一、自带帮助信息
1.1 基本帮助(译)
python sqlmap.py -h
Options:【选项】
-h, --help Show basic help message and exit(显示基本帮助信息并退出)
-hh Show advanced help message and exit(显示高级帮助信息并退出)
--version Show program's version number and exit(显示程序版本并退出)
-v VERBOSE Verbosity level: 0-6 (default 1)(冗余级别:0-6,(默认1))
Target:【目标】
At least one of these options has to be provided to define the target(s)(必须提供其中至少一个选项来定义)
-u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")(目标地址)
-g GOOGLEDORK Process Google dork results as target URLs
Request:【请求】
These options can be used to specify how to connect to the target URL(这些选项可用于指定如何连接到目标URL)
--data=DATA Data string to be sent through POST (e.g. "id=1")(数据通过POST发送的数据字符串)
--cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")(HTTP cookie头值)
--random-agent Use randomly selected HTTP User-Agent header value(使用随机选择的HTTP User-Agent 头值)
--proxy=PROXY Use a proxy to connect to the target URL(使用代理连接到目标URL)
--tor Use Tor anonymity network(使用洋葱匿名网络)
--check-tor Check to see if Tor is used properly(检查洋葱是否正确使用)
Injection:【注入】
These options can be used to specify which parameters to test for,provide custom injection payloads and optional tampering scripts(这些选项可用于指定要测试的参数,提供自定义注入有效载荷和可选的篡改脚本)
-p TESTPARAMETER Testable parameter(s)(测试参数)
--dbms=DBMS Force back-end DBMS to provided value(强制后端DBMS提供值)
Detection:【侦查/检测】
These options can be used to customize the detection phase(这些选项可用于自定义检测阶段)
--level=LEVEL Level of tests to perform (1-5, default 1)(要执行的测试级别(1-5,默认为1))
--risk=RISK Risk of tests to perform (1-3, default 1)(要执行的测试风险(1-3,默认为1))
Techniques:【技术】
These options can be used to tweak testing of specific SQL injection techniques(这些选项可用于调整特定SQL注入的测试)
--technique=TECH.. SQL injection techniques to use (default "BEUSTQ")(要使用的SQL注入技术(默认"BEUSTQ"))
Enumeration:【枚举】
These options can be used to enumerate the back-end database management system information, structure and data contained in the tables(这些选项可用于枚举后端数据库,管理系统中包含的信息、结构和数据表)
-a, --all Retrieve everything(检索一切)
-b, --banner Retrieve DBMS banner(检索DBMS banner)
--current-user Retrieve DBMS current user(检索DBMS当前用户)
--current-db Retrieve DBMS current database(检索DBMS当前数据库)
--passwords Enumerate DBMS users password hashes(枚举DBMS用户的密码散列)
--tables Enumerate DBMS database tables(枚举DBMS数据库中的表)
--columns Enumerate DBMS database table columns(枚举DBMS数据表列)
--schema Enumerate DBMS schema(枚举SBMS schema下所有表的列)
--dump Dump DBMS database table entries(dump DBMS表项)
--dump-all Dump all DBMS databases tables entries(转储所有DBMS数据库的表条目)
-D DB DBMS database to enumerate(DBMS数据库库枚举)
-T TBL DBMS database table(s) to enumerate(DBMS数据库表枚举)
-C COL DBMS database table column(s) to enumerate(DBMS数据库表列枚举)
Operating system access:【操作系统访问】
These options can be used to access the back-end database management system underlying operating system(这些选项可用于访问后端数据库管理)
--os-shell Prompt for an interactive operating system shell(交互式操作系统shell)
--os-pwn Prompt for an OOB shell, Meterpreter or VNC(提示一个OOB shell,Meterpreter / VNC)
General:【通用】
These options can be used to set some general working parameters(选项可用来设置一些通用的工作参数)
--batch Never ask for user input, use the default behavior(从不请求用户输入,使用默认操作)
--flush-session Flush session files for current target(刷新当前目标会话文件 / 清除历史扫描)
Miscellaneous:【多方面】
These options do not fit into any other category(这些选项不适合任何其它类别)
--sqlmap-shell Prompt for an interactive sqlmap shell(提示一个交互式的sqlmap shell)
--wizard Simple wizard interface for beginner users(为初学者提供简单的向导界面)
1.2 高级帮助(译)
python sqlmap.py -hh
Target:【目标】
At least one of these options has to be provided to define the target(s)(必须提供其中至少一个选项来定义)
-u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")(目标URL)
-d DIRECT Connection string for direct database connection(连接字符串,用于直接数据库连接)
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file(分析目标/多个目标,从Burp或WebScarab代理日志文件)
-m BULKFILE Scan multiple targets given in a textual file(扫描文本文件中给出的多个目标)
-r REQUESTFILE Load HTTP request from a file(从一个文件中加载HTTP请求)
-g GOOGLEDORK Process Google dork results as target URLs(处理谷歌dork作为目标网址的结果)
-c CONFIGFILE Load options from a configuration INI file(从配置INI文件中加载选项)
Request:【请求】
These options can be used to specify how to connect to the target URL(这些选项可用于指定如何连接到目标URL)
-A AGENT, --user.. HTTP User-Agent header value(HTTP User-Agent 代理头值)
-H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1")(额外的报头)
--method=METHOD Force usage of given HTTP method (e.g. PUT)(强制使用给定的HTTP方法)
--data=DATA Data string to be sent through POST (e.g. "id=1")(通过POST发送的数据字符串)
--param-del=PARA.. Character used for splitting parameter values (e.g. &)(用于分割参数值的字符)
--cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")(HTTP Cookie头值)
--cookie-del=COO.. Character used for splitting cookie values (e.g. ;)(用于分割cookie值字符)
--load-cookies=L.. File containing cookies in Netscape/wget format(包含Netscape/Wget格式的cookie文件)
--drop-set-cookie Ignore Set-Cookie header from response(忽略响应中的Set-Cookie标头)
--mobile Imitate smartphone through HTTP User-Agent header(模拟智能手机通过HTTP User-Agent代理报头)
--random-agent Use randomly selected HTTP User-Agent header value(使用随机选择的HTTP用户代理头值)
--host=HOST HTTP Host header value(Host HTTP标头值)
--referer=REFERER HTTP Referer header value(Referer HTTP标头值)
--headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123")(额外的标头)
--auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI)(HTTP认证类型(Basic/Digest/HTLM/PK))
--auth-cred=AUTH.. HTTP authentication credentials (name:password)(HTTP身份验证凭据)
--auth-file=AUTH.. HTTP authentication PEM cert/private key file(HTTP认证PEM证书/私钥文件)
--ignore-code=IG.. Ignore (problematic) HTTP error code (e.g. 401)(忽略(有问题的)HTTP错误代码)
--ignore-proxy Ignore system default proxy settings(忽略系统默认的代理设置)
--ignore-redirects Ignore redirection attempts(忽略重定向尝试)
--ignore-timeouts Ignore connection timeouts(忽略连接超时)
--proxy=PROXY Use a proxy to connect to the target URL(使用代理连接到目标URL)
--proxy-cred=PRO.. Proxy authentication credentials (name:password)(代理身份验证凭据)
--proxy-file=PRO.. Load proxy list from a file(从文件中加载代理列表)
--tor Use Tor anonymity network(使用洋葱匿名网络)
--tor-port=TORPORT Set Tor proxy port other than default(设置洋葱代理端口而不是默认端口)
--tor-type=TORTYPE Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))(设置洋葱代理类型)
--check-tor Check to see if Tor is used properly(检查洋葱是否能正确使用)
--delay=DELAY Delay in seconds between each HTTP request(每个HTTP请求之间的延迟)
--timeout=TIMEOUT Seconds to wait before timeout connection (default 30)(超时连接前等待的超时秒数(默认30))
--retries=RETRIES Retries when the connection timeouts (default 3)(连接超时时重试(默认3))
--randomize=RPARAM Randomly change value for given parameter(s)(随机改变给定参数的值)
--safe-url=SAFEURL URL address to visit frequently during testing(在测试期间要频繁访问的URL地址)
--safe-post=SAFE.. POST data to send to a safe URL(将POST数据发送到安全的URL)
--safe-req=SAFER.. Load safe HTTP request from a file(从文件中加载安全的HTTP请求)
--safe-freq=SAFE.. Regular requests between visits to a safe URL(定期请求访问之间的一个安全URL)
--skip-urlencode Skip URL encoding of payload data(跳过有效载荷数据的URL编码)
--csrf-token=CSR.. Parameter used to hold anti-CSRF token(用于持有反csrf令牌的参数)
--csrf-url=CSRFURL URL address to visit for extraction of anti-CSRF token(用于提取反csrf令牌)
--csrf-method=CS.. HTTP method to use during anti-CSRF token page visit(在反csrf令牌页访问期间使用的HTTP方法)
--force-ssl Force usage of SSL/HTTPS(强制使用SSL/HTTPS)
--chunked Use HTTP chunked transfer encoded (POST) requests(使用HTTP块传输编码(POST)请求)
--hpp Use HTTP parameter pollution method(使用HTTP参数污染方法)
--eval=EVALCODE Evaluate provided Python code before the request (e.g.
"import hashlib;id2=hashlib.md5(id).hexdigest()")(在请求之前提供的Python代码)
Optimization:【优化】
These options can be used to optimize the performance of sqlmap(这些选项可用于优化sqlmap的性能)
-o Turn on all optimization switches(打开所有优化开关)
--predict-output Predict common queries output(预测常见的查询输出)
--keep-alive Use persistent HTTP(s) connections(使用持久的HTTP(s)连接)
--null-connection Retrieve page length without actual HTTP response body(检索没有实际HTTP响应主体的页面长度)
--threads=THREADS Max number of concurrent HTTP(s) requests (default 1)(线程最大并发HTTP(s)请求数(默认1))
Injection:【注入】
These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts(这些选项可用于指定要测试的参数,提供自定义注入有效负载和可选的篡改脚本)
-p TESTPARAMETER Testable parameter(s)(测试参数)
--skip=SKIP Skip testing for given parameter(s)(跳过对给定参数)
--skip-static Skip testing parameters that not appear to be dynamic(跳过测试参数不显示为动态)
--param-exclude=.. Regexp to exclude parameters from testing (e.g. "ses")(从测试中排除参数)
--param-filter=P.. Select testable parameter(s) by place (e.g. "POST")(按位置选择可测试参数)
--dbms=DBMS Force back-end DBMS to provided value(强制后端DBMS提供值)
--dbms-cred=DBMS.. DBMS authentication credentials (user:password)(DBMS认证凭证)
--os=OS Force back-end DBMS operating system to provided value(强制后端DBMS操作系统提供值)
--invalid-bignum Use big numbers for invalidating values(使用大数字表示无效值)
--invalid-logical Use logical operations for invalidating values(使用逻辑操作来失效值)
--invalid-string Use random strings for invalidating values(使用随机字符串来表示无效值)
--no-cast Turn off payload casting mechanism(关闭有效载荷)
--no-escape Turn off string escaping mechanism(关闭字符串转义机制)
--prefix=PREFIX Injection payload prefix string(注入有效载荷前缀字符串)
--suffix=SUFFIX Injection payload suffix string(注入有效载荷后缀字符串)
--tamper=TAMPER Use given script(s) for tampering injection data(使用给定的脚本(s)篡改注入数据)
Detection:【检测方法】
These options can be used to customize the detection phase(这些选项可用于自定义检测阶段)
--level=LEVEL Level of tests to perform (1-5, default 1)(要执行的测试级别(1-5,默认1))
--risk=RISK Risk of tests to perform (1-3, default 1)(要执行的测试风险(1-3,默认1))
--string=STRING String to match when query is evaluated to True(当查询被赋值为True时要匹配的字符串)
--not-string=NOT.. String to match when query is evaluated to False(当查询被赋值为False时要匹配的字符串)
--regexp=REGEXP Regexp to match when query is evaluated to True(在查询被赋值为True时进行匹配)
--code=CODE HTTP code to match when query is evaluated to True(HTTP代码匹配时,查询呗评估为真)
--smart Perform thorough tests only if positive heuristic(s)(只有在采用积极的启发式方法时,才进行彻底的测试)
--text-only Compare pages based only on the textual content(比较页面仅基于文本内容)
--titles Compare pages based only on their titles(只根据标题来比较页面)
Techniques:【技术】
These options can be used to tweak testing of specific SQL injection techniques(这些选项可用于调整特定SQL注入的测试)
--technique=TECH.. SQL injection techniques to use (default "BEUSTQ")(要使用的SQL注入技术(默认"BEUSTQ"))
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)(以延迟DBMS响应(默认5))
--union-cols=UCOLS Range of columns to test for UNION query SQL injection(用于测试UNION查询SQL注入的列的范围)
--union-char=UCHAR Character to use for bruteforcing number of columns(用于强制列数)
--union-from=UFROM Table to use in FROM part of UNION query SQL injection(用于部分UNION查询SQL注入)
--dns-domain=DNS.. Domain name used for DNS exfiltration attack(用于DNS过滤攻击的域名)
--second-url=SEC.. Resulting page URL searched for second-order response(结果页面URL搜索二级响应)
--second-req=SEC.. Load second-order HTTP request from file(从文件中加载二级HTTP响应)
Fingerprint:【指纹】
-f, --fingerprint Perform an extensive DBMS version fingerprint(执行一个扩展DBMS版本的指纹)
Enumeration:【枚举】
These options can be used to enumerate the back-end database management system information, structure and data contained in the tables(这些选项可用于枚举后端数据库,管理系统中包含的信息、机构和数据表)
-a, --all Retrieve everything(检索一切)
-b, --banner Retrieve DBMS banner(检索DBMS banner)
--current-user Retrieve DBMS current user(检索DBMS当前用户)
--current-db Retrieve DBMS current database(检索DBMS当前数据库)
--hostname Retrieve DBMS server hostname(检索DBMS服务器主机名)
--is-dba Detect if the DBMS current user is DBA(检测DBMS当前用户是否为DBA)
--users Enumerate DBMS users(枚举DBMS用户)
--passwords Enumerate DBMS users password hashes(枚举DBMS用户的密码散列)
--privileges Enumerate DBMS users privileges(枚举DBMS用户权限)
--roles Enumerate DBMS users roles(枚举DBMS用户角色)
--dbs Enumerate DBMS databases(枚举DBMS数据库)
--tables Enumerate DBMS database tables(枚举DBMS数据库表)
--columns Enumerate DBMS database table columns(枚举DBMS数据库表列)
--schema Enumerate DBMS schema(枚举DBMS schema各表列)
--count Retrieve number of entries for table(s)(检索表的条目数)
--dump Dump DBMS database table entries(dump DBMS数据库的表项)
--dump-all Dump all DBMS databases tables entries(转储所有DBMS数据库表条目)
--search Search column(s), table(s) and/or database name(s)(搜索列,表和或数据库名)
--comments Check for DBMS comments during enumeration(在枚举期间检查DBMS注释)
--statements Retrieve SQL statements being run on DBMS(在DBMS上运行的SQL语句)
-D DB DBMS database to enumerate(DBMS数据库的枚举)
-T TBL DBMS database table(s) to enumerate(DBMS数据库表的枚举)
-C COL DBMS database table column(s) to enumerate(DBMS数据库表列的枚举)
-X EXCLUDE DBMS database identifier(s) to not enumerate(DBMS数据库数据库标识符不枚举)
-U USER DBMS user to enumerate(DBMS用户枚举)
--exclude-sysdbs Exclude DBMS system databases when enumerating tables(在枚举表时将DBMS系统数据库排除在外)
--pivot-column=P.. Pivot column name(主列名称)
--where=DUMPWHERE Use WHERE condition while table dumping(在表转储时使用where条件)
--start=LIMITSTART First dump table entry to retrieve(要检索的第一个转储表条目)
--stop=LIMITSTOP Last dump table entry to retrieve(要检索的最后一个转储表条目)
--first=FIRSTCHAR First query output word character to retrieve(第一个要检索的查询输出字字符)
--last=LASTCHAR Last query output word character to retrieve(最后一次查询输出要就爱你所得字字符)
--sql-query=SQLQ.. SQL statement to be executed(执行的SQL语句)
--sql-shell Prompt for an interactive SQL shell(用于交互式SQL shell)
--sql-file=SQLFILE Execute SQL statements from given file(s)(从给定文件执行SQL语句)
Brute force:【暴力破解】
These options can be used to run brute force checks(这些选项用于运行暴力检查)
--common-tables Check existence of common tables(检查公用表的存在 )
--common-columns Check existence of common columns(检查公用列存在)
--common-files Check existence of common files(检查普通文件的存在)
User-defined function injection:【用户定义函数注入】
These options can be used to create custom user-defined functions(这些选项可用于创建自定义用户定义函数)
--udf-inject Inject custom user-defined functions(自定义的用户定义函数)
--shared-lib=SHLIB Local path of the shared library(共享库的本地路径)
File system access:【文件系统访问】
These options can be used to access the back-end database management system underlying file system(这些选项可用于访问后端数据库,管理系统基础文件系统)
--file-read=FILE.. Read a file from the back-end DBMS file system(从后端DBMS文件系统读取一个文件)
--file-write=FIL.. Write a local file on the back-end DBMS file system(在后端DBMS文件系统上写一个本地文件)
--file-dest=FILE.. Back-end DBMS absolute filepath to write to(要写入的后端DBMS绝对文件路径)
Operating system access:【操作系统访问】
These options can be used to access the back-end database management system underlying operating system(这些选项可用于访问后端数据库,管理底层操作系统)
--os-cmd=OSCMD Execute an operating system command(执行操作系统命令)
--os-shell Prompt for an interactive operating system shell(交互式操作系统shell的os-shell提示符)
--os-pwn Prompt for an OOB shell, Meterpreter or VNC(提示一个OOB shell,Meterpreter或VNC)
--os-smbrelay One click prompt for an OOB shell, Meterpreter or VNC(单击提示符,选择OOB shell、Meterpreter或VNC)
--os-bof Stored procedure buffer overflow exploitation(存储过程缓冲区溢出利用)
--priv-esc Database process user privilege escalation(数据库处理用户权限升级)
--msf-path=MSFPATH Local path where Metasploit Framework is installed(安装Metasploit框架的本地路径)
--tmp-path=TMPPATH Remote absolute path of temporary files directory(临时文件目录的TMPPATH远程绝对路径)
Windows registry access:【Windows 注册表访问】
These options can be used to access the back-end database management system Windows registry(这些选项可用于访问后端数据库管理)
--reg-read Read a Windows registry key value(读取一个Windows注册表项值)
--reg-add Write a Windows registry key value data(写一个Windows注册表项值数据)
--reg-del Delete a Windows registry key value(删除一个Windows注册表项值)
--reg-key=REGKEY Windows registry key(Windows注册表项)
--reg-value=REGVAL Windows registry key value(Windows注册表项值)
--reg-data=REGDATA Windows registry key value data(注册表项值数据)
--reg-type=REGTYPE Windows registry key value type(注册表项值类型)
General:【通用】
These options can be used to set some general working parameters(这些选项可用来设置一些通用工作参数)
-s SESSIONFILE Load session from a stored (.sqlite) file(从存储的(.sqlite)文件加载会话)
-t TRAFFICFILE Log all HTTP traffic into a textual file(将所有HTTP流量记录到一个文本文件中)
--answers=ANSWERS Set predefined answers (e.g. "quit=N,follow=N")(设置预定义的答案)
--base64=BASE64P.. Parameter(s) containing Base64 encoded data(包含Base64编码数据的参数)
--batch Never ask for user input, use the default behavior(从不请求用户数据,使用默认行为)
--binary-fields=.. Result fields having binary values (e.g. "digest")(具有二进制的结果字段)
--check-internet Check Internet connection before assessing the target(在评估目标之前检查网络连接)
--cleanup Clean up the DBMS from sqlmap specific UDF and tables(清理sqlmap特定的UDF和表中的DBMS)
--crawl=CRAWLDEPTH Crawl the website starting from the target URL(抓取从目标URL开始的网站)
--crawl-exclude=.. Regexp to exclude pages from crawling (e.g. "logout")(从爬行中排除页面的Regexp)
--csv-del=CSVDEL Delimiting character used in CSV output (default ",")(CSV输出中使用的定界字符)
--charset=CHARSET Blind SQL injection charset (e.g. "0123456789abcdef")(盲SQL注入字符集)
--dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE)(转储数据格式(CSV(默认)、HTML或SQLite))
--encoding=ENCOD.. Character encoding used for data retrieval (e.g. GBK)(用于数据检索的字符编码)
--eta Display for each output the estimated time of arrival(显示每个输出的估计到达时间)
--flush-session Flush session files for current target(刷新当前目标的会话文件)
--forms Parse and test forms on target URL(分析和测试目标URL上的表单)
--fresh-queries Ignore query results stored in session file(忽略存储在会话文件中的查询结果)
--gpage=GOOGLEPAGE Use Google dork results from specified page number(使用来自指定页码的谷歌dork结果)
--har=HARFILE Log all HTTP traffic into a HAR file(将所有HTTP通信记录到一个har文件中)
--hex Use hex conversion during data retrieval(在数据检索期间使用十六进制转换)
--output-dir=OUT.. Custom output directory path(自定义输出目录路径)
--parse-errors Parse and display DBMS error messages from responses(解析和显示来自响应的DBMS错误消息)
--preprocess=PRE.. Use given script(s) for preprocessing of response data(使用给定的脚本对响应数据进行预处理)
--repair Redump entries having unknown character marker (?)(具有未知字符标记的Redump项)
--save=SAVECONFIG Save options to a configuration INI file(保存到配置INI文件的选项)
--scope=SCOPE Regexp for filtering targets(过滤目标的作用域Regexp)
--skip-waf Skip heuristic detection of WAF/IPS protection(跳过WAF/IPS保护的启发式检测)
--table-prefix=T.. Prefix used for temporary tables (default: "sqlmap")(用于临时表的前缀(默认为"sqlmap"))
--test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW)(根据有效载荷和/或标题选择测试)
--test-skip=TEST.. Skip tests by payloads and/or titles (e.g. BENCHMARK)(跳过有效载荷和/或标题的测试)
--web-root=WEBROOT Web server document root directory (e.g. "/var/www")(Web服务器文档根目录)
Miscellaneous:【杂项】
These options do not fit into any other category(这些选项不适合任何其它类别)
-z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU")(使用简短的助记符)
--alert=ALERT Run host OS command(s) when SQL injection is found(当发现SQL注入时运行主机OS命令)
--beep Beep on question and/or when SQL injection is found(Beep的问题和/或当SQL注入被发现)
--dependencies Check for missing (optional) sqlmap dependencies(检查是否缺少(可选)sqlmap依赖项)
--disable-coloring Disable console output coloring(禁用控制台输出着色)
--list-tampers Display list of available tamper scripts(显示列表的可用篡改脚本)
--offline Work in offline mode (only use session data)(离线模式下离线工作(仅使用会话数据))
--purge Safely remove all content from sqlmap data directory(从sqlmap数据目录中安全地删除所有内容)
--results-file=R.. Location of CSV results file in multiple targets mode(CSV结果文件在多目标模式中的位置)
--sqlmap-shell Prompt for an interactive sqlmap shell(提示一个交互式sqlmap shell)
--tmp-dir=TMPDIR Local directory for storing temporary files(用于存储临时文件的TMPDIR本地目录)
--unstable Adjust options for unstable connections(调整不稳定连接的选项)
--update Update sqlmap(更新sqlmap)
--wizard Simple wizard interface for beginner users(为初学者提供简单的向导页面)
