Hackers logged into your accounts? REPORT HERE
SQLMAP Commands

SQLMAP Commands

Posted by: Cyber Forensics Category: Cyber Forensic Software TrainingDatabase Assessment ToolsPenetration Testing ToolsReconsqlmapWeb Application Testing

Here are some common SQLMap commands along with their descriptions that you can use in a table format for your cyber-security website:

Command Description
sqlmap -u <URL> Perform SQL injection testing on a specific URL.
sqlmap -u <target url> -D <database> --tables List all the tables in a specific database on the target URL.
sqlmap -u <target url> -D <database> -T <database> --columns List all the columns in a specific table within the database on the target URL.
sqlmap -u <target url> -D <database> -T <database> -C <column> --dump Dump the contents of a specific column in a specific table within the database on the target URL.
sqlmap -r <Request_File> Test SQL injection using a saved HTTP request from a file.
sqlmap -dbs Enumerate the available databases on the target.  This is a thorough scan.
sqlmap -D <Database> -T <Table> Enumerate the columns in a specific table.
sqlmap -D <Database> --tables List all the tables in a specific database.
sqlmap -u <URL> --dump Dump the contents of a database after successful injection.
sqlmap -u <URL> --os-shell Get an interactive operating system shell on the server.
sqlmap -u <URL> --batch Run SQLMap in batch mode without user prompts.
sqlmap -u <URL> --level=<level> Set the SQL injection testing level (1-5, with 5 being the highest).
sqlmap -u <URL> --risk=<risk> Set the risk factor for SQL injection testing (1-3, with 3 being the riskiest).
sqlmap -u <URL> --threads=<n> Specify the number of concurrent HTTP requests (default is 1).
sqlmap --flush-session Flush session data and resume the last session.
sqlmap --batch --update Update SQLMap to the latest version in batch mode.

Please note that using SQLMap for any unauthorized or unethical activities is strictly prohibited. Always ensure you have proper authorization before conducting any security testing on a target system.

 

Prerequisites:

To install sqlmap you either have to have it preinstalled on your linux box, or you can use the command.

sudo apt update

sudo apt install sqlmap

To update it to the latest version if it is preinstalled use the upgrade command

sudo apt upgrade sqlmap

 

Recommendations:

Before you start performing SQL injection testing, make sure you have the following prerequisites in place:

  1. Portable Linux Environment:
    • Prepare a thumb drive or flash drive formatted with software like BalenaEtcher or similar tools. Having a Linux distribution readily available on a flash drive not only makes your work portable but also leaves your computer with ample free space and an uncluttered work environment.
  2. Security-Focused Operating System:
    • Install a stable version of a security-focused operating system such as Parrot OS or Kali Linux on your testing machine. Alternatively, ensure that you have SQLMap installed on your favorite Linux or BSD OS. These distributions come preloaded with a wide range of security tools, including SQLMap, to support your testing needs.
  3. ProxyChains Configuration:
    • To assess the effectiveness of your website's defenses against traffic attempting to hide its origin, configure ProxyChains correctly on your testing machine. The primary purpose of using ProxyChains in vulnerability testing is to obfuscate the source of the traffic. Note that while many firewalls are aware of Tor network IP addresses and may block them, ProxyChains can still help you determine if your website is susceptible to such attacks.