Exemplo n.º 1
0
            raise SystemExit
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                dataToStdout("\n[!] to see full list of options run with '-hh'\n")
            raise

        if extraHeaders:
            if not args.headers:
                args.headers = ""
            delimiter = "\\n" if "\\n" in args.headers else "\n"
            args.headers += delimiter + delimiter.join(extraHeaders)

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any(
            (
                args.direct,
                args.url,
                args.logFile,
                args.bulkFile,
                args.googleDork,
                args.configFile,
                args.requestFile,
                args.updateAll,
                args.smokeTest,
Exemplo n.º 2
0
def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    checkSystemEncoding()

    _ = os.path.normpath(sys.argv[0])

    usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
            "\"%s\"" % _ if " " in _ else _)

    parser = OptionParser(usage=usage)

    try:
        parser.add_option("--hh", dest="advancedHelp",
                          action="store_true",
                          help="Show advanced help message and exit")

        parser.add_option("--version", dest="showVersion",
                          action="store_true",
                          help="Show program's version number and exit")

        parser.add_option("-v", dest="verbose", type="int",
                          help="Verbosity level: 0-6 (default %d)" % defaults.verbose)

        # Target options
        target = OptionGroup(parser, "Target", "At least one of these "
                             "options has to be provided to define the target(s)")

        target.add_option("-d", dest="direct", help="Connection string "
                          "for direct database connection")

        target.add_option("-u", "--url", dest="url", help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")")

        target.add_option("-l", dest="logFile", help="Parse target(s) from Burp "
                          "or WebScarab proxy log file")

        target.add_option("-x", dest="sitemapUrl", help="Parse target(s) from remote sitemap(.xml) file")

        target.add_option("-m", dest="bulkFile", help="Scan multiple targets given "
                          "in a textual file ")

        target.add_option("-r", dest="requestFile",
                          help="Load HTTP request from a file")

        target.add_option("-g", dest="googleDork",
                          help="Process Google dork results as target URLs")

        target.add_option("-c", dest="configFile",
                          help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(parser, "Request", "These options can be used "
                              "to specify how to connect to the target URL")

        request.add_option("--data", dest="data",
                           help="Data string to be sent through POST")

        request.add_option("--param-del", dest="paramDel",
                           help="Character used for splitting parameter values")

        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header value")

        request.add_option("--cookie-del", dest="cookieDel",
                           help="Character used for splitting cookie values")

        request.add_option("--load-cookies", dest="loadCookies",
                           help="File containing cookies in Netscape/wget format")

        request.add_option("--drop-set-cookie", dest="dropSetCookie",
                           action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent", dest="agent",
                           help="HTTP User-Agent header value")

        request.add_option("--random-agent", dest="randomAgent",
                           action="store_true",
                           help="Use randomly selected HTTP User-Agent header value")

        request.add_option("--host", dest="host",
                           help="HTTP Host header value")

        request.add_option("--referer", dest="referer",
                           help="HTTP Referer header value")

        request.add_option("--headers", dest="headers",
                           help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_option("--auth-type", dest="authType",
                           help="HTTP authentication type "
                                "(Basic, Digest, NTLM or PKI)")

        request.add_option("--auth-cred", dest="authCred",
                           help="HTTP authentication credentials "
                                "(name:password)")

        request.add_option("--auth-private", dest="authPrivate",
                           help="HTTP authentication PEM private key file")

        request.add_option("--ignore-401", dest="ignore401", action="store_true",
                          help="Ignore HTTP Error 401 (Unauthorized)")

        request.add_option("--proxy", dest="proxy",
                           help="Use a proxy to connect to the target URL")

        request.add_option("--proxy-cred", dest="proxyCred",
                           help="Proxy authentication credentials "
                                "(name:password)")

        request.add_option("--proxy-file", dest="proxyFile",
                           help="Load proxy list from a file")

        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")

        request.add_option("--tor", dest="tor",
                                  action="store_true",
                                  help="Use Tor anonymity network")

        request.add_option("--tor-port", dest="torPort",
                                  help="Set Tor proxy port other than default")

        request.add_option("--tor-type", dest="torType",
                                  help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)")

        request.add_option("--check-tor", dest="checkTor",
                                  action="store_true",
                                  help="Check to see if Tor is used properly")

        request.add_option("--delay", dest="delay", type="float",
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout", dest="timeout", type="float",
                           help="Seconds to wait before timeout connection "
                                "(default %d)" % defaults.timeout)

        request.add_option("--retries", dest="retries", type="int",
                           help="Retries when the connection timeouts "
                                "(default %d)" % defaults.retries)

        request.add_option("--randomize", dest="rParam",
                           help="Randomly change value for given parameter(s)")

        request.add_option("--safe-url", dest="safUrl",
                           help="URL address to visit frequently during testing")

        request.add_option("--safe-freq", dest="saFreq", type="int",
                           help="Test requests between two visits to a given safe URL")

        request.add_option("--skip-urlencode", dest="skipUrlEncode",
                           action="store_true",
                           help="Skip URL encoding of payload data")

        request.add_option("--force-ssl", dest="forceSSL",
                           action="store_true",
                           help="Force usage of SSL/HTTPS")

        request.add_option("--hpp", dest="hpp",
                                  action="store_true",
                                  help="Use HTTP parameter pollution method")

        request.add_option("--eval", dest="evalCode",
                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

        # Optimization options
        optimization = OptionGroup(parser, "Optimization", "These "
                               "options can be used to optimize the "
                               "performance of sqlmap")

        optimization.add_option("-o", dest="optimize",
                                 action="store_true",
                                 help="Turn on all optimization switches")

        optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
                          help="Predict common queries output")

        optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
                           help="Use persistent HTTP(s) connections")

        optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
                          help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads", dest="threads", type="int",
                           help="Max number of concurrent HTTP(s) "
                                "requests (default %d)" % defaults.threads)

        # Injection options
        injection = OptionGroup(parser, "Injection", "These options can be "
                                "used to specify which parameters to test "
                                "for, provide custom injection payloads and "
                                "optional tampering scripts")

        injection.add_option("-p", dest="testParameter",
                             help="Testable parameter(s)")

        injection.add_option("--skip", dest="skip",
                             help="Skip testing for given parameter(s)")

        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to this value")

        injection.add_option("--dbms-cred", dest="dbmsCred",
                            help="DBMS authentication credentials (user:password)")

        injection.add_option("--os", dest="os",
                             help="Force back-end DBMS operating system "
                                  "to this value")

        injection.add_option("--invalid-bignum", dest="invalidBignum",
                             action="store_true",
                             help="Use big numbers for invalidating values")

        injection.add_option("--invalid-logical", dest="invalidLogical",
                             action="store_true",
                             help="Use logical operations for invalidating values")

        injection.add_option("--invalid-string", dest="invalidString",
                             action="store_true",
                             help="Use random strings for invalidating values")

        injection.add_option("--no-cast", dest="noCast",
                             action="store_true",
                             help="Turn off payload casting mechanism")

        injection.add_option("--no-escape", dest="noEscape",
                             action="store_true",
                             help="Turn off string escaping mechanism")

        injection.add_option("--prefix", dest="prefix",
                             help="Injection payload prefix string")

        injection.add_option("--suffix", dest="suffix",
                             help="Injection payload suffix string")

        injection.add_option("--tamper", dest="tamper",
                             help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(parser, "Detection", "These options can be "
                                "used to customize the detection phase")

        detection.add_option("--level", dest="level", type="int",
                             help="Level of tests to perform (1-5, "
                                  "default %d)" % defaults.level)

        detection.add_option("--risk", dest="risk", type="int",
                             help="Risk of tests to perform (0-3, "
                                  "default %d)" % defaults.level)

        detection.add_option("--string", dest="string",
                             help="String to match when "
                                  "query is evaluated to True")

        detection.add_option("--not-string", dest="notString",
                             help="String to match when "
                                  "query is evaluated to False")

        detection.add_option("--regexp", dest="regexp",
                             help="Regexp to match when "
                                  "query is evaluated to True")

        detection.add_option("--code", dest="code", type="int",
                             help="HTTP code to match when "
                                  "query is evaluated to True")

        detection.add_option("--text-only", dest="textOnly",
                             action="store_true",
                             help="Compare pages based only on the textual content")

        detection.add_option("--titles", dest="titles",
                             action="store_true",
                             help="Compare pages based only on their titles")

        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can be "
                                 "used to tweak testing of specific SQL "
                                 "injection techniques")

        techniques.add_option("--technique", dest="tech",
                              help="SQL injection techniques to use "
                                   "(default \"%s\")" % defaults.tech)

        techniques.add_option("--time-sec", dest="timeSec",
                              type="int",
                              help="Seconds to delay the DBMS response "
                                   "(default %d)" % defaults.timeSec)

        techniques.add_option("--union-cols", dest="uCols",
                              help="Range of columns to test for UNION query SQL injection")

        techniques.add_option("--union-char", dest="uChar",
                              help="Character to use for bruteforcing number of columns")

        techniques.add_option("--union-from", dest="uFrom",
                              help="Table to use in FROM part of UNION query SQL injection")

        techniques.add_option("--dns-domain", dest="dnsName",
                              help="Domain name used for DNS exfiltration attack")

        techniques.add_option("--second-order", dest="secondOrder",
                             help="Resulting page URL searched for second-order "
                                  "response")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
                               action="store_true",
                               help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                  "be used to enumerate the back-end database "
                                  "management system information, structure "
                                  "and data contained in the tables. Moreover "
                                  "you can run your own SQL statements")

        enumeration.add_option("-a", "--all", dest="getAll",
                               action="store_true", help="Retrieve everything")

        enumeration.add_option("-b", "--banner", dest="getBanner",
                               action="store_true", help="Retrieve DBMS banner")

        enumeration.add_option("--current-user", dest="getCurrentUser",
                               action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db", dest="getCurrentDb",
                               action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--hostname", dest="getHostname",
                               action="store_true",
                               help="Retrieve DBMS server hostname")

        enumeration.add_option("--is-dba", dest="isDba",
                               action="store_true",
                               help="Detect if the DBMS current user is DBA")

        enumeration.add_option("--users", dest="getUsers", action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords", dest="getPasswordHashes",
                               action="store_true",
                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges", dest="getPrivileges",
                               action="store_true",
                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--roles", dest="getRoles",
                               action="store_true",
                               help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true",
                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns", dest="getColumns", action="store_true",
                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--schema", dest="getSchema", action="store_true",
                               help="Enumerate DBMS schema")

        enumeration.add_option("--count", dest="getCount", action="store_true",
                               help="Retrieve number of entries for table(s)")

        enumeration.add_option("--dump", dest="dumpTable", action="store_true",
                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option("--search", dest="search", action="store_true",
                               help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_option("--comments", dest="getComments", action="store_true",
                               help="Retrieve DBMS comments")

        enumeration.add_option("-D", dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl",
                               help="DBMS database table(s) to enumerate")

        enumeration.add_option("-C", dest="col",
                               help="DBMS database table column(s) to enumerate")

        enumeration.add_option("-X", dest="excludeCol",
                               help="DBMS database table column(s) to not enumerate")

        enumeration.add_option("-U", dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
                               action="store_true",
                               help="Exclude DBMS system databases when "
                                    "enumerating tables")

        enumeration.add_option("--where", dest="dumpWhere",
                               help="Use WHERE condition while table dumping")

        enumeration.add_option("--start", dest="limitStart", type="int",
                               help="First query output entry to retrieve")

        enumeration.add_option("--stop", dest="limitStop", type="int",
                               help="Last query output entry to retrieve")

        enumeration.add_option("--first", dest="firstChar", type="int",
                               help="First query output word character to retrieve")

        enumeration.add_option("--last", dest="lastChar", type="int",
                               help="Last query output word character to retrieve")

        enumeration.add_option("--sql-query", dest="query",
                               help="SQL statement to be executed")

        enumeration.add_option("--sql-shell", dest="sqlShell",
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

        enumeration.add_option("--sql-file", dest="sqlFile",
                               help="Execute SQL statements from given file(s)")

        # User-defined function options
        brute = OptionGroup(parser, "Brute force", "These "
                          "options can be used to run brute force "
                          "checks")

        brute.add_option("--common-tables", dest="commonTables", action="store_true",
                               help="Check existence of common tables")

        brute.add_option("--common-columns", dest="commonColumns", action="store_true",
                               help="Check existence of common columns")

        # User-defined function options
        udf = OptionGroup(parser, "User-defined function injection", "These "
                          "options can be used to create custom user-defined "
                          "functions")

        udf.add_option("--udf-inject", dest="udfInject", action="store_true",
                       help="Inject custom user-defined functions")

        udf.add_option("--shared-lib", dest="shLib",
                       help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(parser, "File system access", "These options "
                                 "can be used to access the back-end database "
                                 "management system underlying file system")

        filesystem.add_option("--file-read", dest="rFile",
                              help="Read a file from the back-end DBMS "
                                   "file system")

        filesystem.add_option("--file-write", dest="wFile",
                              help="Write a local file on the back-end "
                                   "DBMS file system")

        filesystem.add_option("--file-dest", dest="dFile",
                              help="Back-end DBMS absolute filepath to "
                                   "write to")

        # Takeover options
        takeover = OptionGroup(parser, "Operating system access", "These "
                               "options can be used to access the back-end "
                               "database management system underlying "
                               "operating system")

        takeover.add_option("--os-cmd", dest="osCmd",
                            help="Execute an operating system command")

        takeover.add_option("--os-shell", dest="osShell",
                            action="store_true",
                            help="Prompt for an interactive operating "
                                 "system shell")

        takeover.add_option("--os-pwn", dest="osPwn",
                            action="store_true",
                            help="Prompt for an OOB shell, "
                                 "Meterpreter or VNC")

        takeover.add_option("--os-smbrelay", dest="osSmb",
                            action="store_true",
                            help="One click prompt for an OOB shell, "
                                 "Meterpreter or VNC")

        takeover.add_option("--os-bof", dest="osBof",
                            action="store_true",
                            help="Stored procedure buffer overflow "
                                 "exploitation")

        takeover.add_option("--priv-esc", dest="privEsc",
                            action="store_true",
                            help="Database process user privilege escalation")

        takeover.add_option("--msf-path", dest="msfPath",
                            help="Local path where Metasploit Framework "
                                 "is installed")

        takeover.add_option("--tmp-path", dest="tmpPath",
                            help="Remote absolute path of temporary files "
                                 "directory")

        # Windows registry options
        windows = OptionGroup(parser, "Windows registry access", "These "
                               "options can be used to access the back-end "
                               "database management system Windows "
                               "registry")

        windows.add_option("--reg-read", dest="regRead",
                            action="store_true",
                            help="Read a Windows registry key value")

        windows.add_option("--reg-add", dest="regAdd",
                            action="store_true",
                            help="Write a Windows registry key value data")

        windows.add_option("--reg-del", dest="regDel",
                            action="store_true",
                            help="Delete a Windows registry key value")

        windows.add_option("--reg-key", dest="regKey",
                            help="Windows registry key")

        windows.add_option("--reg-value", dest="regVal",
                            help="Windows registry key value")

        windows.add_option("--reg-data", dest="regData",
                            help="Windows registry key value data")

        windows.add_option("--reg-type", dest="regType",
                            help="Windows registry key value type")

        # General options
        general = OptionGroup(parser, "General", "These options can be used "
                             "to set some general working parameters")

        #general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")

        general.add_option("-s", dest="sessionFile",
                            help="Load session from a stored (.sqlite) file")

        general.add_option("-t", dest="trafficFile",
                            help="Log all HTTP traffic into a "
                            "textual file")

        general.add_option("--batch", dest="batch",
                            action="store_true",
                            help="Never ask for user input, use the default behaviour")

        general.add_option("--charset", dest="charset",
                            help="Force character encoding used for data retrieval")

        general.add_option("--crawl", dest="crawlDepth", type="int",
                                  help="Crawl the website starting from the target URL")

        general.add_option("--csv-del", dest="csvDel",
                                  help="Delimiting character used in CSV output "
                                  "(default \"%s\")" % defaults.csvDel)

        general.add_option("--dump-format", dest="dumpFormat",
                                  help="Format of dumped data (CSV (default), HTML or SQLITE)")

        general.add_option("--eta", dest="eta",
                            action="store_true",
                            help="Display for each output the "
                                 "estimated time of arrival")

        general.add_option("--flush-session", dest="flushSession",
                            action="store_true",
                            help="Flush session files for current target")

        general.add_option("--forms", dest="forms",
                                  action="store_true",
                                  help="Parse and test forms on target URL")

        general.add_option("--fresh-queries", dest="freshQueries",
                            action="store_true",
                            help="Ignore query results stored in session file")

        general.add_option("--hex", dest="hexConvert",
                            action="store_true",
                            help="Use DBMS hex function(s) for data retrieval")

        general.add_option("--output-dir", dest="outputDir",
                            action="store",
                            help="Custom output directory path")

        general.add_option("--parse-errors", dest="parseErrors",
                                  action="store_true",
                                  help="Parse and display DBMS error messages from responses")

        general.add_option("--pivot-column", dest="pivotColumn",
                               help="Pivot column name")

        general.add_option("--save", dest="saveCmdline",
                            action="store_true",
                            help="Save options to a configuration INI file")

        general.add_option("--scope", dest="scope",
                           help="Regexp to filter targets from provided proxy log")

        general.add_option("--test-filter", dest="testFilter",
                           help="Select tests by payloads and/or titles (e.g. ROW)")

        general.add_option("--update", dest="updateAll",
                            action="store_true",
                            help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option("-z", dest="mnemonics",
                               help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_option("--alert", dest="alert",
                                  help="Run host OS command(s) when SQL injection is found")

        miscellaneous.add_option("--answers", dest="answers",
                                  help="Set question answers (e.g. \"quit=N,follow=N\")")

        miscellaneous.add_option("--beep", dest="beep", action="store_true",
                                  help="Make a beep sound when SQL injection is found")

        miscellaneous.add_option("--check-waf", dest="checkWaf",
                                  action="store_true",
                                  help="Heuristically check for WAF/IPS/IDS protection")

        miscellaneous.add_option("--cleanup", dest="cleanup",
                                  action="store_true",
                                  help="Clean up the DBMS from sqlmap specific "
                                  "UDF and tables")

        miscellaneous.add_option("--dependencies", dest="dependencies",
                                  action="store_true",
                                  help="Check for missing (non-core) sqlmap dependencies")

        miscellaneous.add_option("--disable-coloring", dest="disableColoring",
                                  action="store_true",
                                  help="Disable console output coloring")

        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
                                  help="Use Google dork results from specified page number")

        miscellaneous.add_option("--identify-waf", dest="identifyWaf",
                                  action="store_true",
                                  help="Make a through testing for a WAF/IPS/IDS protection")

        miscellaneous.add_option("--mobile", dest="mobile",
                                  action="store_true",
                                  help="Imitate smartphone through HTTP User-Agent header")

        miscellaneous.add_option("--page-rank", dest="pageRank",
                                  action="store_true",
                                  help="Display page rank (PR) for Google dork results")

        miscellaneous.add_option("--purge-output", dest="purgeOutput",
                                  action="store_true",
                                  help="Safely remove all content from output directory")

        miscellaneous.add_option("--smart", dest="smart",
                                  action="store_true",
                                  help="Conduct through tests only if positive heuristic(s)")

        miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
                            help="Prompt for an interactive sqlmap shell")

        miscellaneous.add_option("--wizard", dest="wizard",
                                  action="store_true",
                                  help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_option("--dummy", dest="dummy", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--pickled-options", dest="pickledOptions",
                          help=SUPPRESS_HELP)

        parser.add_option("--profile", dest="profile", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--binary-fields", dest="binaryFields",
                          help=SUPPRESS_HELP)

        parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-dns", dest="forceDns", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--live-test", dest="liveTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--stop-fail", dest="stopFail", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        # Dirty hack to display longer options without breaking into two lines
        def _(self, *args):
            _ = parser.formatter._format_option_strings(*args)
            if len(_) > MAX_HELP_OPTION_LENGTH:
                _ = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % _
            return _

        parser.formatter._format_option_strings = parser.formatter.format_option_strings
        parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser, type(parser))

        # Dirty hack for making a short option -hh
        option = parser.get_option("--hh")
        option._short_opts = ["-hh"]
        option._long_opts = []

        # Dirty hack for inherent help message of switch -h
        option = parser.get_option("-h")
        option.help = option.help.capitalize().replace("this help", "basic help")

        argv = []
        prompt = False
        advancedHelp = True

        for arg in sys.argv:
            argv.append(getUnicode(arg, system=True))

        checkDeprecatedOptions(argv)

        prompt = "--sqlmap-shell" in argv

        if prompt:
            parser.usage = ""
            cmdLineOptions.sqlmapShell = True

            _ = ["x", "q", "exit", "quit", "clear"]

            for option in parser.option_list:
                _.extend(option._long_opts)
                _.extend(option._short_opts)

            for group in parser.option_groups:
                for option in group.option_list:
                    _.extend(option._long_opts)
                    _.extend(option._short_opts)

            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=_)

            while True:
                command = None

                try:
                    command = raw_input("sqlmap-shell> ").strip()
                except (KeyboardInterrupt, EOFError):
                    print
                    raise SqlmapShellQuitException

                if not command:
                    continue
                elif command.lower() == "clear":
                    clearHistory()                    
                    print "[i] history cleared"
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                elif command.lower() in ("x", "q", "exit", "quit"):
                    raise SqlmapShellQuitException
                elif command[0] != '-':
                    print "[!] invalid option(s) provided"
                    print "[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'"
                else:
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    break

            for arg in shlex.split(command):
                argv.append(getUnicode(arg, system=True))

        # Hide non-basic options in basic help case
        for i in xrange(len(argv)):
            if argv[i] == "-hh":
                argv[i] = "-h"
            elif argv[i] == "--version":
                print VERSION_STRING.split('/')[-1]
                raise SystemExit
            elif argv[i] == "-h":
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
                    for option in group.option_list:
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS_HELP
                        else:
                            found = True
                    if not found:
                        parser.option_groups.remove(group)

        try:
            (args, _) = parser.parse_args(argv)
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                print "\n[!] to see full list of options run with '-hh'"
            raise

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
            args.purgeOutput, args.pickledOptions, args.sitemapUrl)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError), e:
        parser.error(e)
Exemplo n.º 3
0
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                dataToStdout(
                    "\n[!] to see full list of options run with '-hh'\n")
            raise

        if extraHeaders:
            if not args.headers:
                args.headers = ""
            delimiter = "\\n" if "\\n" in args.headers else "\n"
            args.headers += delimiter + delimiter.join(extraHeaders)

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
            args.purgeOutput, args.sitemapUrl)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help\n"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError), e:
        parser.error(e)
Exemplo n.º 4
0
def cmdLineParser(argv=None):
    """
    This function parses the command line parameters and arguments
    """

    if not argv:
        argv = sys.argv

    checkSystemEncoding()

    # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
    _ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding)

    usage = "%s%s [options]" % ("%s " % os.path.basename(sys.executable) if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _)
    parser = ArgumentParser(usage=usage)

    try:
        parser.add_argument("--hh", dest="advancedHelp", action="store_true",
            help="Show advanced help message and exit")

        parser.add_argument("--version", dest="showVersion", action="store_true",
            help="Show program's version number and exit")

        parser.add_argument("-v", dest="verbose", type=int,
            help="Verbosity level: 0-6 (default %d)" % defaults.verbose)

        # Target options
        target = parser.add_argument_group("Target", "At least one of these options has to be provided to define the target(s)")

        target.add_argument("-d", dest="direct",
            help="Connection string for direct database connection")

        target.add_argument("-u", "--url", dest="url",
            help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")")

        target.add_argument("-l", dest="logFile",
            help="Parse target(s) from Burp or WebScarab proxy log file")

        target.add_argument("-m", dest="bulkFile",
            help="Scan multiple targets given in a textual file ")

        target.add_argument("-r", dest="requestFile",
            help="Load HTTP request from a file")

        target.add_argument("-g", dest="googleDork",
            help="Process Google dork results as target URLs")

        target.add_argument("-c", dest="configFile",
            help="Load options from a configuration INI file")

        # Request options
        request = parser.add_argument_group("Request", "These options can be used to specify how to connect to the target URL")

        request.add_argument("-A", "--user-agent", dest="agent",
            help="HTTP User-Agent header value")

        request.add_argument("-H", "--header", dest="header",
            help="Extra header (e.g. \"X-Forwarded-For: 127.0.0.1\")")

        request.add_argument("--method", dest="method",
            help="Force usage of given HTTP method (e.g. PUT)")

        request.add_argument("--data", dest="data",
            help="Data string to be sent through POST (e.g. \"id=1\")")

        request.add_argument("--param-del", dest="paramDel",
            help="Character used for splitting parameter values (e.g. &)")

        request.add_argument("--cookie", dest="cookie",
            help="HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\")")

        request.add_argument("--cookie-del", dest="cookieDel",
            help="Character used for splitting cookie values (e.g. ;)")

        request.add_argument("--load-cookies", dest="loadCookies",
            help="File containing cookies in Netscape/wget format")

        request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
            help="Ignore Set-Cookie header from response")

        request.add_argument("--mobile", dest="mobile", action="store_true",
            help="Imitate smartphone through HTTP User-Agent header")

        request.add_argument("--random-agent", dest="randomAgent", action="store_true",
            help="Use randomly selected HTTP User-Agent header value")

        request.add_argument("--host", dest="host",
            help="HTTP Host header value")

        request.add_argument("--referer", dest="referer",
            help="HTTP Referer header value")

        request.add_argument("--headers", dest="headers",
            help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_argument("--auth-type", dest="authType",
            help="HTTP authentication type (Basic, Digest, NTLM or PKI)")

        request.add_argument("--auth-cred", dest="authCred",
            help="HTTP authentication credentials (name:password)")

        request.add_argument("--auth-file", dest="authFile",
            help="HTTP authentication PEM cert/private key file")

        request.add_argument("--ignore-code", dest="ignoreCode",
            help="Ignore (problematic) HTTP error code (e.g. 401)")

        request.add_argument("--ignore-proxy", dest="ignoreProxy", action="store_true",
            help="Ignore system default proxy settings")

        request.add_argument("--ignore-redirects", dest="ignoreRedirects", action="store_true",
            help="Ignore redirection attempts")

        request.add_argument("--ignore-timeouts", dest="ignoreTimeouts", action="store_true",
            help="Ignore connection timeouts")

        request.add_argument("--proxy", dest="proxy",
            help="Use a proxy to connect to the target URL")

        request.add_argument("--proxy-cred", dest="proxyCred",
            help="Proxy authentication credentials (name:password)")

        request.add_argument("--proxy-file", dest="proxyFile",
            help="Load proxy list from a file")

        request.add_argument("--tor", dest="tor", action="store_true",
            help="Use Tor anonymity network")

        request.add_argument("--tor-port", dest="torPort",
            help="Set Tor proxy port other than default")

        request.add_argument("--tor-type", dest="torType",
            help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")

        request.add_argument("--check-tor", dest="checkTor", action="store_true",
            help="Check to see if Tor is used properly")

        request.add_argument("--delay", dest="delay", type=float,
            help="Delay in seconds between each HTTP request")

        request.add_argument("--timeout", dest="timeout", type=float,
            help="Seconds to wait before timeout connection (default %d)" % defaults.timeout)

        request.add_argument("--retries", dest="retries", type=int,
            help="Retries when the connection timeouts (default %d)" % defaults.retries)

        request.add_argument("--randomize", dest="rParam",
            help="Randomly change value for given parameter(s)")

        request.add_argument("--safe-url", dest="safeUrl",
            help="URL address to visit frequently during testing")

        request.add_argument("--safe-post", dest="safePost",
            help="POST data to send to a safe URL")

        request.add_argument("--safe-req", dest="safeReqFile",
            help="Load safe HTTP request from a file")

        request.add_argument("--safe-freq", dest="safeFreq", type=int,
            help="Test requests between two visits to a given safe URL")

        request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true",
            help="Skip URL encoding of payload data")

        request.add_argument("--csrf-token", dest="csrfToken",
            help="Parameter used to hold anti-CSRF token")

        request.add_argument("--csrf-url", dest="csrfUrl",
            help="URL address to visit for extraction of anti-CSRF token")

        request.add_argument("--csrf-method", dest="csrfMethod",
            help="HTTP method to use during anti-CSRF token page visit")

        request.add_argument("--force-ssl", dest="forceSSL", action="store_true",
            help="Force usage of SSL/HTTPS")

        request.add_argument("--chunked", dest="chunked", action="store_true",
            help="Use HTTP chunked transfer encoded (POST) requests")

        request.add_argument("--hpp", dest="hpp", action="store_true",
            help="Use HTTP parameter pollution method")

        request.add_argument("--eval", dest="evalCode",
            help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

        # Optimization options
        optimization = parser.add_argument_group("Optimization", "These options can be used to optimize the performance of sqlmap")

        optimization.add_argument("-o", dest="optimize", action="store_true",
            help="Turn on all optimization switches")

        optimization.add_argument("--predict-output", dest="predictOutput", action="store_true",
            help="Predict common queries output")

        optimization.add_argument("--keep-alive", dest="keepAlive", action="store_true",
            help="Use persistent HTTP(s) connections")

        optimization.add_argument("--null-connection", dest="nullConnection", action="store_true",
            help="Retrieve page length without actual HTTP response body")

        optimization.add_argument("--threads", dest="threads", type=int,
            help="Max number of concurrent HTTP(s) requests (default %d)" % defaults.threads)

        # Injection options
        injection = parser.add_argument_group("Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts")

        injection.add_argument("-p", dest="testParameter",
            help="Testable parameter(s)")

        injection.add_argument("--skip", dest="skip",
            help="Skip testing for given parameter(s)")

        injection.add_argument("--skip-static", dest="skipStatic", action="store_true",
            help="Skip testing parameters that not appear to be dynamic")

        injection.add_argument("--param-exclude", dest="paramExclude",
            help="Regexp to exclude parameters from testing (e.g. \"ses\")")

        injection.add_argument("--param-filter", dest="paramFilter",
            help="Select testable parameter(s) by place (e.g. \"POST\")")

        injection.add_argument("--dbms", dest="dbms",
            help="Force back-end DBMS to provided value")

        injection.add_argument("--dbms-cred", dest="dbmsCred",
            help="DBMS authentication credentials (user:password)")

        injection.add_argument("--os", dest="os",
            help="Force back-end DBMS operating system to provided value")

        injection.add_argument("--invalid-bignum", dest="invalidBignum", action="store_true",
            help="Use big numbers for invalidating values")

        injection.add_argument("--invalid-logical", dest="invalidLogical", action="store_true",
            help="Use logical operations for invalidating values")

        injection.add_argument("--invalid-string", dest="invalidString", action="store_true",
            help="Use random strings for invalidating values")

        injection.add_argument("--no-cast", dest="noCast", action="store_true",
            help="Turn off payload casting mechanism")

        injection.add_argument("--no-escape", dest="noEscape", action="store_true",
            help="Turn off string escaping mechanism")

        injection.add_argument("--prefix", dest="prefix",
            help="Injection payload prefix string")

        injection.add_argument("--suffix", dest="suffix",
            help="Injection payload suffix string")

        injection.add_argument("--tamper", dest="tamper",
            help="Use given script(s) for tampering injection data")

        # Detection options
        detection = parser.add_argument_group("Detection", "These options can be used to customize the detection phase")

        detection.add_argument("--level", dest="level", type=int,
            help="Level of tests to perform (1-5, default %d)" % defaults.level)

        detection.add_argument("--risk", dest="risk", type=int,
            help="Risk of tests to perform (1-3, default %d)" % defaults.risk)

        detection.add_argument("--string", dest="string",
            help="String to match when query is evaluated to True")

        detection.add_argument("--not-string", dest="notString",
            help="String to match when query is evaluated to False")

        detection.add_argument("--regexp", dest="regexp",
            help="Regexp to match when query is evaluated to True")

        detection.add_argument("--code", dest="code", type=int,
            help="HTTP code to match when query is evaluated to True")

        detection.add_argument("--smart", dest="smart", action="store_true",
            help="Perform thorough tests only if positive heuristic(s)")

        detection.add_argument("--text-only", dest="textOnly", action="store_true",
            help="Compare pages based only on the textual content")

        detection.add_argument("--titles", dest="titles", action="store_true",
            help="Compare pages based only on their titles")

        # Techniques options
        techniques = parser.add_argument_group("Techniques", "These options can be used to tweak testing of specific SQL injection techniques")

        techniques.add_argument("--technique", dest="technique",
            help="SQL injection techniques to use (default \"%s\")" % defaults.technique)

        techniques.add_argument("--time-sec", dest="timeSec", type=int,
            help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)

        techniques.add_argument("--union-cols", dest="uCols",
            help="Range of columns to test for UNION query SQL injection")

        techniques.add_argument("--union-char", dest="uChar",
            help="Character to use for bruteforcing number of columns")

        techniques.add_argument("--union-from", dest="uFrom",
            help="Table to use in FROM part of UNION query SQL injection")

        techniques.add_argument("--dns-domain", dest="dnsDomain",
            help="Domain name used for DNS exfiltration attack")

        techniques.add_argument("--second-url", dest="secondUrl",
            help="Resulting page URL searched for second-order response")

        techniques.add_argument("--second-req", dest="secondReq",
            help="Load second-order HTTP request from file")

        # Fingerprint options
        fingerprint = parser.add_argument_group("Fingerprint")

        fingerprint.add_argument("-f", "--fingerprint", dest="extensiveFp", action="store_true",
            help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = parser.add_argument_group("Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables")

        enumeration.add_argument("-a", "--all", dest="getAll", action="store_true",
            help="Retrieve everything")

        enumeration.add_argument("-b", "--banner", dest="getBanner", action="store_true",
            help="Retrieve DBMS banner")

        enumeration.add_argument("--current-user", dest="getCurrentUser", action="store_true",
            help="Retrieve DBMS current user")

        enumeration.add_argument("--current-db", dest="getCurrentDb", action="store_true",
            help="Retrieve DBMS current database")

        enumeration.add_argument("--hostname", dest="getHostname", action="store_true",
            help="Retrieve DBMS server hostname")

        enumeration.add_argument("--is-dba", dest="isDba", action="store_true",
            help="Detect if the DBMS current user is DBA")

        enumeration.add_argument("--users", dest="getUsers", action="store_true",
            help="Enumerate DBMS users")

        enumeration.add_argument("--passwords", dest="getPasswordHashes", action="store_true",
            help="Enumerate DBMS users password hashes")

        enumeration.add_argument("--privileges", dest="getPrivileges", action="store_true",
            help="Enumerate DBMS users privileges")

        enumeration.add_argument("--roles", dest="getRoles", action="store_true",
            help="Enumerate DBMS users roles")

        enumeration.add_argument("--dbs", dest="getDbs", action="store_true",
            help="Enumerate DBMS databases")

        enumeration.add_argument("--tables", dest="getTables", action="store_true",
            help="Enumerate DBMS database tables")

        enumeration.add_argument("--columns", dest="getColumns", action="store_true",
            help="Enumerate DBMS database table columns")

        enumeration.add_argument("--schema", dest="getSchema", action="store_true",
            help="Enumerate DBMS schema")

        enumeration.add_argument("--count", dest="getCount", action="store_true",
            help="Retrieve number of entries for table(s)")

        enumeration.add_argument("--dump", dest="dumpTable", action="store_true",
            help="Dump DBMS database table entries")

        enumeration.add_argument("--dump-all", dest="dumpAll", action="store_true",
            help="Dump all DBMS databases tables entries")

        enumeration.add_argument("--search", dest="search", action="store_true",
            help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_argument("--comments", dest="getComments", action="store_true",
            help="Check for DBMS comments during enumeration")

        enumeration.add_argument("--statements", dest="getStatements", action="store_true",
            help="Retrieve SQL statements being run on DBMS")

        enumeration.add_argument("-D", dest="db",
            help="DBMS database to enumerate")

        enumeration.add_argument("-T", dest="tbl",
            help="DBMS database table(s) to enumerate")

        enumeration.add_argument("-C", dest="col",
            help="DBMS database table column(s) to enumerate")

        enumeration.add_argument("-X", dest="exclude",
            help="DBMS database identifier(s) to not enumerate")

        enumeration.add_argument("-U", dest="user",
            help="DBMS user to enumerate")

        enumeration.add_argument("--exclude-sysdbs", dest="excludeSysDbs", action="store_true",
            help="Exclude DBMS system databases when enumerating tables")

        enumeration.add_argument("--pivot-column", dest="pivotColumn",
            help="Pivot column name")

        enumeration.add_argument("--where", dest="dumpWhere",
            help="Use WHERE condition while table dumping")

        enumeration.add_argument("--start", dest="limitStart", type=int,
            help="First dump table entry to retrieve")

        enumeration.add_argument("--stop", dest="limitStop", type=int,
            help="Last dump table entry to retrieve")

        enumeration.add_argument("--first", dest="firstChar", type=int,
            help="First query output word character to retrieve")

        enumeration.add_argument("--last", dest="lastChar", type=int,
            help="Last query output word character to retrieve")

        enumeration.add_argument("--sql-query", dest="sqlQuery",
            help="SQL statement to be executed")

        enumeration.add_argument("--sql-shell", dest="sqlShell", action="store_true",
            help="Prompt for an interactive SQL shell")

        enumeration.add_argument("--sql-file", dest="sqlFile",
            help="Execute SQL statements from given file(s)")

        # Brute force options
        brute = parser.add_argument_group("Brute force", "These options can be used to run brute force checks")

        brute.add_argument("--common-tables", dest="commonTables", action="store_true",
            help="Check existence of common tables")

        brute.add_argument("--common-columns", dest="commonColumns", action="store_true",
            help="Check existence of common columns")

        brute.add_argument("--common-files", dest="commonFiles", action="store_true",
            help="Check existence of common files")

        # User-defined function options
        udf = parser.add_argument_group("User-defined function injection", "These options can be used to create custom user-defined functions")

        udf.add_argument("--udf-inject", dest="udfInject", action="store_true",
            help="Inject custom user-defined functions")

        udf.add_argument("--shared-lib", dest="shLib",
            help="Local path of the shared library")

        # File system options
        filesystem = parser.add_argument_group("File system access", "These options can be used to access the back-end database management system underlying file system")

        filesystem.add_argument("--file-read", dest="fileRead",
            help="Read a file from the back-end DBMS file system")

        filesystem.add_argument("--file-write", dest="fileWrite",
            help="Write a local file on the back-end DBMS file system")

        filesystem.add_argument("--file-dest", dest="fileDest",
            help="Back-end DBMS absolute filepath to write to")

        # Takeover options
        takeover = parser.add_argument_group("Operating system access", "These options can be used to access the back-end database management system underlying operating system")

        takeover.add_argument("--os-cmd", dest="osCmd",
            help="Execute an operating system command")

        takeover.add_argument("--os-shell", dest="osShell", action="store_true",
            help="Prompt for an interactive operating system shell")

        takeover.add_argument("--os-pwn", dest="osPwn", action="store_true",
            help="Prompt for an OOB shell, Meterpreter or VNC")

        takeover.add_argument("--os-smbrelay", dest="osSmb", action="store_true",
            help="One click prompt for an OOB shell, Meterpreter or VNC")

        takeover.add_argument("--os-bof", dest="osBof", action="store_true",
            help="Stored procedure buffer overflow "
                                 "exploitation")

        takeover.add_argument("--priv-esc", dest="privEsc", action="store_true",
            help="Database process user privilege escalation")

        takeover.add_argument("--msf-path", dest="msfPath",
            help="Local path where Metasploit Framework is installed")

        takeover.add_argument("--tmp-path", dest="tmpPath",
            help="Remote absolute path of temporary files directory")

        # Windows registry options
        windows = parser.add_argument_group("Windows registry access", "These options can be used to access the back-end database management system Windows registry")

        windows.add_argument("--reg-read", dest="regRead", action="store_true",
            help="Read a Windows registry key value")

        windows.add_argument("--reg-add", dest="regAdd", action="store_true",
            help="Write a Windows registry key value data")

        windows.add_argument("--reg-del", dest="regDel", action="store_true",
            help="Delete a Windows registry key value")

        windows.add_argument("--reg-key", dest="regKey",
            help="Windows registry key")

        windows.add_argument("--reg-value", dest="regVal",
            help="Windows registry key value")

        windows.add_argument("--reg-data", dest="regData",
            help="Windows registry key value data")

        windows.add_argument("--reg-type", dest="regType",
            help="Windows registry key value type")

        # General options
        general = parser.add_argument_group("General", "These options can be used to set some general working parameters")

        general.add_argument("-s", dest="sessionFile",
            help="Load session from a stored (.sqlite) file")

        general.add_argument("-t", dest="trafficFile",
            help="Log all HTTP traffic into a textual file")

        general.add_argument("--answers", dest="answers",
            help="Set predefined answers (e.g. \"quit=N,follow=N\")")

        general.add_argument("--batch", dest="batch", action="store_true",
            help="Never ask for user input, use the default behavior")

        general.add_argument("--binary-fields", dest="binaryFields",
            help="Result fields having binary values (e.g. \"digest\")")

        general.add_argument("--check-internet", dest="checkInternet", action="store_true",
            help="Check Internet connection before assessing the target")

        general.add_argument("--cleanup", dest="cleanup", action="store_true",
            help="Clean up the DBMS from sqlmap specific UDF and tables")

        general.add_argument("--crawl", dest="crawlDepth", type=int,
            help="Crawl the website starting from the target URL")

        general.add_argument("--crawl-exclude", dest="crawlExclude",
            help="Regexp to exclude pages from crawling (e.g. \"logout\")")

        general.add_argument("--csv-del", dest="csvDel",
            help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel)

        general.add_argument("--charset", dest="charset",
            help="Blind SQL injection charset (e.g. \"0123456789abcdef\")")

        general.add_argument("--dump-format", dest="dumpFormat",
            help="Format of dumped data (CSV (default), HTML or SQLITE)")

        general.add_argument("--encoding", dest="encoding",
            help="Character encoding used for data retrieval (e.g. GBK)")

        general.add_argument("--eta", dest="eta", action="store_true",
            help="Display for each output the estimated time of arrival")

        general.add_argument("--flush-session", dest="flushSession", action="store_true",
            help="Flush session files for current target")

        general.add_argument("--forms", dest="forms", action="store_true",
            help="Parse and test forms on target URL")

        general.add_argument("--fresh-queries", dest="freshQueries", action="store_true",
            help="Ignore query results stored in session file")

        general.add_argument("--gpage", dest="googlePage", type=int,
            help="Use Google dork results from specified page number")

        general.add_argument("--har", dest="harFile",
            help="Log all HTTP traffic into a HAR file")

        general.add_argument("--hex", dest="hexConvert", action="store_true",
            help="Use hex conversion during data retrieval")

        general.add_argument("--output-dir", dest="outputDir", action="store",
            help="Custom output directory path")

        general.add_argument("--parse-errors", dest="parseErrors", action="store_true",
            help="Parse and display DBMS error messages from responses")

        general.add_argument("--preprocess", dest="preprocess",
            help="Use given script(s) for preprocessing of response data")

        general.add_argument("--repair", dest="repair", action="store_true",
            help="Redump entries having unknown character marker (%s)" % INFERENCE_UNKNOWN_CHAR)

        general.add_argument("--save", dest="saveConfig",
            help="Save options to a configuration INI file")

        general.add_argument("--scope", dest="scope",
            help="Regexp to filter targets from provided proxy log")

        general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
            help="Skip heuristic detection of WAF/IPS protection")

        general.add_argument("--table-prefix", dest="tablePrefix",
            help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix)

        general.add_argument("--test-filter", dest="testFilter",
            help="Select tests by payloads and/or titles (e.g. ROW)")

        general.add_argument("--test-skip", dest="testSkip",
            help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")

        general.add_argument("--web-root", dest="webRoot",
            help="Web server document root directory (e.g. \"/var/www\")")

        # Miscellaneous options
        miscellaneous = parser.add_argument_group("Miscellaneous", "These options do not fit into any other category")

        miscellaneous.add_argument("-z", dest="mnemonics",
            help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_argument("--alert", dest="alert",
            help="Run host OS command(s) when SQL injection is found")

        miscellaneous.add_argument("--beep", dest="beep", action="store_true",
            help="Beep on question and/or when SQL injection is found")

        miscellaneous.add_argument("--dependencies", dest="dependencies", action="store_true",
            help="Check for missing (optional) sqlmap dependencies")

        miscellaneous.add_argument("--disable-coloring", dest="disableColoring", action="store_true",
            help="Disable console output coloring")

        miscellaneous.add_argument("--list-tampers", dest="listTampers", action="store_true",
            help="Display list of available tamper scripts")

        miscellaneous.add_argument("--offline", dest="offline", action="store_true",
            help="Work in offline mode (only use session data)")

        miscellaneous.add_argument("--purge", dest="purge", action="store_true",
            help="Safely remove all content from sqlmap data directory")

        miscellaneous.add_argument("--results-file", dest="resultsFile",
            help="Location of CSV results file in multiple targets mode")

        miscellaneous.add_argument("--sqlmap-shell", dest="sqlmapShell", action="store_true",
            help="Prompt for an interactive sqlmap shell")

        miscellaneous.add_argument("--tmp-dir", dest="tmpDir",
            help="Local directory for storing temporary files")

        miscellaneous.add_argument("--unstable", dest="unstable", action="store_true",
            help="Adjust options for unstable connections")

        miscellaneous.add_argument("--update", dest="updateAll", action="store_true",
            help="Update sqlmap")

        miscellaneous.add_argument("--wizard", dest="wizard", action="store_true",
            help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_argument("--base64", dest="base64Parameter",
            help=SUPPRESS)  # "Parameter(s) containing Base64 encoded values"

        parser.add_argument("--crack", dest="hashFile",
            help=SUPPRESS)  # "Load and crack hashes from a file (standalone)"

        parser.add_argument("--dummy", dest="dummy", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--murphy-rate", dest="murphyRate", type=int,
            help=SUPPRESS)

        parser.add_argument("--debug", dest="debug", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--disable-precon", dest="disablePrecon", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--disable-stats", dest="disableStats", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--profile", dest="profile", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--force-dbms", dest="forceDbms",
            help=SUPPRESS)

        parser.add_argument("--force-dns", dest="forceDns", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--force-partial", dest="forcePartial", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--force-pivoting", dest="forcePivoting", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--gui", dest="gui", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--smoke-test", dest="smokeTest", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--live-test", dest="liveTest", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--vuln-test", dest="vulnTest", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--stop-fail", dest="stopFail", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--run-case", dest="runCase",
            help=SUPPRESS)

        # API options
        parser.add_argument("--api", dest="api", action="store_true",
            help=SUPPRESS)

        parser.add_argument("--taskid", dest="taskid",
            help=SUPPRESS)

        parser.add_argument("--database", dest="database",
            help=SUPPRESS)

        # Dirty hack to display longer options without breaking into two lines
        if hasattr(parser, "formatter"):
            def _(self, *args):
                retVal = parser.formatter._format_option_strings(*args)
                if len(retVal) > MAX_HELP_OPTION_LENGTH:
                    retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal
                return retVal

            parser.formatter._format_option_strings = parser.formatter.format_option_strings
            parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser)
        else:
            def _format_action_invocation(self, action):
                retVal = self.__format_action_invocation(action)
                if len(retVal) > MAX_HELP_OPTION_LENGTH:
                    retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - self._indent_increment)) % retVal
                return retVal

            parser.formatter_class.__format_action_invocation = parser.formatter_class._format_action_invocation
            parser.formatter_class._format_action_invocation = _format_action_invocation

        # Dirty hack for making a short option '-hh'
        if hasattr(parser, "get_option"):
            option = parser.get_option("--hh")
            option._short_opts = ["-hh"]
            option._long_opts = []
        else:
            for action in get_actions(parser):
                if action.option_strings == ["--hh"]:
                    action.option_strings = ["-hh"]
                    break

        # Dirty hack for inherent help message of switch '-h'
        if hasattr(parser, "get_option"):
            option = parser.get_option("-h")
            option.help = option.help.capitalize().replace("this help", "basic help")
        else:
            for action in get_actions(parser):
                if action.option_strings == ["-h", "--help"]:
                    action.help = action.help.capitalize().replace("this help", "basic help")
                    break

        _ = []
        advancedHelp = True
        extraHeaders = []
        tamperIndex = None

        # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
        for arg in argv:
            _.append(getUnicode(arg, encoding=sys.stdin.encoding))

        argv = _
        checkOldOptions(argv)

        if "--gui" in argv:
            runGui(parser)

        elif "--sqlmap-shell" in argv:
            _createHomeDirectories()

            parser.usage = ""
            cmdLineOptions.sqlmapShell = True

            commands = set(("x", "q", "exit", "quit", "clear"))
            commands.update(get_all_options(parser))

            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=commands)

            while True:
                command = None

                try:
                    # Note: in Python2 command should not be converted to Unicode before passing to shlex (Reference: https://bugs.python.org/issue1170)
                    command = _input("sqlmap-shell> ").strip()
                except (KeyboardInterrupt, EOFError):
                    print()
                    raise SqlmapShellQuitException

                if not command:
                    continue
                elif command.lower() == "clear":
                    clearHistory()
                    dataToStdout("[i] history cleared\n")
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                elif command.lower() in ("x", "q", "exit", "quit"):
                    raise SqlmapShellQuitException
                elif command[0] != '-':
                    dataToStdout("[!] invalid option(s) provided\n")
                    dataToStdout("[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'\n")
                else:
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    break

            try:
                for arg in shlex.split(command):
                    argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
            except ValueError as ex:
                raise SqlmapSyntaxException("something went wrong during command line parsing ('%s')" % getSafeExString(ex))

        for i in xrange(len(argv)):
            longOptions = set(re.findall(r"\-\-([^= ]+?)=", parser.format_help()))
            if argv[i] == "-hh":
                argv[i] = "-h"
            elif i == 1 and re.search(r"\A(http|www\.|\w[\w.-]+\.\w{2,})", argv[i]) is not None:
                argv[i] = "--url=%s" % argv[i]
            elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):
                dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]:
                dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif re.search(r"\A-\w=.+", argv[i]):
                dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i])
                raise SystemExit
            elif argv[i] in DEPRECATED_OPTIONS:
                argv[i] = ""
            elif argv[i].startswith("--tamper"):
                if tamperIndex is None:
                    tamperIndex = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None)
                else:
                    argv[tamperIndex] = "%s,%s" % (argv[tamperIndex], argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else ""))
                    argv[i] = ""
            elif argv[i] == "-H":
                if i + 1 < len(argv):
                    extraHeaders.append(argv[i + 1])
            elif argv[i] == "-r":
                for j in xrange(i + 2, len(argv)):
                    value = argv[j]
                    if os.path.isfile(value):
                        argv[i + 1] += ",%s" % value
                        argv[j] = ''
                    else:
                        break
            elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]):
                argv[i] = argv[i][:-1]
                conf.skipThreadCheck = True
            elif argv[i] == "--version":
                print(VERSION_STRING.split('/')[-1])
                raise SystemExit
            elif argv[i] in ("-h", "--help"):
                advancedHelp = False
                for group in get_groups(parser)[:]:
                    found = False
                    for option in get_actions(group):
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS
                        else:
                            found = True
                    if not found:
                        get_groups(parser).remove(group)
            elif '=' in argv[i] and not argv[i].startswith('-') and argv[i].split('=')[0] in longOptions and re.search(r"\A-\w\Z", argv[i - 1]) is None:
                dataToStdout("[!] detected usage of long-option without a starting hyphen ('%s')\n" % argv[i])
                raise SystemExit

        for verbosity in (_ for _ in argv if re.search(r"\A\-v+\Z", _)):
            try:
                if argv.index(verbosity) == len(argv) - 1 or not argv[argv.index(verbosity) + 1].isdigit():
                    conf.verbose = verbosity.count('v') + 1
                    del argv[argv.index(verbosity)]
            except (IndexError, ValueError):
                pass

        try:
            (args, _) = parser.parse_known_args(argv) if hasattr(parser, "parse_known_args") else parser.parse_args(argv)
        except UnicodeEncodeError as ex:
            dataToStdout("\n[!] %s\n" % getUnicode(ex.object.encode("unicode-escape")))
            raise SystemExit
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                dataToStdout("\n[!] to see full list of options run with '-hh'\n")
            raise

        if extraHeaders:
            if not args.headers:
                args.headers = ""
            delimiter = "\\n" if "\\n" in args.headers else "\n"
            args.headers += delimiter + delimiter.join(extraHeaders)

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). "
            errMsg += "Use -h for basic and -hh for advanced help\n"
            parser.error(errMsg)

        return args

    except (ArgumentError, TypeError) as ex:
        parser.error(ex)

    except SystemExit:
        # Protection against Windows dummy double clicking
        if IS_WIN:
            dataToStdout("\nPress Enter to continue...")
            _input()
        raise

    debugMsg = "parsing command line"
    logger.debug(debugMsg)
Exemplo n.º 5
0
def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
            "\"%s\"" % sys.argv[0] if " " in sys.argv[0] else sys.argv[0])

    parser = OptionParser(usage=usage)

    try:
        parser.add_option("--hh",
                          dest="advancedHelp",
                          action="store_true",
                          help="Show advanced help message and exit")

        parser.add_option("-v",
                          dest="verbose",
                          type="int",
                          help="Verbosity level: 0-6 (default %d)" %
                          defaults.verbose)

        # Target options
        target = OptionGroup(
            parser, "Target", "At least one of these "
            "options has to be specified to set the source "
            "to get target urls from")

        target.add_option("-d",
                          dest="direct",
                          help="Direct "
                          "connection to the database")

        target.add_option("-u", "--url", dest="url", help="Target url")

        target.add_option("-l",
                          dest="logFile",
                          help="Parse targets from Burp "
                          "or WebScarab proxy logs")

        target.add_option("-m",
                          dest="bulkFile",
                          help="Scan multiple targets enlisted "
                          "in a given textual file ")

        target.add_option("-r",
                          dest="requestFile",
                          help="Load HTTP request from a file")

        target.add_option("-g",
                          dest="googleDork",
                          help="Process Google dork results as target urls")

        target.add_option("-c",
                          dest="configFile",
                          help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(
            parser, "Request", "These options can be used "
            "to specify how to connect to the target url")

        request.add_option("--data",
                           dest="data",
                           help="Data string to be sent through POST")

        request.add_option(
            "--param-del",
            dest="pDel",
            help="Character used for splitting parameter values")

        request.add_option("--cookie",
                           dest="cookie",
                           help="HTTP Cookie header")

        request.add_option(
            "--load-cookies",
            dest="loadCookies",
            help="File containing cookies in Netscape/wget format")

        request.add_option("--drop-set-cookie",
                           dest="dropSetCookie",
                           action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent",
                           dest="agent",
                           help="HTTP User-Agent header")

        request.add_option("--random-agent",
                           dest="randomAgent",
                           action="store_true",
                           help="Use randomly selected HTTP User-Agent header")

        request.add_option("--randomize",
                           dest="rParam",
                           help="Randomly change value for given parameter(s)")

        request.add_option("--force-ssl",
                           dest="forceSSL",
                           action="store_true",
                           help="Force usage of SSL/HTTPS requests")

        request.add_option("--host", dest="host", help="HTTP Host header")

        request.add_option("--referer",
                           dest="referer",
                           help="HTTP Referer header")

        request.add_option(
            "--headers",
            dest="headers",
            help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_option("--auth-type",
                           dest="aType",
                           help="HTTP authentication type "
                           "(Basic, Digest or NTLM)")

        request.add_option("--auth-cred",
                           dest="aCred",
                           help="HTTP authentication credentials "
                           "(name:password)")

        request.add_option("--auth-cert",
                           dest="aCert",
                           help="HTTP authentication certificate ("
                           "key_file,cert_file)")

        request.add_option(
            "--proxy",
            dest="proxy",
            help="Use a HTTP proxy to connect to the target url")

        request.add_option("--proxy-cred",
                           dest="pCred",
                           help="HTTP proxy authentication credentials "
                           "(name:password)")

        request.add_option("--ignore-proxy",
                           dest="ignoreProxy",
                           action="store_true",
                           help="Ignore system default HTTP proxy")

        request.add_option("--delay",
                           dest="delay",
                           type="float",
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout",
                           dest="timeout",
                           type="float",
                           help="Seconds to wait before timeout connection "
                           "(default %d)" % defaults.timeout)

        request.add_option("--retries",
                           dest="retries",
                           type="int",
                           help="Retries when the connection timeouts "
                           "(default %d)" % defaults.retries)

        request.add_option(
            "--scope",
            dest="scope",
            help="Regexp to filter targets from provided proxy log")

        request.add_option(
            "--safe-url",
            dest="safUrl",
            help="Url address to visit frequently during testing")

        request.add_option(
            "--safe-freq",
            dest="saFreq",
            type="int",
            help="Test requests between two visits to a given safe url")

        request.add_option("--skip-urlencode",
                           dest="skipUrlEncode",
                           action="store_true",
                           help="Skip URL encoding of payload data")

        request.add_option(
            "--eval",
            dest="evalCode",
            help=
            "Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")"
        )

        # Optimization options
        optimization = OptionGroup(
            parser, "Optimization", "These "
            "options can be used to optimize the "
            "performance of sqlmap")

        optimization.add_option("-o",
                                dest="optimize",
                                action="store_true",
                                help="Turn on all optimization switches")

        optimization.add_option("--predict-output",
                                dest="predictOutput",
                                action="store_true",
                                help="Predict common queries output")

        optimization.add_option("--keep-alive",
                                dest="keepAlive",
                                action="store_true",
                                help="Use persistent HTTP(s) connections")

        optimization.add_option(
            "--null-connection",
            dest="nullConnection",
            action="store_true",
            help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads",
                                dest="threads",
                                type="int",
                                help="Max number of concurrent HTTP(s) "
                                "requests (default %d)" % defaults.threads)

        # Injection options
        injection = OptionGroup(
            parser, "Injection", "These options can be "
            "used to specify which parameters to test "
            "for, provide custom injection payloads and "
            "optional tampering scripts")

        injection.add_option("-p",
                             dest="testParameter",
                             help="Testable parameter(s)")

        injection.add_option("--dbms",
                             dest="dbms",
                             help="Force back-end DBMS to this value")

        injection.add_option("--os",
                             dest="os",
                             help="Force back-end DBMS operating system "
                             "to this value")

        injection.add_option("--invalid-bignum",
                             dest="invalidBignum",
                             action="store_true",
                             help="Use big numbers for invalidating values")

        injection.add_option(
            "--invalid-logical",
            dest="invalidLogical",
            action="store_true",
            help="Use logical operations for invalidating values")

        injection.add_option("--no-cast",
                             dest="noCast",
                             action="store_true",
                             help="Turn off payload casting mechanism")

        injection.add_option("--no-unescape",
                             dest="noUnescape",
                             action="store_true",
                             help="Turn off string unescaping mechanism")

        injection.add_option("--prefix",
                             dest="prefix",
                             help="Injection payload prefix string")

        injection.add_option("--suffix",
                             dest="suffix",
                             help="Injection payload suffix string")

        injection.add_option("--skip",
                             dest="skip",
                             help="Skip testing for given parameter(s)")

        injection.add_option(
            "--tamper",
            dest="tamper",
            help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(
            parser, "Detection", "These options can be "
            "used to specify how to parse "
            "and compare page content from "
            "HTTP responses when using blind SQL "
            "injection technique")

        detection.add_option("--level",
                             dest="level",
                             type="int",
                             help="Level of tests to perform (1-5, "
                             "default %d)" % defaults.level)

        detection.add_option("--risk",
                             dest="risk",
                             type="int",
                             help="Risk of tests to perform (0-3, "
                             "default %d)" % defaults.level)

        detection.add_option("--string",
                             dest="string",
                             help="String to match when "
                             "query is evaluated to True")

        detection.add_option("--not-string",
                             dest="notString",
                             help="String to match when "
                             "query is evaluated to False")

        detection.add_option("--regexp",
                             dest="regexp",
                             help="Regexp to match when "
                             "query is evaluated to True")

        detection.add_option("--code",
                             dest="code",
                             type="int",
                             help="HTTP code to match when "
                             "query is evaluated to True")

        detection.add_option(
            "--text-only",
            dest="textOnly",
            action="store_true",
            help="Compare pages based only on the textual content")

        detection.add_option("--titles",
                             dest="titles",
                             action="store_true",
                             help="Compare pages based only on their titles")

        # Techniques options
        techniques = OptionGroup(
            parser, "Techniques", "These options can be "
            "used to tweak testing of specific SQL "
            "injection techniques")

        techniques.add_option("--technique",
                              dest="tech",
                              help="SQL injection techniques to test for "
                              "(default \"%s\")" % defaults.tech)

        techniques.add_option("--time-sec",
                              dest="timeSec",
                              type="int",
                              help="Seconds to delay the DBMS response "
                              "(default %d)" % defaults.timeSec)

        techniques.add_option(
            "--union-cols",
            dest="uCols",
            help="Range of columns to test for UNION query SQL injection")

        techniques.add_option(
            "--union-char",
            dest="uChar",
            help="Character to use for bruteforcing number of columns")

        techniques.add_option(
            "--dns-domain",
            dest="dnsName",
            help="Domain name used for DNS exfiltration attack")

        techniques.add_option(
            "--second-order",
            dest="secondOrder",
            help="Resulting page url searched for second-order "
            "response")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option(
            "-f",
            "--fingerprint",
            dest="extensiveFp",
            action="store_true",
            help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(
            parser, "Enumeration", "These options can "
            "be used to enumerate the back-end database "
            "management system information, structure "
            "and data contained in the tables. Moreover "
            "you can run your own SQL statements")

        enumeration.add_option("-b",
                               "--banner",
                               dest="getBanner",
                               action="store_true",
                               help="Retrieve DBMS banner")

        enumeration.add_option("--current-user",
                               dest="getCurrentUser",
                               action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db",
                               dest="getCurrentDb",
                               action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--hostname",
                               dest="getHostname",
                               action="store_true",
                               help="Retrieve DBMS server hostname")

        enumeration.add_option("--is-dba",
                               dest="isDba",
                               action="store_true",
                               help="Detect if the DBMS current user is DBA")

        enumeration.add_option("--users",
                               dest="getUsers",
                               action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords",
                               dest="getPasswordHashes",
                               action="store_true",
                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges",
                               dest="getPrivileges",
                               action="store_true",
                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--roles",
                               dest="getRoles",
                               action="store_true",
                               help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs",
                               dest="getDbs",
                               action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables",
                               dest="getTables",
                               action="store_true",
                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns",
                               dest="getColumns",
                               action="store_true",
                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--schema",
                               dest="getSchema",
                               action="store_true",
                               help="Enumerate DBMS schema")

        enumeration.add_option("--count",
                               dest="getCount",
                               action="store_true",
                               help="Retrieve number of entries for table(s)")

        enumeration.add_option("--dump",
                               dest="dumpTable",
                               action="store_true",
                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all",
                               dest="dumpAll",
                               action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option(
            "--search",
            dest="search",
            action="store_true",
            help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_option("-D",
                               dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T",
                               dest="tbl",
                               help="DBMS database table to enumerate")

        enumeration.add_option("-C",
                               dest="col",
                               help="DBMS database table column to enumerate")

        enumeration.add_option("-U",
                               dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs",
                               dest="excludeSysDbs",
                               action="store_true",
                               help="Exclude DBMS system databases when "
                               "enumerating tables")

        enumeration.add_option("--start",
                               dest="limitStart",
                               type="int",
                               help="First query output entry to retrieve")

        enumeration.add_option("--stop",
                               dest="limitStop",
                               type="int",
                               help="Last query output entry to retrieve")

        enumeration.add_option(
            "--first",
            dest="firstChar",
            type="int",
            help="First query output word character to retrieve")

        enumeration.add_option(
            "--last",
            dest="lastChar",
            type="int",
            help="Last query output word character to retrieve")

        enumeration.add_option("--sql-query",
                               dest="query",
                               help="SQL statement to be executed")

        enumeration.add_option("--sql-shell",
                               dest="sqlShell",
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

        enumeration.add_option(
            "--sql-file",
            dest="sqlFile",
            help="Execute SQL statements from given file(s)")

        # User-defined function options
        brute = OptionGroup(
            parser, "Brute force", "These "
            "options can be used to run brute force "
            "checks")

        brute.add_option("--common-tables",
                         dest="commonTables",
                         action="store_true",
                         help="Check existence of common tables")

        brute.add_option("--common-columns",
                         dest="commonColumns",
                         action="store_true",
                         help="Check existence of common columns")

        # User-defined function options
        udf = OptionGroup(
            parser, "User-defined function injection", "These "
            "options can be used to create custom user-defined "
            "functions")

        udf.add_option("--udf-inject",
                       dest="udfInject",
                       action="store_true",
                       help="Inject custom user-defined functions")

        udf.add_option("--shared-lib",
                       dest="shLib",
                       help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(
            parser, "File system access", "These options "
            "can be used to access the back-end database "
            "management system underlying file system")

        filesystem.add_option("--file-read",
                              dest="rFile",
                              help="Read a file from the back-end DBMS "
                              "file system")

        filesystem.add_option("--file-write",
                              dest="wFile",
                              help="Write a local file on the back-end "
                              "DBMS file system")

        filesystem.add_option("--file-dest",
                              dest="dFile",
                              help="Back-end DBMS absolute filepath to "
                              "write to")

        # Takeover options
        takeover = OptionGroup(
            parser, "Operating system access", "These "
            "options can be used to access the back-end "
            "database management system underlying "
            "operating system")

        takeover.add_option("--os-cmd",
                            dest="osCmd",
                            help="Execute an operating system command")

        takeover.add_option("--os-shell",
                            dest="osShell",
                            action="store_true",
                            help="Prompt for an interactive operating "
                            "system shell")

        takeover.add_option("--os-pwn",
                            dest="osPwn",
                            action="store_true",
                            help="Prompt for an out-of-band shell, "
                            "meterpreter or VNC")

        takeover.add_option("--os-smbrelay",
                            dest="osSmb",
                            action="store_true",
                            help="One click prompt for an OOB shell, "
                            "meterpreter or VNC")

        takeover.add_option("--os-bof",
                            dest="osBof",
                            action="store_true",
                            help="Stored procedure buffer overflow "
                            "exploitation")

        takeover.add_option("--priv-esc",
                            dest="privEsc",
                            action="store_true",
                            help="Database process' user privilege escalation")

        takeover.add_option("--msf-path",
                            dest="msfPath",
                            help="Local path where Metasploit Framework "
                            "is installed")

        takeover.add_option("--tmp-path",
                            dest="tmpPath",
                            help="Remote absolute path of temporary files "
                            "directory")

        # Windows registry options
        windows = OptionGroup(
            parser, "Windows registry access", "These "
            "options can be used to access the back-end "
            "database management system Windows "
            "registry")

        windows.add_option("--reg-read",
                           dest="regRead",
                           action="store_true",
                           help="Read a Windows registry key value")

        windows.add_option("--reg-add",
                           dest="regAdd",
                           action="store_true",
                           help="Write a Windows registry key value data")

        windows.add_option("--reg-del",
                           dest="regDel",
                           action="store_true",
                           help="Delete a Windows registry key value")

        windows.add_option("--reg-key",
                           dest="regKey",
                           help="Windows registry key")

        windows.add_option("--reg-value",
                           dest="regVal",
                           help="Windows registry key value")

        windows.add_option("--reg-data",
                           dest="regData",
                           help="Windows registry key value data")

        windows.add_option("--reg-type",
                           dest="regType",
                           help="Windows registry key value type")

        # General options
        general = OptionGroup(
            parser, "General", "These options can be used "
            "to set some general working parameters")

        #general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")

        general.add_option("-t",
                           dest="trafficFile",
                           help="Log all HTTP traffic into a "
                           "textual file")

        general.add_option(
            "--batch",
            dest="batch",
            action="store_true",
            help="Never ask for user input, use the default behaviour")

        general.add_option(
            "--charset",
            dest="charset",
            help="Force character encoding used for data retrieval")

        general.add_option("--check-tor",
                           dest="checkTor",
                           action="store_true",
                           help="Check to see if Tor is used properly")

        general.add_option(
            "--crawl",
            dest="crawlDepth",
            type="int",
            help="Crawl the website starting from the target url")

        general.add_option("--csv-del",
                           dest="csvDel",
                           help="Delimiting character used in CSV output "
                           "(default \"%s\")" % defaults.csvDel)

        general.add_option(
            "--dbms-cred",
            dest="dbmsCred",
            help="DBMS authentication credentials (user:password)")

        general.add_option("--eta",
                           dest="eta",
                           action="store_true",
                           help="Display for each output the "
                           "estimated time of arrival")

        general.add_option("--flush-session",
                           dest="flushSession",
                           action="store_true",
                           help="Flush session files for current target")

        general.add_option("--forms",
                           dest="forms",
                           action="store_true",
                           help="Parse and test forms on target url")

        general.add_option("--fresh-queries",
                           dest="freshQueries",
                           action="store_true",
                           help="Ignores query results stored in session file")

        general.add_option("--hex",
                           dest="hexConvert",
                           action="store_true",
                           help="Uses DBMS hex function(s) for data retrieval")

        general.add_option("--output-dir",
                           dest="oDir",
                           action="store",
                           help="Custom output directory path")

        general.add_option(
            "--parse-errors",
            dest="parseErrors",
            action="store_true",
            help="Parse and display DBMS error messages from responses")

        general.add_option(
            "--replicate",
            dest="replicate",
            action="store_true",
            help="Replicate dumped data into a sqlite3 database")

        general.add_option("--save",
                           dest="saveCmdline",
                           action="store_true",
                           help="Save options to a configuration INI file")

        general.add_option("--tor",
                           dest="tor",
                           action="store_true",
                           help="Use Tor anonymity network")

        general.add_option("--tor-port",
                           dest="torPort",
                           help="Set Tor proxy port other than default")

        general.add_option(
            "--tor-type",
            dest="torType",
            help="Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)")

        general.add_option("--update",
                           dest="updateAll",
                           action="store_true",
                           help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option(
            "-z",
            dest="mnemonics",
            help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_option(
            "--check-payload",
            dest="checkPayload",
            action="store_true",
            help="Offline WAF/IPS/IDS payload detection testing")

        miscellaneous.add_option(
            "--check-waf",
            dest="checkWaf",
            action="store_true",
            help="Check for existence of WAF/IPS/IDS protection")

        miscellaneous.add_option("--cleanup",
                                 dest="cleanup",
                                 action="store_true",
                                 help="Clean up the DBMS by sqlmap specific "
                                 "UDF and tables")

        miscellaneous.add_option("--dependencies",
                                 dest="dependencies",
                                 action="store_true",
                                 help="Check for missing sqlmap dependencies")

        miscellaneous.add_option("--disable-coloring",
                                 dest="disableColoring",
                                 action="store_true",
                                 help="Disable console output coloring")

        miscellaneous.add_option(
            "--gpage",
            dest="googlePage",
            type="int",
            help="Use Google dork results from specified page number")

        miscellaneous.add_option(
            "--mobile",
            dest="mobile",
            action="store_true",
            help="Imitate smartphone through HTTP User-Agent header")

        miscellaneous.add_option(
            "--page-rank",
            dest="pageRank",
            action="store_true",
            help="Display page rank (PR) for Google dork results")

        miscellaneous.add_option(
            "--purge-output",
            dest="purgeOutput",
            action="store_true",
            help="Safely remove all content from output directory")

        miscellaneous.add_option(
            "--smart",
            dest="smart",
            action="store_true",
            help="Conduct through tests only if positive heuristic(s)")

        miscellaneous.add_option(
            "--test-filter",
            dest="testFilter",
            help="Select tests by payloads and/or titles (e.g. ROW)")

        miscellaneous.add_option(
            "--wizard",
            dest="wizard",
            action="store_true",
            help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_option("--beep",
                          dest="beep",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--profile",
                          dest="profile",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--cpu-throttle",
                          dest="cpuThrottle",
                          type="int",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-dns",
                          dest="forceDns",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--smoke-test",
                          dest="smokeTest",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--live-test",
                          dest="liveTest",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--run-case",
                          dest="runCase",
                          type="int",
                          help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        # Dirty hack to display longer options without breaking into two lines
        def _(self, *args):
            _ = parser.formatter._format_option_strings(*args)
            if len(_) > MAX_HELP_OPTION_LENGTH:
                _ = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH -
                                   parser.formatter.indent_increment)) % _
            return _

        parser.formatter._format_option_strings = parser.formatter.format_option_strings
        parser.formatter.format_option_strings = type(
            parser.formatter.format_option_strings)(_, parser, type(parser))

        # Dirty hack for making a short option -hh
        option = parser.get_option("--hh")
        option._short_opts = ["-hh"]
        option._long_opts = []

        # Dirty hack for inherent help message of switch -h
        option = parser.get_option("-h")
        option.help = option.help.capitalize().replace("this help",
                                                       "basic help")

        args = []
        advancedHelp = True

        for arg in sys.argv:
            args.append(getUnicode(arg, system=True))

        # Hide non-basic options in basic help case
        for i in xrange(len(sys.argv)):
            if sys.argv[i] == '-hh':
                sys.argv[i] = '-h'
            elif sys.argv[i] == '-h':
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
                    for option in group.option_list:
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS_HELP
                        else:
                            found = True
                    if not found:
                        parser.option_groups.remove(group)

        try:
            (args, _) = parser.parse_args(args)
        except SystemExit:
            if '-h' in sys.argv and not advancedHelp:
                print "\n[!] to see full list of options run with '-hh'"
            raise

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(sys.argv) - 1):
            if sys.argv[i] == '-z':
                expandMnemonics(sys.argv[i + 1], parser, args)

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError), e:
        parser.error(e)
Exemplo n.º 6
0
def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    checkSystemEncoding()

    _ = getUnicode(os.path.normpath(sys.argv[0]),
                   encoding=sys.getfilesystemencoding())

    usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
            "\"%s\"" % _ if " " in _ else _)

    parser = OptionParser(usage=usage)

    try:
        parser.add_option("--hh",
                          dest="advancedHelp",
                          action="store_true",
                          help="Show advanced help message and exit")

        parser.add_option("--version",
                          dest="showVersion",
                          action="store_true",
                          help="Show program's version number and exit")

        parser.add_option("-v",
                          dest="verbose",
                          type="int",
                          help="Verbosity level: 0-6 (default %d)" %
                          defaults.verbose)

        # Target options
        target = OptionGroup(
            parser, "Target", "At least one of these "
            "options has to be provided to define the target(s)")

        target.add_option("-d",
                          dest="direct",
                          help="Connection string "
                          "for direct database connection")

        target.add_option(
            "-u",
            "--url",
            dest="url",
            help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")")

        target.add_option("-l",
                          dest="logFile",
                          help="Parse target(s) from Burp "
                          "or WebScarab proxy log file")

        target.add_option(
            "-x",
            dest="sitemapUrl",
            help="Parse target(s) from remote sitemap(.xml) file")

        target.add_option("-m",
                          dest="bulkFile",
                          help="Scan multiple targets given "
                          "in a textual file ")

        target.add_option("-r",
                          dest="requestFile",
                          help="Load HTTP request from a file")

        target.add_option("-g",
                          dest="googleDork",
                          help="Process Google dork results as target URLs")

        target.add_option("-c",
                          dest="configFile",
                          help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(
            parser, "Request", "These options can be used "
            "to specify how to connect to the target URL")

        request.add_option("--data",
                           dest="data",
                           help="Data string to be sent through POST")

        request.add_option(
            "--param-del",
            dest="paramDel",
            help="Character used for splitting parameter values")

        request.add_option("--cookie",
                           dest="cookie",
                           help="HTTP Cookie header value")

        request.add_option("--cookie-del",
                           dest="cookieDel",
                           help="Character used for splitting cookie values")

        request.add_option(
            "--load-cookies",
            dest="loadCookies",
            help="File containing cookies in Netscape/wget format")

        request.add_option("--drop-set-cookie",
                           dest="dropSetCookie",
                           action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent",
                           dest="agent",
                           help="HTTP User-Agent header value")

        request.add_option(
            "--random-agent",
            dest="randomAgent",
            action="store_true",
            help="Use randomly selected HTTP User-Agent header value")

        request.add_option("--host",
                           dest="host",
                           help="HTTP Host header value")

        request.add_option("--referer",
                           dest="referer",
                           help="HTTP Referer header value")

        request.add_option(
            "--headers",
            dest="headers",
            help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_option("--auth-type",
                           dest="authType",
                           help="HTTP authentication type "
                           "(Basic, Digest, NTLM or PKI)")

        request.add_option("--auth-cred",
                           dest="authCred",
                           help="HTTP authentication credentials "
                           "(name:password)")

        request.add_option("--auth-private",
                           dest="authPrivate",
                           help="HTTP authentication PEM private key file")

        request.add_option("--ignore-401",
                           dest="ignore401",
                           action="store_true",
                           help="Ignore HTTP Error 401 (Unauthorized)")

        request.add_option("--proxy",
                           dest="proxy",
                           help="Use a proxy to connect to the target URL")

        request.add_option("--proxy-cred",
                           dest="proxyCred",
                           help="Proxy authentication credentials "
                           "(name:password)")

        request.add_option("--proxy-file",
                           dest="proxyFile",
                           help="Load proxy list from a file")

        request.add_option("--ignore-proxy",
                           dest="ignoreProxy",
                           action="store_true",
                           help="Ignore system default proxy settings")

        request.add_option("--tor",
                           dest="tor",
                           action="store_true",
                           help="Use Tor anonymity network")

        request.add_option("--tor-port",
                           dest="torPort",
                           help="Set Tor proxy port other than default")

        request.add_option(
            "--tor-type",
            dest="torType",
            help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)")

        request.add_option("--check-tor",
                           dest="checkTor",
                           action="store_true",
                           help="Check to see if Tor is used properly")

        request.add_option("--delay",
                           dest="delay",
                           type="float",
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout",
                           dest="timeout",
                           type="float",
                           help="Seconds to wait before timeout connection "
                           "(default %d)" % defaults.timeout)

        request.add_option("--retries",
                           dest="retries",
                           type="int",
                           help="Retries when the connection timeouts "
                           "(default %d)" % defaults.retries)

        request.add_option("--randomize",
                           dest="rParam",
                           help="Randomly change value for given parameter(s)")

        request.add_option(
            "--safe-url",
            dest="safUrl",
            help="URL address to visit frequently during testing")

        request.add_option(
            "--safe-freq",
            dest="saFreq",
            type="int",
            help="Test requests between two visits to a given safe URL")

        request.add_option("--skip-urlencode",
                           dest="skipUrlEncode",
                           action="store_true",
                           help="Skip URL encoding of payload data")

        request.add_option("--csrf-token",
                           dest="csrfToken",
                           help="Parameter used to hold CSRF protection token")

        request.add_option(
            "--csrf-url",
            dest="csrfUrl",
            help="URL address to visit to extract CSRF protection token")

        request.add_option("--force-ssl",
                           dest="forceSSL",
                           action="store_true",
                           help="Force usage of SSL/HTTPS")

        request.add_option("--hpp",
                           dest="hpp",
                           action="store_true",
                           help="Use HTTP parameter pollution method")

        request.add_option(
            "--eval",
            dest="evalCode",
            help=
            "Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")"
        )

        # Optimization options
        optimization = OptionGroup(
            parser, "Optimization", "These "
            "options can be used to optimize the "
            "performance of sqlmap")

        optimization.add_option("-o",
                                dest="optimize",
                                action="store_true",
                                help="Turn on all optimization switches")

        optimization.add_option("--predict-output",
                                dest="predictOutput",
                                action="store_true",
                                help="Predict common queries output")

        optimization.add_option("--keep-alive",
                                dest="keepAlive",
                                action="store_true",
                                help="Use persistent HTTP(s) connections")

        optimization.add_option(
            "--null-connection",
            dest="nullConnection",
            action="store_true",
            help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads",
                                dest="threads",
                                type="int",
                                help="Max number of concurrent HTTP(s) "
                                "requests (default %d)" % defaults.threads)

        # Injection options
        injection = OptionGroup(
            parser, "Injection", "These options can be "
            "used to specify which parameters to test "
            "for, provide custom injection payloads and "
            "optional tampering scripts")

        injection.add_option("-p",
                             dest="testParameter",
                             help="Testable parameter(s)")

        injection.add_option("--skip",
                             dest="skip",
                             help="Skip testing for given parameter(s)")

        injection.add_option("--dbms",
                             dest="dbms",
                             help="Force back-end DBMS to this value")

        injection.add_option(
            "--dbms-cred",
            dest="dbmsCred",
            help="DBMS authentication credentials (user:password)")

        injection.add_option("--os",
                             dest="os",
                             help="Force back-end DBMS operating system "
                             "to this value")

        injection.add_option("--invalid-bignum",
                             dest="invalidBignum",
                             action="store_true",
                             help="Use big numbers for invalidating values")

        injection.add_option(
            "--invalid-logical",
            dest="invalidLogical",
            action="store_true",
            help="Use logical operations for invalidating values")

        injection.add_option("--invalid-string",
                             dest="invalidString",
                             action="store_true",
                             help="Use random strings for invalidating values")

        injection.add_option("--no-cast",
                             dest="noCast",
                             action="store_true",
                             help="Turn off payload casting mechanism")

        injection.add_option("--no-escape",
                             dest="noEscape",
                             action="store_true",
                             help="Turn off string escaping mechanism")

        injection.add_option("--prefix",
                             dest="prefix",
                             help="Injection payload prefix string")

        injection.add_option("--suffix",
                             dest="suffix",
                             help="Injection payload suffix string")

        injection.add_option(
            "--tamper",
            dest="tamper",
            help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(
            parser, "Detection", "These options can be "
            "used to customize the detection phase")

        detection.add_option("--level",
                             dest="level",
                             type="int",
                             help="Level of tests to perform (1-5, "
                             "default %d)" % defaults.level)

        detection.add_option("--risk",
                             dest="risk",
                             type="int",
                             help="Risk of tests to perform (0-3, "
                             "default %d)" % defaults.level)

        detection.add_option("--string",
                             dest="string",
                             help="String to match when "
                             "query is evaluated to True")

        detection.add_option("--not-string",
                             dest="notString",
                             help="String to match when "
                             "query is evaluated to False")

        detection.add_option("--regexp",
                             dest="regexp",
                             help="Regexp to match when "
                             "query is evaluated to True")

        detection.add_option("--code",
                             dest="code",
                             type="int",
                             help="HTTP code to match when "
                             "query is evaluated to True")

        detection.add_option(
            "--text-only",
            dest="textOnly",
            action="store_true",
            help="Compare pages based only on the textual content")

        detection.add_option("--titles",
                             dest="titles",
                             action="store_true",
                             help="Compare pages based only on their titles")

        # Techniques options
        techniques = OptionGroup(
            parser, "Techniques", "These options can be "
            "used to tweak testing of specific SQL "
            "injection techniques")

        techniques.add_option("--technique",
                              dest="tech",
                              help="SQL injection techniques to use "
                              "(default \"%s\")" % defaults.tech)

        techniques.add_option("--time-sec",
                              dest="timeSec",
                              type="int",
                              help="Seconds to delay the DBMS response "
                              "(default %d)" % defaults.timeSec)

        techniques.add_option(
            "--union-cols",
            dest="uCols",
            help="Range of columns to test for UNION query SQL injection")

        techniques.add_option(
            "--union-char",
            dest="uChar",
            help="Character to use for bruteforcing number of columns")

        techniques.add_option(
            "--union-from",
            dest="uFrom",
            help="Table to use in FROM part of UNION query SQL injection")

        techniques.add_option(
            "--dns-domain",
            dest="dnsName",
            help="Domain name used for DNS exfiltration attack")

        techniques.add_option(
            "--second-order",
            dest="secondOrder",
            help="Resulting page URL searched for second-order "
            "response")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option(
            "-f",
            "--fingerprint",
            dest="extensiveFp",
            action="store_true",
            help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(
            parser, "Enumeration", "These options can "
            "be used to enumerate the back-end database "
            "management system information, structure "
            "and data contained in the tables. Moreover "
            "you can run your own SQL statements")

        enumeration.add_option("-a",
                               "--all",
                               dest="getAll",
                               action="store_true",
                               help="Retrieve everything")

        enumeration.add_option("-b",
                               "--banner",
                               dest="getBanner",
                               action="store_true",
                               help="Retrieve DBMS banner")

        enumeration.add_option("--current-user",
                               dest="getCurrentUser",
                               action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db",
                               dest="getCurrentDb",
                               action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--hostname",
                               dest="getHostname",
                               action="store_true",
                               help="Retrieve DBMS server hostname")

        enumeration.add_option("--is-dba",
                               dest="isDba",
                               action="store_true",
                               help="Detect if the DBMS current user is DBA")

        enumeration.add_option("--users",
                               dest="getUsers",
                               action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords",
                               dest="getPasswordHashes",
                               action="store_true",
                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges",
                               dest="getPrivileges",
                               action="store_true",
                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--roles",
                               dest="getRoles",
                               action="store_true",
                               help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs",
                               dest="getDbs",
                               action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables",
                               dest="getTables",
                               action="store_true",
                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns",
                               dest="getColumns",
                               action="store_true",
                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--schema",
                               dest="getSchema",
                               action="store_true",
                               help="Enumerate DBMS schema")

        enumeration.add_option("--count",
                               dest="getCount",
                               action="store_true",
                               help="Retrieve number of entries for table(s)")

        enumeration.add_option("--dump",
                               dest="dumpTable",
                               action="store_true",
                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all",
                               dest="dumpAll",
                               action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option(
            "--search",
            dest="search",
            action="store_true",
            help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_option("--comments",
                               dest="getComments",
                               action="store_true",
                               help="Retrieve DBMS comments")

        enumeration.add_option("-D",
                               dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T",
                               dest="tbl",
                               help="DBMS database table(s) to enumerate")

        enumeration.add_option(
            "-C",
            dest="col",
            help="DBMS database table column(s) to enumerate")

        enumeration.add_option(
            "-X",
            dest="excludeCol",
            help="DBMS database table column(s) to not enumerate")

        enumeration.add_option("-U",
                               dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs",
                               dest="excludeSysDbs",
                               action="store_true",
                               help="Exclude DBMS system databases when "
                               "enumerating tables")

        enumeration.add_option("--where",
                               dest="dumpWhere",
                               help="Use WHERE condition while table dumping")

        enumeration.add_option("--start",
                               dest="limitStart",
                               type="int",
                               help="First query output entry to retrieve")

        enumeration.add_option("--stop",
                               dest="limitStop",
                               type="int",
                               help="Last query output entry to retrieve")

        enumeration.add_option(
            "--first",
            dest="firstChar",
            type="int",
            help="First query output word character to retrieve")

        enumeration.add_option(
            "--last",
            dest="lastChar",
            type="int",
            help="Last query output word character to retrieve")

        enumeration.add_option("--sql-query",
                               dest="query",
                               help="SQL statement to be executed")

        enumeration.add_option("--sql-shell",
                               dest="sqlShell",
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

        enumeration.add_option(
            "--sql-file",
            dest="sqlFile",
            help="Execute SQL statements from given file(s)")

        # User-defined function options
        brute = OptionGroup(
            parser, "Brute force", "These "
            "options can be used to run brute force "
            "checks")

        brute.add_option("--common-tables",
                         dest="commonTables",
                         action="store_true",
                         help="Check existence of common tables")

        brute.add_option("--common-columns",
                         dest="commonColumns",
                         action="store_true",
                         help="Check existence of common columns")

        # User-defined function options
        udf = OptionGroup(
            parser, "User-defined function injection", "These "
            "options can be used to create custom user-defined "
            "functions")

        udf.add_option("--udf-inject",
                       dest="udfInject",
                       action="store_true",
                       help="Inject custom user-defined functions")

        udf.add_option("--shared-lib",
                       dest="shLib",
                       help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(
            parser, "File system access", "These options "
            "can be used to access the back-end database "
            "management system underlying file system")

        filesystem.add_option("--file-read",
                              dest="rFile",
                              help="Read a file from the back-end DBMS "
                              "file system")

        filesystem.add_option("--file-write",
                              dest="wFile",
                              help="Write a local file on the back-end "
                              "DBMS file system")

        filesystem.add_option("--file-dest",
                              dest="dFile",
                              help="Back-end DBMS absolute filepath to "
                              "write to")

        # Takeover options
        takeover = OptionGroup(
            parser, "Operating system access", "These "
            "options can be used to access the back-end "
            "database management system underlying "
            "operating system")

        takeover.add_option("--os-cmd",
                            dest="osCmd",
                            help="Execute an operating system command")

        takeover.add_option("--os-shell",
                            dest="osShell",
                            action="store_true",
                            help="Prompt for an interactive operating "
                            "system shell")

        takeover.add_option("--os-pwn",
                            dest="osPwn",
                            action="store_true",
                            help="Prompt for an OOB shell, "
                            "Meterpreter or VNC")

        takeover.add_option("--os-smbrelay",
                            dest="osSmb",
                            action="store_true",
                            help="One click prompt for an OOB shell, "
                            "Meterpreter or VNC")

        takeover.add_option("--os-bof",
                            dest="osBof",
                            action="store_true",
                            help="Stored procedure buffer overflow "
                            "exploitation")

        takeover.add_option("--priv-esc",
                            dest="privEsc",
                            action="store_true",
                            help="Database process user privilege escalation")

        takeover.add_option("--msf-path",
                            dest="msfPath",
                            help="Local path where Metasploit Framework "
                            "is installed")

        takeover.add_option("--tmp-path",
                            dest="tmpPath",
                            help="Remote absolute path of temporary files "
                            "directory")

        # Windows registry options
        windows = OptionGroup(
            parser, "Windows registry access", "These "
            "options can be used to access the back-end "
            "database management system Windows "
            "registry")

        windows.add_option("--reg-read",
                           dest="regRead",
                           action="store_true",
                           help="Read a Windows registry key value")

        windows.add_option("--reg-add",
                           dest="regAdd",
                           action="store_true",
                           help="Write a Windows registry key value data")

        windows.add_option("--reg-del",
                           dest="regDel",
                           action="store_true",
                           help="Delete a Windows registry key value")

        windows.add_option("--reg-key",
                           dest="regKey",
                           help="Windows registry key")

        windows.add_option("--reg-value",
                           dest="regVal",
                           help="Windows registry key value")

        windows.add_option("--reg-data",
                           dest="regData",
                           help="Windows registry key value data")

        windows.add_option("--reg-type",
                           dest="regType",
                           help="Windows registry key value type")

        # General options
        general = OptionGroup(
            parser, "General", "These options can be used "
            "to set some general working parameters")

        #general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")

        general.add_option("-s",
                           dest="sessionFile",
                           help="Load session from a stored (.sqlite) file")

        general.add_option("-t",
                           dest="trafficFile",
                           help="Log all HTTP traffic into a "
                           "textual file")

        general.add_option(
            "--batch",
            dest="batch",
            action="store_true",
            help="Never ask for user input, use the default behaviour")

        general.add_option(
            "--charset",
            dest="charset",
            help="Force character encoding used for data retrieval")

        general.add_option(
            "--crawl",
            dest="crawlDepth",
            type="int",
            help="Crawl the website starting from the target URL")

        general.add_option("--csv-del",
                           dest="csvDel",
                           help="Delimiting character used in CSV output "
                           "(default \"%s\")" % defaults.csvDel)

        general.add_option(
            "--dump-format",
            dest="dumpFormat",
            help="Format of dumped data (CSV (default), HTML or SQLITE)")

        general.add_option("--eta",
                           dest="eta",
                           action="store_true",
                           help="Display for each output the "
                           "estimated time of arrival")

        general.add_option("--flush-session",
                           dest="flushSession",
                           action="store_true",
                           help="Flush session files for current target")

        general.add_option("--forms",
                           dest="forms",
                           action="store_true",
                           help="Parse and test forms on target URL")

        general.add_option("--fresh-queries",
                           dest="freshQueries",
                           action="store_true",
                           help="Ignore query results stored in session file")

        general.add_option("--hex",
                           dest="hexConvert",
                           action="store_true",
                           help="Use DBMS hex function(s) for data retrieval")

        general.add_option("--output-dir",
                           dest="outputDir",
                           action="store",
                           help="Custom output directory path")

        general.add_option(
            "--parse-errors",
            dest="parseErrors",
            action="store_true",
            help="Parse and display DBMS error messages from responses")

        general.add_option("--pivot-column",
                           dest="pivotColumn",
                           help="Pivot column name")

        general.add_option("--save",
                           dest="saveCmdline",
                           action="store_true",
                           help="Save options to a configuration INI file")

        general.add_option(
            "--scope",
            dest="scope",
            help="Regexp to filter targets from provided proxy log")

        general.add_option(
            "--test-filter",
            dest="testFilter",
            help="Select tests by payloads and/or titles (e.g. ROW)")

        general.add_option("--update",
                           dest="updateAll",
                           action="store_true",
                           help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option(
            "-z",
            dest="mnemonics",
            help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_option(
            "--alert",
            dest="alert",
            help="Run host OS command(s) when SQL injection is found")

        miscellaneous.add_option(
            "--answers",
            dest="answers",
            help="Set question answers (e.g. \"quit=N,follow=N\")")

        miscellaneous.add_option(
            "--beep",
            dest="beep",
            action="store_true",
            help="Make a beep sound when SQL injection is found")

        miscellaneous.add_option(
            "--check-waf",
            dest="checkWaf",
            action="store_true",
            help="Heuristically check for WAF/IPS/IDS protection")

        miscellaneous.add_option("--cleanup",
                                 dest="cleanup",
                                 action="store_true",
                                 help="Clean up the DBMS from sqlmap specific "
                                 "UDF and tables")

        miscellaneous.add_option(
            "--dependencies",
            dest="dependencies",
            action="store_true",
            help="Check for missing (non-core) sqlmap dependencies")

        miscellaneous.add_option("--disable-coloring",
                                 dest="disableColoring",
                                 action="store_true",
                                 help="Disable console output coloring")

        miscellaneous.add_option(
            "--gpage",
            dest="googlePage",
            type="int",
            help="Use Google dork results from specified page number")

        miscellaneous.add_option(
            "--identify-waf",
            dest="identifyWaf",
            action="store_true",
            help="Make a through testing for a WAF/IPS/IDS protection")

        miscellaneous.add_option(
            "--mobile",
            dest="mobile",
            action="store_true",
            help="Imitate smartphone through HTTP User-Agent header")

        miscellaneous.add_option(
            "--page-rank",
            dest="pageRank",
            action="store_true",
            help="Display page rank (PR) for Google dork results")

        miscellaneous.add_option(
            "--purge-output",
            dest="purgeOutput",
            action="store_true",
            help="Safely remove all content from output directory")

        miscellaneous.add_option(
            "--smart",
            dest="smart",
            action="store_true",
            help="Conduct through tests only if positive heuristic(s)")

        miscellaneous.add_option("--sqlmap-shell",
                                 dest="sqlmapShell",
                                 action="store_true",
                                 help="Prompt for an interactive sqlmap shell")

        miscellaneous.add_option(
            "--wizard",
            dest="wizard",
            action="store_true",
            help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_option("--dummy",
                          dest="dummy",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--pickled-options",
                          dest="pickledOptions",
                          help=SUPPRESS_HELP)

        parser.add_option("--profile",
                          dest="profile",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--binary-fields",
                          dest="binaryFields",
                          help=SUPPRESS_HELP)

        parser.add_option("--cpu-throttle",
                          dest="cpuThrottle",
                          type="int",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-dns",
                          dest="forceDns",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--smoke-test",
                          dest="smokeTest",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--live-test",
                          dest="liveTest",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--stop-fail",
                          dest="stopFail",
                          action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        # Dirty hack to display longer options without breaking into two lines
        def _(self, *args):
            _ = parser.formatter._format_option_strings(*args)
            if len(_) > MAX_HELP_OPTION_LENGTH:
                _ = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH -
                                   parser.formatter.indent_increment)) % _
            return _

        parser.formatter._format_option_strings = parser.formatter.format_option_strings
        parser.formatter.format_option_strings = type(
            parser.formatter.format_option_strings)(_, parser, type(parser))

        # Dirty hack for making a short option -hh
        option = parser.get_option("--hh")
        option._short_opts = ["-hh"]
        option._long_opts = []

        # Dirty hack for inherent help message of switch -h
        option = parser.get_option("-h")
        option.help = option.help.capitalize().replace("this help",
                                                       "basic help")

        argv = []
        prompt = False
        advancedHelp = True

        for arg in sys.argv:
            argv.append(getUnicode(arg, encoding=sys.stdin.encoding))

        checkDeprecatedOptions(argv)

        prompt = "--sqlmap-shell" in argv

        if prompt:
            parser.usage = ""
            cmdLineOptions.sqlmapShell = True

            _ = ["x", "q", "exit", "quit", "clear"]

            for option in parser.option_list:
                _.extend(option._long_opts)
                _.extend(option._short_opts)

            for group in parser.option_groups:
                for option in group.option_list:
                    _.extend(option._long_opts)
                    _.extend(option._short_opts)

            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=_)

            while True:
                command = None

                try:
                    command = raw_input("sqlmap-shell> ").strip()
                except (KeyboardInterrupt, EOFError):
                    print
                    raise SqlmapShellQuitException

                if not command:
                    continue
                elif command.lower() == "clear":
                    clearHistory()
                    print "[i] history cleared"
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                elif command.lower() in ("x", "q", "exit", "quit"):
                    raise SqlmapShellQuitException
                elif command[0] != '-':
                    print "[!] invalid option(s) provided"
                    print "[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'"
                else:
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    break

            for arg in shlex.split(command):
                argv.append(getUnicode(arg, encoding=sys.stdin.encoding))

        # Hide non-basic options in basic help case
        for i in xrange(len(argv)):
            if argv[i] == "-hh":
                argv[i] = "-h"
            elif argv[i] == "--version":
                print VERSION_STRING.split('/')[-1]
                raise SystemExit
            elif argv[i] == "-h":
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
                    for option in group.option_list:
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS_HELP
                        else:
                            found = True
                    if not found:
                        parser.option_groups.remove(group)

        try:
            (args, _) = parser.parse_args(argv)
        except UnicodeEncodeError, ex:
            print "\n[!] %s" % ex.object.encode("unicode-escape")
            raise SystemExit
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                print "\n[!] to see full list of options run with '-hh'"
            raise

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
            args.purgeOutput, args.pickledOptions, args.sitemapUrl)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)

        return args
Exemplo n.º 7
0
def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    usage = "%s%s [options]" % ("python " if not IS_WIN else "", \
            "\"%s\"" % sys.argv[0] if " " in sys.argv[0] else sys.argv[0])

    parser = OptionParser(usage=usage)

    try:
        parser.add_option("--hh", dest="advancedHelp",
                          action="store_true",
                          help="Show advanced help message and exit")

        parser.add_option("-v", dest="verbose", type="int",
                          help="Verbosity level: 0-6 (default %d)" % defaults.verbose)

        # Target options
        target = OptionGroup(parser, "Target", "At least one of these "
                             "options has to be specified to set the source "
                             "to get target urls from")

        target.add_option("-d", dest="direct", help="Direct "
                          "connection to the database")

        target.add_option("-u", "--url", dest="url", help="Target url")

        target.add_option("-l", dest="logFile", help="Parse targets from Burp "
                          "or WebScarab proxy logs")

        target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted "
                          "in a given textual file ")

        target.add_option("-r", dest="requestFile",
                          help="Load HTTP request from a file")

        target.add_option("-g", dest="googleDork",
                          help="Process Google dork results as target urls")

        target.add_option("-c", dest="configFile",
                          help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(parser, "Request", "These options can be used "
                              "to specify how to connect to the target url")

        request.add_option("--data", dest="data",
                           help="Data string to be sent through POST")

        request.add_option("--param-del", dest="pDel",
                           help="Character used for splitting parameter values")

        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header")

        request.add_option("--load-cookies", dest="loC",
                           help="File containing cookies in Netscape/wget format")

        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
                             action="store_true",
                             help="URL Encode generated cookie injections")

        request.add_option("--drop-set-cookie", dest="dropSetCookie",
                           action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent", dest="agent",
                           help="HTTP User-Agent header")

        request.add_option("--random-agent", dest="randomAgent",
                           action="store_true",
                           help="Use randomly selected HTTP User-Agent header")

        request.add_option("--randomize", dest="rParam",
                           help="Randomly change value for given parameter(s)")

        request.add_option("--force-ssl", dest="forceSSL",
                           action="store_true",
                           help="Force usage of SSL/HTTPS requests")

        request.add_option("--host", dest="host",
                           help="HTTP Host header")

        request.add_option("--referer", dest="referer",
                           help="HTTP Referer header")

        request.add_option("--headers", dest="headers",
                           help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_option("--auth-type", dest="aType",
                           help="HTTP authentication type "
                                "(Basic, Digest or NTLM)")

        request.add_option("--auth-cred", dest="aCred",
                           help="HTTP authentication credentials "
                                "(name:password)")

        request.add_option("--auth-cert", dest="aCert",
                           help="HTTP authentication certificate ("
                                "key_file,cert_file)")

        request.add_option("--proxy", dest="proxy",
                           help="Use a HTTP proxy to connect to the target url")

        request.add_option("--proxy-cred", dest="pCred",
                           help="HTTP proxy authentication credentials "
                                "(name:password)")

        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default HTTP proxy")

        request.add_option("--delay", dest="delay", type="float",
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout", dest="timeout", type="float",
                           help="Seconds to wait before timeout connection "
                                "(default %d)" % defaults.timeout)

        request.add_option("--retries", dest="retries", type="int",
                           help="Retries when the connection timeouts "
                                "(default %d)" % defaults.retries)

        request.add_option("--scope", dest="scope",
                           help="Regexp to filter targets from provided proxy log")

        request.add_option("--safe-url", dest="safUrl",
                           help="Url address to visit frequently during testing")

        request.add_option("--safe-freq", dest="saFreq", type="int",
                           help="Test requests between two visits to a given safe url")

        request.add_option("--skip-urlencode", dest="skipUrlEncode",
                           action="store_true",
                           help="Skip URL encoding of POST data")

        request.add_option("--eval", dest="evalCode",
                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

        # Optimization options
        optimization = OptionGroup(parser, "Optimization", "These "
                               "options can be used to optimize the "
                               "performance of sqlmap")

        optimization.add_option("-o", dest="optimize",
                                 action="store_true",
                                 help="Turn on all optimization switches")

        optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
                          help="Predict common queries output")

        optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
                           help="Use persistent HTTP(s) connections")

        optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
                          help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads", dest="threads", type="int",
                           help="Max number of concurrent HTTP(s) "
                                "requests (default %d)" % defaults.threads)

        # Injection options
        injection = OptionGroup(parser, "Injection", "These options can be "
                                "used to specify which parameters to test "
                                "for, provide custom injection payloads and "
                                "optional tampering scripts")

        injection.add_option("-p", dest="testParameter",
                             help="Testable parameter(s)")

        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to this value")

        injection.add_option("--os", dest="os",
                             help="Force back-end DBMS operating system "
                                  "to this value")

        injection.add_option("--invalid-bignum", dest="invalidBignum",
                             action="store_true",
                             help="Use big numbers for invalidating values")

        injection.add_option("--invalid-logical", dest="invalidLogical",
                             action="store_true",
                             help="Use logical operations for invalidating values")

        injection.add_option("--no-cast", dest="noCast",
                             action="store_true",
                             help="Turn off payload casting mechanism")

        injection.add_option("--prefix", dest="prefix",
                             help="Injection payload prefix string")

        injection.add_option("--suffix", dest="suffix",
                             help="Injection payload suffix string")

        injection.add_option("--skip", dest="skip",
                             help="Skip testing for given parameter(s)")

        injection.add_option("--tamper", dest="tamper",
                             help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(parser, "Detection", "These options can be "
                                "used to specify how to parse "
                                "and compare page content from "
                                "HTTP responses when using blind SQL "
                                "injection technique")

        detection.add_option("--level", dest="level", type="int",
                             help="Level of tests to perform (1-5, "
                                  "default %d)" % defaults.level)

        detection.add_option("--risk", dest="risk", type="int",
                             help="Risk of tests to perform (0-3, "
                                  "default %d)" % defaults.level)

        detection.add_option("--string", dest="string",
                             help="String to match when "
                                  "query is evaluated to True")

        detection.add_option("--regexp", dest="regexp",
                             help="Regexp to match when "
                                  "query is evaluated to True")

        detection.add_option("--code", dest="code", type="int",
                             help="HTTP code to match when "
                                  "query is evaluated to True")

        detection.add_option("--text-only", dest="textOnly",
                             action="store_true",
                             help="Compare pages based only on the textual content")

        detection.add_option("--titles", dest="titles",
                             action="store_true",
                             help="Compare pages based only on their titles")

        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can be "
                                 "used to tweak testing of specific SQL "
                                 "injection techniques")

        techniques.add_option("--technique", dest="tech",
                              help="SQL injection techniques to test for "
                                   "(default \"%s\")" % defaults.tech)

        techniques.add_option("--time-sec", dest="timeSec",
                              type="int",
                              help="Seconds to delay the DBMS response "
                                   "(default %d)" % defaults.timeSec)

        techniques.add_option("--union-cols", dest="uCols",
                              help="Range of columns to test for UNION query SQL injection")

        techniques.add_option("--union-char", dest="uChar",
                              help="Character to use for bruteforcing number of columns")

        techniques.add_option("--dns-domain", dest="dName",
                              help="Domain name used for DNS exfiltration attack")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp",
                               action="store_true",
                               help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                  "be used to enumerate the back-end database "
                                  "management system information, structure "
                                  "and data contained in the tables. Moreover "
                                  "you can run your own SQL statements")

        enumeration.add_option("-b", "--banner", dest="getBanner",
                               action="store_true", help="Retrieve DBMS banner")

        enumeration.add_option("--current-user", dest="getCurrentUser",
                               action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db", dest="getCurrentDb",
                               action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--is-dba", dest="isDba",
                               action="store_true",
                               help="Detect if the DBMS current user is DBA")

        enumeration.add_option("--users", dest="getUsers", action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords", dest="getPasswordHashes",
                               action="store_true",
                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges", dest="getPrivileges",
                               action="store_true",
                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--roles", dest="getRoles",
                               action="store_true",
                               help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true",
                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns", dest="getColumns", action="store_true",
                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--schema", dest="getSchema", action="store_true",
                               help="Enumerate DBMS schema")

        enumeration.add_option("--count", dest="getCount", action="store_true",
                               help="Retrieve number of entries for table(s)")

        enumeration.add_option("--dump", dest="dumpTable", action="store_true",
                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option("--search", dest="search", action="store_true",
                               help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_option("-D", dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl",
                               help="DBMS database table to enumerate")

        enumeration.add_option("-C", dest="col",
                               help="DBMS database table column to enumerate")

        enumeration.add_option("-U", dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs",
                               action="store_true",
                               help="Exclude DBMS system databases when "
                                    "enumerating tables")

        enumeration.add_option("--start", dest="limitStart", type="int",
                               help="First query output entry to retrieve")

        enumeration.add_option("--stop", dest="limitStop", type="int",
                               help="Last query output entry to retrieve")

        enumeration.add_option("--first", dest="firstChar", type="int",
                               help="First query output word character to retrieve")

        enumeration.add_option("--last", dest="lastChar", type="int",
                               help="Last query output word character to retrieve")

        enumeration.add_option("--sql-query", dest="query",
                               help="SQL statement to be executed")

        enumeration.add_option("--sql-shell", dest="sqlShell",
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

        # User-defined function options
        brute = OptionGroup(parser, "Brute force", "These "
                          "options can be used to run brute force "
                          "checks")

        brute.add_option("--common-tables", dest="commonTables", action="store_true",
                               help="Check existence of common tables")

        brute.add_option("--common-columns", dest="commonColumns", action="store_true",
                               help="Check existence of common columns")

        # User-defined function options
        udf = OptionGroup(parser, "User-defined function injection", "These "
                          "options can be used to create custom user-defined "
                          "functions")

        udf.add_option("--udf-inject", dest="udfInject", action="store_true",
                       help="Inject custom user-defined functions")

        udf.add_option("--shared-lib", dest="shLib",
                       help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(parser, "File system access", "These options "
                                 "can be used to access the back-end database "
                                 "management system underlying file system")

        filesystem.add_option("--file-read", dest="rFile",
                              help="Read a file from the back-end DBMS "
                                   "file system")

        filesystem.add_option("--file-write", dest="wFile",
                              help="Write a local file on the back-end "
                                   "DBMS file system")

        filesystem.add_option("--file-dest", dest="dFile",
                              help="Back-end DBMS absolute filepath to "
                                   "write to")

        # Takeover options
        takeover = OptionGroup(parser, "Operating system access", "These "
                               "options can be used to access the back-end "
                               "database management system underlying "
                               "operating system")

        takeover.add_option("--os-cmd", dest="osCmd",
                            help="Execute an operating system command")

        takeover.add_option("--os-shell", dest="osShell",
                            action="store_true",
                            help="Prompt for an interactive operating "
                                 "system shell")

        takeover.add_option("--os-pwn", dest="osPwn",
                            action="store_true",
                            help="Prompt for an out-of-band shell, "
                                 "meterpreter or VNC")

        takeover.add_option("--os-smbrelay", dest="osSmb",
                            action="store_true",
                            help="One click prompt for an OOB shell, "
                                 "meterpreter or VNC")

        takeover.add_option("--os-bof", dest="osBof",
                            action="store_true",
                            help="Stored procedure buffer overflow "
                                 "exploitation")

        takeover.add_option("--priv-esc", dest="privEsc",
                            action="store_true",
                            help="Database process' user privilege escalation")

        takeover.add_option("--msf-path", dest="msfPath",
                            help="Local path where Metasploit Framework "
                                 "is installed")

        takeover.add_option("--tmp-path", dest="tmpPath",
                            help="Remote absolute path of temporary files "
                                 "directory")

        # Windows registry options
        windows = OptionGroup(parser, "Windows registry access", "These "
                               "options can be used to access the back-end "
                               "database management system Windows "
                               "registry")

        windows.add_option("--reg-read", dest="regRead",
                            action="store_true",
                            help="Read a Windows registry key value")

        windows.add_option("--reg-add", dest="regAdd",
                            action="store_true",
                            help="Write a Windows registry key value data")

        windows.add_option("--reg-del", dest="regDel",
                            action="store_true",
                            help="Delete a Windows registry key value")

        windows.add_option("--reg-key", dest="regKey",
                            help="Windows registry key")

        windows.add_option("--reg-value", dest="regVal",
                            help="Windows registry key value")

        windows.add_option("--reg-data", dest="regData",
                            help="Windows registry key value data")

        windows.add_option("--reg-type", dest="regType",
                            help="Windows registry key value type")

        # General options
        general = OptionGroup(parser, "General", "These options can be used "
                             "to set some general working parameters" )

        #general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")

        general.add_option("-t", dest="trafficFile",
                            help="Log all HTTP traffic into a "
                            "textual file")

        general.add_option("--batch", dest="batch",
                            action="store_true",
                            help="Never ask for user input, use the default behaviour")

        general.add_option("--charset", dest="charset",
                            help="Force character encoding used for data retrieval")

        general.add_option("--check-tor", dest="checkTor",
                                  action="store_true",
                                  help="Check to see if Tor is used properly")

        general.add_option("--crawl", dest="crawlDepth", type="int",
                                  help="Crawl the website starting from the target url")

        general.add_option("--csv-del", dest="csvDel",
                                  help="Delimiting character used in CSV output "
                                  "(default \"%s\")" % defaults.csvDel)

        general.add_option("--dbms-cred", dest="dCred",
                            help="DBMS authentication credentials (user:password)")

        general.add_option("--eta", dest="eta",
                            action="store_true",
                            help="Display for each output the "
                                 "estimated time of arrival")

        general.add_option("--flush-session", dest="flushSession",
                            action="store_true",
                            help="Flush session files for current target")

        general.add_option("--forms", dest="forms",
                                  action="store_true",
                                  help="Parse and test forms on target url")

        general.add_option("--fresh-queries", dest="freshQueries",
                            action="store_true",
                            help="Ignores query results stored in session file")

        general.add_option("--hex", dest="hexConvert",
                            action="store_true",
                            help="Uses DBMS hex function(s) for data retrieval")

        general.add_option("--output-dir", dest="oDir",
                            action="store",
                            help="Custom output directory path")

        general.add_option("--parse-errors", dest="parseErrors",
                                  action="store_true",
                                  help="Parse and display DBMS error messages from responses")

        general.add_option("--replicate", dest="replicate",
                                  action="store_true",
                                  help="Replicate dumped data into a sqlite3 database")

        general.add_option("--save", dest="saveCmdline",
                            action="store_true",
                            help="Save options to a configuration INI file")

        general.add_option("--tor", dest="tor",
                                  action="store_true",
                                  help="Use Tor anonymity network")

        general.add_option("--tor-port", dest="torPort",
                                  help="Set Tor proxy port other than default")

        general.add_option("--tor-type", dest="torType",
                                  help="Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)")

        general.add_option("--update", dest="updateAll",
                            action="store_true",
                            help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option("-z", dest="mnemonics",
                               help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_option("--beep", dest="beep",
                                  action="store_true",
                                  help="Sound alert when SQL injection found")

        miscellaneous.add_option("--check-payload", dest="checkPayload",
                                  action="store_true",
                                  help="Offline WAF/IPS/IDS payload detection testing")

        miscellaneous.add_option("--check-waf", dest="checkWaf",
                                  action="store_true",
                                  help="Check for existence of WAF/IPS/IDS protection")

        miscellaneous.add_option("--cleanup", dest="cleanup",
                                  action="store_true",
                                  help="Clean up the DBMS by sqlmap specific "
                                  "UDF and tables")

        miscellaneous.add_option("--dependencies", dest="dependencies",
                                  action="store_true",
                                  help="Check for missing sqlmap dependencies")

        miscellaneous.add_option("--disable-hash", dest="disableHash",
                                  action="store_true",
                                  help="Disable password hash cracking mechanism")

        miscellaneous.add_option("--disable-like", dest="disableLike",
                                  action="store_true",
                                  help="Disable LIKE search of identificator names")

        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
                                  help="Use Google dork results from specified page number")

        miscellaneous.add_option("--mobile", dest="mobile",
                                  action="store_true",
                                  help="Imitate smartphone through HTTP User-Agent header")

        miscellaneous.add_option("--page-rank", dest="pageRank",
                                  action="store_true",
                                  help="Display page rank (PR) for Google dork results")

        miscellaneous.add_option("--purge-output", dest="purgeOutput",
                                  action="store_true",
                                  help="Safely remove all content from output directory")

        miscellaneous.add_option("--smart", dest="smart",
                                  action="store_true",
                                  help="Conduct through tests only if positive heuristic(s)")

        miscellaneous.add_option("--test-filter", dest="tstF",
                                  help="Select tests by payloads and/or titles (e.g. ROW)")

        miscellaneous.add_option("--wizard", dest="wizard",
                                  action="store_true",
                                  help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_option("--profile", dest="profile", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
                          help=SUPPRESS_HELP)

        parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--live-test", dest="liveTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--real-test", dest="realTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--run-case", dest="runCase", type="int",
                          help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        # Dirty hack for making a short option -hh
        option = parser.get_option("--hh")
        option._short_opts = ["-hh"]
        option._long_opts = []

        # Dirty hack for inherent help message of switch -h
        option = parser.get_option("-h")
        option.help = option.help.capitalize().replace("this help", "basic help")

        args = []
        advancedHelp = True

        for arg in sys.argv:
            args.append(getUnicode(arg, system=True))

        # Hide non-basic options in basic help case
        for i in xrange(len(sys.argv)):
            if sys.argv[i] == '-hh':
                sys.argv[i] = '-h'
            elif sys.argv[i] == '-h':
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
                    for option in group.option_list:
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS_HELP
                        else:
                            found = True
                    if not found:
                        parser.option_groups.remove(group)

        try:
            (args, _) = parser.parse_args(args)
        except SystemExit:
            if '-h' in sys.argv and not advancedHelp:
                print "\n[!] to see full list of options run with '-hh'"
            raise

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(sys.argv) - 1):
            if sys.argv[i] == '-z':
                expandMnemonics(sys.argv[i+1], parser, args)

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard, args.dependencies, args.purgeOutput)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
            errMsg += "use -h for basic or -hh for advanced help"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError), e:
        parser.error(e)
Exemplo n.º 8
0
def cmdLineParser():
    """
    This function parses the command line parameters and arguments
    """

    usage = "%s%s [options]" % (
        "python " if not IS_WIN else "",
        '"%s"' % sys.argv[0] if " " in sys.argv[0] else sys.argv[0],
    )

    parser = OptionParser(usage=usage, version=VERSION_STRING)

    try:
        parser.add_option("-v", dest="verbose", type="int", help="Verbosity level: 0-6 (default %d)" % defaults.verbose)

        # Target options
        target = OptionGroup(
            parser,
            "Target",
            "At least one of these " "options has to be specified to set the source " "to get target urls from.",
        )

        target.add_option("-d", dest="direct", help="Direct " "connection to the database")

        target.add_option("-u", "--url", dest="url", help="Target url")

        target.add_option("-l", dest="logFile", help="Parse targets from Burp " "or WebScarab proxy logs")

        target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted " "in a given textual file ")

        target.add_option("-r", dest="requestFile", help="Load HTTP request from a file")

        target.add_option("-g", dest="googleDork", help="Process Google dork results as target urls")

        target.add_option("-c", dest="configFile", help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(
            parser, "Request", "These options can be used " "to specify how to connect to the target url."
        )

        request.add_option("--data", dest="data", help="Data string to be sent through POST")

        request.add_option("--param-del", dest="pDel", help="Character used for splitting parameter values")

        request.add_option("--cookie", dest="cookie", help="HTTP Cookie header")

        request.add_option(
            "--cookie-urlencode",
            dest="cookieUrlencode",
            action="store_true",
            help="URL Encode generated cookie injections",
        )

        request.add_option(
            "--drop-set-cookie",
            dest="dropSetCookie",
            action="store_true",
            help="Ignore Set-Cookie header from response",
        )

        request.add_option("--user-agent", dest="agent", help="HTTP User-Agent header")

        request.add_option(
            "--random-agent",
            dest="randomAgent",
            action="store_true",
            help="Use randomly selected HTTP User-Agent header",
        )

        request.add_option("--randomize", dest="rParam", help="Randomly change value for given parameter(s)")

        request.add_option("--referer", dest="referer", help="HTTP Referer header")

        request.add_option("--headers", dest="headers", help="Extra HTTP headers newline separated")

        request.add_option("--auth-type", dest="aType", help="HTTP authentication type " "(Basic, Digest or NTLM)")

        request.add_option("--auth-cred", dest="aCred", help="HTTP authentication credentials " "(name:password)")

        request.add_option("--auth-cert", dest="aCert", help="HTTP authentication certificate (" "key_file,cert_file)")

        request.add_option("--proxy", dest="proxy", help="Use a HTTP proxy to connect to the target url")

        request.add_option(
            "--proxy-cred", dest="pCred", help="HTTP proxy authentication credentials " "(name:password)"
        )

        request.add_option(
            "--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default HTTP proxy"
        )

        request.add_option("--delay", dest="delay", type="float", help="Delay in seconds between each HTTP request")

        request.add_option(
            "--timeout",
            dest="timeout",
            type="float",
            help="Seconds to wait before timeout connection " "(default %d)" % defaults.timeout,
        )

        request.add_option(
            "--retries",
            dest="retries",
            type="int",
            help="Retries when the connection timeouts " "(default %d)" % defaults.retries,
        )

        request.add_option("--scope", dest="scope", help="Regexp to filter targets from provided proxy log")

        request.add_option("--safe-url", dest="safUrl", help="Url address to visit frequently during testing")

        request.add_option(
            "--safe-freq", dest="saFreq", type="int", help="Test requests between two visits to a given safe url"
        )

        # Optimization options
        optimization = OptionGroup(
            parser, "Optimization", "These " "options can be used to optimize the " "performance of sqlmap."
        )

        optimization.add_option("-o", dest="optimize", action="store_true", help="Turn on all optimization switches")

        optimization.add_option(
            "--predict-output", dest="predictOutput", action="store_true", help="Predict common queries output"
        )

        optimization.add_option(
            "--keep-alive", dest="keepAlive", action="store_true", help="Use persistent HTTP(s) connections"
        )

        optimization.add_option(
            "--null-connection",
            dest="nullConnection",
            action="store_true",
            help="Retrieve page length without actual HTTP response body",
        )

        optimization.add_option(
            "--threads",
            dest="threads",
            type="int",
            help="Max number of concurrent HTTP(s) " "requests (default %d)" % defaults.threads,
        )

        # Injection options
        injection = OptionGroup(
            parser,
            "Injection",
            "These options can be "
            "used to specify which parameters to test "
            "for, provide custom injection payloads and "
            "optional tampering scripts.",
        )

        injection.add_option("-p", dest="testParameter", help="Testable parameter(s)")

        injection.add_option("--dbms", dest="dbms", help="Force back-end DBMS to this value")

        injection.add_option("--os", dest="os", help="Force back-end DBMS operating system " "to this value")

        injection.add_option("--prefix", dest="prefix", help="Injection payload prefix string")

        injection.add_option("--suffix", dest="suffix", help="Injection payload suffix string")

        injection.add_option(
            "--logic-negative",
            dest="logicNegative",
            action="store_true",
            help="Use logic operation(s) instead of negating values",
        )

        injection.add_option("--skip", dest="skip", help="Skip testing for given parameter(s)")

        injection.add_option("--tamper", dest="tamper", help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(
            parser,
            "Detection",
            "These options can be "
            "used to specify how to parse "
            "and compare page content from "
            "HTTP responses when using blind SQL "
            "injection technique.",
        )

        detection.add_option(
            "--level", dest="level", type="int", help="Level of tests to perform (1-5, " "default %d)" % defaults.level
        )

        detection.add_option(
            "--risk", dest="risk", type="int", help="Risk of tests to perform (0-3, " "default %d)" % defaults.level
        )

        detection.add_option("--string", dest="string", help="String to match in the response when " "query is valid")

        detection.add_option("--regexp", dest="regexp", help="Regexp to match in the response when " "query is valid")

        detection.add_option(
            "--code", dest="code", type="int", help="HTTP response code to match when the query is valid"
        )

        detection.add_option(
            "--text-only", dest="textOnly", action="store_true", help="Compare pages based only on the textual content"
        )

        detection.add_option(
            "--titles", dest="titles", action="store_true", help="Compare pages based only on their titles"
        )

        # Techniques options
        techniques = OptionGroup(
            parser,
            "Techniques",
            "These options can be " "used to tweak testing of specific SQL " "injection techniques.",
        )

        techniques.add_option(
            "--technique", dest="tech", help="SQL injection techniques to test for " "(default %s)" % defaults.tech
        )

        techniques.add_option(
            "--time-sec",
            dest="timeSec",
            type="int",
            help="Seconds to delay the DBMS response " "(default %s)" % defaults.timeSec,
        )

        techniques.add_option(
            "--union-cols", dest="uCols", help="Range of columns to test for UNION query SQL injection"
        )

        techniques.add_option("--union-char", dest="uChar", help="Character to use for bruteforcing number of columns")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option(
            "-f",
            "--fingerprint",
            dest="extensiveFp",
            action="store_true",
            help="Perform an extensive DBMS version fingerprint",
        )

        # Enumeration options
        enumeration = OptionGroup(
            parser,
            "Enumeration",
            "These options can "
            "be used to enumerate the back-end database "
            "management system information, structure "
            "and data contained in the tables. Moreover "
            "you can run your own SQL statements.",
        )

        enumeration.add_option("-b", "--banner", dest="getBanner", action="store_true", help="Retrieve DBMS banner")

        enumeration.add_option(
            "--current-user", dest="getCurrentUser", action="store_true", help="Retrieve DBMS current user"
        )

        enumeration.add_option(
            "--current-db", dest="getCurrentDb", action="store_true", help="Retrieve DBMS current database"
        )

        enumeration.add_option(
            "--is-dba", dest="isDba", action="store_true", help="Detect if the DBMS current user is DBA"
        )

        enumeration.add_option("--users", dest="getUsers", action="store_true", help="Enumerate DBMS users")

        enumeration.add_option(
            "--passwords", dest="getPasswordHashes", action="store_true", help="Enumerate DBMS users password hashes"
        )

        enumeration.add_option(
            "--privileges", dest="getPrivileges", action="store_true", help="Enumerate DBMS users privileges"
        )

        enumeration.add_option("--roles", dest="getRoles", action="store_true", help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true", help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true", help="Enumerate DBMS database tables")

        enumeration.add_option(
            "--columns", dest="getColumns", action="store_true", help="Enumerate DBMS database table columns"
        )

        enumeration.add_option("--schema", dest="getSchema", action="store_true", help="Enumerate DBMS schema")

        enumeration.add_option(
            "--count", dest="getCount", action="store_true", help="Retrieve number of entries for table(s)"
        )

        enumeration.add_option("--dump", dest="dumpTable", action="store_true", help="Dump DBMS database table entries")

        enumeration.add_option(
            "--dump-all", dest="dumpAll", action="store_true", help="Dump all DBMS databases tables entries"
        )

        enumeration.add_option(
            "--search", dest="search", action="store_true", help="Search column(s), table(s) and/or database name(s)"
        )

        enumeration.add_option("-D", dest="db", help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl", help="DBMS database table to enumerate")

        enumeration.add_option("-C", dest="col", help="DBMS database table column to enumerate")

        enumeration.add_option("-U", dest="user", help="DBMS user to enumerate")

        enumeration.add_option(
            "--exclude-sysdbs",
            dest="excludeSysDbs",
            action="store_true",
            help="Exclude DBMS system databases when " "enumerating tables",
        )

        enumeration.add_option("--start", dest="limitStart", type="int", help="First query output entry to retrieve")

        enumeration.add_option("--stop", dest="limitStop", type="int", help="Last query output entry to retrieve")

        enumeration.add_option(
            "--first", dest="firstChar", type="int", help="First query output word character to retrieve"
        )

        enumeration.add_option(
            "--last", dest="lastChar", type="int", help="Last query output word character to retrieve"
        )

        enumeration.add_option("--sql-query", dest="query", help="SQL statement to be executed")

        enumeration.add_option(
            "--sql-shell", dest="sqlShell", action="store_true", help="Prompt for an interactive SQL shell"
        )

        # User-defined function options
        brute = OptionGroup(parser, "Brute force", "These " "options can be used to run brute force " "checks.")

        brute.add_option(
            "--common-tables", dest="commonTables", action="store_true", help="Check existence of common tables"
        )

        brute.add_option(
            "--common-columns", dest="commonColumns", action="store_true", help="Check existence of common columns"
        )

        # User-defined function options
        udf = OptionGroup(
            parser,
            "User-defined function injection",
            "These " "options can be used to create custom user-defined " "functions.",
        )

        udf.add_option(
            "--udf-inject", dest="udfInject", action="store_true", help="Inject custom user-defined functions"
        )

        udf.add_option("--shared-lib", dest="shLib", help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(
            parser,
            "File system access",
            "These options " "can be used to access the back-end database " "management system underlying file system.",
        )

        filesystem.add_option("--file-read", dest="rFile", help="Read a file from the back-end DBMS " "file system")

        filesystem.add_option(
            "--file-write", dest="wFile", help="Write a local file on the back-end " "DBMS file system"
        )

        filesystem.add_option("--file-dest", dest="dFile", help="Back-end DBMS absolute filepath to " "write to")

        # Takeover options
        takeover = OptionGroup(
            parser,
            "Operating system access",
            "These "
            "options can be used to access the back-end "
            "database management system underlying "
            "operating system.",
        )

        takeover.add_option("--os-cmd", dest="osCmd", help="Execute an operating system command")

        takeover.add_option(
            "--os-shell",
            dest="osShell",
            action="store_true",
            help="Prompt for an interactive operating " "system shell",
        )

        takeover.add_option(
            "--os-pwn", dest="osPwn", action="store_true", help="Prompt for an out-of-band shell, " "meterpreter or VNC"
        )

        takeover.add_option(
            "--os-smbrelay",
            dest="osSmb",
            action="store_true",
            help="One click prompt for an OOB shell, " "meterpreter or VNC",
        )

        takeover.add_option(
            "--os-bof", dest="osBof", action="store_true", help="Stored procedure buffer overflow " "exploitation"
        )

        takeover.add_option(
            "--priv-esc", dest="privEsc", action="store_true", help="Database process' user privilege escalation"
        )

        takeover.add_option("--msf-path", dest="msfPath", help="Local path where Metasploit Framework " "is installed")

        takeover.add_option("--tmp-path", dest="tmpPath", help="Remote absolute path of temporary files " "directory")

        # Windows registry options
        windows = OptionGroup(
            parser,
            "Windows registry access",
            "These " "options can be used to access the back-end " "database management system Windows " "registry.",
        )

        windows.add_option("--reg-read", dest="regRead", action="store_true", help="Read a Windows registry key value")

        windows.add_option(
            "--reg-add", dest="regAdd", action="store_true", help="Write a Windows registry key value data"
        )

        windows.add_option("--reg-del", dest="regDel", action="store_true", help="Delete a Windows registry key value")

        windows.add_option("--reg-key", dest="regKey", help="Windows registry key")

        windows.add_option("--reg-value", dest="regVal", help="Windows registry key value")

        windows.add_option("--reg-data", dest="regData", help="Windows registry key value data")

        windows.add_option("--reg-type", dest="regType", help="Windows registry key value type")

        # General options
        general = OptionGroup(
            parser, "General", "These options can be used " "to set some general working parameters. "
        )

        # general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")

        general.add_option("-s", dest="sessionFile", help="Save and resume all data retrieved " "on a session file")

        general.add_option("-t", dest="trafficFile", help="Log all HTTP traffic into a " "textual file")

        general.add_option(
            "--batch", dest="batch", action="store_true", help="Never ask for user input, use the default behaviour"
        )

        general.add_option("--charset", dest="charset", help="Force character encoding used for data retrieval")

        general.add_option(
            "--crawl", dest="crawlDepth", type="int", help="Crawl the website starting from the target url"
        )

        general.add_option(
            "--eta", dest="eta", action="store_true", help="Display for each output the " "estimated time of arrival"
        )

        general.add_option(
            "--flush-session", dest="flushSession", action="store_true", help="Flush session file for current target"
        )

        general.add_option("--forms", dest="forms", action="store_true", help="Parse and test forms on target url")

        general.add_option(
            "--fresh-queries",
            dest="freshQueries",
            action="store_true",
            help="Ignores query results stored in session file",
        )

        general.add_option(
            "--parse-errors",
            dest="parseErrors",
            action="store_true",
            help="Parse and display DBMS error messages from responses",
        )

        general.add_option(
            "--replicate", dest="replicate", action="store_true", help="Replicate dumped data into a sqlite3 database"
        )

        general.add_option(
            "--save", dest="saveCmdline", action="store_true", help="Save options on a configuration INI file"
        )

        general.add_option(
            "--tor", dest="tor", action="store_true", help="Use default Tor (Vidalia/Privoxy/Polipo) proxy address"
        )

        general.add_option(
            "--check-tor", dest="checkTor", action="store_true", help="Check to see if Tor is used properly"
        )

        general.add_option("--update", dest="updateAll", action="store_true", help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option("-z", dest="mnemonics", help="Use mnemonics for shorter parameter setup")

        miscellaneous.add_option("--beep", dest="beep", action="store_true", help="Alert when sql injection found")

        miscellaneous.add_option(
            "--check-payload",
            dest="checkPayload",
            action="store_true",
            help="Offline WAF/IPS/IDS payload detection testing",
        )

        miscellaneous.add_option(
            "--check-waf", dest="checkWaf", action="store_true", help="Check for existence of WAF/IPS/IDS protection"
        )

        miscellaneous.add_option(
            "--cleanup",
            dest="cleanup",
            action="store_true",
            help="Clean up the DBMS by sqlmap specific " "UDF and tables",
        )

        miscellaneous.add_option(
            "--dependencies", dest="dependencies", action="store_true", help="Check for missing sqlmap dependencies"
        )

        miscellaneous.add_option(
            "--gpage", dest="googlePage", type="int", help="Use Google dork results from specified page number"
        )

        miscellaneous.add_option(
            "--mobile", dest="mobile", action="store_true", help="Imitate smartphone through HTTP User-Agent header"
        )

        miscellaneous.add_option(
            "--page-rank", dest="pageRank", action="store_true", help="Display page rank (PR) for Google dork results"
        )

        miscellaneous.add_option(
            "--smart", dest="smart", action="store_true", help="Conduct through tests only if positive heuristic(s)"
        )

        miscellaneous.add_option(
            "--wizard", dest="wizard", action="store_true", help="Simple wizard interface for beginner users"
        )

        # Hidden and/or experimental options
        parser.add_option("--profile", dest="profile", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", help=SUPPRESS_HELP)

        parser.add_option("--smoke-test", dest="smokeTest", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--live-test", dest="liveTest", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--real-test", dest="realTest", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--run-case", dest="runCase", type="int", help=SUPPRESS_HELP)

        parser.add_option("--group-concat", dest="groupConcat", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--no-cast", dest="noCast", action="store_true", help=SUPPRESS_HELP)

        parser.add_option("--test-filter", dest="testFilter", help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        args = []

        for arg in sys.argv:
            args.append(getUnicode(arg, system=True))

        (args, _) = parser.parse_args(args)

        for i in xrange(len(sys.argv) - 1):
            if sys.argv[i] == "-z":
                expandMnemonics(sys.argv[i + 1], parser, args)
                break

        if not any(
            [
                args.direct,
                args.url,
                args.logFile,
                args.bulkFile,
                args.googleDork,
                args.configFile,
                args.requestFile,
                args.updateAll,
                args.smokeTest,
                args.liveTest,
                args.realTest,
                args.wizard,
                args.dependencies,
            ]
        ):
            errMsg = (
                "missing a mandatory parameter (-d, -u, -l, -m, -r, -g, -c, --wizard, --update or --dependencies), "
            )
            errMsg += "-h for help"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError), e:
        parser.error(e)
Exemplo n.º 9
0
def cmdLineParser(argv=None):
    """
    This function parses the command line parameters and arguments
    """

    if not argv:
        argv = sys.argv

    checkSystemEncoding()

    # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
    _ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding)

    usage = "%s%s [options]" % ("python " if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _)
    parser = OptionParser(usage=usage)

    try:
        parser.add_option("--hh", dest="advancedHelp",
                          action="store_true",
                          help="Show advanced help message and exit")

        parser.add_option("--version", dest="showVersion",
                          action="store_true",
                          help="Show program's version number and exit")

        parser.add_option("-v", dest="verbose", type="int",
                          help="Verbosity level: 0-6 (default %d)" % defaults.verbose)

        # Target options
        target = OptionGroup(parser, "Target", "At least one of these "
                             "options has to be provided to define the target(s)")

        target.add_option("-d", dest="direct", help="Connection string "
                          "for direct database connection")

        target.add_option("-u", "--url", dest="url", help="Target URL (e.g. \"http://www.site.com/vuln.php?id=1\")")

        target.add_option("-l", dest="logFile", help="Parse target(s) from Burp "
                          "or WebScarab proxy log file")

        target.add_option("-x", dest="sitemapUrl", help="Parse target(s) from remote sitemap(.xml) file")

        target.add_option("-m", dest="bulkFile", help="Scan multiple targets given "
                          "in a textual file ")

        target.add_option("-r", dest="requestFile",
                          help="Load HTTP request from a file")

        target.add_option("-g", dest="googleDork",
                          help="Process Google dork results as target URLs")

        target.add_option("-c", dest="configFile",
                          help="Load options from a configuration INI file")

        # Request options
        request = OptionGroup(parser, "Request", "These options can be used "
                              "to specify how to connect to the target URL")

        request.add_option("--method", dest="method",
                           help="Force usage of given HTTP method (e.g. PUT)")

        request.add_option("--data", dest="data",
                           help="Data string to be sent through POST (e.g. \"id=1\")")

        request.add_option("--param-del", dest="paramDel",
                           help="Character used for splitting parameter values (e.g. &)")

        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\")")

        request.add_option("--cookie-del", dest="cookieDel",
                           help="Character used for splitting cookie values (e.g. ;)")

        request.add_option("--load-cookies", dest="loadCookies",
                           help="File containing cookies in Netscape/wget format")

        request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent", dest="agent",
                           help="HTTP User-Agent header value")

        request.add_option("--random-agent", dest="randomAgent", action="store_true",
                           help="Use randomly selected HTTP User-Agent header value")

        request.add_option("--host", dest="host",
                           help="HTTP Host header value")

        request.add_option("--referer", dest="referer",
                           help="HTTP Referer header value")

        request.add_option("-H", "--header", dest="header",
                           help="Extra header (e.g. \"X-Forwarded-For: 127.0.0.1\")")

        request.add_option("--headers", dest="headers",
                           help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

        request.add_option("--auth-type", dest="authType",
                           help="HTTP authentication type (Basic, Digest, NTLM or PKI)")

        request.add_option("--auth-cred", dest="authCred",
                           help="HTTP authentication credentials (name:password)")

        request.add_option("--auth-file", dest="authFile",
                           help="HTTP authentication PEM cert/private key file")

        request.add_option("--ignore-code", dest="ignoreCode", type="int",
                           help="Ignore (problematic) HTTP error code (e.g. 401)")

        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")

        request.add_option("--ignore-redirects", dest="ignoreRedirects", action="store_true",
                           help="Ignore redirection attempts")

        request.add_option("--ignore-timeouts", dest="ignoreTimeouts", action="store_true",
                           help="Ignore connection timeouts")

        request.add_option("--proxy", dest="proxy",
                           help="Use a proxy to connect to the target URL")

        request.add_option("--proxy-cred", dest="proxyCred",
                           help="Proxy authentication credentials (name:password)")

        request.add_option("--proxy-file", dest="proxyFile",
                           help="Load proxy list from a file")

        request.add_option("--tor", dest="tor", action="store_true",
                           help="Use Tor anonymity network")

        request.add_option("--tor-port", dest="torPort",
                           help="Set Tor proxy port other than default")

        request.add_option("--tor-type", dest="torType",
                           help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")

        request.add_option("--check-tor", dest="checkTor", action="store_true",
                           help="Check to see if Tor is used properly")

        request.add_option("--delay", dest="delay", type="float",
                           help="Delay in seconds between each HTTP request")

        request.add_option("--timeout", dest="timeout", type="float",
                           help="Seconds to wait before timeout connection (default %d)" % defaults.timeout)

        request.add_option("--retries", dest="retries", type="int",
                           help="Retries when the connection timeouts (default %d)" % defaults.retries)

        request.add_option("--randomize", dest="rParam",
                           help="Randomly change value for given parameter(s)")

        request.add_option("--safe-url", dest="safeUrl",
                           help="URL address to visit frequently during testing")

        request.add_option("--safe-post", dest="safePost",
                           help="POST data to send to a safe URL")

        request.add_option("--safe-req", dest="safeReqFile",
                           help="Load safe HTTP request from a file")

        request.add_option("--safe-freq", dest="safeFreq", type="int",
                           help="Test requests between two visits to a given safe URL")

        request.add_option("--skip-urlencode", dest="skipUrlEncode", action="store_true",
                           help="Skip URL encoding of payload data")

        request.add_option("--csrf-token", dest="csrfToken",
                           help="Parameter used to hold anti-CSRF token")

        request.add_option("--csrf-url", dest="csrfUrl",
                           help="URL address to visit for extraction of anti-CSRF token")

        request.add_option("--force-ssl", dest="forceSSL", action="store_true",
                           help="Force usage of SSL/HTTPS")

        request.add_option("--chunked", dest="chunked", action="store_true",
                           help="Use HTTP chunked transfer encoded (POST) requests")

        request.add_option("--hpp", dest="hpp", action="store_true",
                           help="Use HTTP parameter pollution method")

        request.add_option("--eval", dest="evalCode",
                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")

        # Optimization options
        optimization = OptionGroup(parser, "Optimization", "These options can be used to optimize the performance of sqlmap")

        optimization.add_option("-o", dest="optimize", action="store_true",
                                help="Turn on all optimization switches")

        optimization.add_option("--predict-output", dest="predictOutput", action="store_true",
                                help="Predict common queries output")

        optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
                                help="Use persistent HTTP(s) connections")

        optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
                                help="Retrieve page length without actual HTTP response body")

        optimization.add_option("--threads", dest="threads", type="int",
                                help="Max number of concurrent HTTP(s) "
                                "requests (default %d)" % defaults.threads)

        # Injection options
        injection = OptionGroup(parser, "Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts")

        injection.add_option("-p", dest="testParameter",
                             help="Testable parameter(s)")

        injection.add_option("--skip", dest="skip",
                             help="Skip testing for given parameter(s)")

        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
                             help="Skip testing parameters that not appear to be dynamic")

        injection.add_option("--param-exclude", dest="paramExclude",
                             help="Regexp to exclude parameters from testing (e.g. \"ses\")")

        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to provided value")

        injection.add_option("--dbms-cred", dest="dbmsCred",
                             help="DBMS authentication credentials (user:password)")

        injection.add_option("--os", dest="os",
                             help="Force back-end DBMS operating system to provided value")

        injection.add_option("--invalid-bignum", dest="invalidBignum", action="store_true",
                             help="Use big numbers for invalidating values")

        injection.add_option("--invalid-logical", dest="invalidLogical", action="store_true",
                             help="Use logical operations for invalidating values")

        injection.add_option("--invalid-string", dest="invalidString", action="store_true",
                             help="Use random strings for invalidating values")

        injection.add_option("--no-cast", dest="noCast", action="store_true",
                             help="Turn off payload casting mechanism")

        injection.add_option("--no-escape", dest="noEscape", action="store_true",
                             help="Turn off string escaping mechanism")

        injection.add_option("--prefix", dest="prefix",
                             help="Injection payload prefix string")

        injection.add_option("--suffix", dest="suffix",
                             help="Injection payload suffix string")

        injection.add_option("--tamper", dest="tamper",
                             help="Use given script(s) for tampering injection data")

        # Detection options
        detection = OptionGroup(parser, "Detection", "These options can be used to customize the detection phase")

        detection.add_option("--level", dest="level", type="int",
                             help="Level of tests to perform (1-5, default %d)" % defaults.level)

        detection.add_option("--risk", dest="risk", type="int",
                             help="Risk of tests to perform (1-3, default %d)" % defaults.risk)

        detection.add_option("--string", dest="string",
                             help="String to match when query is evaluated to True")

        detection.add_option("--not-string", dest="notString",
                             help="String to match when query is evaluated to False")

        detection.add_option("--regexp", dest="regexp",
                             help="Regexp to match when query is evaluated to True")

        detection.add_option("--code", dest="code", type="int",
                             help="HTTP code to match when query is evaluated to True")

        detection.add_option("--text-only", dest="textOnly", action="store_true",
                             help="Compare pages based only on the textual content")

        detection.add_option("--titles", dest="titles", action="store_true",
                             help="Compare pages based only on their titles")

        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can be used to tweak testing of specific SQL injection techniques")

        techniques.add_option("--technique", dest="tech",
                              help="SQL injection techniques to use (default \"%s\")" % defaults.tech)

        techniques.add_option("--time-sec", dest="timeSec", type="int",
                              help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)

        techniques.add_option("--union-cols", dest="uCols",
                              help="Range of columns to test for UNION query SQL injection")

        techniques.add_option("--union-char", dest="uChar",
                              help="Character to use for bruteforcing number of columns")

        techniques.add_option("--union-from", dest="uFrom",
                              help="Table to use in FROM part of UNION query SQL injection")

        techniques.add_option("--dns-domain", dest="dnsDomain",
                              help="Domain name used for DNS exfiltration attack")

        techniques.add_option("--second-url", dest="secondUrl",
                              help="Resulting page URL searched for second-order response")

        techniques.add_option("--second-req", dest="secondReq",
                              help="Load second-order HTTP request from file")

        # Fingerprint options
        fingerprint = OptionGroup(parser, "Fingerprint")

        fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", action="store_true",
                               help="Perform an extensive DBMS version fingerprint")

        # Enumeration options
        enumeration = OptionGroup(parser, "Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements")

        enumeration.add_option("-a", "--all", dest="getAll", action="store_true",
                               help="Retrieve everything")

        enumeration.add_option("-b", "--banner", dest="getBanner", action="store_true",
                               help="Retrieve DBMS banner")

        enumeration.add_option("--current-user", dest="getCurrentUser", action="store_true",
                               help="Retrieve DBMS current user")

        enumeration.add_option("--current-db", dest="getCurrentDb", action="store_true",
                               help="Retrieve DBMS current database")

        enumeration.add_option("--hostname", dest="getHostname", action="store_true",
                               help="Retrieve DBMS server hostname")

        enumeration.add_option("--is-dba", dest="isDba", action="store_true",
                               help="Detect if the DBMS current user is DBA")

        enumeration.add_option("--users", dest="getUsers", action="store_true",
                               help="Enumerate DBMS users")

        enumeration.add_option("--passwords", dest="getPasswordHashes", action="store_true",
                               help="Enumerate DBMS users password hashes")

        enumeration.add_option("--privileges", dest="getPrivileges", action="store_true",
                               help="Enumerate DBMS users privileges")

        enumeration.add_option("--roles", dest="getRoles", action="store_true",
                               help="Enumerate DBMS users roles")

        enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                               help="Enumerate DBMS databases")

        enumeration.add_option("--tables", dest="getTables", action="store_true",
                               help="Enumerate DBMS database tables")

        enumeration.add_option("--columns", dest="getColumns", action="store_true",
                               help="Enumerate DBMS database table columns")

        enumeration.add_option("--schema", dest="getSchema", action="store_true",
                               help="Enumerate DBMS schema")

        enumeration.add_option("--count", dest="getCount", action="store_true",
                               help="Retrieve number of entries for table(s)")

        enumeration.add_option("--dump", dest="dumpTable", action="store_true",
                               help="Dump DBMS database table entries")

        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")

        enumeration.add_option("--search", dest="search", action="store_true",
                               help="Search column(s), table(s) and/or database name(s)")

        enumeration.add_option("--comments", dest="getComments", action="store_true",
                               help="Check for DBMS comments during enumeration")

        enumeration.add_option("-D", dest="db",
                               help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl",
                               help="DBMS database table(s) to enumerate")

        enumeration.add_option("-C", dest="col",
                               help="DBMS database table column(s) to enumerate")

        enumeration.add_option("-X", dest="exclude",
                               help="DBMS database identifier(s) to not enumerate")

        enumeration.add_option("-U", dest="user",
                               help="DBMS user to enumerate")

        enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", action="store_true",
                               help="Exclude DBMS system databases when enumerating tables")

        enumeration.add_option("--pivot-column", dest="pivotColumn",
                               help="Pivot column name")

        enumeration.add_option("--where", dest="dumpWhere",
                               help="Use WHERE condition while table dumping")

        enumeration.add_option("--start", dest="limitStart", type="int",
                               help="First dump table entry to retrieve")

        enumeration.add_option("--stop", dest="limitStop", type="int",
                               help="Last dump table entry to retrieve")

        enumeration.add_option("--first", dest="firstChar", type="int",
                               help="First query output word character to retrieve")

        enumeration.add_option("--last", dest="lastChar", type="int",
                               help="Last query output word character to retrieve")

        enumeration.add_option("--sql-query", dest="query",
                               help="SQL statement to be executed")

        enumeration.add_option("--sql-shell", dest="sqlShell", action="store_true",
                               help="Prompt for an interactive SQL shell")

        enumeration.add_option("--sql-file", dest="sqlFile",
                               help="Execute SQL statements from given file(s)")

        # Brute force options
        brute = OptionGroup(parser, "Brute force", "These options can be used to run brute force checks")

        brute.add_option("--common-tables", dest="commonTables", action="store_true",
                         help="Check existence of common tables")

        brute.add_option("--common-columns", dest="commonColumns", action="store_true",
                         help="Check existence of common columns")

        # User-defined function options
        udf = OptionGroup(parser, "User-defined function injection", "These options can be used to create custom user-defined functions")

        udf.add_option("--udf-inject", dest="udfInject", action="store_true",
                       help="Inject custom user-defined functions")

        udf.add_option("--shared-lib", dest="shLib",
                       help="Local path of the shared library")

        # File system options
        filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system")

        filesystem.add_option("--file-read", dest="fileRead",
                              help="Read a file from the back-end DBMS file system")

        filesystem.add_option("--file-write", dest="fileWrite",
                              help="Write a local file on the back-end DBMS file system")

        filesystem.add_option("--file-dest", dest="fileDest",
                              help="Back-end DBMS absolute filepath to write to")

        # Takeover options
        takeover = OptionGroup(parser, "Operating system access", "These options can be used to access the back-end database management system underlying operating system")

        takeover.add_option("--os-cmd", dest="osCmd",
                            help="Execute an operating system command")

        takeover.add_option("--os-shell", dest="osShell", action="store_true",
                            help="Prompt for an interactive operating system shell")

        takeover.add_option("--os-pwn", dest="osPwn", action="store_true",
                            help="Prompt for an OOB shell, Meterpreter or VNC")

        takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true",
                            help="One click prompt for an OOB shell, Meterpreter or VNC")

        takeover.add_option("--os-bof", dest="osBof", action="store_true",
                            help="Stored procedure buffer overflow "
                                 "exploitation")

        takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
                            help="Database process user privilege escalation")

        takeover.add_option("--msf-path", dest="msfPath",
                            help="Local path where Metasploit Framework is installed")

        takeover.add_option("--tmp-path", dest="tmpPath",
                            help="Remote absolute path of temporary files directory")

        # Windows registry options
        windows = OptionGroup(parser, "Windows registry access", "These options can be used to access the back-end database management system Windows registry")

        windows.add_option("--reg-read", dest="regRead", action="store_true",
                           help="Read a Windows registry key value")

        windows.add_option("--reg-add", dest="regAdd", action="store_true",
                           help="Write a Windows registry key value data")

        windows.add_option("--reg-del", dest="regDel", action="store_true",
                           help="Delete a Windows registry key value")

        windows.add_option("--reg-key", dest="regKey",
                           help="Windows registry key")

        windows.add_option("--reg-value", dest="regVal",
                           help="Windows registry key value")

        windows.add_option("--reg-data", dest="regData",
                           help="Windows registry key value data")

        windows.add_option("--reg-type", dest="regType",
                           help="Windows registry key value type")

        # General options
        general = OptionGroup(parser, "General", "These options can be used to set some general working parameters")

        general.add_option("-s", dest="sessionFile",
                           help="Load session from a stored (.sqlite) file")

        general.add_option("-t", dest="trafficFile",
                           help="Log all HTTP traffic into a textual file")

        general.add_option("--batch", dest="batch", action="store_true",
                           help="Never ask for user input, use the default behavior")

        general.add_option("--binary-fields", dest="binaryFields",
                           help="Result fields having binary values (e.g. \"digest\")")

        general.add_option("--check-internet", dest="checkInternet", action="store_true",
                           help="Check Internet connection before assessing the target")

        general.add_option("--crawl", dest="crawlDepth", type="int",
                           help="Crawl the website starting from the target URL")

        general.add_option("--crawl-exclude", dest="crawlExclude",
                           help="Regexp to exclude pages from crawling (e.g. \"logout\")")

        general.add_option("--csv-del", dest="csvDel",
                           help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel)

        general.add_option("--charset", dest="charset",
                           help="Blind SQL injection charset (e.g. \"0123456789abcdef\")")

        general.add_option("--dump-format", dest="dumpFormat",
                           help="Format of dumped data (CSV (default), HTML or SQLITE)")

        general.add_option("--encoding", dest="encoding",
                           help="Character encoding used for data retrieval (e.g. GBK)")

        general.add_option("--eta", dest="eta", action="store_true",
                           help="Display for each output the estimated time of arrival")

        general.add_option("--flush-session", dest="flushSession", action="store_true",
                           help="Flush session files for current target")

        general.add_option("--forms", dest="forms", action="store_true",
                           help="Parse and test forms on target URL")

        general.add_option("--fresh-queries", dest="freshQueries", action="store_true",
                           help="Ignore query results stored in session file")

        general.add_option("--har", dest="harFile",
                           help="Log all HTTP traffic into a HAR file")

        general.add_option("--hex", dest="hexConvert", action="store_true",
                           help="Use hex conversion during data retrieval")

        general.add_option("--output-dir", dest="outputDir", action="store",
                           help="Custom output directory path")

        general.add_option("--parse-errors", dest="parseErrors", action="store_true",
                           help="Parse and display DBMS error messages from responses")

        general.add_option("--preprocess", dest="preprocess",
                           help="Use given script(s) for preprocessing of response data")

        general.add_option("--repair", dest="repair", action="store_true",
                           help="Redump entries having unknown character marker (%s)" % INFERENCE_UNKNOWN_CHAR)

        general.add_option("--save", dest="saveConfig",
                           help="Save options to a configuration INI file")

        general.add_option("--scope", dest="scope",
                           help="Regexp to filter targets from provided proxy log")

        general.add_option("--test-filter", dest="testFilter",
                           help="Select tests by payloads and/or titles (e.g. ROW)")

        general.add_option("--test-skip", dest="testSkip",
                           help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")

        general.add_option("--update", dest="updateAll", action="store_true",
                           help="Update sqlmap")

        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

        miscellaneous.add_option("-z", dest="mnemonics",
                                 help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

        miscellaneous.add_option("--alert", dest="alert",
                                 help="Run host OS command(s) when SQL injection is found")

        miscellaneous.add_option("--answers", dest="answers",
                                 help="Set predefined answers (e.g. \"quit=N,follow=N\")")

        miscellaneous.add_option("--beep", dest="beep", action="store_true",
                                 help="Beep on question and/or when SQL injection is found")

        miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true",
                                 help="Clean up the DBMS from sqlmap specific UDF and tables")

        miscellaneous.add_option("--dependencies", dest="dependencies", action="store_true",
                                 help="Check for missing (optional) sqlmap dependencies")

        miscellaneous.add_option("--disable-coloring", dest="disableColoring", action="store_true",
                                 help="Disable console output coloring")

        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
                                 help="Use Google dork results from specified page number")

        miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
                                 help="Make a thorough testing for a WAF/IPS protection")

        miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
                                 help="Display list of available tamper scripts")

        miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
                                 help="Imitate smartphone through HTTP User-Agent header")

        miscellaneous.add_option("--offline", dest="offline", action="store_true",
                                 help="Work in offline mode (only use session data)")

        miscellaneous.add_option("--purge", dest="purge", action="store_true",
                                 help="Safely remove all content from sqlmap data directory")

        miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true",
                                 help="Skip heuristic detection of WAF/IPS protection")

        miscellaneous.add_option("--smart", dest="smart", action="store_true",
                                 help="Conduct thorough tests only if positive heuristic(s)")

        miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
                                 help="Prompt for an interactive sqlmap shell")

        miscellaneous.add_option("--tmp-dir", dest="tmpDir",
                                 help="Local directory for storing temporary files")

        miscellaneous.add_option("--web-root", dest="webRoot",
                                 help="Web server document root directory (e.g. \"/var/www\")")

        miscellaneous.add_option("--wizard", dest="wizard", action="store_true",
                                 help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
        parser.add_option("--base64", dest="base64Parameter",
                          help=SUPPRESS_HELP)
#                          help="Parameter(s) containing Base64 encoded values")

        parser.add_option("--crack", dest="hashFile",
                          help=SUPPRESS_HELP)
#                          help="Load and crack hashes from a file (standalone)")

        parser.add_option("--dummy", dest="dummy", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--murphy-rate", dest="murphyRate", type="int",
                          help=SUPPRESS_HELP)

        parser.add_option("--disable-precon", dest="disablePrecon", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--disable-stats", dest="disableStats", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--profile", dest="profile", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-dbms", dest="forceDbms",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-dns", dest="forceDns", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--force-threads", dest="forceThreads", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--live-test", dest="liveTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--vuln-test", dest="vulnTest", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--stop-fail", dest="stopFail", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)

        # API options
        parser.add_option("--api", dest="api", action="store_true",
                          help=SUPPRESS_HELP)

        parser.add_option("--taskid", dest="taskid", help=SUPPRESS_HELP)

        parser.add_option("--database", dest="database", help=SUPPRESS_HELP)

        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
        parser.add_option_group(injection)
        parser.add_option_group(detection)
        parser.add_option_group(techniques)
        parser.add_option_group(fingerprint)
        parser.add_option_group(enumeration)
        parser.add_option_group(brute)
        parser.add_option_group(udf)
        parser.add_option_group(filesystem)
        parser.add_option_group(takeover)
        parser.add_option_group(windows)
        parser.add_option_group(general)
        parser.add_option_group(miscellaneous)

        # Dirty hack to display longer options without breaking into two lines
        def _(self, *args):
            retVal = parser.formatter._format_option_strings(*args)
            if len(retVal) > MAX_HELP_OPTION_LENGTH:
                retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal
            return retVal

        parser.formatter._format_option_strings = parser.formatter.format_option_strings
        parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser, type(parser))

        # Dirty hack for making a short option '-hh'
        option = parser.get_option("--hh")
        option._short_opts = ["-hh"]
        option._long_opts = []

        # Dirty hack for inherent help message of switch '-h'
        option = parser.get_option("-h")
        option.help = option.help.capitalize().replace("this help", "basic help")

        _ = []
        prompt = False
        advancedHelp = True
        extraHeaders = []
        tamperIndex = None

        # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING")
        for arg in argv:
            _.append(getUnicode(arg, encoding=sys.stdin.encoding))

        argv = _
        checkDeprecatedOptions(argv)

        prompt = "--sqlmap-shell" in argv

        if prompt:
            parser.usage = ""
            cmdLineOptions.sqlmapShell = True

            _ = ["x", "q", "exit", "quit", "clear"]

            for option in parser.option_list:
                _.extend(option._long_opts)
                _.extend(option._short_opts)

            for group in parser.option_groups:
                for option in group.option_list:
                    _.extend(option._long_opts)
                    _.extend(option._short_opts)

            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=_)

            while True:
                command = None

                try:
                    command = raw_input("sqlmap-shell> ").strip()
                    command = getUnicode(command, encoding=sys.stdin.encoding)
                except (KeyboardInterrupt, EOFError):
                    print()
                    raise SqlmapShellQuitException

                if not command:
                    continue
                elif command.lower() == "clear":
                    clearHistory()
                    dataToStdout("[i] history cleared\n")
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                elif command.lower() in ("x", "q", "exit", "quit"):
                    raise SqlmapShellQuitException
                elif command[0] != '-':
                    dataToStdout("[!] invalid option(s) provided\n")
                    dataToStdout("[i] proper example: '-u http://www.site.com/vuln.php?id=1 --banner'\n")
                else:
                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                    break

            try:
                for arg in shlex.split(command):
                    argv.append(getUnicode(arg, encoding=sys.stdin.encoding))
            except ValueError as ex:
                raise SqlmapSyntaxException("something went wrong during command line parsing ('%s')" % ex.message)

        for i in xrange(len(argv)):
            if argv[i] == "-hh":
                argv[i] = "-h"
            elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):
                dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]:
                dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif re.search(r"\A-\w=.+", argv[i]):
                dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i])
                raise SystemExit
            elif argv[i].startswith("--tamper"):
                if tamperIndex is None:
                    tamperIndex = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None)
                else:
                    argv[tamperIndex] = "%s,%s" % (argv[tamperIndex], argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else ""))
                    argv[i] = ""
            elif argv[i] == "-H":
                if i + 1 < len(argv):
                    extraHeaders.append(argv[i + 1])
            elif argv[i] == "-r":
                for j in xrange(i + 2, len(argv)):
                    value = argv[j]
                    if os.path.isfile(value):
                        argv[i + 1] += ",%s" % value
                        argv[j] = ''
                    else:
                        break
            elif re.match(r"\A\d+!\Z", argv[i]) and argv[max(0, i - 1)] == "--threads" or re.match(r"\A--threads.+\d+!\Z", argv[i]):
                argv[i] = argv[i][:-1]
                conf.skipThreadCheck = True
            elif argv[i] == "--version":
                print(VERSION_STRING.split('/')[-1])
                raise SystemExit
            elif argv[i] in ("-h", "--help"):
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
                    for option in group.option_list:
                        if option.dest not in BASIC_HELP_ITEMS:
                            option.help = SUPPRESS_HELP
                        else:
                            found = True
                    if not found:
                        parser.option_groups.remove(group)

        for verbosity in (_ for _ in argv if re.search(r"\A\-v+\Z", _)):
            try:
                if argv.index(verbosity) == len(argv) - 1 or not argv[argv.index(verbosity) + 1].isdigit():
                    conf.verbose = verbosity.count('v') + 1
                    del argv[argv.index(verbosity)]
            except (IndexError, ValueError):
                pass

        try:
            (args, _) = parser.parse_args(argv)
        except UnicodeEncodeError as ex:
            dataToStdout("\n[!] %s\n" % ex.object.encode("unicode-escape"))
            raise SystemExit
        except SystemExit:
            if "-h" in argv and not advancedHelp:
                dataToStdout("\n[!] to see full list of options run with '-hh'\n")
            raise

        if extraHeaders:
            if not args.headers:
                args.headers = ""
            delimiter = "\\n" if "\\n" in args.headers else "\n"
            args.headers += delimiter + delimiter.join(extraHeaders)

        # Expand given mnemonic options (e.g. -z "ign,flu,bat")
        for i in xrange(len(argv) - 1):
            if argv[i] == "-z":
                expandMnemonics(argv[i + 1], parser, args)

        if args.dummy:
            args.url = args.url or DUMMY_URL

        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
            errMsg += "Use -h for basic and -hh for advanced help\n"
            parser.error(errMsg)

        return args

    except (OptionError, TypeError) as ex:
        parser.error(ex)

    except SystemExit:
        # Protection against Windows dummy double clicking
        if IS_WIN:
            dataToStdout("\nPress Enter to continue...")
            raw_input()
        raise

    debugMsg = "parsing command line"
    logger.debug(debugMsg)