https://github.com/sqlmapproject/sqlmap/wiki/usage#output-prediction
…
On Sun, Aug 31, 2025, 19:15 @.*** @.> wrote: SQLMap Dictionary Similarity Feature Feature Description This feature adds intelligent dictionary matching capability to sqlmap's blind injection. When the partially inferred string during blind injection has high similarity with common database/table names in the dictionary, it will directly test the complete dictionary item, greatly saving blind injection time. How It Works 1. Similarity Check: During blind injection, when at least 3 characters are inferred, it checks similarity with dictionary items 2. Threshold Judgment: If similarity exceeds 0.8 (configurable), it attempts to test the complete dictionary item 3. Fast Matching: If the test succeeds, it directly returns the complete result, skipping remaining character inference Usage 1. Dictionary Files The feature automatically selects the appropriate dictionary based on the query type: - Tables/Databases: Uses data/txt/common-tables.txt for table and database name inference - Columns: Uses data/txt/common-columns.txt for column name inference These files already contain common database, table, and column names. You can add more entries to these files if needed. 2. Normal sqlmap Usage The feature is automatically enabled without additional parameters. When blind injection encounters content similar to dictionary items, it will display information like: [INFO] checking tables dictionary similarity for 'info' (similarity: 0.90) [INFO] Tables dictionary match successful: 'information_schema' [INFO] checking columns dictionary similarity for 'user' (similarity: 0.85) [INFO] Columns dictionary match successful: 'username' Configuration Options Similarity Threshold You can modify the similarity threshold in lib/techniques/blind/inference.py: # Similarity threshold for dictionary matchingSIMILARITY_THRESHOLD = 0.8 # Can be adjusted between 0.7-0.9 Minimum Character Count By default, similarity check is only performed when at least 3 characters are inferred. You can modify this in the code: if len(partialValue) >= 3: # Can be adjusted between 2-5 Advantages 1. Significant Time Savings: For common database/table names, can save over 90% of blind injection time 2. Intelligent Matching: Uses sequence matching algorithm to handle partial and similar matches 3. Prefix Priority: Gives higher weight to prefix matches, improving accuracy 4. Backward Compatibility: Does not affect existing blind injection functionality, only adds optimization Example Scenarios Scenario 1: Inferring Database Name - Blind injection inference: info -> information_schema - Time saved: Reduced from 15 character inferences to 4 character inferences Scenario 2: Inferring Table Name - Blind injection inference: user -> users - Time saved: Reduced from 5 character inferences to 4 character inferences Scenario 3: Inferring Admin Table - Blind injection inference: adm -> admin - Time saved: Reduced from 5 character inferences to 3 character inferences Scenario 4: Inferring Column Names - Blind injection inference: user -> username - Time saved: Reduced from 8 character inferences to 4 character inferences Notes 1. Dictionary Quality: The quality of the dictionary file directly affects matching effectiveness 2. False Matches: If the dictionary contains irrelevant items, it may cause false matches 3. Performance Impact: Similarity checking brings minimal performance overhead, but the time saved is worth it Troubleshooting Dictionary File Not Found Ensure data/txt/common-tables.txt and data/txt/common-columns.txt files exist and are readable Similarity Check Not Working Check if there are "checking dictionary similarity" messages in the logs Match Failure Try lowering the similarity threshold or adding more relevant items to the appropriate dictionary file Technical Implementation - Similarity Algorithm: Uses Python's difflib.SequenceMatcher - Integration Location: lib/techniques/blind/inference.py - Supported Modes: Single-threaded and multi-threaded blind injection - Caching Mechanism: Dictionary content is cached for performance ------------------------------ You can view, comment on, or merge this pull request online at: #5953 Commit Summary - bb1120d <bb1120d> Update inference.py File Changes (1 file https://github.com/sqlmapproject/sqlmap/pull/5953/files) - M lib/techniques/blind/inference.py https://github.com/sqlmapproject/sqlmap/pull/5953/files#diff-3cb530f971e849ea54d25211720d753f4f8c769d58100cbd7c90f980b9ae87a1 (193) Patch Links: - https://github.com/sqlmapproject/sqlmap/pull/5953.patch - https://github.com/sqlmapproject/sqlmap/pull/5953.diff — Reply to this email directly, view it on GitHub <#5953>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHA7U5EW2YNBL6WZXGYLRD3QMUUZAVCNFSM6AAAAACFIOEK3WVHI2DSMVQWIX3LMV43ASLTON2WKOZTGM3TANJQGY3TCNI . You are receiving this because you are subscribed to this thread.Message ID: @.>

The --predict-output parameter allows only 1 thread, and there is no similarity match, only prefix matching.

我对这一切并不完全相信。基于 3 个字符（如果有） 0.8 相似度你猜测。由于缓存负载，这很容易出现 fubar 错过。我认为这在现实场景中不可用。您只需发送 大量的等额检查请求引发了大量的失误。比如，如果有的话 “使用”你只会发送“用户”，希望另一个人有一个用户 结束
…
On Mon, Sep 1, 2025, 13:56 @.*** @.> wrote: kn1g78 left a comment (sqlmapproject/sqlmap#5953) <#5953 (comment)> https://github.com/sqlmapproject/sqlmap/wiki/usage#output-prediction … <#m_-3157782063329569616_> On Sun, Aug 31, 2025, 19:15 @. @.> wrote: SQLMap Dictionary Similarity Feature Feature Description This feature adds intelligent dictionary matching capability to sqlmap's blind injection. When the partially inferred string during blind injection has high similarity with common database/table names in the dictionary, it will directly test the complete dictionary item, greatly saving blind injection time. How It Works 1. Similarity Check: During blind injection, when at least 3 characters are inferred, it checks similarity with dictionary items 2. Threshold Judgment: If similarity exceeds 0.8 (configurable), it attempts to test the complete dictionary item 3. Fast Matching: If the test succeeds, it directly returns the complete result, skipping remaining character inference Usage 1. Dictionary Files The feature automatically selects the appropriate dictionary based on the query type: - Tables/Databases: Uses data/txt/common-tables.txt for table and database name inference - Columns: Uses data/txt/common-columns.txt for column name inference These files already contain common database, table, and column names. You can add more entries to these files if needed. 2. Normal sqlmap Usage The feature is automatically enabled without additional parameters. When blind injection encounters content similar to dictionary items, it will display information like: [INFO] checking tables dictionary similarity for 'info' (similarity: 0.90) [INFO] Tables dictionary match successful: 'information_schema' [INFO] checking columns dictionary similarity for 'user' (similarity: 0.85) [INFO] Columns dictionary match successful: 'username' Configuration Options Similarity Threshold You can modify the similarity threshold in lib/techniques/blind/inference.py: # Similarity threshold for dictionary matchingSIMILARITY_THRESHOLD = 0.8 # Can be adjusted between 0.7-0.9 Minimum Character Count By default, similarity check is only performed when at least 3 characters are inferred. You can modify this in the code: if len(partialValue) >= 3: # Can be adjusted between 2-5 Advantages 1. Significant Time Savings: For common database/table names, can save over 90% of blind injection time 2. Intelligent Matching: Uses sequence matching algorithm to handle partial and similar matches 3. Prefix Priority: Gives higher weight to prefix matches, improving accuracy 4. Backward Compatibility: Does not affect existing blind injection functionality, only adds optimization Example Scenarios Scenario 1: Inferring Database Name - Blind injection inference: info -> information_schema - Time saved: Reduced from 15 character inferences to 4 character inferences Scenario 2: Inferring Table Name - Blind injection inference: user -> users - Time saved: Reduced from 5 character inferences to 4 character inferences Scenario 3: Inferring Admin Table - Blind injection inference: adm -> admin - Time saved: Reduced from 5 character inferences to 3 character inferences Scenario 4: Inferring Column Names - Blind injection inference: user -> username - Time saved: Reduced from 8 character inferences to 4 character inferences Notes 1. Dictionary Quality: The quality of the dictionary file directly affects matching effectiveness 2. False Matches: If the dictionary contains irrelevant items, it may cause false matches 3. Performance Impact: Similarity checking brings minimal performance overhead, but the time saved is worth it Troubleshooting Dictionary File Not Found Ensure data/txt/common-tables.txt and data/txt/common-columns.txt files exist and are readable Similarity Check Not Working Check if there are "checking dictionary similarity" messages in the logs Match Failure Try lowering the similarity threshold or adding more relevant items to the appropriate dictionary file Technical Implementation - Similarity Algorithm: Uses Python's difflib.SequenceMatcher - Integration Location: lib/techniques/blind/inference.py - Supported Modes: Single-threaded and multi-threaded blind injection - Caching Mechanism: Dictionary content is cached for performance ------------------------------ You can view, comment on, or merge this pull request online at: #5953 <#5953> Commit Summary - bb1120d <bb1120d> <bb1120d <bb1120d>> Update inference.py File Changes (1 file https://github.com/sqlmapproject/sqlmap/pull/5953/files https://github.com/sqlmapproject/sqlmap/pull/5953/files) - M lib/techniques/blind/inference.py https://github.com/sqlmapproject/sqlmap/pull/5953/files#diff-3cb530f971e849ea54d25211720d753f4f8c769d58100cbd7c90f980b9ae87a1 https://github.com/sqlmapproject/sqlmap/pull/5953/files#diff-3cb530f971e849ea54d25211720d753f4f8c769d58100cbd7c90f980b9ae87a1 (193) Patch Links: - https://github.com/sqlmapproject/sqlmap/pull/5953.patch https://github.com/sqlmapproject/sqlmap/pull/5953.patch - https://github.com/sqlmapproject/sqlmap/pull/5953.diff https://github.com/sqlmapproject/sqlmap/pull/5953.diff — Reply to this email directly, view it on GitHub <#5953 <#5953>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHA7U5EW2YNBL6WZXGYLRD3QMUUZAVCNFSM6AAAAACFIOEK3WVHI2DSMVQWIX3LMV43ASLTON2WKOZTGM3TANJQGY3TCNI https://github.com/notifications/unsubscribe-auth/AAHA7U5EW2YNBL6WZXGYLRD3QMUUZAVCNFSM6AAAAACFIOEK3WVHI2DSMVQWIX3LMV43ASLTON2WKOZTGM3TANJQGY3TCNI . You are receiving this because you are subscribed to this thread.Message ID: @.> The --predict-output parameter allows only 1 thread, and there is no similarity match, only prefix matching. — Reply to this email directly, view it on GitHub <#5953 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHA7U2YL3TWDRND57LQ23D3QQYALAVCNFSM6AAAAACFIOEK3WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTENBSGA4DKNBTHA . You are receiving this because you commented.Message ID: @.***>

u r right.