Are you tired of manually testing for SQL injection vulnerabilities in your web applications? Do you wish there was an easier way to automate the process and quickly identify potential security risks? Look no further than SQLMap, the powerful and user-friendly tool for database penetration testing.
SQLMap is an open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. With SQLMap, you can quickly and easily scan your applications for vulnerabilities, enumerate the database and tables, dump data, and even gain remote code execution on the target server.
While SQLMap is a powerful tool, it can also be complex to use at times, with a multitude of options and parameters to remember. This cheat sheet is a way for you to remember the basics! Check it out!
Cheat Sheet
Basic Usage
Command
Description
sqlmap -u [URL]
Conduct a SQL injection test on the given URL
sqlmap -r [REQUEST FILE]
Conduct a SQL injection test on a HTTP request file
sqlmap -g [GOOGLE DORK]
Conduct a SQL injection test using a Google search
sqlmap -c [CONFIG FILE]
Load configuration settings from a file
sqlmap -hh
Display help message
sqlmap -v [LEVEL]
Set verbosity level (0-6, default: 1)
sqlmap –wizard
Run the interactive wizard to configure SQLMap
sqlmap –update
Update SQLMap to the latest version
Target Selection
Command
Description
-u [URL]
Target URL
–data [DATA]
Data string to be sent through POST
–cookie [COOKIE]
HTTP Cookie header value
–cookie-file [COOKIE_FILE]
File containing HTTP Cookie header
–level [LEVEL]
Level of tests to perform (1-5, default: 1)
–risk [RISK]
Risk of tests to perform (0-3, default: 1)
–threads [THREADS]
Number of threads to use for testing
–timeout [TIMEOUT]
Maximum time to wait for a response (default: 30)
–random-agent
Use a random user agent string
–tor
Use Tor anonymity network
–proxy [PROXY]
Use a proxy server for requests
–os [OS]
Force a specific DBMS Operating System
Testing Techniques
Command
Description
–technique [TECHNIQUE]
Choose a testing technique (default: BEUSTQ)
–time-sec [TIMEOUT]
Time to wait for a query response (default: 5)
–tamper [TAMPER SCRIPT]
Use a tampering script for injection payloads
–dbms [DBMS]
Specify a DBMS (default: automatic detection)
–dns-domain [DOMAIN NAME]
Use DNS domain name as injection point
–dns-ip [IP ADDRESS]
Use DNS IP address as injection point
–skip-urlencode
Skip URL encoding of injection payloads
–suffix [SUFFIX]
Add a suffix to all injection payloads
–prefix [PREFIX]
Add a prefix to all injection payloads
–skip-waf
Skip Web Application Firewall (WAF) detection
–crawl
Crawl the website for additional injection points
–batch
Run in non-interactive mode with default options
–flush-session
Flush the current session data and settings
Detection and Enumeration
Command
Description
–dbs
Enumerate all databases
–current-db
Identify the current database
–tables
Enumerate all tables in the current database
–columns
Enumerate all columns in the current table
–dump
Dump data from the current table
–dump-all
Dump data from all tables
Exploitation
Command
Description
–sql-shell
Launch an interactive SQL shell
–os-shell
Launch an interactive OS shell
–os-pwn
Attempt to elevate privileges to SYSTEM
–file-read [FILE]
Read a file from the database server
–file-write [FILE]
Write a local file to the database server
–os-cmd [COMMAND]
Execute a command on the operating system
–os-smbrelay
Use SMB relay to execute code on another machine
–priv-esc
Attempt to perform privilege escalation
Miscellaneous
Command
Description
–dump-format [FORMAT]
Set the format for dumping data (CSV, HTML, JSON, etc.)