@@ -133,7 +133,7 @@ def cmdLineParser(argv=None):
133133 help = "Parse target(s) from Burp or WebScarab proxy log file" )
134134
135135 target .add_argument ("-m" , dest = "bulkFile" ,
136- help = "Scan multiple targets given in a textual file " )
136+ help = "Scan multiple targets given in a textual file" )
137137
138138 target .add_argument ("-r" , dest = "requestFile" ,
139139 help = "Load HTTP request from a file" )
@@ -335,7 +335,7 @@ def cmdLineParser(argv=None):
335335 help = "Skip testing for given parameter(s)" )
336336
337337 injection .add_argument ("--skip-static" , dest = "skipStatic" , action = "store_true" ,
338- help = "Skip testing parameters that not appear to be dynamic" )
338+ help = "Skip testing parameters that do not appear to be dynamic" )
339339
340340 injection .add_argument ("--param-exclude" , dest = "paramExclude" ,
341341 help = "Regexp to exclude parameters from testing (e.g. \" ses\" )" )
@@ -442,21 +442,6 @@ def cmdLineParser(argv=None):
442442 techniques .add_argument ("--second-req" , dest = "secondReq" ,
443443 help = "Load second-order HTTP request from file" )
444444
445- techniques .add_argument ("--graphql" , dest = "graphql" , action = "store_true" ,
446- help = "Test for GraphQL injection" )
447-
448- techniques .add_argument ("--ldap" , dest = "ldap" , action = "store_true" ,
449- help = "Test for LDAP injection" )
450-
451- techniques .add_argument ("--nosql" , dest = "nosql" , action = "store_true" ,
452- help = "Test for NoSQL injection" )
453-
454- techniques .add_argument ("--xpath" , dest = "xpath" , action = "store_true" ,
455- help = "Test for XPath injection" )
456-
457- techniques .add_argument ("--ssti" , dest = "ssti" , action = "store_true" ,
458- help = "Test for server-side template injection" )
459-
460445 # Fingerprint options
461446 fingerprint = parser .add_argument_group ("Fingerprint" , "These options can be used to perform a back-end database management system version fingerprint" )
462447
@@ -515,7 +500,7 @@ def cmdLineParser(argv=None):
515500 help = "Dump DBMS database table entries" )
516501
517502 enumeration .add_argument ("--dump-all" , dest = "dumpAll" , action = "store_true" ,
518- help = "Dump all DBMS databases tables entries " )
503+ help = "Dump entries of all DBMS database tables" )
519504
520505 enumeration .add_argument ("--search" , dest = "search" , action = "store_true" ,
521506 help = "Search column(s), table(s) and/or database name(s)" )
@@ -571,12 +556,6 @@ def cmdLineParser(argv=None):
571556 enumeration .add_argument ("--sql-shell" , dest = "sqlShell" , action = "store_true" ,
572557 help = "Prompt for an interactive SQL shell" )
573558
574- enumeration .add_argument ("--ssti-query" , dest = "sstiQuery" ,
575- help = "SSTI expression to evaluate in-band on the vulnerable parameter" )
576-
577- enumeration .add_argument ("--ssti-shell" , dest = "sstiShell" , action = "store_true" ,
578- help = "Prompt for an interactive SSTI expression shell" )
579-
580559 enumeration .add_argument ("--sql-file" , dest = "sqlFile" ,
581560 help = "Execute SQL statements from given file(s)" )
582561
@@ -626,11 +605,10 @@ def cmdLineParser(argv=None):
626605 help = "Prompt for an OOB shell, Meterpreter or VNC" )
627606
628607 takeover .add_argument ("--os-smbrelay" , dest = "osSmb" , action = "store_true" ,
629- help = "One click prompt for an OOB shell, Meterpreter or VNC" )
608+ help = "One- click prompt for an OOB shell, Meterpreter or VNC" )
630609
631610 takeover .add_argument ("--os-bof" , dest = "osBof" , action = "store_true" ,
632- help = "Stored procedure buffer overflow "
633- "exploitation" )
611+ help = "Stored procedure buffer overflow exploitation" )
634612
635613 takeover .add_argument ("--priv-esc" , dest = "privEsc" , action = "store_true" ,
636614 help = "Database process user privilege escalation" )
@@ -788,6 +766,24 @@ def cmdLineParser(argv=None):
788766 general .add_argument ("--web-root" , dest = "webRoot" ,
789767 help = "Web server document root directory (e.g. \" /var/www\" )" )
790768
769+ # Non-SQL injection options
770+ nonsql = parser .add_argument_group ("Non-SQL injection" , "These options can be used to test for non-SQL injection types" )
771+
772+ nonsql .add_argument ("--graphql" , dest = "graphql" , action = "store_true" ,
773+ help = "Test for GraphQL injection" )
774+
775+ nonsql .add_argument ("--ldap" , dest = "ldap" , action = "store_true" ,
776+ help = "Test for LDAP injection" )
777+
778+ nonsql .add_argument ("--nosql" , dest = "nosql" , action = "store_true" ,
779+ help = "Test for NoSQL injection" )
780+
781+ nonsql .add_argument ("--xpath" , dest = "xpath" , action = "store_true" ,
782+ help = "Test for XPath injection" )
783+
784+ nonsql .add_argument ("--ssti" , dest = "ssti" , action = "store_true" ,
785+ help = "Test for server-side template injection" )
786+
791787 # Miscellaneous options
792788 miscellaneous = parser .add_argument_group ("Miscellaneous" , "These options do not fit into any other category" )
793789
0 commit comments