SQLMapping
Download SQLMap on
GitHub
Copy
sqlmap
Target
General
Request
Injection
Detection
Techniques
OS Access
Tamper Scripts
Enumeration
Target URL (-u):
Verbosity Level (-v):
--batch (Do not prompt, default behavior)
--flush-session (Remove session files)
--wizard (Wizard interface)
POST Data (--data):
HTTP Cookie (--cookie):
--random-agent (Random User-Agent)
--tor (Tor anonymity network)
--check-tor (Verify Tor usage)
Proxy (--proxy):
Parameter to Test (-p):
Forced DBMS (--dbms):
Test Level (--level):
Test Risk (--risk):
SQL Injection Techniques (--technique):
B - Boolean-based blind
E - Error-based
U - Union query-based
S - Stacked queries
T - Time-based blind
Q - Inline queries
Select the SQL injection techniques you want to use.
--os-shell (Interactive shell)
--os-pwn (OOB shell, Meterpreter, VNC)
Tampering Scripts (--tamper):
0eunion
apostrophemask
apostrophenullencode
appendnullbyte
base64encode
between
binary
bluecoat
chardoubleencode
charencode
charunicodeencode
charunicodeescape
commalesslimit
commalessmid
commentbeforeparentheses
concat2concatws
decentities
dunion
equaltolike
equaltorlike
escapequotes
greatest
halfversionedmorekeywords
hex2char
hexentities
htmlencode
if2case
ifnull2casewhenisnull
ifnull2ifisnull
informationschemacomment
least
lowercase
luanginx
misunion
modsecurityversioned
modsecurityzeroversioned
multiplespaces
ord2ascii
overlongutf8
overlongutf8more
percentage
plus2concat
plus2fnconcat
randomcase
randomcomments
schemasplit
scientific
sleep2getlock
sp_password
space2comment
space2dash
space2hash
space2morecomment
space2morehash
space2mssqlblank
space2mssqlhash
space2mysqlblank
space2mysqldash
space2plus
space2randomblank
substring2leftright
symboliclogical
unionalltounion
unmagicquotes
uppercase
varnish
versionedkeywords
versionedmorekeywords
xforwardedfor
-a, --all (Retrieve all)
-b, --banner (Retrieve banner)
--current-user (Retrieve current user)
--current-db (Retrieve current database)
--passwords (Enumerate password hashes)
--dbs (Enumerate databases)
--tables (Enumerate tables)
--columns (Enumerate columns)
--schema (Enumerate schema)
--dump (Dump table entries)
--dump-all (Dump all)
Database to Enumerate (-D):
Table(s) to Enumerate (-T):
Column(s) to Enumerate (-C):
