PentOpsVaultCheatSheetsPentesting
SQLMAP CheatSheet
CheatSheet
SQLMap is a powerful tool used for detecting and exploiting SQL injection vulnerabilities in web applications. Cheat sheet covering various SQLMap commands, options, and examples
Table of Contents
- Overview
- Basic Command Structure
- Options
- Detection and Enumeration
- Data Extraction
- Advanced Techniques
- Examples
Basic Command Structure:
Options:
-u <URL>, --url=<URL>: Target URL (e.g., http://example.com/page.php?id=1).-r <RequestFile>, --file=<RequestFile>: Load HTTP request from a file.-p <Parameter>, --param=<Parameter>: Inject into parameter (e.g., id).--data=<Data>: POST data to send.--cookie=<Cookie>: HTTP cookie header value.--user-agent=<Agent>: HTTP user agent header value.--referer=<Referer>: HTTP referer header value.--headers=<Headers>: Extra headers (e.g., "Header1: Value1\nHeader2: Value2").--proxy=<Proxy>: Use a proxy (e.g., "http://127.0.0.1:8080").--random-agent: Use a random HTTP user agent.--level=<Level>: Level of tests to perform (1-5, default: 1).--risk=<Risk>: Risk of tests to perform (1-3, default: 1).--batch: Run in batch mode (no user interaction).--flush-session: Flush session files for current target.--technique=<Technique>: SQL injection technique(s) to use (e.g., "U, T").--string=<String>: String to match when querying the database.--time-sec=<Seconds>: Seconds to wait before timeout (default: 5).
Detection and Enumeration:
--dbs: Enumerate databases.--tables: Enumerate tables in the selected database.--columns: Enumerate columns in the specified table.--count: Retrieve the number of entries for a given parameter.--users: Enumerate DBMS users.
Data Extraction:
-D <Database>, --database=<Database>: Database to enumerate.-T <Table>, --table=<Table>: Table to enumerate.-C <Columns>, --columns=<Columns>: Columns to retrieve.--dump: Dump the data from the specified table.
Advanced Techniques:
--union: Use SQL UNION query injection.--time-sec=<Seconds>: Seconds to delay between requests.--comment=<Comment>: Use specified comment string.--no-cast: Disable the usage of CAST() method.--no-escape: Turn off string escaping.
Examples:
- Basic Scan:
- Using a Request File:
- Enumerating Databases:
- Dumping a Specific Database Table:
- Using Different Injection Techniques:
- Enumerating Columns in a Table:
- Using a Proxy:
- Extracting Specific Columns:
- Using Random User-Agent:
- Advanced Techniques with Delay:
- Enumerating DBMS Users:
- Disabling String Escaping: