SQLMap Cheat Sheet


Are you tired of manually testing for SQL injection vulnerabilities in your web applications? Do you wish there was an easier way to automate the process and quickly identify potential security risks? Look no further than SQLMap, the powerful and user-friendly tool for database penetration testing.

SQLMap is an open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. With SQLMap, you can quickly and easily scan your applications for vulnerabilities, enumerate the database and tables, dump data, and even gain remote code execution on the target server.

While SQLMap is a powerful tool, it can also be complex to use at times, with a multitude of options and parameters to remember. This cheat sheet is a way for you to remember the basics! Check it out!

Cheat Sheet

Basic Usage

sqlmap -u [URL]Conduct a SQL injection test on the given URL
sqlmap -r [REQUEST FILE]Conduct a SQL injection test on a HTTP request file
sqlmap -g [GOOGLE DORK]Conduct a SQL injection test using a Google search
sqlmap -c [CONFIG FILE]Load configuration settings from a file
sqlmap -hhDisplay help message
sqlmap -v [LEVEL]Set verbosity level (0-6, default: 1)
sqlmap –wizardRun the interactive wizard to configure SQLMap
sqlmap –updateUpdate SQLMap to the latest version

Target Selection

-u [URL]Target URL
–data [DATA]Data string to be sent through POST
–cookie [COOKIE]HTTP Cookie header value
–cookie-file [COOKIE_FILE]File containing HTTP Cookie header
–level [LEVEL]Level of tests to perform (1-5, default: 1)
–risk [RISK]Risk of tests to perform (0-3, default: 1)
–threads [THREADS]Number of threads to use for testing
–timeout [TIMEOUT]Maximum time to wait for a response (default: 30)
–random-agentUse a random user agent string
–torUse Tor anonymity network
–proxy [PROXY]Use a proxy server for requests
–os [OS]Force a specific DBMS Operating System

Testing Techniques

–technique [TECHNIQUE]Choose a testing technique (default: BEUSTQ)
–time-sec [TIMEOUT]Time to wait for a query response (default: 5)
–tamper [TAMPER SCRIPT]Use a tampering script for injection payloads
–dbms [DBMS]Specify a DBMS (default: automatic detection)
–dns-domain [DOMAIN NAME]Use DNS domain name as injection point
–dns-ip [IP ADDRESS]Use DNS IP address as injection point
–skip-urlencodeSkip URL encoding of injection payloads
–suffix [SUFFIX]Add a suffix to all injection payloads
–prefix [PREFIX]Add a prefix to all injection payloads
–skip-wafSkip Web Application Firewall (WAF) detection
–crawlCrawl the website for additional injection points
–batchRun in non-interactive mode with default options
–flush-sessionFlush the current session data and settings

Detection and Enumeration

–dbsEnumerate all databases
–current-dbIdentify the current database
–tablesEnumerate all tables in the current database
–columnsEnumerate all columns in the current table
–dumpDump data from the current table
–dump-allDump data from all tables


–sql-shellLaunch an interactive SQL shell
–os-shellLaunch an interactive OS shell
–os-pwnAttempt to elevate privileges to SYSTEM
–file-read [FILE]Read a file from the database server
–file-write [FILE]Write a local file to the database server
–os-cmd [COMMAND]Execute a command on the operating system
–os-smbrelayUse SMB relay to execute code on another machine
–priv-escAttempt to perform privilege escalation


–dump-format [FORMAT]Set the format for dumping data (CSV, HTML, JSON, etc.)
–prefix-url [PREFIX_URL]Add a prefix to the target URL
–suffix-url [SUFFIX_URL]Add a suffix to the target URL
–skip-tampersSkip loading tamper scripts
–skip-staticSkip static file analysis
–hide-outputHide all output except for vulnerable parameters
–skip-greetingSkip the SQLMap banner and greeting message
–versionDisplay SQLMap version information