preface
english
python3 sqlmap.py --list-tampers
* 0eunion.py - Replaces instances of <int> UNION with <int>e0UNION * apostrophemask.py - Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87) * apostrophenullencode.py - Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27) * appendnullbyte.py - Appends (Access) NULL byte character (%00) at the end of payload * base64encode.py - Base64-encodes all characters in a given payload * between.py - Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #' * binary.py - Injects keyword binary where possible * bluecoat.py - Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE * chardoubleencode.py - Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554) * charencode.py - URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54) * charunicodeencode.py - Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054) * charunicodeescape.py - Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054) * commalesslimit.py - Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart * commalessmid.py - Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart * commentbeforeparentheses.py - Prepends (inline) comment before parentheses (e.g. ( -> /**/() * concat2concatws.py - Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart * decentities.py - HTML encode in decimal (using code points) all characters (e.g. ' -> ') * dunion.py - Replaces instances of <int> UNION with <int>DUNION * equaltolike.py - Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart * equaltorlike.py - Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart * escapequotes.py - Slash escape single and double quotes (e.g. ' -> \') * greatest.py - Replaces greater than operator ('>') with 'GREATEST' counterpart * halfversionedmorekeywords.py - Adds (MySQL) versioned comment before each keyword * hex2char.py - Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart * hexentities.py - HTML encode in hexadecimal (using code points) all characters (e.g. ' -> 1) * htmlencode.py - HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ') * if2case.py - Replaces instances like 'IF(A, B, C)' with 'CASE WHEN (A) THEN (B) ELSE (C) END' counterpart * ifnull2casewhenisnull.py - Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart * ifnull2ifisnull.py - Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart * informationschemacomment.py - Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier * least.py - Replaces greater than operator ('>') with 'LEAST' counterpart * lowercase.py - Replaces each keyword character with lower case value (e.g. SELECT -> select) * luanginx.py - LUA-Nginx WAFs Bypass (e.g. Cloudflare) * misunion.py - Replaces instances of UNION with -.1UNION * modsecurityversioned.py - Embraces complete query with (MySQL) versioned comment * modsecurityzeroversioned.py - Embraces complete query with (MySQL) zero-versioned comment * multiplespaces.py - Adds multiple spaces (' ') around SQL keywords * ord2ascii.py - Replaces ORD() occurences with equivalent ASCII() calls * overlongutf8.py - Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7) * overlongutf8more.py - Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94) * percentage.py - Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T) * plus2concat.py - Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart * plus2fnconcat.py - Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart * randomcase.py - Replaces each keyword character with random case value (e.g. SELECT -> SEleCt) * randomcomments.py - Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT) * schemasplit.py - Splits FROM schema identifiers (e.g. 'testdb.users') with whitespace (e.g. 'testdb 9.e.users') * scientific.py - Abuses MySQL scientific notation * sleep2getlock.py - Replaces instances like 'SLEEP(5)' with (e.g.) "GET_LOCK('ETgP',5)" * sp_password.py - Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs * space2comment.py - Replaces space character (' ') with comments '/**/' * space2dash.py - Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n') * space2hash.py - Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') * space2morecomment.py - Replaces (MySQL) instances of space character (' ') with comments '/**_**/' * space2morehash.py - Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') * space2mssqlblank.py - Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters * space2mssqlhash.py - Replaces space character (' ') with a pound character ('#') followed by a new line ('\n') * space2mysqlblank.py - Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters * space2mysqldash.py - Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n') * space2plus.py - Replaces space character (' ') with plus ('+') * space2randomblank.py - Replaces space character (' ') with a random blank character from a valid set of alternate characters * substring2leftright.py - Replaces PostgreSQL SUBSTRING with LEFT and RIGHT * symboliclogical.py - Replaces AND and OR logical operators with their symbolic counterparts (&& and ||) * unionalltounion.py - Replaces instances of UNION ALL SELECT with UNION SELECT counterpart * unmagicquotes.py - Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work) * uppercase.py - Replaces each keyword character with upper case value (e.g. select -> SELECT) * varnish.py - Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall * versionedkeywords.py - Encloses each non-function keyword with (MySQL) versioned comment * versionedmorekeywords.py - Encloses each keyword with (MySQL) versioned comment * xforwardedfor.py - Append a fake HTTP header 'X-Forwarded-For' (and alike)
chinese
0eunion.py - Replace<int>UNION with<int>e0UNION Apostrophemask.py - Replace the single quotation mark character (') with its UTF-8 full width corresponding character (for example,' ->% EF% BC% 87) Apostrophenullencode.py - Replace the single quotation mark character (') with its illegal double Unicode corresponding character (for example,' ->% 00% 27) Appendnullbyte.py - Add (Access) NULL byte characters (% 00) to the end of Payload Base64encode.py - Base64 encode all characters in a given Payload Between.py - Replace the greater than operator ('>') with 'NOT BETWEEN 0 AND #' and the equal operator ('=') with 'BETWEEN # AND #'. Binary.py - inject the keyword binary if possible Bluecoat. py - Replace the space character after the SQL statement with a valid random space character. Then replace the character "=" with the operator LIKE. Chardoubleencode.py - Double URL encoding for all characters in a given Payload (not processing encoded content) (for example, SELECT ->% 2553% 2545% 254C% 2545% 2543% 2554) Charencode.py - URL encode all characters in a given Payload (do not process encoded content) (for example, SELECT ->% 53% 45% 4C% 45% 43% 54) Charunicodeencode.py - Unicode URL encoding for all characters in a given Payload (do not process encoded content) (for example, SELECT ->% u0053% u0045% u004C% u0045% u0043% u0054) Charunicodeescape. py - Escape non encoded characters in Unicode in the given payload (do not process encoded content) (for example, SELECT -> u0053 u0045 u004C u0045 u0043 u0054) Commonesslimit.py - Replace the (MySQL) instance such as' LIMIT M, N 'with the corresponding' LIMIT N OFFSET M ' Commonessmid.py - Replace the (MySQL) instance such as' MID (A, B, C) 'with the corresponding' MID (A FROM B FOR C) ' Commentbeforeparentheses.py - add (inline) comments before parentheses (e.g. ()) (e.g. (->/* */()) Concat2concatws.py - Replace the (MySQL) instance such as' CONCAT (A, B) 'with the corresponding item' CONCAT_WS (MID (CHAR (0), 0, 0), A, B) ' Decentities.py - Use code points to encode all characters in HTML decimal (e.g. '->') Dunion.py - Replace<int>UNION with<int>DUNION Equalpolicy.py - Replace all occurrences of the equal operator ('=') with LIKE counterparts Equaltorlike. py - Replace all occurrences of the equal operator ('=') with RLIKE counterparts Escapequotes.py - backslash escapes single and double quotation marks (for example, '->') Greatest.py - Replace the greater than operator ('>') with the corresponding item of GREATEST Halfversionedmorekeywords. py - add (MySQL) versioned comments before each keyword Hex2char.py - Replace each (MySQL) 0x<hex>encoded string with the equivalent CONCAT (CHAR(),...) Counterpart Hexentities.py - Use code points to encode all characters in HTML hexadecimal (for example, '->1) Htmlencode.py - HTML encode all non alphanumeric characters using code points (e.g. '->') If2case.py - Replace the instance such as' IF (A, B, C) 'with the corresponding item of' CASE WHEN (A) THEN (B) ELSE (C) END ' Ifnull2casewshenisnull.py - Replace the instance such as' IFNULL (A, B) 'with the corresponding item of' CASE WHEN ISNULL (A) THEN (B) ELSE (A) END ' Ifnull2ifisnull.py - Replace the instance such as' IFNULL (A, B) 'with the corresponding item of' IF (ISNULL (A), B, A) ' Informationschemacomment.py - Add inline comments after all occurrences of the (MySQL) "information_schema" identifier (/* */) Least.py - Replace the greater than operator ('>') with the LEAST counterpart Lowercase. py - Replace each keyword character with a lowercase value (for example, SELECT ->select) Luanginx.py - LUA Nginx WAFs bypass (e.g. Cloudflare) Misunion.py - Replace the UNION instance with -. 1UNION Modsecurityversioned. py - use (MySQL) versioned comments to enclose complete queries Modsecurityzeroversoned.py - use the (MySQL) zero version comment to enclose the complete query Multiplespaces.py - add multiple spaces ('') around SQL keywords Ord2ascii.py - replace the occurrence of ORD() with the equivalent ASCII () call Overlongutf8.py - convert all (non alphanumeric) characters in the given payload to excessively long UTF8 (do not process encoded content) (for example, '->% C0% A7) Overlongutf8more.py - convert all characters in the given payload to excessively long UTF8 (do not process encoded content) (for example, SELECT ->% C1% 93% C1% 85% C1% 8C% C1% 85% C1% 83% C1% 94) Percentage.py - add a percentage symbol ('%') before each character (such as SELECT ->% S% E% L% E% C% T) Plus2concat.py - Replace the plus operator ('+') with the corresponding item of the (MsSQL) function CONCAT() Plus2fnconcat.py - Replace the plus operator ('+') with the corresponding item of (MsSQL) ODBC function {fn CONCAT()} Randomcase.py - Replace each keyword character with a random case value (for example, SELECT ->SeleCt) Randomcomments.py - Add random inline comments to SQL keywords (for example, SELECT ->S/* */E/* */SELECT) Schemasplit.py - Split the FROM schema identifier (for example, 'testdb. users') and space (for example,' testdb 9. e.users') Scientific.py - scientific counting method of misusing MySQL Sleep2getlock.py - Replace the instance such as' SLEEP (5) 'with "GET_LOCK ('ETgP', 5)" Sp_password.py - append the (MsSQL) function 'sp_password' to the end of the payload to automatically obfuscate the content from the DBMS log Space2comment.py - Replace the space character ('') with the comment '/* */' Space2dash.py - Replace the space character ('') with a dash comment ('--') followed by a random string and a new line (' n') Space2hash.py - Replace the instance of the (MySQL) space character ('') with the hash character ('#'), followed by a random string and a new line (' n') Space2morecomment.py - Replace the instance of the (MySQL) space character ('') with the comment '/_/' Space2morehash.py - Replace the instance of the (MySQL) space character ('') with the hash character ('#'), followed by a random string and a new line (' n') Space2mssqlblank.py - Replace an instance of the (MsSQL) space character ('') with a random space character from a valid alternate character set Space2mssqlhash.py - Replace the space character ('') with the hash character ('#'), followed by a new line (' n') Space2mysqlblank.py - Replace an instance of the (MySQL) space character ('') with a random space character from a valid alternate character set Space2mysqldash. py - Replace the space character ('') with a dash comment ('--') followed by a new line (' n') Space2plus.py - Replace the space character ('') with a plus sign ('+') Space2randomblank.py - Replace the space character ('') with a random white space character from a valid alternate character set Substring2leftright.py - Replace PostgreSQL SUBSTRING with LEFT and RIGHT Symbolic.py - Replace AND and OR logical operators with their symbolic counterparts (&&and | |) Unionallounion.py - Replace the UNION ALL SELECT instance with the corresponding UNION SELECT item Unmagicquotes.py - Replace quotation mark character (') with multi byte combination% BF% 27, and add a general comment at the end (make it work) Uppercase. py - Replace each keyword character with an uppercase value (for example, select ->SELECT) Varnish. py - add the HTTP header 'X-originating-IP' to bypass the Varnish firewall Versionedkeywords. py - use (MySQL) versioned comments to enclose each non function keyword Versionedmorekeywords. py - use (MySQL) versioned comments to enclose each keyword Xforwardedfor.py - add the fake HTTP header 'X-Forwarded-For' (etc.)
Postscript