Parameter meaning in sqlmap -hh, translation

sqlmap.py -hh

        ___

       __H__

 ___ ___[.]_____ ___ ___  {1.1.12.22#dev}

|_ -| . [(]     | .'| . |

|___|_  [)]_|_|_|__,|  _|

      |_|V|_| http://sqlmap.org

 

Usage: sqlmap.py [options]

 

Options:

  -h, --help show basic help information and exit

  -hh display advanced help information and exit

  --version display the version number of the program and exit

  -v VERBOSE verbosity level: 0-6 (default 1)

 

  Target:

    At least one of the options must be provided to define

   target(s)

 

    -d DIRECT Connection string for direct database connection

    -u URL, --url=URL target URL (eg "http://www.site.com/vuln.php?id=1")

    -l LOGFILE Parse target from Burp or WebScarab proxy log file

    -x SITEMAPURL resolves targets from remote sitemap (.xml) files

    -m BULKFILE scan multiple targets given in text file

    -r REQUESTFILE Load HTTP request from file

    -g GOOGLEDORK Process Google dork results as destination URLs

    -c CONFIGFILE Load options from configuration INI file

 

  Request:

    These options can be used to specify how to connect to the target URL

 

    --method=METHOD force use of given HTTP method (e.g. PUT)

    --data=DATA Data string sent via POST

    --param-del=PARA.. character used to split parameter values

    --cookie=COOKIE HTTP Cookie header value

    --cookie-del=COO.. Character used to split cookie values

    --load-cookies=L.. file containing cookies in Netscape/wget format

    --drop-set-cookie ignore Set-Cookie header from response

    --user-agent=AGENT HTTP User-Agent Header Value

    --random-agent use a randomly chosen HTTP User-Agent header value

    --host=HOST HTTP host header value

    --referer=REFERER HTTP Referer header value

    -H HEADER, --hea.. extra headers (eg "X-Forwarded-For:127.0.0.1")

    --headers=HEADERS extra headers (eg "Accept-Language: fr\nETag: 123")

    --auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI)

    --auth-cred=AUTH.. HTTP authentication credentials (name:password)

    --auth-file=AUTH.. HTTP authentication PEM certificate/private key file

    --ignore-code=IG.. ignore HTTP error codes (eg 401)

    --ignore-proxy ignore system default proxy settings

    --ignore-redirects ignore redirect attempts

    --ignore-timeouts ignore connection timeouts

    --proxy=PROXY use proxy to connect to target URL

    --proxy-cred=PRO.. proxy authentication credentials (name:password)

    --proxy-file=PRO.. Load proxy list from file

    --tor use the Tor anonymity network 

    --tor-port=TORPORT set default Tor proxy port

    --tor-type=TORTYPE Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))

    --check-tor Check if Tor is used correctly

    --delay=DELAY Delay (seconds) between each HTTP request

    --timeout=TIMEOUT Number of seconds to wait before timing out the connection (default 30)

    --retries=RETRIES Retry when connection times out (default 3)

    --randomize=RPARAM randomly change the value of the given parameter(s)

    --safe-url=SAFEURL URL frequently visited during testing

    --safe-post=SAFE.. POST data to a safe URL

    --safe-req=SAFER.. Load safe HTTP requests from file

    --safe-freq=SAFE.. Test requests between two visits to the given safe URL

    --skip-urlencode skip URL encoding of payload data

    --csrf-token=CSR.. Parameter for saving anti-CSRF token

    --csrf-url=CSRFURL Access URL address to extract anti-CSRF token

    --force-ssl Force use of SSL/HTTPS

    --hpp pollute method with HTTP parameters

    --eval=EVALCODE Evaluate provided Python code before requesting (e.g.,

                        “import hashlib; id2 = hashlib.md5（id）.hexdigest（）”）

 

  Optimization:

    These options can be used to optimize the performance of sqlmap

These options can be used to optimize the performance of sqlmap

 

    -o turns on all optimization switches

    --predict-output predict common query output

    --keep-alive use persistent HTTP(s) connections

    --null-connection retrieve page length without actual HTTP response body

    --threads=THREADS Maximum number of concurrent HTTP requests (default 1)

 

  Injection:

    These options can be used to specify which parameters to test for,

    provide custom injection payloads and optional tampering scripts

 

    -p TESTPARAMETER testable parameter(s)

    --skip=SKIP skip the test(s) for the given parameter

    --skip-static skip test parameters that are not displayed as dynamic

    --param-exclude=.. Regular expression to exclude parameters from tests (eg "ses")

    --dbms=DBMS force the backend DBMS to this value

    --dbms-cred=DBMS.. DBMS authentication credentials (user:password)

    --os=OS Force the backend DBMS operating system to this value

    --invalid-bignum use big numbers to invalidate values

    --invalid-logical use logical operations to invalidate values

    --invalid-string use random string to invalidate value

    --no-cast turn off the payload conversion mechanism

    --no-escape turn off string escaping

    --prefix=PREFIX inject payload prefix string

    --suffix=SUFFIX inject payload suffix string

    --tamper=TAMPER use given script to tamper injected data

 

  Detection:

    These options can be used to customize the detection phase

These options can be used to customize the detection phase

 

    --level=LEVEL Level of tests to perform (1-5, default 1)

    --risk=RISK risk of executing tests (1-3, default 1)

    --string=STRING The string to match when the query evaluates to True

    --not-string=NOT.. String matched when query evaluates to False

    --regexp=REGEXP regular expression to match when query evaluates to True

    --code=CODE HTTP code to match when query evaluates to True

    --text-only compare pages based on text content

    --titles compare pages based only on their titles

 

  Techniques:

    These options can be used to tweak testing of specific SQL injection

    techniques

These options can be used to tune tests for specific SQL injections

 

    --technique=TECH use SQL injection technique (default "BEUSTQ")

    --time-sec=TIMESEC Number of seconds to delay DBMS responses (default 5)

    --union-cols=UCOLS Range of columns to test for UNION query SQL injection

    --union-char=UCHAR character number of columns to use for bruteforcing

    --union-from=UFROM Table used in FROM part of UNION query SQL injection

    --dns-domain=DNS.. Domain name for DNS leak attack

    --second-order=S.. Generated page URL search second order response

 

  Fingerprint:

    -f, --fingerprint perform extensive DBMS version fingerprinting

 

  Enumeration:

    These options can be used to enumerate the back-end database

    management system information, structure and data contained in the

    tables. Moreover you can run your own SQL statements These options can be used to enumerate the backend DBMS information, structure and data contained in the tables. Additionally, you can run your own SQL statements

 

    -a, --all retrieve all content

    -b, --banner retrieve DBMS banner

    --current-user Retrieve DBMS current user

    --current-db Retrieve DBMS current database

    --hostname Retrieve DBMS server hostname

    --is-dba Check whether the current user of the DBMS is a DBA

    --users enumerate DBMS users

    --passwords enumerate DBMS user password hashes

    --privileges enumerate DBMS user privileges

    --roles enumerate DBMS user roles

    --dbs enumerate DBMS databases

    --tables enumerate DBMS database tables

    --columns enumerate DBMS database table columns

    --schema enumerate DBMS schemas

    --count Retrieve the number of entries in the table (s)

    --dump dump DBMS database table entries

    --dump-all Dump all DBMS database entries

    --search search column(s), table(s) and/or database name(s)

    --comments Retrieve DBMS comments

    -D DB DBMS database to enumerate

    -T TBL DBMS database tables for enumeration

    -C COL              DBMS database table column(s) to enumerate

    -X EXCLUDECOL DBMS database table columns to enumerate

    -U USER DBMS user enumeration

    --exclude-sysdbs Exclude DBMS system databases when enumerating tables

    --pivot-column=P.. pivot column name

    --where=DUMPWHERE Use WHERE condition when table dump

    --start=LIMITSTART first dump table entry to retrieve

    --stop=LIMITSTOP last dump table entries for retrieval

    --first=FIRSTCHAR First query output word characters to retrieve

    --last=LASTCHAR Last query output character to retrieve

    --sql-query=QUERY SQL statement to execute

    --sql-shell Prompt for an interactive SQL shell

    --sql-file=SQLFILE Execute SQL statement(s) from given file(s)

 

  Brute force:

    These options can be used to run brute force checks

These options can be used to run brute force checks

 

    --common-tables Check for the existence of common tables

    --common-columns Check if common columns exist

 

  User-defined function injection:

    These options can be used to create custom user-defined functions

These options can be used to create custom user-defined functions

 

    --udf-inject inject custom user-defined functions

    --shared-lib=SHLIB local path to shared library

 

  File system access:

    These options can be used to access the back-end database management

    system underlying file system

These options can be used to access the underlying file system of the backend database management system

    --file-read=RFILE read file from backend DBMS file system

    --file-write=WFILE write local file on backend DBMS filesystem

    --file-dest=DFILE Backend DBMS absolute file path to write to

 

  Operating system access:

    These options can be used to access the back-end database management

    system underlying operating system

These options can be used to access the backend database management system underlying operating system

 

    --os-cmd=OSCMD Execute operating system commands

    --os-shell Prompt to use an interactive operating system shell

    --os-pwn prompt for an OOB shell, Meterpreter or VNC

    --os-smbrelay One-click prompt for OOB shell, Meterpreter or VNC

    --os-bof stored procedure buffer overflow development

    --priv-esc Database process user privilege escalation

    --msf-path=MSFPATH Metasploit framework installation location

    --tmp-path=TMPPATH remote absolute path to temporary files directory

 

  Windows registry access:

    These options can be used to access the back-end database management

    system Windows registry

These options can be used to access the backend database management system Windows Registry

 

    --reg-read read Windows registry keys

    --reg-add write a Windows registry key data

    --reg-del delete Windows registry key value

    --reg-key=REGKEY Windows registry key

    --reg-value=REGVAL Windows registry key value

    --reg-data=REGDATA Windows registry key data

    --reg-type=REGTYPE Windows registry key type

 

  General:

    These options can be used to set some general working parameters

These options can be used to set some general operating parameters

 

    -s SESSIONFILE load session from stored (.sqlite) file

    -t TRAFFICFILE log all HTTP traffic to a text file

    --batch never ask for user input, use default behavior

    --binary-fields=.. result fields with binary values ​​(e.g. "summary")

    --check-internet Check internet connection before evaluating target

    --crawl=CRAWLDEPTH start crawling site from destination URL

    --crawl-exclude=.. Regular expression to exclude pages from crawling (eg "logout")

    --csv-del=CSVDEL delimit character used for CSV output (default ",")

    --charset=CHARSET Blind SQL injection character set (eg "0123456789abcdef")

    --dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE)

    --encoding=ENCOD.. character encoding for data retrieval (eg GBK)

    --eta display estimated time of arrival for each output

    --flush-session flush the current target's session file

    --forms Parse and test the form on the destination URL

    --fresh-queries ignore query results stored in session file

    --har=HARFILE log all HTTP traffic to a HAR file

    --hex use DBMS hex function(s) for data retrieval

    --output-dir=OUT.. custom output directory path

    --parse-errors Parse and display DBMS error messages from the response

    --save=SAVECONFIG save options to configuration INI file

    --scope=SCOPE regular expression to filter targets from provided proxy logs

    --test-filter=TE.. select tests by payload and/or header (e.g. ROW)

    --test-skip=TEST.. Skip tests for payload and/or headers (eg, BENCHMARK)

    --update update sqlmap

 

  Miscellaneous (miscellaneous):

    -z MNEMONICS use short mnemonics (eg "flu,bat,ban,tec=EU")

    --alert=ALERT Run host OS command(s) when SQL injection is detected

    --answers=ANSWERS set answers to questions (eg "quit=N,follow=N")

    --beep Problematic beep and/or when SQL injection is detected

    --cleanup clean up DBMS from sqlmap specific UDFs and tables

    --dependencies Check for missing (non-core) sqlmap dependencies

    --disable-coloring disable console output coloring

    --gpage=GOOGLEPAGE use Google dork results from a specific page number

    --identify-waf Fully test WAF/IPS/IDS protection

    --mobile imitates smartphone via HTTP User-Agent header

    --offline work in offline mode (use session data only)

    --purge-output safely remove everything from the output directory

    --skip-waf Skip heuristic detection of WAF/IPS/IDS protection

    --smart Thoroughly test only in case of positive heuristic(s)

    --sqlmap-shell Prompt for an interactive sqlmap shell

    --tmp-dir=TMPDIR local directory to store temporary files

    --web-root=WEBROOT web server document root directory (eg "/var/www")

    --wizard Simple wizard interface for beginner users

 

Press Enter to continue...Press Enter to continue...