Usage: python sqlmap.py [options] Options: -h, --help Show basic help message and exit -hh Show advanced help message and exit --version Show program's version number and exit -v VERBOSE Verbosity level: 0-6 (default 1) Target: At least one of these options has to be provided to define the target(s) -d DIRECT Connection string for direct database connection -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") -l LOGFILE Parse target(s) from Burp or WebScarab proxy log file -x SITEMAPURL Parse target(s) from remote sitemap(.xml) file -m BULKFILE Scan multiple targets given in a textual file -r REQUESTFILE Load HTTP request from a file -g GOOGLEDORK Process Google dork results as target URLs -c CONFIGFILE Load options from a configuration INI file Request: These options can be used to specify how to connect to the target URL --method=METHOD Force usage of given HTTP method (e.g. PUT) --data=DATA Data string to be sent through POST --param-del=PARA.. Character used for splitting parameter values --cookie=COOKIE HTTP Cookie header value --cookie-del=COO.. Character used for splitting cookie values --load-cookies=L.. File containing cookies in Netscape/wget format --drop-set-cookie Ignore Set-Cookie header from response --user-agent=AGENT HTTP User-Agent header value --random-agent Use randomly selected HTTP User-Agent header value --host=HOST HTTP Host header value --referer=REFERER HTTP Referer header value -H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") --auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI) --auth-cred=AUTH.. HTTP authentication credentials (name:password) --auth-file=AUTH.. HTTP authentication PEM cert/private key file --ignore-401 Ignore HTTP Error 401 (Unauthorized) --proxy=PROXY Use a proxy to connect to the target URL --proxy-cred=PRO.. Proxy authentication credentials (name:password) --proxy-file=PRO.. Load proxy list from a file --ignore-proxy Ignore system default proxy settings --tor Use Tor anonymity network --tor-port=TORPORT Set Tor proxy port other than default --tor-type=TORTYPE Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5) --check-tor Check to see if Tor is used properly --delay=DELAY Delay in seconds between each HTTP request --timeout=TIMEOUT Seconds to wait before timeout connection (default 30) --retries=RETRIES Retries when the connection timeouts (default 3) --randomize=RPARAM Randomly change value for given parameter(s) --safe-url=SAFEURL URL address to visit frequently during testing --safe-post=SAFE.. POST data to send to a safe URL --safe-req=SAFER.. Load safe HTTP request from a file --safe-freq=SAFE.. Test requests between two visits to a given safe URL --skip-urlencode Skip URL encoding of payload data --csrf-token=CSR.. Parameter used to hold anti-CSRF token --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token --force-ssl Force usage of SSL/HTTPS --hpp Use HTTP parameter pollution method --eval=EVALCODE Evaluate provided Python code before the request (e.g. "import hashlib;id2=hashlib.md5(id).hexdigest()") Optimization: These options can be used to optimize the performance of sqlmap -o Turn on all optimization switches --predict-output Predict common queries output --keep-alive Use persistent HTTP(s) connections --null-connection Retrieve page length without actual HTTP response body --threads=THREADS Max number of concurrent HTTP(s) requests (default 1) Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER Testable parameter(s) --skip=SKIP Skip testing for given parameter(s) --skip-static Skip testing parameters that not appear dynamic --dbms=DBMS Force back-end DBMS to this value --dbms-cred=DBMS.. DBMS authentication credentials (user:password) --os=OS Force back-end DBMS operating system to this value --invalid-bignum Use big numbers for invalidating values --invalid-logical Use logical operations for invalidating values --invalid-string Use random strings for invalidating values --no-cast Turn off payload casting mechanism --no-escape Turn off string escaping mechanism --prefix=PREFIX Injection payload prefix string --suffix=SUFFIX Injection payload suffix string --tamper=TAMPER Use given script(s) for tampering injection data Detection: These options can be used to customize the detection phase --level=LEVEL Level of tests to perform (1-5, default 1) --risk=RISK Risk of tests to perform (1-3, default 1) --string=STRING String to match when query is evaluated to True --not-string=NOT.. String to match when query is evaluated to False --regexp=REGEXP Regexp to match when query is evaluated to True --code=CODE HTTP code to match when query is evaluated to True --text-only Compare pages based only on the textual content --titles Compare pages based only on their titles Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique=TECH SQL injection techniques to use (default "BEUSTQ") --time-sec=TIMESEC Seconds to delay the DBMS response (default 5) --union-cols=UCOLS Range of columns to test for UNION query SQL injection --union-char=UCHAR Character to use for bruteforcing number of columns --union-from=UFROM Table to use in FROM part of UNION query SQL injection --dns-domain=DNS.. Domain name used for DNS exfiltration attack --second-order=S.. Resulting page URL searched for second-order response Fingerprint: -f, --fingerprint Perform an extensive DBMS version fingerprint Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements -a, --all Retrieve everything -b, --banner Retrieve DBMS banner --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --hostname Retrieve DBMS server hostname --is-dba Detect if the DBMS current user is DBA --users Enumerate DBMS users --passwords Enumerate DBMS users password hashes --privileges Enumerate DBMS users privileges --roles Enumerate DBMS users roles --dbs Enumerate DBMS databases --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --count Retrieve number of entries for table(s) --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries --search Search column(s), table(s) and/or database name(s) --comments Retrieve DBMS comments -D DB DBMS database to enumerate -T TBL DBMS database table(s) to enumerate -C COL DBMS database table column(s) to enumerate -X EXCLUDECOL DBMS database table column(s) to not enumerate -U USER DBMS user to enumerate --exclude-sysdbs Exclude DBMS system databases when enumerating tables --pivot-column=P.. Pivot column name --where=DUMPWHERE Use WHERE condition while table dumping --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve --first=FIRSTCHAR First query output word character to retrieve --last=LASTCHAR Last query output word character to retrieve --sql-query=QUERY SQL statement to be executed --sql-shell Prompt for an interactive SQL shell --sql-file=SQLFILE Execute SQL statements from given file(s) Brute force: These options can be used to run brute force checks --common-tables Check existence of common tables --common-columns Check existence of common columns User-defined function injection: These options can be used to create custom user-defined functions --udf-inject Inject custom user-defined functions --shared-lib=SHLIB Local path of the shared library File system access: These options can be used to access the back-end database management system underlying file system --file-read=RFILE Read a file from the back-end DBMS file system --file-write=WFILE Write a local file on the back-end DBMS file system --file-dest=DFILE Back-end DBMS absolute filepath to write to Operating system access: These options can be used to access the back-end database management system underlying operating system --os-cmd=OSCMD Execute an operating system command --os-shell Prompt for an interactive operating system shell --os-pwn Prompt for an OOB shell, Meterpreter or VNC --os-smbrelay One click prompt for an OOB shell, Meterpreter or VNC --os-bof Stored procedure buffer overflow exploitation --priv-esc Database process user privilege escalation --msf-path=MSFPATH Local path where Metasploit Framework is installed --tmp-path=TMPPATH Remote absolute path of temporary files directory Windows registry access: These options can be used to access the back-end database management system Windows registry --reg-read Read a Windows registry key value --reg-add Write a Windows registry key value data --reg-del Delete a Windows registry key value --reg-key=REGKEY Windows registry key --reg-value=REGVAL Windows registry key value --reg-data=REGDATA Windows registry key value data --reg-type=REGTYPE Windows registry key value type General: These options can be used to set some general working parameters -s SESSIONFILE Load session from a stored (.sqlite) file -t TRAFFICFILE Log all HTTP traffic into a textual file --batch Never ask for user input, use the default behaviour --binary-fields=.. Result fields having binary values (e.g. "digest") --charset=CHARSET Force character encoding used for data retrieval --crawl=CRAWLDEPTH Crawl the website starting from the target URL --crawl-exclude=.. Regexp to exclude pages from crawling (e.g. "logout") --csv-del=CSVDEL Delimiting character used in CSV output (default ",") --dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE) --eta Display for each output the estimated time of arrival --flush-session Flush session files for current target --forms Parse and test forms on target URL --fresh-queries Ignore query results stored in session file --hex Use DBMS hex function(s) for data retrieval --output-dir=OUT.. Custom output directory path --parse-errors Parse and display DBMS error messages from responses --save=SAVECONFIG Save options to a configuration INI file --scope=SCOPE Regexp to filter targets from provided proxy log --test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW) --test-skip=TEST.. Skip tests by payloads and/or titles (e.g. BENCHMARK) --update Update sqlmap Miscellaneous: -z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU") --alert=ALERT Run host OS command(s) when SQL injection is found --answers=ANSWERS Set question answers (e.g. "quit=N,follow=N") --beep Beep on question and/or when SQL injection is found --cleanup Clean up the DBMS from sqlmap specific UDF and tables --dependencies Check for missing (non-core) sqlmap dependencies --disable-coloring Disable console output coloring --gpage=GOOGLEPAGE Use Google dork results from specified page number --identify-waf Make a thorough testing for a WAF/IPS/IDS protection --skip-waf Skip heuristic detection of WAF/IPS/IDS protection --mobile Imitate smartphone through HTTP User-Agent header --offline Work in offline mode (only use session data) --page-rank Display page rank (PR) for Google dork results --purge-output Safely remove all content from output directory --smart Conduct thorough tests only if positive heuristic(s) --sqlmap-shell Prompt for an interactive sqlmap shell --wizard Simple wizard interface for beginner users

# All paths in this configuration file are relative to Dynmap's data-folder: minecraft_server/dynmap/ # All map templates are defined in the templates directory # To use the HDMap very-low-res (2 ppb) map templates as world defaults, set value to vlowres # The definitions of these templates are in normal-vlowres.txt, nether-vlowres.txt, and the_end-vlowres.txt # To use the HDMap low-res (4 ppb) map templates as world defaults, set value to lowres # The definitions of these templates are in normal-lowres.txt, nether-lowres.txt, and the_end-lowres.txt # To use the HDMap hi-res (16 ppb) map templates (these can take a VERY long time for initial fullrender), set value to hires # The definitions of these templates are in normal-hires.txt, nether-hires.txt, and the_end-hires.txt # To use the HDMap low-res (4 ppb) map templates, with support for boosting resolution selectively to hi-res (16 ppb), set value to low_boost_hi # The definitions of these templates are in normal-low_boost_hi.txt, nether-low_boost_hi.txt, and the_end-low_boost_hi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to vhi-res (32 ppb), set value to hi_boost_vhi # The definitions of these templates are in normal-hi_boost_vhi.txt, nether-hi_boost_vhi.txt, and the_end-hi_boost_vhi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to xhi-res (64 ppb), set value to hi_boost_xhi # The definitions of these templates are in normal-hi_boost_xhi.txt, nether-hi_boost_xhi.txt, and the_end-hi_boost_xhi.txt deftemplatesuffix: lowres # Map storage scheme: only uncommoent one 'type' value # filetree: classic and default scheme: tree of files, with all map data under the directory indicated by 'tilespath' setting # sqlite: single SQLite database file (this can get VERY BIG), located at 'dbfile' setting (default is file dynmap.db in data directory) # mysql: MySQL database, at hostname:port in database, accessed via userid with password # mariadb: MariaDB database, at hostname:port in database, accessed via userid with password # postgres: PostgreSQL database, at hostname:port in database, accessed via userid with password storage: # Filetree storage (standard tree of image files for maps) type: filetree # SQLite db for map storage (uses dbfile as storage location) #type: sqlite #dbfile: dynmap.db # MySQL DB for map storage (at 'hostname':'port' in database 'database' using user 'userid' password 'password' and table prefix 'prefix' #type: mysql #hostname: localhost #port: 3306 #database: dynmap #userid: dynmap #password: dynmap #prefix: "" components: - class: org.dynmap.ClientConfigurationComponent - class: org.dynmap.InternalClientUpdateComponent sendhealth: true sendposition: true allowwebchat: true webchat-interval: 5 hidewebchatip: false trustclientname: false includehiddenplayers: false # (optional) if true, color codes in player display names are used use-name-colors: false # (optional) if true, player login IDs will be used for web chat when their IPs match use-player-login-ip: true # (optional) if use-player-login-ip is true, setting this to true will cause chat messages not matching a known player IP to be ignored require-player-login-ip: false # (optional) block player login IDs that are banned from chatting block-banned-player-chat: true # Require login for web-to-server chat (requires login-enabled: true) webchat-requires-login: false # If set to true, users must have dynmap.webchat permission in order to chat webchat-permissions: false # Limit length of single chat messages chatlengthlimit: 256 # # Optional - make players hidden when they are inside/underground/in shadows (#=light level: 0=full shadow,15=sky) # hideifshadow: 4 # # Optional - make player hidden when they are under cover (#=sky light level,0=underground,15=open to sky) # hideifundercover: 14 # # (Optional) if true, players that are crouching/sneaking will be hidden hideifsneaking: false # If true, player positions/status is protected (login with ID with dynmap.playermarkers.seeall permission required for info other than self) protected-player-info: false # If true, hide players with invisibility potion effects active hide-if-invisiblity-potion: true # If true, player names are not shown on map, chat, list hidenames: false #- class: org.dynmap.JsonFileClientUpdateComponent # writeinterval: 1 # sendhealth: true # sendposition: true # allowwebchat: true # webchat-interval: 5 # hidewebchatip: false # includehiddenplayers: false # use-name-colors: false # use-player-login-ip: false # require-player-login-ip: false # block-banned-player-chat: true # hideifshadow: 0 # hideifundercover: 0 # hideifsneaking: false # # Require login for web-to-server chat (requires login-enabled: true) # webchat-requires-login: false # # If set to true, users must have dynmap.webchat permission in order to chat # webchat-permissions: false # # Limit length of single chat messages # chatlengthlimit: 256 # hide-if-invisiblity-potion: true # hidenames: false - class: org.dynmap.SimpleWebChatComponent allowchat: true # If true, web UI users can supply name for chat using 'playername' URL parameter. 'trustclientname' must also be set true. allowurlname: false # Note: this component is needed for the dmarker commands, and for the Marker API to be available to other plugins - class: org.dynmap.MarkersComponent type: markers showlabel: false enablesigns: false # Default marker set for sign markers default-sign-set: markers # (optional) add spawn point markers to standard marker layer showspawn: true spawnicon: world spawnlabel: "Spawn" # (optional) layer for showing offline player's positions (for 'maxofflinetime' minutes after logoff) showofflineplayers: false offlinelabel: "Offline" offlineicon: offlineuser offlinehidebydefault: true offlineminzoom: 0 maxofflinetime: 30 # (optional) layer for showing player's spawn beds showspawnbeds: false spawnbedlabel: "Spawn Beds" spawnbedicon: bed spawnbedhidebydefault: true spawnbedminzoom: 0 spawnbedformat: "%name%'s bed" # (optional) Show world border (vanilla 1.8+) showworldborder: true worldborderlabel: "Border" - class: org.dynmap.ClientComponent type: chat allowurlname: false - class: org.dynmap.ClientComponent type: chatballoon focuschatballoons: false - class: org.dynmap.ClientComponent type: chatbox showplayerfaces: true messagettl: 5 # Optional: set number of lines in scrollable message history: if set, messagettl is not used to age out messages #scrollback: 100 # Optional: set maximum number of lines visible for chatbox #visiblelines: 10 # Optional: send push button sendbutton: false - class: org.dynmap.ClientComponent type: playermarkers showplayerfaces: true showplayerhealth: true # If true, show player body too (only valid if showplayerfaces=true showplayerbody: false # Option to make player faces small - don't use with showplayerhealth smallplayerfaces: false # Optional - make player faces layer hidden by default hidebydefault: false # Optional - ordering priority in layer menu (low goes before high - default is 0) layerprio: 0 # Optional - label for player marker layer (default is 'Players') label: "Players" #- class: org.dynmap.ClientComponent # type: digitalclock - class: org.dynmap.ClientComponent type: link - class: org.dynmap.ClientComponent type: timeofdayclock showdigitalclock: true #showweather: true # Mouse pointer world coordinate display - class: org.dynmap.ClientComponent type: coord label: "Location" hidey: false show-mcr: false show-chunk: false # Note: more than one logo component can be defined #- class: org.dynmap.ClientComponent # type: logo # text: "Dynmap" # #logourl: "images/block_surface.png" # linkurl: "http://forums.bukkit.org/threads/dynmap.489/" # # Valid positions: top-left, top-right, bottom-left, bottom-right # position: bottom-right #- class: org.dynmap.ClientComponent # type: inactive # timeout: 1800 # in seconds (1800 seconds = 30 minutes) # redirecturl: inactive.html # #showmessage: 'You were inactive for too long.' #- class: org.dynmap.TestComponent # stuff: "This is some configuration-value" # Treat hiddenplayers.txt as a whitelist for players to be shown on the map? (Default false) display-whitelist: false # How often a tile gets rendered (in seconds). renderinterval: 1 # How many tiles on update queue before accelerate render interval renderacceleratethreshold: 60 # How often to render tiles when backlog is above renderacceleratethreshold renderaccelerateinterval: 0.2 # How many update tiles to work on at once (if not defined, default is 1/2 the number of cores) tiles-rendered-at-once: 2 # If true, use normal priority threads for rendering (versus low priority) - this can keep rendering # from starving on busy Windows boxes (Linux JVMs pretty much ignore thread priority), but may result # in more competition for CPU resources with other processes usenormalthreadpriority: true # Save and restore pending tile renders - prevents their loss on server shutdown or /reload saverestorepending: true # Save period for pending jobs (in seconds): periodic saving for crash recovery of jobs save-pending-period: 900 # Zoom-out tile update period - how often to scan for and process tile updates into zoom-out tiles (in seconds) zoomoutperiod: 30 # Control whether zoom out tiles are validated on startup (can be needed if zoomout processing is interrupted, but can be expensive on large maps) initial-zoomout-validate: true # Default delay on processing of updated tiles, in seconds. This can reduce potentially expensive re-rendering # of frequently updated tiles (such as due to machines, pistons, quarries or other automation). Values can # also be set on individual worlds and individual maps. tileupdatedelay: 30 # Tile hashing is used to minimize tile file updates when no changes have occurred - set to false to disable enabletilehash: true # Optional - hide ores: render as normal stone (so that they aren't revealed by maps) #hideores: true # Optional - enabled BetterGrass style rendering of grass and snow block sides #better-grass: true # Optional - enable smooth lighting by default on all maps supporting it (can be set per map as lighting option) smooth-lighting: true # Optional - use world provider lighting table (good for custom worlds with custom lighting curves, like nether) # false=classic Dynmap lighting curve use-brightness-table: true # Optional - render specific block names using the textures and models of another block name: can be used to hide/disguise specific # blocks (e.g. make ores look like stone, hide chests) or to provide simple support for rendering unsupported custom blocks block-alias: # "minecraft:quartz_ore": "stone" # "diamond_ore": "coal_ore" # Default image format for HDMaps (png, jpg, jpg-q75, jpg-q80, jpg-q85, jpg-q90, jpg-q95, jpg-q100, webp, webp-q75, webp-q80, webp-q85, webp-q90, webp-q95, webp-q100), # Note: any webp format requires the presence of the 'webp command line tools' (cwebp, dwebp) (https://developers.google.com/speed/webp/download) # # Has no effect on maps with explicit format settings image-format: jpg-q90 # If cwebp or dwebp are not on the PATH, use these settings to provide their full path. Do not use these settings if the tools are on the PATH # For Windows, include .exe # #cwebpPath: /usr/bin/cwebp #dwebpPath: /usr/bin/dwebp # use-generated-textures: if true, use generated textures (same as client); false is static water/lava textures # correct-water-lighting: if true, use corrected water lighting (same as client); false is legacy water (darker) # transparent-leaves: if true, leaves are transparent (lighting-wise): false is needed for some Spout versions that break lighting on leaf blocks use-generated-textures: true correct-water-lighting: true transparent-leaves: true # ctm-support: if true, Connected Texture Mod (CTM) in texture packs is enabled (default) ctm-support: true # custom-colors-support: if true, Custom Colors in texture packs is enabled (default) custom-colors-support: true # Control loading of player faces (if set to false, skins are never fetched) #fetchskins: false # Control updating of player faces, once loaded (if faces are being managed by other apps or manually) #refreshskins: false # Customize URL used for fetching player skins (%player% is macro for name) skin-url: "http://skins.minecraft.net/MinecraftSkins/%player%.png" # Control behavior for new (1.0+) compass orientation (sunrise moved 90 degrees: east is now what used to be south) # default is 'newrose' (preserve pre-1.0 maps, rotate rose) # 'newnorth' is used to rotate maps and rose (requires fullrender of any HDMap map - same as 'newrose' for FlatMap or KzedMap) compass-mode: newnorth # Triggers for automatic updates : blockupdate-with-id is debug for breaking down updates by ID:meta # To disable, set just 'none' and comment/delete the rest render-triggers: - blockupdate #- blockupdate-with-id #- lightingupdate - chunkpopulate - chunkgenerate #- none # Title for the web page - if not specified, defaults to the server's name (unless it is the default of 'Unknown Server') #webpage-title: "My Awesome Server Map" # The path where the tile-files are placed. tilespath: web/tiles # The path where the web-files are located. webpath: web # The path were the /dynmapexp command exports OBJ ZIP files exportpath: export # The network-interface the webserver will bind to (0.0.0.0 for all interfaces, 127.0.0.1 for only local access). # If not set, uses same setting as server in server.properties (or 0.0.0.0 if not specified) #webserver-bindaddress: 0.0.0.0 # The TCP-port the webserver will listen on. webserver-port: 8123 # Maximum concurrent session on internal web server - limits resources used in Bukkit server max-sessions: 30 # Disables Webserver portion of Dynmap (Advanced users only) disable-webserver: false # Enable/disable having the web server allow symbolic links (true=compatible with existing code, false=more secure (default)) allow-symlinks: true # Enable login support login-enabled: false # Require login to access website (requires login-enabled: true) login-required: false # Period between tile renders for fullrender, in seconds (non-zero to pace fullrenders, lessen CPU load) timesliceinterval: 0.0 # Maximum chunk loads per server tick (1/20th of a second) - reducing this below 90 will impact render performance, but also will reduce server thread load maxchunkspertick: 200 # Progress report interval for fullrender/radiusrender, in tiles. Must be 100 or greater progressloginterval: 100 # Parallel fullrender: if defined, number of concurrent threads used for fullrender or radiusrender # Note: setting this will result in much more intensive CPU use, some additional memory use. Caution should be used when # setting this to equal or exceed the number of physical cores on the system. #parallelrendercnt: 4 # Interval the browser should poll for updates. updaterate: 2000 # If nonzero, server will pause fullrender/radiusrender processing when 'fullrenderplayerlimit' or more users are logged in fullrenderplayerlimit: 0 # If nonzero, server will pause update render processing when 'updateplayerlimit' or more users are logged in updateplayerlimit: 0 # Target limit on server thread use - msec per tick per-tick-time-limit: 50 # If TPS of server is below this setting, update renders processing is paused update-min-tps: 18.0 # If TPS of server is below this setting, full/radius renders processing is paused fullrender-min-tps: 18.0 # If TPS of server is below this setting, zoom out processing is paused zoomout-min-tps: 18.0 showplayerfacesinmenu: true # Control whether players that are hidden or not on current map are grayed out (true=yes) grayplayerswhenhidden: true # Set sidebaropened: 'true' to pin menu sidebar opened permanently, 'pinned' to default the sidebar to pinned, but allow it to unpin #sidebaropened: true # Customized HTTP response headers - add 'id: value' pairs to all HTTP response headers (internal web server only) #http-response-headers: # Access-Control-Allow-Origin: "my-domain.com" # X-Custom-Header-Of-Mine: "MyHeaderValue" # Trusted proxies for web server - which proxy addresses are trusted to supply valid X-Forwarded-For fields trusted-proxies: - "127.0.0.1" - "0:0:0:0:0:0:0:1" joinmessage: "%playername% joined" quitmessage: "%playername% quit" spammessage: "You may only chat once every %interval% seconds." # format for messages from web: %playername% substitutes sender ID (typically IP), %message% includes text webmsgformat: "&color;2[WEB] %playername%: &color;f%message%" # Control whether layer control is presented on the UI (default is true) showlayercontrol: true # Enable checking for banned IPs via banned-ips.txt (internal web server only) check-banned-ips: true # Default selection when map page is loaded defaultzoom: 0 defaultworld: world defaultmap: flat # (optional) Zoom level and map to switch to when following a player, if possible #followzoom: 3 #followmap: surface # If true, make persistent record of IP addresses used by player logins, to support web IP to player matching persist-ids-by-ip: true # If true, map text to cyrillic cyrillic-support: false # Messages to customize msg: maptypes: "Map Types" players: "Players" chatrequireslogin: "Chat Requires Login" chatnotallowed: "You are not permitted to send chat messages" hiddennamejoin: "Player joined" hiddennamequit: "Player quit" # URL for client configuration (only need to be tailored for proxies or other non-standard configurations) url: # configuration URL #configuration: "up/configuration" # update URL #update: "up/world/{world}/{timestamp}" # sendmessage URL #sendmessage: "up/sendmessage" # login URL #login: "up/login" # register URL #register: "up/register" # tiles base URL #tiles: "tiles/" # markers base URL #markers: "tiles/" # Snapshot cache size, in chunks snapshotcachesize: 500 # Snapshot cache uses soft references (true), else weak references (false) soft-ref-cache: true # Player enter/exit title messages for map markers # # Processing period - how often to check player positions vs markers - default is 1000ms (1 second) #enterexitperiod: 1000 # Title message fade in time, in ticks (0.05 second intervals) - default is 10 (1/2 second) #titleFadeIn: 10 # Title message stay time, in ticks (0.05 second intervals) - default is 70 (3.5 seconds) #titleStay: 70 # Title message fade out time, in ticks (0.05 seocnd intervals) - default is 20 (1 second) #titleFadeOut: 20 # Enter/exit messages use on screen titles (true - default), if false chat messages are sent instead #enterexitUseTitle: true # Set true if new enter messages should supercede pending exit messages (vs being queued in order), default false #enterReplacesExits: true # Set to true to enable verbose startup messages - can help with debugging map configuration problems # Set to false for a much quieter startup log verbose: false # Enables debugging. #debuggers: # - class: org.dynmap.debug.LogDebugger # Debug: dump blocks missing render data dump-missing-blocks: false

Virtualized Intrusion Detection System (IDS) with Snort A Wi-Fi-based IDS simulation using Kali Linux (attacker), Ubuntu (victim), and a Snort-enabled Ubuntu VM to monitor and detect cyberattacks — all within a multi-VM, cross-host setup.

A simple project implementing IDS and IPS systems with the Snort tool.

Simple Bash script for scraping TOR exit nodes and putting them in CSV format for upload to IDS / IPS systems