Develop-Python
diff --git a/‎doc/FAQ.html‎
Lines changed: 246 additions & 0 deletions b/‎doc/FAQ.html‎
Lines changed: 246 additions & 0 deletions
diff --git a/‎doc/FAQ.pdf‎
148 KB b/‎doc/FAQ.pdf‎
148 KB
diff --git a/‎doc/FAQ.sgml‎
Lines changed: 4 additions & 4 deletions b/‎doc/FAQ.sgml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎doc/README.html‎
Lines changed: 12 additions & 12 deletions b/‎doc/README.html‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎doc/README.pdf‎
-80 Bytes b/‎doc/README.pdf‎
-80 Bytes
@@ -0,0 +1,246 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
+ <TITLE>sqlmap - Frequently Asked Questions</TITLE>
+</HEAD>
+<BODY>
+<H1>sqlmap - Frequently Asked Questions</H1>
+
+<H2>by 
+<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>,
+<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>
+<HR>
+<EM>This document contains frequently asked questions for 
+<A HREF="http://www.sqlmap.org">sqlmap</A>.</EM>
+<HR>
+<P>
+<H2><A NAME="toc1">1.</A> <A HREF="FAQ.html#s1">Frequently Asked Questions</A></H2>
+
+<UL>
+<LI><A NAME="toc1.1">1.1</A> <A HREF="FAQ.html#ss1.1">What is sqlmap?</A>
+<LI><A NAME="toc1.2">1.2</A> <A HREF="FAQ.html#ss1.2">How do I execute sqlmap?</A>
+<LI><A NAME="toc1.3">1.3</A> <A HREF="FAQ.html#ss1.3">Can I integrate sqlmap with a security tool I am developing?</A>
+<LI><A NAME="toc1.4">1.4</A> <A HREF="FAQ.html#ss1.4">How can I integrate sqlmap with my own tool?</A>
+<LI><A NAME="toc1.5">1.5</A> <A HREF="FAQ.html#ss1.5">Will you support other database management systems?</A>
+<LI><A NAME="toc1.6">1.6</A> <A HREF="FAQ.html#ss1.6">How can I occasionally contribute?</A>
+<LI><A NAME="toc1.7">1.7</A> <A HREF="FAQ.html#ss1.7">Can I actively contribute in the long-term development?</A>
+<LI><A NAME="toc1.8">1.8</A> <A HREF="FAQ.html#ss1.8">How can I support the development?</A>
+<LI><A NAME="toc1.9">1.9</A> <A HREF="FAQ.html#ss1.9">Can you hack a site for me?</A>
+<LI><A NAME="toc1.10">1.10</A> <A HREF="FAQ.html#ss1.10">When sqlmap will switch to the Python 3?</A>
+<LI><A NAME="toc1.11">1.11</A> <A HREF="FAQ.html#ss1.11">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
+<LI><A NAME="toc1.12">1.12</A> <A HREF="FAQ.html#ss1.12">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
+<LI><A NAME="toc1.13">1.13</A> <A HREF="FAQ.html#ss1.13">Why is sqlmap not able to get password hashes in some cases?</A>
+<LI><A NAME="toc1.14">1.14</A> <A HREF="FAQ.html#ss1.14">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
+<LI><A NAME="toc1.15">1.15</A> <A HREF="FAQ.html#ss1.15">sqlmap is retrieving weird characters for even simplest data (e.g. <CODE>--banner</CODE>)?</A>
+<LI><A NAME="toc1.16">1.16</A> <A HREF="FAQ.html#ss1.16">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
+<LI><A NAME="toc1.17">1.17</A> <A HREF="FAQ.html#ss1.17">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
+<LI><A NAME="toc1.18">1.18</A> <A HREF="FAQ.html#ss1.18">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
+<LI><A NAME="toc1.19">1.19</A> <A HREF="FAQ.html#ss1.19">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
+</UL>
+
+<HR>
+<H2><A NAME="s1">1.</A> <A HREF="#toc1">Frequently Asked Questions</A></H2>
+
+<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">What is sqlmap?</A>
+</H2>
+
+<P>sqlmap is an open source penetration testing tool that automates the
+process of detecting and exploiting SQL injection flaws and taking over
+of database servers. It comes with a powerful detection engine, many niche
+features for the ultimate penetration tester and a broad range of switches
+lasting from database fingerprinting, over data fetching from the
+database, to accessing the underlying file system and executing commands
+on the operating system via out-of-band connections.</P>
+
+<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">How do I execute sqlmap?</A>
+</H2>
+
+<P>If you are running on a Unix/Linux system type the following command
+from a terminal:
+<BLOCKQUOTE><CODE>
+<PRE>
+python sqlmap.py -h
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+<P>If you are running on a Windows system type the following command
+from a terminal:
+<BLOCKQUOTE><CODE>
+<PRE>
+C:\Python26\python.exe sqlmap.py -h
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+<P>Where <CODE>C:\Python26</CODE> is the path where you installed 
+<A HREF="http://www.python.org">Python</A> <B>>= 2.6</B>.</P>
+
+<H2><A NAME="ss1.3">1.3</A> <A HREF="#toc1.3">Can I integrate sqlmap with a security tool I am developing?</A>
+</H2>
+
+<P>Yes. sqlmap is released under the terms of the GPLv2, which means that any
+derivative work must be distributed without further restrictions on the
+rights granted by the GPL itself. If this constitutes a problem, feel free
+to contact us so we can find a solution.</P>
+
+<H2><A NAME="ss1.4">1.4</A> <A HREF="#toc1.4">How can I integrate sqlmap with my own tool?</A>
+</H2>
+
+<P>TODO</P>
+
+<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">Will you support other database management systems?</A>
+</H2>
+
+<P>Yes. There are plans to support also IBM DB2, Informix and Ingres at some
+point.</P>
+
+<H2><A NAME="ss1.6">1.6</A> <A HREF="#toc1.6">How can I occasionally contribute?</A>
+</H2>
+
+<P>All help is greatly appreciated. First of all download the tool, make sure
+you are running the latest development version from the Subversion
+repository, read the user's manual carefully, have fun with it during your
+penetration tests.
+If you find bugs or have ideas for possible improvements, feel free to
+<A HREF="http://www.sqlmap.org/#ml">get in touch on the mailing list</A>. Many people have 
+<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS">contributed</A> in different ways to the sqlmap development.
+<B>You</B> can be the next!</P>
+
+<H2><A NAME="ss1.7">1.7</A> <A HREF="#toc1.7">Can I actively contribute in the long-term development?</A>
+</H2>
+
+<P>Yes, we are looking for people who can write some clean Python code, are
+up to do security research, know about web application security, database
+assessment and takeover, software refactoring and are motivated to join
+the development team.
+If this sounds interesting to you, 
+<A HREF="http://www.sqlmap.org/#developers">get in touch</A>!</P>
+
+<H2><A NAME="ss1.8">1.8</A> <A HREF="#toc1.8">How can I support the development?</A>
+</H2>
+
+<P>If you think that sqlmap is a great tool, it really played well during
+your penetration tests, or you simply like it, you, or your boss, can
+<A HREF="http://www.sqlmap.org/#donate">donate some money</A> to the developers via PayPal.</P>
+
+<H2><A NAME="ss1.9">1.9</A> <A HREF="#toc1.9">Can you hack a site for me?</A>
+</H2>
+
+<P><B>No</B>.</P>
+
+<H2><A NAME="ss1.10">1.10</A> <A HREF="#toc1.10">When sqlmap will switch to the Python 3?</A>
+</H2>
+
+<P>Currently there is no huge pressure on Python projects to switch to the new
+version of Python interpreter, as the process of switching, especially on
+larger projects can be cumbersome (due to the few backward incompatibilities).
+The switch will take place eventually, but currently it's a very low priority task.</P>
+
+<H2><A NAME="ss1.11">1.11</A> <A HREF="#toc1.11">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
+</H2>
+
+<P>sqlmap needs to properly decode page content to be able to properly 
+detect and deal with internationalized characters. In some cases web developers
+are doing mistakes when declaring used web page charset (e.g. <CODE>iso_8859</CODE> instead 
+of standardized name <CODE>iso-8859</CODE>), which can cause problems. As a failsafe mechanism
+we've incorporated heuristic detection engine
+<A HREF="http://chardet.feedparser.org/">chardet</A>, 
+so in most cases sqlmap will deal with this kind of problems automatically.
+Nevertheless, you are strongly advised to report us back those typographic "mistakes" 
+so we could handle them manually inside the code.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/737">#1</A>
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1232">#2</A>
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1239">#3</A></P>
+
+<H2><A NAME="ss1.12">1.12</A> <A HREF="#toc1.12">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
+</H2>
+
+<P>Just put * to the place where sqlmap should check for injections in URI 
+itself. In example: <CODE>./sqlmap.py -u "www.site.com/id1/1*/id2/2"</CODE> sqlmap 
+will try to inject the payloads just at that place marked with * character.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/731">#1</A>
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/728">#2</A>
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1258">#3</A></P>
+
+<H2><A NAME="ss1.13">1.13</A> <A HREF="#toc1.13">Why is sqlmap not able to get password hashes in some cases?</A>
+</H2>
+
+<P>You most probably don't have enough permissions for querying on a system 
+table containing password hashes.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/714">#1</A></P>
+
+<H2><A NAME="ss1.14">1.14</A> <A HREF="#toc1.14">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
+</H2>
+
+<P>Switch <CODE>-</CODE><CODE>-text-only</CODE> is used for removing non-textual data (tags, 
+javascripts, styles,...) from the retrieved page content to further 
+improve detection capabilities.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/699">#1</A></P>
+
+<H2><A NAME="ss1.15">1.15</A> <A HREF="#toc1.15">sqlmap is retrieving weird characters for even simplest data (e.g. <CODE>--banner</CODE>)?</A>
+</H2>
+
+<P>If everything you retrieve from the target is garbled, then you are 
+most probably dealing with false positive blind injection. Please 
+report the problem to the 
+<A HREF="mailto:dev@sqlmap.org">developers</A>.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/686">#1</A>
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1181">#2</A></P>
+
+<H2><A NAME="ss1.16">1.16</A> <A HREF="#toc1.16">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
+</H2>
+
+<P>There are few IDSes that filter out all sqlmap requests based on default 
+User-Agent HTTP header used (e.g. <CODE>"User-agent: sqlmap/1.0-dev"</CODE>). To prevent this
+kind of situations you are advised to use switch <CODE>-</CODE><CODE>-random-agent</CODE>.
+If you are getting those kind of messages for all targets then you
+most probably need to properly set up your proxy settings (switches <CODE>-</CODE><CODE>-proxy</CODE>
+and/or <CODE>-</CODE><CODE>-ignore-proxy</CODE>)</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1241">#1</A></P>
+
+<H2><A NAME="ss1.17">1.17</A> <A HREF="#toc1.17">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
+and/or <CODE>-</CODE><CODE>-sql-shell</CODE>?</H2>
+
+<P>It is possible to use those commands, but only if the stacked injection is supported
+by the vulnerable target.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1237">#1</A></P>
+
+<H2><A NAME="ss1.18">1.18</A> <A HREF="#toc1.18">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
+</H2>
+
+<P>You are most probably using outdated version of Python. sqlmap is generally
+supported by Python versions in range 2.5, 2.6 and 2.7, while you are strongly
+advised to use versions 2.6 and 2.7.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1231">#1</A></P>
+
+<H2><A NAME="ss1.19">1.19</A> <A HREF="#toc1.19">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
+</H2>
+
+<P>Currently there are only two of us working on a pure good will and donating our 
+free time to the community. If you are not willing to help us achive better tool
+you are strongly advised to buy those commercial tool(s) and just 
+forget about the sqlmap.</P>
+
+<P>Question(s):
+<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/970">#1</A></P>
+
+</BODY>
+</HTML>
@@ -7,7 +7,7 @@
 <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
 <abstract>
 This document contains frequently asked questions for <htmlurl
-url="http://sqlmap.sourceforge.net" name="sqlmap">.
+url="http://www.sqlmap.org" name="sqlmap">.
 </abstract>
 
 <toc>
@@ -72,7 +72,7 @@ you are running the latest development version from the Subversion
 repository, read the user's manual carefully, have fun with it during your
 penetration tests.
 If you find bugs or have ideas for possible improvements, feel free to
-<htmlurl url="http://sqlmap.sourceforge.net/#ml" name="get in touch on the
+<htmlurl url="http://www.sqlmap.org/#ml" name="get in touch on the
 mailing list">. Many people have <htmlurl
 url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS"
 name="contributed"> in different ways to the sqlmap development.
@@ -86,14 +86,14 @@ up to do security research, know about web application security, database
 assessment and takeover, software refactoring and are motivated to join
 the development team.
 If this sounds interesting to you, <htmlurl
-url="http://sqlmap.sourceforge.net/#developers" name="get in touch">!
+url="http://www.sqlmap.org/#developers" name="get in touch">!
 
 <sect1>How can I support the development?
 
 <p>
 If you think that sqlmap is a great tool, it really played well during
 your penetration tests, or you simply like it, you, or your boss, can
-<htmlurl url="http://sqlmap.sourceforge.net/#donate" name="donate
+<htmlurl url="http://www.sqlmap.org/#donate" name="donate
 some money"> to the developers via PayPal.
 
 <sect1>Can you hack a site for me?
 
@@ -12,7 +12,7 @@ <H2>by
 <A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
 <HR>
 <EM>This document is the user's manual to use 
-<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
+<A HREF="http://www.sqlmap.org">sqlmap</A>.</EM>
 <HR>
 <P>
 <H2><A NAME="toc1">1.</A> <A HREF="README.html#s1">Introduction</A></H2>
@@ -123,7 +123,7 @@ <H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">Requirements</A>
 <LI>Microsoft SQL Server: 
 <A HREF="http://pymssql.sourceforge.net/">python-pymssql</A>.</LI>
 <LI>MySQL: 
-<A HREF="http://mysql-python.sourceforge.net/">python-mysqldb</A>.</LI>
+<A HREF="http://code.google.com/p/pymysql/">python pymysql</A>.</LI>
 <LI>Oracle: 
 <A HREF="http://cx-oracle.sourceforge.net/">python cx_Oracle</A>.</LI>
 <LI>PostgreSQL: 
@@ -562,7 +562,7 @@ <H2><A NAME="ss3.1">3.1</A> <A HREF="#toc3.1">2011</A>
 <P>
 <UL>
 <LI><B>April 10</B>, 
-<A HREF="http://sqlmap.sourceforge.net/#developers">Bernardo and Miroslav</A> release sqlmap
+<A HREF="http://www.sqlmap.org/#developers">Bernardo and Miroslav</A> release sqlmap
 <B>0.9</B> featuring a totally rewritten and powerful SQL injection
 detection engine, the possibility to connect directly to a database
 server, support for time-based blind SQL injection and error-based SQL
@@ -576,15 +576,15 @@ <H2><A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">2010</A>
 <P>
 <UL>
 <LI><B>December</B>, 
-<A HREF="http://sqlmap.sourceforge.net/#developers">Bernardo and Miroslav</A> have enhanced sqlmap a
+<A HREF="http://www.sqlmap.org/#developers">Bernardo and Miroslav</A> have enhanced sqlmap a
 lot during the whole year and prepare to release sqlmap <B>0.9</B>
 within the first quarter of 2011.</LI>
 <LI><B>June 3</B>, Bernardo 
 <A HREF="http://www.slideshare.net/inquis/ath-con-2010bernardodamelegotdbownnet">presents</A>
 a talk titled <EM>Got database access? Own the network!</EM> at AthCon
 2010 in Athens (Greece).</LI>
 <LI><B>March 14</B>, 
-<A HREF="http://sqlmap.sourceforge.net/#developers">Bernardo and Miroslav</A> release stable version of 
+<A HREF="http://www.sqlmap.org/#developers">Bernardo and Miroslav</A> release stable version of 
 sqlmap <B>0.8</B> featuring many features. Amongst these, support to
 enumerate and dump all databases' tables containing user provided
 column(s), stabilization and enhancements to the takeover functionalities,
@@ -616,7 +616,7 @@ <H2><A NAME="ss3.3">3.3</A> <A HREF="#toc3.3">2009</A>
 </LI>
 <LI><B>December 4</B>, sqlmap-devel mailing list has been merged into
 sqlmap-users 
-<A HREF="http://sqlmap.sourceforge.net/#ml">mailing list</A>.
+<A HREF="http://www.sqlmap.org/#ml">mailing list</A>.
 </LI>
 <LI><B>November 20</B>, Bernardo and Guido present again their
 research on stealth database server takeover at CONfidence 2009 in Warsaw,
@@ -739,7 +739,7 @@ <H2><A NAME="ss3.4">3.4</A> <A HREF="#toc3.4">2008</A>
 new installation packages for Debian, Red Hat, Windows and much more.
 </LI>
 <LI><B>August</B>, two public 
-<A HREF="http://sqlmap.sourceforge.net/#ml">mailing lists</A> are created on SourceForge.
+<A HREF="http://www.sqlmap.org/#ml">mailing lists</A> are created on SourceForge.
 </LI>
 <LI><B>January</B>, sqlmap subversion development repository is moved
 away from SourceForge and goes private for a while.</LI>
@@ -848,7 +848,7 @@ <H2><A NAME="s4">4.</A> <A HREF="#toc4">Download and update</A></H2>
 </P>
 
 <P>This is strongly recommended <B>before</B> reporting any bug to the 
-<A HREF="http://sqlmap.sourceforge.net/#ml">mailing list</A>.</P>
+<A HREF="http://www.sqlmap.org/#ml">mailing list</A>.</P>
 
 
 <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
@@ -859,7 +859,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
 $ python sqlmap.py -h
 
     sqlmap/1.0 - automatic SQL injection and database takeover tool
-    http://sqlmap.sourceforge.net
+    http://www.sqlmap.org
 
 Usage: python sqlmap.py [options]
 
@@ -1229,7 +1229,7 @@ <H3>HTTP <CODE>User-Agent</CODE> header</H3>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
-sqlmap/0.9 (http://sqlmap.sourceforge.net)
+sqlmap/0.9 (http://www.sqlmap.org)
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
@@ -3032,7 +3032,7 @@ <H3>Update sqlmap</H3>
 clicking on <CODE>Update</CODE>.</P>
 
 <P>This is strongly recommended <B>before</B> reporting any bug to the
-<A HREF="http://sqlmap.sourceforge.net/#ml">mailing lists</A>.</P>
+<A HREF="http://www.sqlmap.org/#ml">mailing lists</A>.</P>
 
 
 <H3>Save options in a configuration INI file</H3>
@@ -3177,7 +3177,7 @@ <H2><A NAME="s6">6.</A> <A HREF="#toc6">License and copyright</A></H2>
 <P>sqlmap is released under the terms of the
 <A HREF="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">General Public License v2</A>.
 sqlmap is copyrighted by its 
-<A HREF="http://sqlmap.sourceforge.net/#developers">developers</A>.</P>
+<A HREF="http://www.sqlmap.org/#developers">developers</A>.</P>
 
 
 <H2><A NAME="s7">7.</A> <A HREF="#toc7">Disclaimer</A></H2>