diff --git a/doc/README.html b/doc/README.html
index 9cdee4ea2..cba2fd39c 100644
--- a/doc/README.html
+++ b/doc/README.html
@@ -937,6 +937,7 @@ Options:
These options can be used to tweak testing of specific SQL injection
techniques.
+ --technique=TECH SQL injection techniques to test for (default all)
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
--union-cols=UCOLS Range of columns to test for UNION query SQL injection
--union-char=UCHAR Character to use for bruteforcing number of columns
@@ -1796,6 +1797,39 @@ expression match.
techniques.
+SQL injection techniques to test for
+
+Switch: --technique
+
+This switch can be used to specify which SQL injection type to test for.
+By default sqlmap tests for all types/techniques it supports.
+
+In certain situations you may want to test only for one or few specific
+types of SQL injection thought and this is where this switch comes into
+play.
+
+This switch requires an argument. Such argument is a string composed by
+any combination of B, E, U, S and
+T characters where each letter stands for a different technique:
+
+
+B: Boolean-based blind SQL injectionE: Error-based SQL injectionU: UNION query SQL injectionS: Stacked queries SQL injectionT: Time-based blind SQL injection
+
+
+For instance, you can provide ES if you want to test for and
+exploit error-based and stacked queries SQL injection types only.
+The default value is BEUST.
+
+Note that the string must include stacked queries technique letter,
+S, when you want to access the file system, takeover the
+operating system or access Windows registry hives.
+
+
Seconds to delay the DBMS response for time-based blind SQL injection
Switch: --time-sec
diff --git a/doc/README.pdf b/doc/README.pdf
index a8c2e4862..bf6445c2a 100644
Binary files a/doc/README.pdf and b/doc/README.pdf differ
diff --git a/doc/README.sgml b/doc/README.sgml
index 241c180e8..5b318f106 100644
--- a/doc/README.sgml
+++ b/doc/README.sgml
@@ -1791,7 +1791,36 @@ techniques.
Switch: --technique
-TODO
+This switch can be used to specify which SQL injection type to test for.
+By default sqlmap tests for all types/techniques it supports.
+
+
+In certain situations you may want to test only for one or few specific
+types of SQL injection thought and this is where this switch comes into
+play.
+
+
+This switch requires an argument. Such argument is a string composed by
+any combination of B, E, U, S and
+T characters where each letter stands for a different technique:
+
+
+- B: Boolean-based blind SQL injection
+
- E: Error-based SQL injection
+
- U: UNION query SQL injection
+
- S: Stacked queries SQL injection
+
- T: Time-based blind SQL injection
+
+
+
+For instance, you can provide ES if you want to test for and
+exploit error-based and stacked queries SQL injection types only.
+The default value is BEUST.
+
+
+Note that the string must include stacked queries technique letter,
+S, when you want to access the file system, takeover the
+operating system or access Windows registry hives.
Seconds to delay the DBMS response for time-based blind SQL injection
diff --git a/lib/core/option.py b/lib/core/option.py
index 874971bde..ff8106ef9 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -27,6 +27,7 @@ from extra.xmlobject import xmlobject
from lib.controller.checks import checkConnection
from lib.core.common import Backend
from lib.core.common import dataToStdout
+from lib.core.common import getPublicTypeMembers
from lib.core.common import extractRegexResult
from lib.core.common import filterStringValue
from lib.core.common import getConsoleWidth
@@ -605,8 +606,22 @@ def __setOS():
raise sqlmapUnsupportedDBMSException, errMsg
def __setTechnique():
- if not conf.tech or not isinstance(conf.tech, int):
- conf.tech = []
+ validTechniques = getPublicTypeMembers(PAYLOAD.TECHNIQUE)
+ selTechniques = []
+
+ if conf.tech and isinstance(conf.tech, basestring):
+ for t in conf.tech:
+ if t.upper() not in ("B", "E", "U", "S", "T"):
+ errMsg = "value for --technique must be a string composed "
+ errMsg += "by the letters B, E, U, S and T. Refer to the "
+ errMsg += "user's manual for details"
+ raise sqlmapSyntaxException, errMsg
+
+ for validTech, validInt in validTechniques:
+ if t.upper() == validTech[0]:
+ selTechniques.append(validInt)
+ break
+ conf.tech = selTechniques
else:
conf.tech = filter(lambda x: x in PAYLOAD.SQLINJECTION, [int(c) for c in str(conf.tech)])
@@ -617,7 +632,7 @@ def __setTechnique():
'osCmd', 'osShell', 'osPwn', 'osSmb', 'osBof', 'regRead', \
'regAdd', 'regDel'])) and PAYLOAD.TECHNIQUE.STACKED not in conf.tech:
errMsg = "value for --technique must include stacked queries "
- errMsg += "technique (4) when you want to access the file "
+ errMsg += "technique (S) when you want to access the file "
errMsg += "system, takeover the operating system or access "
errMsg += "Windows registry hives"
raise sqlmapSyntaxException, errMsg
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 398e6eeca..8321866fd 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -70,7 +70,7 @@ optDict = {
},
"Techniques": {
- "tech": "integer",
+ "tech": "string",
"timeSec": "integer",
"uCols": "string",
"uChar": "string"
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index f7890bb04..da031a553 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -207,9 +207,9 @@ def cmdLineParser():
"used to tweak testing of specific SQL "
"injection techniques.")
- techniques.add_option("--technique", dest="tech", type="int",
- default=0, help="SQL injection techniques to "
- "test for (default all)")
+ techniques.add_option("--technique", dest="tech", default="BEUST",
+ help="SQL injection techniques to test for "
+ "(default BEUST)")
techniques.add_option("--time-sec", dest="timeSec",
type="int", default=TIME_DEFAULT_DELAY,
diff --git a/sqlmap.conf b/sqlmap.conf
index 1af48a9e9..25a8791eb 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -224,16 +224,16 @@ textOnly = False
[Techniques]
# SQL injection techniques to test for.
-# Valid: an integer composed by 1, 2, 3, 4 or 5 where:
-# 1: boolean-based blind SQL injection
-# 2: error-based SQL injection
-# 3: UNION query SQL injection
-# 4: stacked queries SQL injection
-# 5: time-based blind SQL injection
-# Example: 24 (means test for error-based and stacked queries SQL
+# Valid: a string composed by B, E, U, S and T where:
+# B: Boolean-based blind SQL injection
+# E: Error-based SQL injection
+# U: UNION query SQL injection
+# S: Stacked queries SQL injection
+# T: Time-based blind SQL injection
+# Example: ES (means test for error-based and stacked queries SQL
# injection types only)
-# Default: 0 (means test for all SQL injection types - recommended)
-tech = 0
+# Default: BEUST (means test for all SQL injection types - recommended)
+tech = BEUST
# Seconds to delay the response from the DBMS.
# Valid: integer