Python authoring, open source
Detection method
Blind detection based on Boolean
Time-based blind detection
Error-based detection
Union-based detection
Stack-based detection
Advantages
Database Direct Connect-D
Automatically update cookie information after the cookie expires
Speed limit: Maximum concurrency, delayed delivery
Can be used in conjunction with Burpsuit, Google
Support BASIC,DIGEST,NTLM,CA identity authentication
Used in conjunction with Metasploit, based on the database service process to extract power and upload execution backdoor
Installation
Apt-get Install git
git clone https://github.com/sqlmapproject/sqlmap.git Sqlmap-dev
Upgrade
Sqlmap--update Update
Git pull
Destination URL
The target URL is detected,-u
or the variable specified by the URL is detected,-p, such as the username of the variable to detect
Add-F to check fingerprint information
Enter to start the check, the results of the scan in the/root/.sqlmap/output directory, in the Linux environment with '. ' All that starts is hidden files.
Start scanning after setting, useful information to highlight
Can be seen with injection vulnerabilities
Add--users to get account information
Get the account information
Add--banner to get the target database version number
--dbs See which libraries are included in the target database management system
Add--schema View all tables in the database
Plus-A To view database user information
Sqlmap as a database client directly connected to the database server, the first to obtain the account and password, port
Sqlmap-d "Mysql://root:[email protected]:P ort"-F--users
Scan multiple URL addresses and scan them together in a single file
Scan with Google search to find all google-searched URLs that contain php$id=1
Using HTTP request files (burpsuit)
Start the Burpsuit agent, log in in the browser, submit a POST request
This request was intercepted in Burpsuite and the data portion of the request header was copied
Create a new file
Paste the copied content to save
Use this file for scanning
Enter execution
Scan with Burpsuite log file
Let Burpsuite generate a log file
Generate log file when submitting a login request
Scan for log files
Add--force-ssl, do a scan of HTTPS
SQLMAP Automatic Injection