_sqlmap

#compdef sqlmap

local args verbosity http_methods error_codes http_codes techniques

args=(
	'-v[Verbosity level: 0-6 (default: 1)]:select verbosity:_values verbosity $verbosity'
	{'(--url)-u','(-u)--url'}'[Target URL]:()'
	'-r[Load HTTP request from a file]:select file:_files'
	{'(--user-agent)-A','(-A)--user-agent'}'[HTTP User-Agent header value]:()'
	{'(--header)-H','(-H)--header'}'[Extra header in format "Header: Value"]:()'
	'--method[Force usage of given HTTP method]:select method:_values http_method $http_methods'
	'--data[Data to be sent through POST]:()'
	'--param-del[Character used for splitting parameter values]:()'
	'--cookie[HTTP Cookie header value]:()'
	'--cookie-del[Character used for splitting cookie values]:()'
	'--drop-set-cookie[Ignore Set-Cookie header from response]'
	'--mobile[Imitate smartphone through HTTP User-Agent header]'
	'--random-agent[Use randomly selected HTTP User-Agent header value]'
	'--host[HTTP Host header value]:()'
	'--referer[HTTP Referer header value]:()'
	'--headers[Extra headers in format "Header1: Value1\\nHeader2: Value2..."]:()'
	'--auth-type[HTTP authentication type]:select auth type:_values auth_type Basic Digest NTLM PKI'
	'--auth-cred[HTTP authentication credentials in format name:password]:()'
	'--auth-file[HTTP authentication PEM cert/private key file]:select file:_files'
	'--ignore-code[Ignore (problematic) HTTP error code]:select error code:_values error_code $error_codes'
	'--ignore-proxy[Ignore system default proxy settings]'
	'--ignore-redirects[Ignore redirection attempts]'
	'--ignore-timeouts[Ignore connection timeouts]'
	'--proxy[Proxy URL to connect to the target URL]:()'
	'--proxy-cred[Proxy authentication credentials in format name:password]:()'
	'--proxy-file[Load proxy list from a file]:select file:_files'
	'--tor[Use Tor anonymity network]'
	'--tor-port[Set Tor proxy port other than default]:()'
	'--tor-type[Set Tor proxy type (default: SOCKS5)]:select tor proxy type:_values tor_proxy_type HTTP SOCKS4 SOCKS5'
	'--check-tor[Check to see if Tor is used properly]'
	'--delay[Delay in seconds between each HTTP request]:()'
	'--timeout[Seconds to wait before timeout connection (default: 30)]:()'
	'--retries[Retries when the connection timeouts (default: 3)]:()'
	'--randomize[Randomly change value for given parameter(s)]:()'
	'--safe-url[URL address to visit frequently during testing]:()'
	'--safe-post[POST data to send to a safe URL]:()'
	'--safe-req[Load safe HTTP request from a file]:select file:_files'
	'--safe-freq[Regular requests between visits to a safe URL]:()'
	'--skip-urlencode[Skip URL encoding of payload data]'
	'--csrf-token[Parameter used to hold anti-CSRF token]:()'
	'--csrf-url[URL address to visit for extraction of anti-CSRF token]:()'
	'--csrf-method[HTTP method to use during anti-CSRF token page visit]:select method:_values http_method $http_methods'
	'--csrf-retries[Retries for anti-CSRF token retrieval (default: 0)]:()'
	'--force-ssl[Force usage of SSL/HTTPS]'
	'--chunked[Use HTTP chunked transfer encoded (POST) requests]'
	'--hpp[Use HTTP parameter pollution method]'
	'--eval[Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()")]:()'
	'-o[Turn on all optimization switches]'
	'--predict-output[Predict common queries output]'
	'--keep-alive[Use persistent HTTP(s) connections]'
	'--null-connection[Retrieve page length without actual HTTP response body]'
	'--threads[Max number of concurrent HTTP(s) requests (default: 1)]:()'
	'-p[Testable parameter(s)]:()'
	'--skip[Skip testing for given parameter(s)]:()'
	'--skip-static[Skip testing parameters that not appear to be dynamic]'
	'--param-exclude[Regexp to exclude parameters from testing (e.g. "ses")]:()'
	'--param-filter=[Select testable parameter(s) by place (e.g. "POST")]:()'
	'--dbms[Force back-end DBMS to provided value]:()'
	'--dbms-cred[DBMS authentication credentials in format user:password]:()'
	'--os[Force back-end DBMS operating system to provided value]:()'
	'--invalid-bignum[Use big numbers for invalidating values]'
	'--invalid-logical[Use logical operations for invalidating values]'
	'--invalid-string[Use random strings for invalidating values]'
	'--no-cast[Turn off payload casting mechanism]'
	'--no-escape[Turn off string escaping mechanism]'
	'--prefix[Injection payload prefix string]:()'
	'--suffix[Injection payload suffix string]:()'
	'--tamper[Use given script(s) for tampering injection data]:()'
	'--level[Level of tests to perform (default: 1)]:select level:_values level 1 2 3 4 5'
	'--risk[Risk of tests to perform (default: 1)]:select risk:_values risk 1 2 3'
	'--string[String to match when query is evaluated to True]:()'
	'--not-string[String to match when query is evaluated to False]:()'
	'--regexp[Regexp to match when query is evaluated to True]:()'
	'--code[HTTP code to match when query is evaluated to True]:select code:_values http_code $http_codes'
	'--smart[Perform thorough tests only if positive heuristic(s)]'
	'--text-only[Compare pages based only on the textual content]'
	'--titles[Compare pages based only on their titles]'
	'--technique=[SQL injection techniques to use (default: BEUSTQ)]:select techniques:_values -s "" techniques $techniques'
	'--time-sec[Seconds to delay the DBMS response (default: 5)]:()'
	'--union-cols[Range of columns to test for UNION query SQL injection]:()'
	'--union-char[Character to use for bruteforcing number of columns]:()'
	'--union-from[Table to use in FROM part of UNION query SQL injection]:()'
	'--dns-domain[Domain name used for DNS exfiltration attack]:()'
	'--second-url[Resulting page URL searched for second-order response]:()'
	'--second-req[Load second-order HTTP request from file]:select file:_files'
	{'(--fingerprint)-f','(-f)--fingerprint'}'[Perform an extensive DBMS version fingerprint]'
	{'(--all)-a','(-a)--all'}'[Retrieve everything]'
	{'(-banner)-b','(-b)--banner'}'[Retrieve DBMS banner]'
	'--current-user[Retrieve DBMS current user]'
	'--current-db[Retrieve DBMS current database]'
	'--hostname[Retrieve DBMS server hostname]'
	'--is-dba[Detect if the DBMS current user is DBA]'
	'--users[Enumerate DBMS users]'
	'--passwords[Enumerate DBMS users password hashes]'
	'--privileges[Enumerate DBMS users privileges]'
	'--roles[Enumerate DBMS users roles]'
	'--dbs[Enumerate DBMS databases]'
	'--tables[Enumerate DBMS database tables]'
	'--columns[Enumerate DBMS database table columns]'
	'--schema[Enumerate DBMS schema]'
	'--count[Retrieve number of entries for table(s)]'
	'--dump[Dump DBMS database table entries]'
	'--dump-all[Dump all DBMS databases tables entries]'
	'--search[Search column(s), table(s) and/or database name(s)]'
	'--comments[Check for DBMS comments during enumeration]'
	'--statements[Retrieve SQL statements being run on DBMS]'
	'-D[DBMS database to enumerate]:()'
	'-T[DBMS database table(s) to enumerate]:()'
	'-C[DBMS database table column(s) to enumerate]:()'
	'-X[DBMS database identifier(s) to not enumerate]:()'
	'-U[DBMS user to enumerate]:()'
	'--exclude-sysdbs[Exclude DBMS system databases when enumerating tables]'
	'--pivot-column[Pivot column name]:()'
	'--where[WHERE condition while table dumping]:()'
	'--start[First dump table entry to retrieve]:()'
	'--stop[Last dump table entry to retrieve]:()'
	'--first[First query output word character to retrieve]:()'
	'--last[Last query output word character to retrieve]:()'
	'--sql-query[SQL statement to be executed]:()'
	'--sql-shell[Prompt for an interactive SQL shell]'
	'--sql-file[Execute SQL statements from given file(s)]:select file:_files'
	'--common-tables[Check existence of common tables]'
	'--common-columns[Check existence of common columns]'
	'--common-files[Check existence of common files]'
	'--udf-inject[Inject custom user-defined functions]'
	'--shared-lib[Local path of the shared library]:()'
	'--file-read[Read a file from the back-end DBMS file system]:()'
	'--file-write[Write a local file on the back-end DBMS file system]:select file:_files'
	'--file-dest[Back-end DBMS absolute filepath to write to]:()'
	'--os-cmd[Execute an operating system command]:()'
	'--os-shell[Prompt for an interactive operating system shell]'
	'--os-pwn[Prompt for an OOB shell, Meterpreter or VNC]'
	'--os-smbrelay[One click prompt for an OOB shell, Meterpreter or VNC]'
	'--os-bof[Stored procedure buffer overflow exploitation]'
	'--priv-esc[Database process user privilege escalation]'
	'--msf-path[Local path where Metasploit Framework is installed]:select file:_files -/'
	'--tmp-path[Remote absolute path of temporary files directory]:()'
	'--reg-read[Read a Windows registry key value]'
	'--reg-add[Write a Windows registry key value data]'
	'--reg-del[Delete a Windows registry key value]'
	'--reg-key[Windows registry key]:()'
	'--reg-value[Windows registry key value]:()'
	'--reg-data[Windows registry key value data]:()'
	'--reg-type[Windows registry key value type]:()'
	'-s[Load session from a stored (.sqlite) file]:select file:_files'
	'-t[Log all HTTP traffic into a textual file]:select file:_files'
	'--answers[Set predefined answers (e.g. "quit=N,follow=N")]:()'
	'--base64[Parameter(s) containing Base64 encoded data]:()'
	'--batch[Never ask for user input, use the default behavior]'
	'--binary-fields[Result fields having binary values (e.g. "digest")]:()'
	'--check-internet[Check Internet connection before assessing the target]'
	'--cleanup[Clean up the DBMS from sqlmap specific UDF and tables]'
	'--crawl[Enter depth of crawling the website starting from the target URL]:()'
	'--crawl-exclude[Regexp to exclude pages from crawling (e.g. "logout")]:()'
	'--csv-del[Delimiting character used in CSV output (default: ",")]:()'
	'--charset[Blind SQL injection charset (e.g. "0123456789abcdef")]:()'
	'--dump-format[Format of dumped data (default: CSV)]:select dump format:_values dump_format CSV HTML SQLITE'
	'--encoding[Character encoding used for data retrieval (e.g. GBK)]:()'
	'--eta[Display for each output the estimated time of arrival]'
	'--flush-session[Flush session files for current target]'
	'--forms[Parse and test forms on target URL]'
	'--fresh-queries[Ignore query results stored in session file]'
	'--gpage[Use Google dork results from specified page number]:()'
	'--har[Log all HTTP traffic into a HAR file]:select file:_files'
	'--hex[Use hex conversion during data retrieval]'
	'--output-dir[Custom output directory path]:select file:_files -/'
	'--parse-errors[Parse and display DBMS error messages from responses]'
	'--preprocess[Use given script(s) for preprocessing of response data]:select file:_files'
	'--repair[Redump entries having unknown character marker (?)]'
	'--save[Save options to a configuration INI file]:select file:_files'
	'--scope[Regexp for filtering targets]:()'
	'--skip-waf[Skip heuristic detection of WAF/IPS protection]'
	'--table-prefix[Prefix used for temporary tables (default: "sqlmap")]:()'
	'--test-filter[Select tests by payloads and/or titles (e.g. ROW)]:()'
	'--test-skip[Skip tests by payloads and/or titles (e.g. BENCHMARK)]:()'
	'--web-root[Web server document root directory (e.g. "/var/www")]:()'
	'-z[Use short mnemonics (e.g. "flu,bat,ban,tec=EU")]:()'
	'--alert[Run host OS command(s) when SQL injection is found]:()'
	'--beep[Beep on question and/or when SQL injection is found]'
	'--dependencies[Check for missing (optional) sqlmap dependencies]'
	'--disable-coloring[Disable console output coloring]'
	'--list-tampers[Display list of available tamper scripts]'
	'--offline[Work in offline mode (only use session data)]'
	'--purge[Safely remove all content from sqlmap data directory]'
	'--results-file[Location of CSV results file in multiple targets mode]:select file:_files'
	'--sqlmap-shell[Prompt for an interactive sqlmap shell]'
	'--tmp-dir[Local directory for storing temporary files]:select file:_files -/'
	'--unstable[Adjust options for unstable connections]'
	'--update[Update sqlmap]'
	'--wizard[Simple wizard interface for beginner users]'
)

verbosity=(
	'0[Show only Python tracebacks, error and critical messages]'
	'1[Show also information and warning messages]'
	'2[Show also debug messages]'
	'3[Show also payloads injected]'
	'4[Show also HTTP requests]'
	'5[Show also HTTP responses headers]'
	'6[Show also HTTP responses page content]'
)

http_methods=('OPTIONS' 'GET' 'HEAD' 'POST' 'PUT' 'PATCH' 'DELETE' 'TRACE' 'CONNECT')

error_codes=(
	'400[Bad Request]'
	'401[Unauthorized]'
	'402[Payment Required]'
	'403[Forbidden]'
	'404[Not Found]'
	'405[Method Not Allowed]'
	'406[Not Acceptable]'
	'407[Proxy Authentication Required]'
	'408[Request Timeout]'
	'409[Conflict]'
	'410[Gone]'
	'411[Length Required]'
	'412[Precondition Failed]'
	'413[Payload Too Large]'
	'414[URI Too Long]'
	'415[Unsupported Media Type]'
	'416[Range Not Satisfiable]'
	'417[Expectation Failed ]'
	'418[I’m a teapot]'
	'419[Authentication Timeout]'
	'421[Misdirected Request]'
	'422[Unprocessable Entity]'
	'423[Locked]'
	'424[Failed Dependency]'
	'426[Upgrade Required]'
	'428[Precondition Required]'
	'429[Too Many Requests]'
	'431[Request Header Fields Too Large]'
	'449[Retry With]'
	'451[Unavailable For Legal Reasons]'
	'499[Client Closed Request]'
)

http_codes=(
	'100[Continue]'
	'101[Switching Protocols]'
	'102[Processing]'
	'200[OK]'
	'201[Created]'
	'202[Accepted]'
	'203[Non-Authoritative Information]'
	'204[No Content]'
	'205[Reset Content]'
	'206[Partial Content]'
	'207[Multi-Status]'
	'208[Already Reported]'
	'226[IM Used]'
	'300[Multiple Choices]'
	'301[Moved Permanently]'
	'302[Found]'
	'303[See Other]'
	'304[Not Modified]'
	'305[Use Proxy]'
	'307[Temporary Redirect]'
	'308[Permanent Redirect]'
	'400[Bad Request]'
	'401[Unauthorized]'
	'402[Payment Required]'
	'403[Forbidden]'
	'404[Not Found]'
	'405[Method Not Allowed]'
	'406[Not Acceptable]'
	'407[Proxy Authentication Required]'
	'408[Request Timeout]'
	'409[Conflict]'
	'410[Gone]'
	'411[Length Required]'
	'412[Precondition Failed]'
	'413[Payload Too Large]'
	'414[URI Too Long]'
	'415[Unsupported Media Type]'
	'416[Range Not Satisfiable]'
	'417[Expectation Failed ]'
	'418[I’m a teapot]'
	'419[Authentication Timeout]'
	'421[Misdirected Request]'
	'422[Unprocessable Entity]'
	'423[Locked]'
	'424[Failed Dependency]'
	'426[Upgrade Required]'
	'428[Precondition Required]'
	'429[Too Many Requests]'
	'431[Request Header Fields Too Large]'
	'449[Retry With]'
	'451[Unavailable For Legal Reasons]'
	'499[Client Closed Request]'
	'500[Internal Server Error]'
	'501[Not Implemented]'
	'502[Bad Gateway]'
	'503[Service Unavailable]'
	'504[Gateway Timeout]'
	'505[HTTP Version Not Supported]'
	'506[Variant Also Negotiates]'
	'507[Insufficient Storage]'
	'508[Loop Detected]'
	'509[Bandwidth Limit Exceeded ]'
	'510[Not Extended]'
	'511[Network Authentication Required]'
	'520[Unknown Error]'
	'521[Web Server Is Down]'
	'522[Connection Timed Out]'
	'523[Origin Is Unreachable]'
	'524[A Timeout Occurred]'
	'525[SSL Handshake Failed]'
	'526[Invalid SSL Certificate]'
)

techniques=(
	'B[Boolean-based blind]'
	'E[Error-based]'
	'U[Union query-based]'
	'S[Stacked queries]'
	'T[Time-based blind]'
	'Q[Inline queries]'
)

_arguments $args && return 0