Sqlmap Help Information

Usage:sqlmap.py [Options]

Options:
-H,--help displays basic help information and exits
-HH Display advanced help information and exit
--version Display the program version number and exit
-V VERBOSE verbose level 0-6 (default 1)

Goal:
At least one of the options must be provided to define the stated target

-D Direct connection string for connecting directly to the database
-u URL,--url=url destination URL (e.g. "http://www.site.com/vuln.php?id=1")
-L LOGFILE the target from the burp or webscarab agent log file
-X Sitemapurl the destination from the remote site map XML file
-M bulkfile scans a text file for a given number of targets
-R RequestFile loading HTTP requests from a file
-G googledork processing Google dork results as target URLs
-c configfile loading options from INI configuration file

Request:
These options can be used to specify how to connect to the destination URL

--method=method enforces the use of the given HTTP method (e.g. PUT)
--data=data data string sent via post
--param-del=para. The character used to split the parameter value
--cookie=cookie HTTP Cookie Value
--cookie-del=coo. The character used to split the cookie value
--load-cookies=l. Netscape/wget format files that contain cookies
--drop-set-cookie Ignore Set-cookie from response
--user-agent=agent HTTP user-agent Value
--random-agent using a randomly selected HTTP user-agent value
--host=host HTTP Host Value
--referer=referer HTTP referer Value
-H HEADER,--hea. Extension header (e.g. "x-forwarded-for:127.0.0.1")
--headers=headers extension head (e.g. "accept-language:fr\netag:123")
--auth-type=auth. HTTP Authentication Type (Basic, Digest, NTLM, or PKI)
--auth-cred=auth. HTTP Authentication Certificate (Name:password)
--auth-file=auth. HTTP authentication Pem cert/private key file
--ignore-401 Ignore HTTP Error 401 (unauthorized)
--proxy=proxy using a proxy to connect to the destination URL
--proxy-cred=pro. Proxy authentication Credentials (Name:password)
--proxy-file=pro. Load Agent list from file
--ignore-proxy Ignore system default proxy settings
--tor using Tor anonymous network
--tor-port=torport Setting the default Tor proxy port
--tor-type=tortype setting Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)
--check-tor Check if Tor is used correctly
--delay=delay the number of seconds to delay between each HTTP request
--timeout=timeout number of seconds to wait before timeout connection (default 30)
--retries=retries number of retries when connection timeout (default 3)
--randomize=rparam random change value for a given parameter
--safe-url=safeurl URL addresses that are frequently accessed during testing
--safe-post=safe. Post data sent to the secure URL
--safe-req=safer. Load a secure HTTP request from a file
--safe-freq=safe. The number of test requests between two accesses to a given secure URL
--skip-urlencode Skip URL encoding of attack payload data
--CSRF-TOKEN=CSR. Parameters to hold the CSRF token
ANTI-CSRF token extracted from the URL address of the--csrf-url=csrfurl access
--force-ssl Mandatory use of Ssl/https
--HPP methods for using HTTP parameter contamination
--eval=evalcode evaluates the provided Python code (e.g. "Import hashlib;id2=hashlib.md5 (ID)" Before the request. Hexdigest () ")

Optimization:
These options can be used to optimize the performance of Sqlmap

-O Turn on all optimization switches
--predict-output predicting common query output
--keep-alive using a persistent HTTP (s) connection
--null-connection retrieving the actual page length outside the HTTP response body
--threads=threads Maximum number of concurrent HTTP (s) requests (default 1)

Injection:
These options can be used to specify which parameters to test, provide a custom injection attack payload, and an optional tamper script.

-p testparameter parameters that can be tested
--skip=skip skipping tests for a given parameter
--skip-static Skip Test No dynamic parameters are present
--dbms=dbms forced back-end database management system for this value
--dbms-cred=dbms. DBMS authentication Credentials (User:password)
--os=os Mandatory Backend Database management system for this value
--invalid-bignum using large numbers for invalid values
--invalid-logical using logical operations to invalidate values
--invalid-string using a random string to invalidate a value
--no-cast shutdown attack Load casting mechanism
--no-escape closing the string escape mechanism
--prefix=prefix prefix string to inject attack payload
--suffix=suffix the suffix string injected into the attack payload
--tamper=tamper using the given script to tamper with the injected data

Found:
These options can be used to customize the detection level

Test level performed by--level=level (1-5, default 1)
Test risk performed by--risk=risk (1-3, default 1)
--string=string the string to match when the query is evaluated as true
--not-string=not. The string to match when the query is evaluated as false
--regexp=regexp the regular expression to match when the query is evaluated as true
--code=code the HTTP code to match when the query is evaluated as true
--text-only based on text content comparison page only
--titles based on their title comparison page only

Technology:
These options can be used to adjust test-specific SQL injection techniques

SQL injection technology used by--technique=tech (default "BEUSTQ")
--time-sec=timesec number of seconds to delay DBMS response (default 5)
--union-cols=ucols testing the range of columns for a federated query SQL injection
--union-char=uchar characters used for brute force number of columns
--union-from=ufrom table for federated query SQL injection from section
--dns-domain=dns. Domain name used for DNS bleed-out attacks
--second-order=s. URL of the page that searches for second-order response results

Fingerprint:
-F,--fingerprint demonstrates a broad version of the DBMS fingerprint

Enumeration:
These options can be used to enumerate the information, structure, and data of the back-end database management system contained in the table. In addition, you can run your own SQL statements.

-A,--all retrieve all content
-B,--banner retrieving DBMS Banner
--current-user retrieving the current user of the DBMS
--current-db retrieving the current DBMS database
--hostname retrieving the DBMS server host name
--IS-DBA detecting whether the DBMS current user is DBA
--users Enumerating DBMS users
--passwords enumeration of DBMS user password hashes
--privileges Enumerating DBMS User rights
--roles Enumerating DBMS user roles
--dbs Enumerating DBMS databases
--tables Enumerating DBMS data tables
--columns Enumerating DBMS data columns
--schema Enumerating the DBMS schemas
--count Retrieve table Record Count
--dump Dump DBMS data table records
--dump-all dump all DBMS data sheet records
--search Search column, table, or database name
--comments Retrieving DBMS annotations
-D DB enumerated DBMS database
-T TBL enumerated DBMS data table
DBMS data columns for-C COL Enumeration
-X Excludecol DBMS data columns that are not enumerated
-U user enumeration of DBMS users
--exclude-sysdbs to exclude DBMS system databases when enumerating tables
--pivot-column=p. Pivot Column Name
Where condition used when--where=dumpwhere a dump table
First query output entry for--start=limitstart retrieval
Last query output entry for--stop=limitstop retrieval
--first=firstchar the first query output character retrieved
--last=lastchar the last query output character retrieved
--sql-query=query the SQL statement to execute
--sql-shell get an Interactive SQL shell
--sql-file=sqlfile executing SQL statements from a given file

Brute Force hack:
These options can be used to run brute force check

--common-tables checking for the presence of common tables
--common-columns checking for the presence of common columns

User-defined function injection:
These options can be used to create custom user-defined functions

--udf-inject injecting user-defined functions
--shared-lib=shlib local path to shared library

File system access:
These options can be used to access the basic file system of the backend database management system

--file-read=rfile reading files from the file system of the backend database management system
--file-write=wfile writing local files to the file system in the back-end database management system
--file-dest=dfile the absolute path to the file written to the back-end database management system

Operating system access:
These options can be used to access the underlying operating system of the back-end database management system

--os-cmd=oscmd executing operating system commands
--os-shell get an interactive operating system shell
--os-pwn get an OOB shell, Meterpreter or VNC
--os-smbrelay One-click Get an OOB shell, Meterpreter or VNC
--os-bof stored Procedure Buffer Overflow utilization
--PRIV-ESC Database Process User privilege elevation
--msf-path=msfpath loading the local path of the installed Metasploit framework
--tmp-path=tmppath remote Absolute path to temporary file directory

Windows Registry access:
These options can be used to access the Windows registry of the backend database management system

--reg-read reading Windows registry key values
--reg-add writing Windows registry key-value data
--reg-del deleting Windows registry key values
--reg-key=regkey Windows registry key
--reg-value=regval Windows registry key values
--reg-data=regdata Windows registry key value data
--reg-type=regtype Windows registry key value type

General:
These options can be used to set some common working parameters

-S Sessionfile load session from SQLite store file
-T trafficfile log all HTTP traffic to a text file
--batch never ask for user input, use default behavior
--binary-fields=. A field with a binary value (e.g. "Digest")
--charset=charset force a character encoding for data retrieval
--crawl=crawldepth crawl site from Target URL
--crawl-exclude=. Use regular expressions to exclude crawling Web pages (e.g. "logout")
--csv-del=csvdel the delimiter character used in the CSV output (default ",")
--dump-format=du. Format of Dump data (CSV (default), HTML or SQLITE)
--eta shows the estimated time of arrival for each output
--flush-session Flush session file for current target
--forms parsing and testing the form on the destination URL
--fresh-queries Ignore query results stored in the session file
--hex data retrieval using the DBMS hex function
--output-dir=out. Custom Output directory path
--parse-errors parsing and displaying DBMS error messages from the response
--save=saveconfig save options to ini config file
--scope=scope filtering the target from the provided proxy log with regular expressions
--test-filter=te. Select test by attack payload or title
--test-skip=test. Skip test by attack payload or title (e.g. BENCHMARK)
--update Update Sqlmap

Miscellaneous:
-Z mnemonics using short mnemonics (e.g. "Flu,bat,ban,tec=eu")
--alert=alert running operating system commands when SQL injection is found
--answers=answers set the answer to the question (e.g. "quit=n,follow=n")
--beep beep When a problem is encountered or SQL injection is found
--cleanup cleanup of Sqlmap generated UDFs and tables in the DBMS
--dependencies checking for missing non-core sqlmap dependencies
--disable-coloring Disabling console output coloring
--gpage=googlepage using Google dork results from a specific page number
--identify-waf Comprehensive test of waf/ips/ids protection
--mobile emulate smartphones via HTTP user-agent
--offline working in offline mode (using session data only)
--page-rank for Google dork Results Display page rank (PR)
--purge-output Safely remove all content from the output directory
Heuristic detection of--SKIP-WAF skip waf/ips/ids protection
--smart only thorough testing of positive heuristics
--sqlmap-shell get an interactive sqlmap shell
--tmp-dir=tmpdir Local directory for storing temporary files
--wizard Simple Wizard Interface for novice users

Sqlmap Help Information