With the latest commit you'll see something like this: --- [#1] form: POST http://testphp.vulnweb.com:80/search.php?test=query POST data: searchFor=&goButton=go do you want to test this form? [Y/n/q] > n URL 2: GET http://testphp.vulnweb.com:80/artists.php?artist=1 do you want to test this URL? [Y/n/q] > n ---
Bye On Wed, Oct 28, 2015 at 1:56 PM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > This is not really the case. > > --- > > $ python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1"; > --forms --crawl=1 > _ > ___ ___| |_____ ___ ___ {1.0-dev-caafa37} > |_ -| . | | | .'| . | > |___|_ |_|_|_|_|__,| _| > |_| |_| http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 13:54:32 > > do you want to check for the existence of site's sitemap(.xml) [y/N] > [13:54:34] [INFO] starting crawler > [13:54:34] [INFO] searching for links with depth 1 > do you want to store crawling results to a temporary file for eventual > further processing with other tools [y/N] > > > [13:54:36] [INFO] sqlmap got a total of 4 targets > [#1] form: > POST http://testphp.vulnweb.com:80/search.php?test=query > POST data: searchFor=&goButton=go > do you want to test this form? [Y/n/q] > > n > [#2] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=1 > do you want to test this form? [Y/n/q] > > n > [#3] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=2 > do you want to test this form? [Y/n/q] > > n > [#4] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=3 > do you want to test this form? [Y/n/q] > > n > > [*] shutting down at 13:54:47 > > --- > > > The only clumsy thing here is that everything is called "form" afterwards. > Will make a dirty patch for this in couple of mins. > > Bye > > On Wed, Oct 28, 2015 at 10:55 AM, David Wray <da...@sec-tec.com> wrote: > >> Hi, >> >> It seems when using —crawl to spider a site, using —forms overrides >> normal behaviour, and hence ignores URL based variables. Is there a simple >> way to —crawl a site and test for both URL and forms based variables? In >> other words, to augment normal behaviour and —forms behaviour together. >> >> Thanks >> >> D >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
