This cheat sheet references some of the most commonly used sqlmap commands. Whether you’re a seasoned professional looking to brush up on your command-line skills or a newcomer eager to explore the possibilities of networking through sqlmap, you’ll find valuable insights and shortcuts here.
Table of Contents
Installation
| Distribution | Command |
|---|---|
| Debian/Ubuntu | sudo apt-get install sqlmap |
| CentOS/Fedora/Red Hat | sudo yum install sqlmap |
| NixOS | nix-env -iA nixos.sqlmap |
Usage
| Task | Command |
|---|---|
| Basic SQL injection test | sqlmap -u http://example.com |
sqlmap Command Switches
| Switch | Description |
|---|---|
--url or -u | Target URL to scan for SQL injection vulnerabilities. |
--data | Retrieve the DBMS banner (version and other details). |
--cookie | Use specified HTTP Cookie header value for the requests. |
--dbs | Enumerate DBMS databases on the target. |
--tables | Enumerate DBMS database tables from a specific database. |
--dump | Dump the contents of a database table. |
--os-shell | Prompt for an interactive operating system shell. |
--batch | Never ask for user input, use default behavior. |
--banner | Use the Tor anonymity network to make all HTTP requests. |
--tor | Retrieve DBMS’s current user. |
--proxy | Use a proxy to connect to the target URL. |
--random-agent | Use a randomly selected HTTP User-Agent header value. |
--is-dba | Detect whether the DBMS current user is DBA (Database Admin). |
--technique | SQL injection techniques to use (e.g., B for Boolean-based). |
--threads | Number of concurrent HTTP(s) requests. |
--level | Level of tests to perform (1-5, default 1). |
--risk | Risk of tests to perform (1-3, default 1). |
--current-user | Retrieve DBMS’s current database. |
--current-db | Dump all databases’ table entries. |
--count | Retrieve the number of entries for tables. |
--dump-all | Use the given script(s) for tampering injection data. |
--sql-shell | Prompt for an interactive SQL shell. |
--sql-query | Execute the given SQL statement against the database. |
--tamper | Use given script(s) for tampering injection data. |
Wrapping Up
This sqlmap cheat sheet has highlighted the tool’s flexibility and power for everything from simple tasks to advanced operations. Mastering sqlmap can significantly boost your networking skills. Keep practising, exploring further resources, and share your findings to deepen your understanding and contribute to the community’s collective knowledge.
You May Also Be Interested In
References
This table lists some of the most frequently used switches in sqlmap. For a comprehensive list and detailed explanations, refer to the official sqlmap documentation.
