Command: --priv-esc - Database process user privilege escalation
reg-data
string
Command: --reg-data - Windows registry key value data
reg-read
boolean
Command: --reg-read - Read a Windows registry key value
reg-type
string
Command: --reg-type - Windows registry key value type
retry-on
string
Command: --retry-on - Retry request on regexp matching content (e.g. drop)
safe-req
file
Command: --safe-req - Load safe HTTP request from a file
safe-url
string
Command: --safe-url - URL address to visit frequently during testing
skip-waf
boolean
Command: --skip-waf - Skip heuristic detection of WAF/IPS protection
sql-file
file
Command: --sql-file - Execute SQL statements from given file(s)
time-sec
string
Command: --time-sec - Seconds to delay the DBMS response (default 5)
tmp-path
string
Command: --tmp-path - Remote absolute path of temporary files directory
tor-port
string
Command: --tor-port - Set Tor proxy port other than default
tor-type
string
Command: --tor-type - Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))
unstable
boolean
Command: --unstable - Adjust options for unstable connections
web-root
string
Command: --web-root - Web server document root directory (e.g. /var/www)
auth-cred
string
Command: --auth-cred - HTTP authentication credentials (name:password)
auth-file
file
Command: --auth-file - HTTP authentication PEM cert/private key file
auth-type
string
Command: --auth-type - HTTP authentication type (Basic, Digest, Bearer, ...)
bulk-file
file
required
Command: -m - Scan multiple targets given in a textual file
check-tor
boolean
Command: --check-tor - Check to see if Tor is used properly
csrf-data
string
Command: --csrf-data - POST data to send during anti-CSRF token page visit
dbms-cred
string
Command: --dbms-cred - DBMS authentication credentials (user:password)
file-dest
string
Command: --file-dest - Back-end DBMS absolute filepath to write to
file-read
string
Command: --file-read - Read a file from the back-end DBMS file system
force-ssl
boolean
Command: --force-ssl - Force usage of SSL/HTTPS
mnemonics
string
Command: -z - Use short mnemonics (e.g. flu,bat,ban,tec=EU)
no-escape
boolean
Command: --no-escape - Turn off string escaping mechanism
param-del
string
Command: --param-del - Character used for splitting parameter values (e.g. &)
passwords
boolean
Command: --passwords - Enumerate DBMS users password hashes
randomize
string
Command: --randomize - Randomly change value for given parameter(s)
reg-value
string
Command: --reg-value - Windows registry key value
safe-freq
string
Command: --safe-freq - Regular requests between visits to a safe URL
safe-post
string
Command: --safe-post - POST data to send to a safe URL
sql-query
string
Command: --sql-query - SQL statement to be executed
sql-shell
boolean
Command: --sql-shell - Prompt for an interactive SQL shell
technique
string
Command: --technique - SQL injection techniques to use (default BEUSTQ)
test-skip
string
Command: --test-skip - Skip tests by payloads and/or titles (e.g. BENCHMARK)
text-only
boolean
Command: --text-only - Compare pages based only on the textual content
verbosity
string
Command: -v - Verbosity level: 0-6 (default 1)
abort-code
string
Command: --abort-code - Abort on (problematic) HTTP error code(s) (e.g. 401)
cookie-del
string
Command: --cookie-del - Character used for splitting cookie values (e.g. ;)
csrf-token
string
Command: --csrf-token - Parameter used to hold anti-CSRF token
current-db
boolean
Command: --current-db - Retrieve DBMS current database
dns-domain
string
Command: --dns-domain - Domain name used for DNS exfiltration attack
file-write
file
Command: --file-write - Write a local file on the back-end DBMS file system
keep-alive
boolean
Command: --keep-alive - Use persistent HTTP(s) connections
not-string
string
Command: --not-string - String to match when query is evaluated to False
preprocess
string
Command: --preprocess - Use given script(s) for preprocessing (request)
privileges
boolean
Command: --privileges - Enumerate DBMS users privileges
proxy-cred
string
Command: --proxy-cred - Proxy authentication credentials (name:password)
proxy-file
file
Command: --proxy-file - Load proxy list from a file
proxy-freq
string
Command: --proxy-freq - Requests between change of proxy from a given list
second-req
file
Command: --second-req - Load second-order HTTP request from file
second-url
string
Command: --second-url - Resulting page URL searched for second-order response
shared-lib
file
Command: --shared-lib - Local path of the shared library
statements
boolean
Command: --statements - Retrieve SQL statements being run on DBMS
time-limit
string
Command: --time-limit - Run with a time limit in seconds (e.g. 3600)
udf-inject
boolean
Command: --udf-inject - Inject custom user-defined functions
union-char
string
Command: --union-char - Character to use for bruteforcing number of columns
union-cols
string
Command: --union-cols - Range of columns to test for UNION query SQL injection
union-from
string
Command: --union-from - Table to use in FROM part of UNION query SQL injection
user-agent
string
Command: --user-agent - HTTP User-Agent header value
base64-safe
boolean
Command: --base64-safe - Use URL and filename safe Base64 alphabet (RFC 4648)
config-file
file
Command: -c - Load options from a configuration INI file
csrf-method
string
Command: --csrf-method - HTTP method to use during anti-CSRF token page visit
dump-format
string
Command: --dump-format - Format of dumped data (CSV (default), HTML or SQLITE)
fingerprint
boolean
Command: --fingerprint - Perform an extensive DBMS version fingerprint
google-dork
string
Command: -g - Process Google dork results as target URLs
ignore-code
string
Command: --ignore-code - Ignore (problematic) HTTP error code(s) (e.g. 401)
os-smbrelay
boolean
Command: --os-smbrelay - One click prompt for an OOB shell, Meterpreter or VNC
postprocess
string
Command: --postprocess - Use given script(s) for postprocessing (response)
skip-static
boolean
Command: --skip-static - Skip testing parameters that not appear to be dynamic
test-filter
string
Command: --test-filter - Select tests by payloads and/or titles (e.g. ROW)
common-files
boolean
Command: --common-files - Check existence of common files
csrf-retries
string
Command: --csrf-retries - Retries for anti-CSRF token retrieval (default 0)
current-user
boolean
Command: --current-user - Retrieve DBMS current user
ignore-proxy
boolean
Command: --ignore-proxy - Ignore system default proxy settings
live-cookies
string
Command: --live-cookies - Live cookies file used for loading up-to-date values
load-cookies
string
Command: --load-cookies - File containing cookies in Netscape/wget format
optimization
boolean
Command: -o - Turn on all optimization switches
param-filter
string
Command: --param-filter - Select testable parameter(s) by place (e.g. POST)
parse-errors
boolean
Command: --parse-errors - Parse and display DBMS error messages from responses
pivot-column
string
Command: --pivot-column - Pivot column name
random-agent
boolean
Command: --random-agent - Use randomly selected HTTP User-Agent header value
request-file
file
Command: -r - Load HTTP request from a file
session-file
file
Command: -s - Load session from a stored (.sqlite) file
table-prefix
string
Command: --table-prefix - Prefix used for temporary tables (default: sqlmap)
union-values
string
Command: --union-values - Column values to use for UNION query SQL injection
binary-fields
string
Command: --binary-fields - Result fields having binary values (e.g. digest)
common-tables
boolean
Command: --common-tables - Check existence of common tables
crawl-exclude
string
Command: --crawl-exclude - Regexp to exclude pages from crawling (e.g. logout)
flush-session
boolean
Command: --flush-session - Flush session files for current target
fresh-queries
boolean
Command: --fresh-queries - Ignore query results stored in session file
param-exclude
string
Command: --param-exclude - Regexp to exclude parameters from testing (e.g. ses)
abort-on-empty
boolean
Command: --abort-on-empty - Abort data retrieval on empty results
check-internet
boolean
Command: --check-internet - Check Internet connection before assessing the target
common-columns
boolean
Command: --common-columns - Check existence of common columns
exclude-sysdbs
boolean
Command: --exclude-sysdbs - Exclude DBMS system databases when enumerating tables
invalid-bignum
boolean
Command: --invalid-bignum - Use big numbers for invalidating values
invalid-string
boolean
Command: --invalid-string - Use random strings for invalidating values
predict-output
boolean
Command: --predict-output - Predict common queries output
skip-urlencode
boolean
Command: --skip-urlencode - Skip URL encoding of payload data
drop-set-cookie
boolean
Command: --drop-set-cookie - Ignore Set-Cookie header from response
ignore-timeouts
boolean
Command: --ignore-timeouts - Ignore connection timeouts
invalid-logical
boolean
Command: --invalid-logical - Use logical operations for invalidating values
null-connection
boolean
Command: --null-connection - Retrieve page length without actual HTTP response body
skip-heuristics
boolean
Command: --skip-heuristics - Skip heuristic detection of vulnerabilities
test-parameters
string
Command: -p - Testable parameter(s)
disable-coloring
boolean
Command: --disable-coloring - Disable console output coloring
ignore-redirects
boolean
Command: --ignore-redirects - Ignore redirection attempts
connection-string
string
Command: -d - Connection string for direct database connection
exclude-idnetifiers
string
Command: -X - DBMS database identifier(s) to not enumerate