SQLMAP

My notes on SQLMAP (using version 1.9.4#stable)

SQLMAP is an open source pentesting tool used to automate SQLi attacks and exploit flaws on vulnerable targets.

Commands

Help
```
sqlmap -hh
```

All commands are categorized properly in the help menu of SQLMAP according to their usage, for example, Operating System Access, Enumeration, Injection, Request etc.

Examples

GET Based

For example:

sqlmap -u http://test.com/profile.php?name=kavin --dbs

Here we give the url via -u and we use --dbs to enumerate the database.

POST Based

Use Burp Suite or any other tool to get the POST Request which is vulnerable. Save the request locally as a text file.

To use SQLMAP, use the following command

sqlmap -r <request_file> -p <vulnerable_parameter> --dbs

Further you can enumerate the databases, get tables, columns etc.

For example --tables is used to enumerate tables of a specific database selected using -D.

After that, you can get columns in a table using --columns and -T <table_name>.

Most importantly, you can get everything by dumping the database using --dump-all

PreviousTools NextNmap

Last updated 1 month ago