Elaine00 2021-03-21 19:45 采纳率: 66.7%
浏览 625
已结题

sqlmap执行慢求找问题

我按照配置成功安装了sqlmap,可是执行起来非常慢,我看别人1分钟执行完成的,我的电脑执行了半个小时,想请问一下各位大神,这个执行快慢是否可以通过设置或者关闭什么来提升,为什么同样代码执行起来别人那么快,我这么慢,

下面是执行代码:

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。

D:\Python27\sqlmap>python sqlmap.py -u "http://127.0.0.1/sqli-labs-master/Less-1
/?id=1" --leve=5 --risk=3 --dbs --output-dir=C:\Users\Administrator\Desktop\outp
ut
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [)]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program

[*] starting @ 19:01:08 /2021-03-21/

[19:01:08] [WARNING] using 'C:\Users\Administrator\Desktop\output' as the output
 directory
[19:01:09] [INFO] testing connection to the target URL
[19:01:10] [INFO] checking if the target is protected by some kind of WAF/IPS
[19:01:11] [INFO] testing if the target URL content is stable
[19:01:12] [INFO] target URL content is stable
[19:01:12] [INFO] testing if GET parameter 'id' is dynamic
[19:01:13] [WARNING] GET parameter 'id' does not appear to be dynamic
[19:01:14] [WARNING] heuristic (basic) test shows that GET parameter 'id' might
not be injectable
[19:01:15] [INFO] testing for SQL injection on GET parameter 'id'
[19:01:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[19:02:09] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[19:03:32] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)
'
[19:04:23] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (sub
query - comment)'
[19:05:01] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (subq
uery - comment)'
[19:05:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (com
ment)'
[19:06:01] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (comm
ent)'
[19:06:18] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT
- comment)'
[19:06:27] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS
QL comment)'
[19:06:49] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQ
L comment)'
[19:07:28] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT
- MySQL comment)'
[19:07:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Mic
rosoft Access comment)'
[19:08:12] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Micr
osoft Access comment)'
[19:08:51] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDE
R BY or GROUP BY clause'
[19:09:29] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (MAKE_SET)'
[19:10:10] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (MAKE_SET)'
[19:11:20] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (ELT)'
[19:12:01] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (ELT)'
[19:13:11] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (bool*int)'
[19:14:13] [WARNING] there is a possibility that the target (or WAF/IPS) is drop
ping 'suspicious' requests
[19:14:13] [CRITICAL] connection timed out to the target URL. sqlmap is going to
 retry the request(s)
[19:14:23] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER B
Y or GROUP BY clause (bool*int)'
[19:15:33] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING
clause (CAST)'
[19:16:15] [INFO] testing 'PostgreSQL OR boolean-based blind - WHERE or HAVING c
lause (CAST)'
[19:17:24] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clau
se (CTXSYS.DRITHSX.SN)'
[19:18:02] [INFO] testing 'Oracle OR boolean-based blind - WHERE or HAVING claus
e (CTXSYS.DRITHSX.SN)'
[19:19:12] [INFO] testing 'Boolean-based blind - Parameter replace (original val
ue)'
[19:19:13] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S
ET)'
[19:19:14] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_S
ET - original value)'
[19:19:14] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[19:19:15] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT -
original value)'
[19:19:15] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*i
nt)'
[19:19:16] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*i
nt - original value)'
[19:19:16] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[19:19:17] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace (o
riginal value)'
[19:19:17] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace (G
ENERATE_SERIES)'
[19:19:18] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace (G
ENERATE_SERIES - original value)'
[19:19:20] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Par
ameter replace'
[19:19:21] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Par
ameter replace (original value)'
[19:19:21] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[19:19:22] [INFO] testing 'Oracle boolean-based blind - Parameter replace (origi
nal value)'
[19:19:22] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[19:19:23] [INFO] testing 'Informix boolean-based blind - Parameter replace (ori
ginal value)'
[19:19:24] [INFO] testing 'Microsoft Access boolean-based blind - Parameter repl
ace'
[19:19:25] [INFO] testing 'Microsoft Access boolean-based blind - Parameter repl
ace (original value)'
[19:19:25] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[19:19:26] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - origi
nal value)'
[19:19:26] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[19:19:27] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - origi
nal value)'
[19:19:27] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY
 clause'
[19:19:29] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY
 clause (original value)'
[19:19:29] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY
clause'
[19:19:29] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY
clause (original value)'
[19:19:29] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY c
lause'
[19:19:31] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY clause (ori
ginal value)'
[19:19:31] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY clause (GEN
ERATE_SERIES)'
[19:19:33] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORD
ER BY clause'
[19:19:35] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORD
ER BY clause (original value)'
[19:19:35] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY claus
e'
[19:19:37] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY claus
e (original value)'
[19:19:37] [INFO] testing 'Microsoft Access boolean-based blind - ORDER BY, GROU
P BY clause'
[19:19:39] [INFO] testing 'Microsoft Access boolean-based blind - ORDER BY, GROU
P BY clause (original value)'
[19:19:39] [INFO] testing 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY cl
ause'
[19:19:41] [INFO] testing 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY cl
ause (original value)'
[19:19:41] [INFO] testing 'IBM DB2 boolean-based blind - ORDER BY clause'
[19:19:43] [INFO] testing 'IBM DB2 boolean-based blind - ORDER BY clause (origin
al value)'
[19:19:43] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[19:20:21] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[19:20:47] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[19:20:47] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[19:21:13] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries (GEN
ERATE_SERIES)'
[19:21:39] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Sta
cked queries (IF)'
[19:22:05] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Sta
cked queries'
[19:22:31] [INFO] testing 'Oracle boolean-based blind - Stacked queries'
[19:22:57] [INFO] testing 'Microsoft Access boolean-based blind - Stacked querie
s'
[19:23:23] [INFO] testing 'SAP MaxDB boolean-based blind - Stacked queries'
[19:23:48] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (BIGINT UNSIGNED)'
[19:24:43] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause
(BIGINT UNSIGNED)'
[19:25:37] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (EXP)'
[19:26:31] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause
(EXP)'
[19:27:26] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (GTID_SUBSET)'
[19:28:20] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause
(GTID_SUBSET)'
[19:29:18] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER
 BY or GROUP BY clause (JSON_KEYS)'
[19:30:13] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING claus
e (JSON_KEYS)'
[19:31:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (FLOOR)'
[19:32:01] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY
 or GROUP BY clause (FLOOR)'
  • 写回答

1条回答 默认 最新

  • 会打小怪兽吗 2021-03-23 14:32
    关注

    你的两个参数设置的比较高,不用单独设置,直接默认就行

    --leve=(执行测试的等级1-5默认为1)

    --risk=(执行测试的风险 0-3默认为1)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

问题事件

  • 系统已结题 4月29日
  • 已采纳回答 4月21日

悬赏问题

  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制