sqlmap tamper脚本
本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>>
目前已经总共有50+的脚本,故对源文章进行更新...
sqlmap-master ls -l ./tamper | cat -n
total
-rwxr-xr-x@ starnight staff : __init__.py
-rwxr-xr-x@ starnight staff : apostrophemask.py
-rwxr-xr-x@ starnight staff : apostrophenullencode.py
-rwxr-xr-x@ starnight staff : appendnullbyte.py
-rwxr-xr-x@ starnight staff : base64encode.py
-rwxr-xr-x@ starnight staff : between.py
-rwxr-xr-x@ starnight staff : bluecoat.py
-rwxr-xr-x@ starnight staff : chardoubleencode.py
-rwxr-xr-x@ starnight staff : charencode.py
-rwxr-xr-x@ starnight staff : charunicodeencode.py
-rwxr-xr-x@ starnight staff : commalesslimit.py
-rwxr-xr-x@ starnight staff : commalessmid.py
-rwxr-xr-x@ starnight staff : concat2concatws.py
-rwxr-xr-x@ starnight staff : equaltolike.py
-rwxr-xr-x@ starnight staff : escapequotes.py
-rwxr-xr-x@ starnight staff : greatest.py
-rwxr-xr-x@ starnight staff : halfversionedmorekeywords.py
-rwxr-xr-x@ starnight staff : htmlencode.py
-rwxr-xr-x@ starnight staff : ifnull2ifisnull.py
-rwxr-xr-x@ starnight staff : informationschemacomment.py
-rwxr-xr-x@ starnight staff : lowercase.py
-rwxr-xr-x@ starnight staff : modsecurityversioned.py
-rwxr-xr-x@ starnight staff : modsecurityzeroversioned.py
-rwxr-xr-x@ starnight staff : multiplespaces.py
-rwxr-xr-x@ starnight staff : nonrecursivereplacement.py
-rwxr-xr-x@ starnight staff : overlongutf8.py
-rwxr-xr-x@ starnight staff : percentage.py
-rwxr-xr-x@ starnight staff : plus2concat.py
-rwxr-xr-x@ starnight staff : plus2fnconcat.py
-rwxr-xr-x@ starnight staff : randomcase.py
-rwxr-xr-x@ starnight staff : randomcomments.py
-rwxr-xr-x@ starnight staff : securesphere.py
-rwxr-xr-x@ starnight staff : sp_password.py
-rwxr-xr-x@ starnight staff : space2comment.py
-rwxr-xr-x@ starnight staff : space2dash.py
-rwxr-xr-x@ starnight staff : space2hash.py
-rwxr-xr-x@ starnight staff : space2morecomment.py
-rwxr-xr-x@ starnight staff : space2morehash.py
-rwxr-xr-x@ starnight staff : space2mssqlblank.py
-rwxr-xr-x@ starnight staff : space2mssqlhash.py
-rwxr-xr-x@ starnight staff : space2mysqlblank.py
-rwxr-xr-x@ starnight staff : space2mysqldash.py
-rwxr-xr-x@ starnight staff : space2plus.py
-rwxr-xr-x@ starnight staff : space2randomblank.py
-rwxr-xr-x@ starnight staff : symboliclogical.py
-rwxr-xr-x@ starnight staff : unionalltounion.py
-rwxr-xr-x@ starnight staff : unmagicquotes.py
-rwxr-xr-x@ starnight staff : uppercase.py
-rwxr-xr-x@ starnight staff : varnish.py
-rwxr-xr-x@ starnight staff : versionedkeywords.py
-rwxr-xr-x@ starnight staff : versionedmorekeywords.py
-rwxr-xr-x@ starnight staff : xforwardedfor.py
tamper脚本
下面将分别简单介绍每个脚本的作用:
1、apostrophemask.py : 用UTF-8全角字符替换单引号字符
" Replaces apostrophe character with its UTF-8 full width counterpart "
2、apostrophenullencode.py : 用非法双字节unicode字符替换单引号字符
" Replaces apostrophe character with its illegal double unicode counterpart "
3、appendnullbyte.py : 在payload末尾添加空字符编码
" Appends encoded NULL byte character at the end of payload "
4、base64encode.py : 对payload进行Base64编码
"Base64 all characters in a given payload"
5、between.py : 用'NOT BETWEEN 0 AND #' 替换('>')、 'BETWEEN # AND #'替换('=')
" Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' "
" Replaces equals operator ('=') with 'BETWEEN # AND #' "
6、bluecoat.py : 用有效的随机空白符替换SQL语句后空格符, 然后用LIKE操作符替换字符'='
" Replaces space character after SQL statement with a valid random blank character. Afterwards replace character = with LIKE operator "
7、chardoubleencode.py : 对给定的payload全部字符进行两次URL编码(不处理已经编码的字符)
" Double url-encodes all characters in a given payload (not processing already encoded) "
8、charencode.py : 对给定的payload全部字符使用URL编码(不处理已经编码的字符)
" Url-encodes all characters in a given payload (not processing already 20 encoded) "
9、charunicodeencode.py : 对给定的payload中没有编码字符使用Unicode URL编码(不处理已经编码的字符)
" Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded) "
10、commalesslimit.py : 用'LIMIT N OFFSET M'替换'LIMIT M, N'
" Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' "
11、commalessmid.py : 用'MID(A FROM B FOR C)' 替换'MID(A, B, C)'
" Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' "
12、concat2concatws.py : 用'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' 替换'CONCAT(A, B)'
" Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' "
13、equaltolike.py : 用'LIKE'操作符替换所有的('=')
" Replaces all occurances of operator equal ('=') with operator 'LIKE' "
14、escapequotes.py : 在单引号、双引号前面添加反斜线
" Slash escape quotes (' and ") "
15、greatest.py : 用'GREATEST'替换('>') 运算符
" Replaces greater than operator ('>') with 'GREATEST' counterpart "
16、halfversionedmorekeywords.py : 在每个关键字之前添加MySQL注释
" Adds versioned MySQL comment before each keyword "
17、htmlencode.py : HTML编码所有非字母数字字符(使用代码点)
" HTML encode (using code points) all non-alphanumeric characters "
18、ifnull2ifisnull.py : 用'IF(ISNULL(A), B, A)'替换'IFNULL(A, B)'
" Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' "
19、informationschemacomment.py : 在所有出现在"information_schema"黑名单中的标识符的末尾添加注释
" Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier "
20、lowercase.py : 将每个关键字的字符替换为小写
" Replaces each keyword character with lower case value "
21、modsecurityversioned.py : 用注释将每个完整查询包起来
" Embraces complete query with versioned comment "
22、modsecurityzeroversioned.py : 用当中带有数字零的注释包围完整的查询
" Embraces complete query with zero-versioned comment "
23、multiplespaces.py : 在SQL关键字周围添加多个空格
" Adds multiple spaces around SQL keywords "
24、nonrecursivereplacement.py : 用适合替换的表示(例如.replace(“SELECT”,“”))替换预定义的SQL关键字
" Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters "
25、overlongutf8.py : 转换给定的payload当中的所有字符(不包括已经编码的)
" Converts all characters in a given payload (not processing already encoded) "
26、percentage.py : 在每个字符之前添加一个百分号
" Adds a percentage sign ('%') infront of each character "
27、plus2concat.py : 用CONCAT() 函数替换('+')
" Replaces plus ('+') character with function CONCAT() "
28、plus2fnconcat.py : 用ODBC函数{fn CONCAT()}替换('+')
" Replaces plus ('+') character with ODBC function {fn CONCAT()} "
29、randomcase.py : 随机转换每个关键字字符的大小写
" Replaces each keyword character with random case value "
30、randomcomments.py : 向SQL关键字中插入随机注释
" Add random comments to SQL keywords "
31、securesphere.py : 添加经过特殊构造的字符串
" Appends special crafted string "
32、sp_password.py : 向payload末尾添加"sp_password"自动化混淆DBMS日志
" Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs "
33、space2comment.py : 用注释符'/**/'替换空字符('')
" Replaces space character (' ') with comments '/**/' "
34、space2dash.py : 用破折号注释符"--"加一个随机字符串和一个换行符替换空格符
" Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n') "
35、space2hash.py : 用注释符"#"加一个随机字符串和一个换行符替换空格符
" Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') "
36、space2morecomment.py : 用'/**_**/' 替换空格符
" Replaces space character (' ') with comments '/**_**/' "
37、space2morehash.py : 用注释符"#"加一个随机字符串和一个换行符替换空格符
" Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') "
38、space2mssqlblank.py : 用一组有效的备选字符集当中的随机空白符替换空格符
" Replaces space character (' ') with a random blank character from a valid set of alternate characters "
39、space2mssqlhash.py : 用注释符"#"加上一个换行符替换空格符
" Replaces space character (' ') with a pound character ('#') followed by a new line ('\n') "
40、space2mysqlblank.py : 用一组有效的备选字符集当中的随机空白符替换空格符
" Replaces space character (' ') with a random blank character from a valid set of alternate characters "
41、space2mysqldash.py : 用破折号注释符"--"加一个换行符替换空格符
" Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n') "
42、space2plus.py : 用加号"+"替换空格符
" Replaces space character (' ') with plus ('+') "
43、space2randomblank.py : 用一组有效的备选字符集当中的随机空白符替换空格符
" Replaces space character (' ') with a random blank character from a valid set of alternate characters "
44、symboliclogical.py : 用字符(&&和||)替换逻辑运算符AND和OR
" Replaces AND and OR logical operators with their symbolic counterparts (&& and ||) "
45、unionalltounion.py : 用“UNION SELECT”替换“UNION ALL SELECT”
" Replaces UNION ALL SELECT with UNION SELECT "
46、unmagicquotes.py : 用一个多字节组合%bf%27和末尾通用注释一起替换空格符
" Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work) "
47、uppercase.py : 将关键字替换为大写
" Replaces each keyword character with upper case value "
48、varnish.py : 添加一个HTTP头"X-originating-IP"来绕过WAF
" Append a HTTP header 'X-originating-IP' to bypass WAF Protection of Varnish Firewall "
49、versionedkeywords.py : 用MySQL注释包围每个非函数关键字
" Encloses each non-function keyword with versioned MySQL comment "
50、versionedmorekeywords.py : 用MySQL注释包围每个关键字
" Encloses each keyword with versioned MySQL comment "
51、xforwardedfor.py : 添加一个伪造的HTTP头'X-Forwarded-For'来绕过WAF
" Append a fake HTTP header 'X-Forwarded-For' to bypass WAF (usually application based) protection "
sqlmap tamper脚本的更多相关文章
- sqlmap Tamper脚本编写
sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...
- sqlmap tamper脚本备忘录与tamper脚本编写
查看sqlmap全部脚本 $ python sqlmap.py --list-tampers 使用方法 --tamper=TAMPER 2019.9更新后翻译 * apostrophemask.py- ...
- 定制sqlmap tamper脚本
前言 渗透测试过程中遇到注入点常常丢到sqlmap中进行测试,假如网站有waf,sqlmap便无法直接注入了. 测试 在测试某个项目的过程中,一个页面的aid参数,习惯性的提交 and 1=1发现直接 ...
- 使用sqlmap中tamper脚本绕过waf
使用sqlmap中tamper脚本绕过waf 刘海哥 · 2015/02/02 11:26 0x00 背景 sqlmap中的tamper脚本来对目标进行更高效的攻击. 由于乌云知识库少了sqlmap- ...
- sqlmap中tamper脚本绕过waf
0x00 背景 sqlmap中的tamper脚本来对目标进行更高效的攻击. 由于乌云知识库少了sqlmap-tamper 收集一下,方便学习. 根据sqlmap中的tamper脚本可以学习过绕过一些技 ...
- 使用sqlmap中的tamper脚本绕过waf
使用sqlmap中tamper脚本绕过waf 脚本名:0x2char.py 作用:用UTF-8全角对应字符替换撇号字符 作用:用等价的CONCAT(CHAR(),...)对应替换每个(MySQL)0x ...
- 关于sqlmap当中tamper脚本编码绕过原理的一些总结(学习python没多久有些地方肯定理解有些小问题)
sqlmap中tamper脚本分析编写 置十对一些编码实现的脚本,很多sqlmap里面需要引用的无法实现,所以有一部分例如keywords就只写写了几个引用了一下,其实这里很多脚本运用是可以绕过安全狗 ...
- 【奇淫巧技】sqlmap绕过过滤的tamper脚本分类汇总
sqlmap绕过过滤的tamper脚本分类汇总
- sqlmap的常用tamper脚本
sqlmap下的tamper目录存放绕过WAF脚本 使用方法 --tamper 脚本名称,脚本名称 多个tamper脚本之间用空格隔开 apostrophemask.py 用utf8代替引号 equa ...
随机推荐
- 字符串拆分函数 func_splitstr
create type str_split is table of varchar2(4000) ; 1 CREATE OR REPLACE FUNCTION splitstr(p_string IN ...
- SqlServer日期时间函数
-- 判断是否当天,createdate为日期字段 -- ╔════════════════════╗ -- ============================================= ...
- sklearn-特征工程之特征选择
title: sklearn-特征工程之特征选择 date: 2016-11-25 22:49:24 categories: skearn tags: sklearn --- 抄袭/参考资料 使用sk ...
- CIR,CBS,EBS,PIR,PBS傻傻分不清楚?看这里!—-揭秘令牌桶
概述 春暖花开的时候,大家都开着汽车外出旅游欣赏美丽的风景,却被堵在高速公路上,你是否为此感到痛苦?但如果有一种机制可以评估高速公路上的车流量.控制车流情况,确保进入高速公路的汽车都能在路上安全畅行, ...
- 【刷题】洛谷 P3455 [POI2007]ZAP-Queries
题目描述 Byteasar the Cryptographer works on breaking the code of BSA (Byteotian Security Agency). He ha ...
- Spring点滴四:Spring Bean生命周期
Spring Bean 生命周期示意图: 了解Spring的生命周期非常重要,我们可以利用Spring机制来定制Bean的实例化过程. -------------------------------- ...
- 学习Spring Boot:(九)统一异常处理
前言 开发的时候,每个controller的接口都需要进行捕捉异常的处理,以前有的是用切面做的,但是SpringMVC中就自带了@ControllerAdvice ,用来定义统一异常处理类,在 Spr ...
- Linux内核设计第七周学习总结 Linux内核如何装载和启动一个可执行程序
陈巧然原创作品 转载请注明出处 <Linux内核分析>MOOC课程http://mooc.study.163.com/course/USTC-100002900 实验目的 使用gdb跟踪s ...
- SSM 小demo的盲点总结
日期Date和String之间的转换: 1. 全局转换器(推荐使用) 1. 创建类实现Converter接口,实现Convert方法 public class StringToDateConvert ...
- mysql 5.7 json 字段类型查找、修改
修改 json 里的数组字段 mysql> set @json = '{"test": [{"name": "laravel"}, { ...