-
Notifications
You must be signed in to change notification settings - Fork 246
Passing flags to sqlmap
Everyone is familiar with sqlmap, and if you're not you need to do some research before you use this tool. From the sqlmap developers, sqlmap is a "Automatic SQL injection and database takeover tool
". If you have no idea what that means, go checkout sqlmap's github from the link above and try it out.
If you are familiar with sqlmap, you know it has a bunch of flags that can be used. Well sqlmap's API is capable of processing all those flags as well, only problem is it will process them differently then running an actual sqlmap session. For example, with sqlmap -v 3
will set the verbosity to level 3, using the API you need to do verbose 3
.
Here is a list of all the flags the sqlmap API understands, they must be spelled exactly as is for the API to understand the argument you are passing (NOTE: if the argument you pass is not recognized by the sqlmap API it will be passed over):
- osShell
- getUsers
- getPasswordHashes
- excludeSysDbs
- ignoreTimeouts
- regData
- prefix
- code
- googlePage
- query
- randomAgent
- testSkip
- authType
- csvDel,
- requestFile
- predictOutput
- wizard
- stopFail
- forms
- uChar
- pivotColumn
- dropSetCookie
- commonColumns
- smart
- getAll
- risk
- sqlFile
- rParam
- getCurrentUser
- notString
- getRoles
- getPrivileges
- testParameter
- tbl
- trafficFile
- osSmb
- level
- dnsDomain
- dumpTable
- method
- skipWaf
- timeout
- firstChar
- torPort
- regRead
- binaryFields
- checkTor
- commonTables
- direct
- tmpPath
- titles
- getSchema
- identifyWaf
- paramDel
- safeReqFile
- regKey
- headers
- crawlExclude
- user
- authCred
- loadCookies
- offline
- outputDir
- tmpDir
- disablePrecon
- murphyRate
- invalidLogical
- getCurrentDb
- hexConvert
- proxyFile
- answers
- host
- dependencies
- cookie
- proxy
- regType
- optimize
- safeUrl
- limitStop
- search
- uFrom
- noCast
- testFilter
- ignoreCode
- eta
- csrfToken
- threads
- logFile
- os
- col
- rFile
- proxyCred
- verbose
- crawlDepth
- updateAll
- privEsc
- forceDns
- paramExclude
- invalidBignum
- regexp
- getDbs
- freshQueries
- uCols
- smokeTest
- wFile
- udfInject
- invalidString
- tor
- forceSSL
- torTypeSOCKS5
- beep
- disableColoring
- configFile
- scope
- authFile
- isDba
- regVal
- ignoreProxy
- checkInternet
- safePost
- ignoreRedirectshpp
- Connection
- skipUrlEncode
- skip
- agent
- purgeOutput
- retries
- extensiveFp
- secondOrder
- batch
- limitStart
- flushSession
- osCmd
- suffix
- dbmsCred
- regDel
- shLib
- sitemapUrl
- timeSec
- msfPath
- dumpAll
- getHostname
- sessionFile
- delay
- noEscape
- getTables
- safeFreq
- liveTest
- webRoot
- lastChar
- string
- dbms
- dumpWhere
- tamper
- charset
- runCase
- osPwn
- evalCode
- cleanup
- csrfUrl
- getBanner
- profile
- getComments
- bulkFile
- db
- excludeCol
- dumpFormat
- alert
- harFile
- skipStatic
- parseErrors
- getCount
- dFile
- data
- regAdd
- dummy
- getColumns
- mobile
- googleDork
- saveConfig
- sqlShell
- tech
- referer
- textOnly
- cookieDel
- osBof
- keepAlive
Now that we have that out of the way, lets go ahead and give you some examples:
Lets say you want to run the following commands on sqlmap: --level=3 --risk=3 --threads=10 --random-agent
. By passing --sqlmap-args="level 3, risk 3, randomAgent true, theads 10"
you can accomplish the same concept:
Now if we look at the client part of the sqlmap API:
As you can see the level was raised to 3 and randomAgent is now true. This will take some getting use to, but it has the full functionality of sqlmap.