Using verbose twice will output requests and responses to allow debug issues with the tool -output allows us to specify an output file for the results. Using verbose once will output preliminary results - allowing you to see that its working. By default the tool doesn't output anything until it has completely enumerated an entry, which can lead to wondering whether it is actually doing anything. Setting this too high has a tendency to max the CPU on your machine, and have bad effects on the machine you're testing -time forces the tool to use time based testing instead of error based testing -verbose turns on verbose output. This defaults to 5, however this should be reduced if you are getting unreliable results (especially when doing time based testing). This is needed because the tool defaults to SQL Server, and won't intelligently detect that Oracle is in use -threads specifies how many worker threads the tool will use to send requests. The header name and value need to be supplied as a single argument of the form header::value Other options modify the default behaviour of the tool: -server forces the tool to use Oracle or SQL Server exploit techniques. Takes a string containing all the cookies as an argument -header allows you to specify arbitrary HTTP headers to include in the request (e.g.
Takes a string containing all the data as an argument -cookie allows you to specify the cookies to be supplied.
sqlbrute.py options url -data allows you to specify POST data for a form post.
0 kommentar(er)
