例如对一个受到ModSecurity WAF保护的MySQL例子:
$ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" --identify-waf -v 3 [...] [xx:xx:23] [INFO] testing connection to the target URL [xx:xx:23] [INFO] heuristics detected web page charset 'ascii' [xx:xx:23] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'USP Secure Entry Server (United Security Providers)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'BinarySEC Web Application Firewall (BinarySEC)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Hyperguard Web Application Firewall (art of defence Inc.)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Cisco ACE XML Gateway (Cisco Systems)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'TrafficShield (F5 Networks)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'KONA Security Solutions (Akamai Technologies)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Incapsula Web Application Firewall (Incapsula/Imperva)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'CloudFlare Web Application Firewall (CloudFlare)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Barracuda Web Application Firewall (Barracuda Networks)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'webApp.secure (webScurity)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Proventia Web Application Security (IBM)' [xx:xx:23] [DEBUG] declared web page charset 'iso-8859-1' [xx:xx:23] [DEBUG] page not found (404) [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'KS-WAF (Knownsec)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'NetScaler (Citrix Systems)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'Jiasule Web Application Firewall (Jiasule)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'WebKnight Application Firewall (AQTRONIX)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'AppWall (Radware)' [xx:xx:23] [DEBUG] checking for WAF/IDS/IPS product 'ModSecurity: Open Source Web Application Firewall (Trustwave)' [xx:xx:23] [CRITICAL] WAF/IDS/IPS identified 'ModSecurity: Open Source Web Application Firewall (Trustwave)'. Please consider usage of tamper scripts (option '--tamper') [...]模仿智能手机
参数:–mobile
有时服务端只接收移动端的访问,此时可以设定一个手机的User-Agent来模仿手机登陆。
例如:
$ python sqlmap.py -u "http://www.target.com/vuln.php?id=1" --mobile [...] which smartphone do you want sqlmap to imitate through HTTP User-Agent header? [1] Apple iPhone 4s (default) [2] BlackBerry 9900 [3] Google Nexus 7 [4] HP iPAQ 6365 [5] HTC Sensation [6] Nokia N97 [7] Samsung Galaxy S \> 1 [...]安全的删除output目录的文件
参数:–purge-output
有时需要删除结果文件,而不被恢复,可以使用此参数,原有文件将会被随机的一些文件覆盖。
例如:
$ python sqlmap.py --purge-output -v 3 [...] [xx:xx:55] [INFO] purging content of directory '/home/user/sqlmap/output'... [xx:xx:55] [DEBUG] changing file attributes [xx:xx:55] [DEBUG] writing random data to files [xx:xx:55] [DEBUG] truncating files [xx:xx:55] [DEBUG] renaming filenames to random values [xx:xx:55] [DEBUG] renaming directory names to random values [xx:xx:55] [DEBUG] deleting the whole directory tree [...]启发式判断注入
参数:–smart
有时对目标非常多的URL进行测试,为节省时间,只对能够快速判断为注入的报错点进行注入,可以使用此参数。