-U #注入点
-F #指纹判别数据库类型
-B #获取数据库版本信息
-P #指定可测试的参数 (? page=1&id=2-p "Page,id")
-D "" #指定数据库名
-T "" #指定表名
-C "" #指定字段
-S "" #保存注入过程到一个文件 can also interrupt the next recovery in injection (save-S "Xx.log"
Recovery:-S "Xx.log"--resume)
--level= (1-5) #要执行的测试水平等级默认为1
--risk= (0-3) #测试执行的风险等级默认为1
--time-sec= (2,5) #延迟响应默认为5
--data# sending data via post
--columns# list fields
--current-user #获取当前用户名称
--current-db# get the current database name
--users# Column Database All users
--passwords# all passwords for database users
--privileges# View User rights (--privileges-u root)
-u# Specifying database Users
--dbs# List all databases
--tables-d "" #列出指定数据库中的表
--columns-t "User"-D "MySQL" #列出mysql数据库中的user表的所有字段
--dump-all# list all tables for all databases
--exclude-sysdbs# lists only the user's own new databases and tables
--dump-t ""-D ""-C "" #列出指定数据库的表的字段的数据 (--dump-t users-d
Master-c surname)
--dump-t ""-D ""--start2--TOP4 # Data for the 2-4 field of the table that lists the specified database
--dbms# the specified database (Mysql,oracle,postgresql,microsoft SQL
SERVER,MICROSOFTACCESS,SQLITE,FIREBIRD,SYBASE,SAPMAXDB)
--os# designation System (linux,windows)
-V #详细的等级 (0-6)
0 displays only Python's backtracking errors and critical messages.
1 Displays information and warning messages.
2 displays debug messages.
3 Payload injection.
4 Displays the HTTP request.
5 Displays the HTTP response header.
6 Displaying the contents of the HTTP response page
--privileges #查看权限
Whether the--is-dba# is a database administrator
--roles# Enumerating Database user roles
--udf-inject #导入用户自定义函数获取系统权限
Whether the--union-check# supports union injection
--union-cols#union query Table Records
--union-test#union Statement Test
--union-use #采用union Injection
--union-tech orderby#union with ORDER by
--data "" #POST方式提交数据 (--data "page=1&id=2")
--cookie "with; Separate "#cookie注入
(--cookies= "Phpsessid=mvijocbglq6pi463rlgk1e4v52;security=low")
--referer "" #使用referer欺骗 (--referer "http://www.baidu.com")
--user-agent "" #自定义user-agent
--proxy "http://127.0.0.1:8118" #代理注入
--string= "" #指定关键词, string matching.
--threads# with multithreading (--THREADS3)
--sql-shell# executing the specified SQL command
--sql-query# executes the specified SQL statement (--sql-query "Select password from
Mysql.userwhere user = ' root ' LIMIT0, 1 ")
--file-read# read the specified file
--file-write #写入本地文件 (--file-write/test/test.txt--file-dest/var/www/html/1.txt;
Writes the local test.txt file to the target 1.txt)
--file-dest# the absolute path of the file to be written
--os-cmd=id# Execute System command
--os-shell# System Interaction Shell
--os-pwn# rebound Shell (--os-pwn--msf-path=/opt/framework/msf3/)
--msf-path= #matesploit绝对路径 (--msf-path=/opt/framework/msf3/)
--os-smbrelay#
--os-bof#
--reg-read# read the WIN system registration form
--priv-esc#
--time-sec= #延迟设置 Default--time-sec=5 is 5 seconds
-P "user-agent"--user-agent "Sqlmap/0.7rc1 (http://sqlmap.sourceforge.net)" # Specify
User-agent Injection
--eta# Blind Note
/pentest/database/sqlmap/txt/
Common-columns.txt Field Dictionary
Common-outputs.txt
Common-tables.txt Table Dictionary
Keywords.txt
Oracle-default-passwords.txt
User-agents.txt
Wordlist.txt
This article is from "Green apple" blog, please make sure to keep this source http://green70.blog.51cto.com/3290934/1537337
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
