New options in the Exploitation module.

Input layout adjustments.

Author: vizzdoom

README.md

@@ -1,4 +1,7 @@
-![SQLMAP COMMAND BUILDER](logo-white.png)
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./logo.png">
+  <img alt="SQLMAP COMMAND BUILDER" src="./logo-white.png">
+</picture>
 
 **Take control of SQLMap with a single page app.** This interactive builder lets you craft advanced [SQLMap](https://github.com/sqlmapproject/sqlmap) commands without memorising dozens of CLI switches. 
 

app.js

@@ -509,7 +509,31 @@ class SQLMapGenerator {
         if (table) config['-T'] = table;
 
         const column = document.getElementById('column').value.trim();
-        if (column) config['-C'] = column;
+        if (column) config['-C'] = column;        
+
+        const exclude = document.getElementById('exclude').value.trim();
+        if (exclude) config['-X'] = exclude;
+        
+        const user = document.getElementById('user').value.trim();
+        if (user) config['-U'] = user;        
+        
+        const pivotColumn = document.getElementById('pivotColumn').value.trim();
+        if (pivotColumn) config['--pivot-column'] = pivotColumn;        
+
+        const where = document.getElementById('where').value.trim();
+        if (where) config['--where'] = where;
+
+        const start = document.getElementById('start').value.trim();
+        if (start) config['--start'] = start;
+        
+        const stop = document.getElementById('stop').value.trim();
+        if (stop) config['--stop'] = stop;
+        
+        const first = document.getElementById('first').value.trim();
+        if (first) config['--first'] = first;
+        
+        const last = document.getElementById('last').value.trim();
+        if (last) config['--last'] = last;
 
         return config;
     }
@@ -536,7 +560,7 @@ class SQLMapGenerator {
             '--batch', '-v', '-t', '--parse-errors', '--test-filter',
             '--all', '--banner', '--columns', '--comments', '--count', '--current-user', '--current-db', '--dbs', '--dump', '--dump-all', 
             '--hostname', '--is-dba', '--passwords', '--privileges', '--roles', '--schema', '--search', '--statements', '--tables', '--users',
-            '-D', '-T', '-C', '-o',
+            '-D', '-T', '-C', '-X', '-U', '--pivot-column', '--where', '--start', '--stop', '--first', '--last',
             '--tamper', '--prefix', '--suffix', '--csrf-token', '--csrf-url', '--second-url'
         ];
 
@@ -867,8 +891,15 @@ class SQLMapGenerator {
                 '-D': 'database',
                 '-T': 'table',
                 '-C': 'column',
+                '-X': 'exclude',
+                '-U': 'user',
+                '--where': 'where',
+                '--start': 'start',
+                '--stop': 'stop',
+                '--first': 'first',
+                '--last': 'last',
+                '--pivot-column': 'pivotColumn',
                 '--null-connection': 'nullConnection',
-                '-o': 'optimize',
                 '--tamper': 'tamper',
                 '--second-url': 'secondUrl'
             };

index.html

@@ -714,19 +714,64 @@ <h3>Attack Optimalization</h3>
                 <div class="card">
                     <div class="card__body">
                         <div class="form-grid">
+                            <!-- -D -->
                             <div class="form-group">
                                 <label class="form-label" title="DBMS database to enumerate" for="database">DATABASE(S) NAME FOR ENUMERATION<br/><span>-D</span></label>
                                 <input type="text" id="database" class="form-control" placeholder="database_name1,database_name2">
                             </div>
+                            <!-- -T -->
                             <div class="form-group">
                                 <label class="form-label" title="DBMS database table(s) to enumerate" for="table">TABLE(S) NAME FOR ENUMERATION<br/><span>-T</span></label>
                                 <input type="text" id="table" class="form-control" placeholder="table_name1,table_name2">
                             </div>
+                            <!-- -C -->
                             <div class="form-group">
                                 <label class="form-label" title="DBMS database table column(s) to enumerate" for="column">COLUMN(S) NAME FOR ENUMERATION<br/><span>-C</span></label>
                                 <input type="text" id="column" class="form-control" placeholder="column_name1,column_name2">
+                            </div>                            
+                            <!-- -X -->
+                            <div class="form-group">
+                                <label class="form-label" title="DBMS database identifier(s) to not enumerate" for="exclude">DBMS(S) TO NOT ENUMARATE<br/><span>-X</span></label>
+                                <input type="text" id="exclude" class="form-control" placeholder="dbname">
+                            </div>
+                            <!-- -U -->
+                            <div class="form-group">
+                                <label class="form-label" title="DBMS user to enumerate (can be used with --roles and --passwords)" for="user">USER NAME FOR ENUMERATION<br/><span>-U</span></label>
+                                <input type="text" id="user" class="form-control" placeholder="username">
+                            </div>                            
+                            <!-- --pivot-column -->
+                            <div class="form-group">
+                                <label class="form-label" title="Sometimes (e.g. for Microsoft SQL Server) it is not possible to dump the table rows straightforward by using OFFSET m, n mechanism because of lack of similar. In such cases sqlmap dumps the content by determining the most suitable pivot column (the one with most unique values) whose values are used later on for retrieval of other column values. 
+If it is necessary to enforce the usage of particular pivot column because the automatically chosen one is not suitable (e.g. because of lack of table dump results) you can use option --pivot-column (e.g. --pivot-column=id)." for="pivotColumn">PIVOT COLUMN NAME<br/><span>--pivot-column</span></label>
+                                <input type="text" id="pivotColumn" class="form-control" placeholder="column_name">
+                            </div>                            
+                            <!-- --where -->
+                            <div class="form-group">
+                                <label class="form-label" title='In case that you want to constraint the --dump to specific column values (or ranges) you can use option --where. Provided logical operation will be automatically used inside the WHERE clause. For example, if you use --where="id>3" only table rows having value of column id greater than 3 will be retrieved (by appending WHERE id>3 to used dumping queries).' for="where">DUMP FILTER CONDITION<br/><span>--where</span></label>
+                                <input type="text" id="where" class="form-control" placeholder="SQL CONDITION">
+                            </div>
+                            <!-- --start -->
+                            <div class="form-group">
+                                <label class="form-label" title='If you want to dump only a range of entries, then you can provide options --start and/or --stop to respectively start to dump from a certain entry and stop the dump at a certain entry. For instance, if you want to dump only the first entry, provide --stop 1 in your command line. Vice versa if, for instance, you want to dump only the second and third entry, provide --start 1 --stop 3.' for="start">FIRST DUMP TABLE ENTRY<br/><span>--start</span></label>
+                                <input type="number" id="start" class="form-control" placeholder="1">
+                            </div>
+                            <!-- --stop -->
+                            <div class="form-group">
+                                <label class="form-label" title='If you want to dump only a range of entries, then you can provide options --start and/or --stop to respectively start to dump from a certain entry and stop the dump at a certain entry. For instance, if you want to dump only the first entry, provide --stop 1 in your command line. Vice versa if, for instance, you want to dump only the second and third entry, provide --start 1 --stop 3.' for="stop">LAST DUMP TABLE ENTRY<br/><span>--stop</span></label>
+                                <input type="number" id="stop" class="form-control" placeholder="3">
+                            </div>
+                            <!-- --first -->
+                            <div class="form-group">
+                                <label class="form-label" title="It is possible to specify which single character or range of characters to dump with options --first and --last. For instance, if you want to dump columns' entries from the third to the fifth character, provide --first 3 --last 5. This feature only applies to the blind SQL injection techniques because for error-based and UNION query SQL injection techniques the number of requests is exactly the same, regardless of the length of the column's entry output to dump." for="first">FIRST DUMP TABLE ENTRY<br/><span>--first</span></label>
+                                <input type="number" id="first" class="form-control" placeholder="3">
+                            </div>
+                            <!-- --last -->
+                            <div class="form-group">
+                                <label class="form-label" title="It is possible to specify which single character or range of characters to dump with options --first and --last. For instance, if you want to dump columns' entries from the third to the fifth character, provide --first 3 --last 5. This feature only applies to the blind SQL injection techniques because for error-based and UNION query SQL injection techniques the number of requests is exactly the same, regardless of the length of the column's entry output to dump." for="last">LAST DUMP TABLE ENTRY<br/><span>--last</span></label>
+                                <input type="number" id="last" class="form-control" placeholder="5">
                             </div>
-                            <div class="checkbox-grid" title="These options can be used to enumerate the back-end database management system information, structure and data contained in the tables">
+                            <!-- ENUMERATION -->
+                            <div class="checkbox-grid" style="grid-row-start: 1; grid-row-end: 6;" title="These options can be used to enumerate the back-end database management system information, structure and data contained in the tables">
                                 <label class="form-label">ENUMERATION AND DATA EXFILTRATION</label>
                                 <label class="checkbox-label" title="Retrieve everything">
                                     <input type="checkbox" id="all">

style.css

@@ -46,9 +46,8 @@
   /* Typography */
   --font-family-base: "Geist", "Inter", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
   --font-family-mono: 'Courier New', monospace;
-  --font-size-xs: 11px;
-  --font-size-s: 12px;
-  --font-size-base: 13px;
+  --font-size-xs: 10px;
+  --font-size-s: 11px;
   --font-size-m: 13px;
   --font-size-l: 16px;
   --font-size-xl: 18px;
@@ -90,7 +89,7 @@
     inset 0 -1px 0 rgba(0, 0, 0, 0.03);
 
   /* Animation */
-  --duration-fast: 250ms;
+  --duration-fast: 200ms;
   --duration-normal: 500ms;
   --ease-standard: cubic-bezier(0.16, 1, 0.3, 1);
 
@@ -152,7 +151,7 @@
   align-items: center;
   justify-content: center;
   padding: var(--space-s) var(--space-s);
-  font-size: var(--font-size-xs);
+  font-size: var(--font-size-s);
   width: 135px;
   max-width: 135px;
   height: 55px;
@@ -168,6 +167,7 @@
 @media (min-width: 600px) {
   .btn {
     padding: var(--space-m) var(--space-l);
+    font-size: var(--font-size-s);
     width: 240px;
     max-width: 240px;
     height: 40px;
@@ -202,10 +202,6 @@
   gap: var(--space-m);
 }
 
-.form-grid-tamper label.checkbox-label-tamper  { 
-  font-size: var(--font-size-sm) !important;
-}
-
 
 /* @media (min-width: 625px) {
   #tampering .form-grid {
@@ -246,7 +242,7 @@ label span.checkbox-label-tamper__title {
 
 /* Base styles */
 html {
-  font-size: var(--font-size-base);
+  font-size: var(--font-size-m);
   font-family: var(--font-family-base);
   line-height: var(--line-height-normal);
   color: var(--color-text);
@@ -316,7 +312,7 @@ a:hover {
 code,
 pre {
   font-family: var(--font-family-mono);
-  font-size: calc(var(--font-size-base) * 0.95);
+  font-size: calc(var(--font-size-m) * 0.95);
   background-color: var(--color-secondary);
   border-radius: var(--radius-s);
 }
@@ -416,7 +412,7 @@ pre code {
   display: block;
   width: 100%;
   padding: var(--space-s) var(--space-m);
-  font-size: var(--font-size-m);
+  font-size: var(--font-size-s);
   line-height: 1.5;
   color: var(--color-text);
   background-color: var(--color-surface);
@@ -437,7 +433,7 @@ pre code {
   color: var(--hacker-primary);
   font-weight: bold;
   margin-bottom: var(--space-s);
-  font-size: var(--font-size-xs);
+  font-size: var(--font-size-s);
   letter-spacing: 0.7px;
 }
 
@@ -466,7 +462,7 @@ pre code {
 
 textarea.form-control {
   font-family: var(--font-family-mono);
-  font-size: var(--font-size-base);
+  font-size: var(--font-size-s);
   resize: vertical;
   min-height: 39px;
 }