@@ -1578,7 +1578,16 @@ connection timeouts. By default it retries up to three times.
15781578
15791579<p>
15801580Option: <tt>-</tt><tt>-scope</tt>
1581- #TODO
1581+
1582+ <p>
1583+ Rather than using all hosts parsed from provided logs with option
1584+ <tt>-l</tt>, in combination with this option you can specify valid
1585+ python regular expression to be used for filtering desired ones.
1586+
1587+ Example usage:
1588+
1589+ <tscreen><verb>
1590+ $ python sqlmap.py -l /tmp/webscarab.log/conversations/ --scope="(www)?\.target\.(com|net|org)"
15821591
15831592
15841593<sect1>Injection
@@ -1588,6 +1597,7 @@ These options can be used to specify which parameters to test for, provide
15881597custom injection payloads and how to parse and compare HTTP responses page
15891598content when using the blind SQL injection technique.
15901599
1600+
15911601<sect2>Testable parameter(s)
15921602
15931603<p>
@@ -5358,11 +5368,11 @@ back-end DBMS: Microsoft SQL Server 2000
53585368[hh:mm:57] [INFO] fetching number of database users
53595369[hh:mm:57] [INFO] retrieved: 3
53605370[hh:mm:57] [INFO] retrieved the length of query output: 22
5361- 100% [====================================================] 22/22
5371+ 100% [====================================================] 22/22
53625372[hh:mm:58] [INFO] retrieved the length of query output: 2
5363- 100% [====================================================] 2/2
5373+ 100% [====================================================] 2/2
53645374[hh:mm:59] [INFO] retrieved the length of query output: 25
5365- 100% [====================================================] 25/25
5375+ 100% [====================================================] 25/25
53665376[hh:mm:00] [DEBUG] performed 181 queries in 1 seconds
53675377database management system users [3]:
53685378[*] BUILTIN\Administrators
@@ -5380,7 +5390,42 @@ counts the number of retrieved query output characters.
53805390
53815391<p>
53825392Option: <tt>-</tt><tt>-gpage</tt>
5383- #TODO
5393+
5394+ <p>
5395+ Default sqlmap behavior with option <tt>-g</tt> is to do a google
5396+ search and use resulting urls from first (100) result page for further
5397+ sql injection testing. In combination with this option you can specify
5398+ some other page other than the first one for retrieving target urls.
5399+
5400+ <p>
5401+ Example of Google dorking with expression <tt>login ext:php</tt>
5402+ and resulting page set to 3:
5403+
5404+ <tscreen><verb>
5405+ $ python sqlmap.py -g "login ext:php" --gpage=3 -v 1
5406+
5407+ [14:11:12] [INFO] first request to Google to get the session cookie
5408+ [14:11:12] [INFO] using search result page #3
5409+ [14:11:12] [INFO] sqlmap got 100 results for your Google dork expression, 5 of them are testable targets
5410+ [14:11:12] [INFO] sqlmap got a total of 5 targets
5411+ url 1:
5412+ GET http://myjobstreet-beta.jobstreet.com/home/login.php?site=in
5413+ do you want to test this url? [Y/n/q]
5414+ >
5415+ [14:11:14] [INFO] testing url http://myjobstreet-beta.jobstreet.com/home/login.php?site=in
5416+ [14:11:14] [INFO] using '/home/stamparm/Work/sqlmap/sqlmap/output/None/session' as session file
5417+ [14:11:14] [INFO] testing connection to the target url
5418+ [14:11:15] [INFO] testing if the url is stable, wait a few seconds
5419+ [14:11:19] [INFO] url is stable
5420+ [14:11:19] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
5421+ [14:11:21] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
5422+ [14:11:21] [INFO] testing if Cookie parameter 'REFERP' is dynamic
5423+ [14:11:22] [WARNING] Cookie parameter 'REFERP' is not dynamic
5424+ [14:11:22] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
5425+ [14:11:24] [INFO] confirming that Cookie parameter 'PHPSESSID' is dynamic
5426+ [14:11:27] [INFO] Cookie parameter 'PHPSESSID' is dynamic
5427+ [...]
5428+ </verb></tscreen>
53845429
53855430
53865431<sect2>Update <tt>sqlmap</tt>
0 commit comments