Scribd
Upload
3 views

sqlmap-cheat-sheet (1)

The sqlmap Cheat Sheet provides a comprehensive guide for using sqlmap, including installation instructions, basic and advanced usage commands, and various options for session management, target specification, and HTTP requests. It outlines different SQL injection techniques and options for enumeration and exploitation. The document is a valuable resource for security professionals looking to perform SQL injection testing.

Uploaded by

melpomene5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

sqlmap-cheat-sheet (1)

The sqlmap Cheat Sheet provides a comprehensive guide for using sqlmap, including installation instructions, basic and advanced usage commands, and various options for session management, target specification, and HTTP requests. It outlines different SQL injection techniques and options for enumeration and exploitation. The document is a valuable resource for security professionals looking to perform SQL injection testing.

Uploaded by

melpomene5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

sqlmap Cheat Sheet

Installation WAF bypass options Session options


Option Description Option Description
sudo apt install sqlmap
--random-agent Use random user-agent Flush session files for current
--flush-session
target
Basic usage --csrf-token=<param> CSRF token parameter name
Ignore query results stored in
Command Description --tamper=<tamper> Use tamper script --fresh-queries
session file
sqlmap -u <url> Run scan against a URL --list-tampers List available tamper scripts --purge Remove all data from session files
sqlmap -r <file> Run scan on HTTP request file
sqlmap --wizard Interactive wizard IP address concealment Enumeration & exploitation options
sqlmap -h Show basic help message Option Description Option Description
sqlmap -hh Show advanced help message --proxy=<address> Use a proxy server --all Retrieve everything
sqlmap --version Show sqlmap version --tor Use Tor anonymity network --banner Retrieve DBMS banner
--check-tor Ensure that Tor is used properly Perform an extensive DBMS
--fingerprint
Basic options version fingerprint

Option Description Detection options --current-user Retrieve current user

-v <verbosity> Set verbosity level (0-6) Option Description --current-db Retrieve current database

--batch Don't ask for user input --level=LEVEL Level of tests to perform (1-5) --dbs List databases
--risk=RISK Risk of tests to perform (1-3) --tables List tables
Target specification --technique=<techniques>
SQL injection techniques to use --columns List columns
(default "BEUSTQ", see below)
Option Description --schema Enumerate database schema
-u <url> Target URL --dump Dump table entries
Injection techniques
Scan target URLs from a given Dump table entries for all
-m <file> Technique Description --dump-all
text file databases
-g <query> Target Google dork result URLs Appends AND/OR to test for -D <database> Database to enumerate
Boolean-based blind (B)
true/false responses
Crawl a website starting from the -T <table> Table(s) to enumerate
--crawl=<depth> Error-based (E) Forces DBMS to generate an error
target URL
-C <column> Table column(s) to enumerate
UNION query-based (U) Appends UNION SELECT
--file-read=<file> Read a file from the file system
HTTP request options Stacked queries (S)
Appends ; to execute multiple
queries --os-shell Prompt for an interactive shell
Option Description
--data 'uid=1&name=test' Send a POST request with data Appends SLEEP() to delay
Time-based blind (T)
response Output
-H <header> Specify a header
Inline queries (Q) Appends inline queries Option Description
--cookie='PHPSESSID=1234' Specify a cookie header
-t <file> Save requests and responses to a file
--user-agent=<ua> HTTP user-agent header value

© Nth Root Software Consultancy - Last updated on January 16, 2024 - Find more cheat sheets at nth-root.nl/en/cheat-sheets

You might also like