SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features of SQLMap

  • It is highly compatible 
  • Could bypass WAF(web application firewall) with tamper scripts
  • Ease to use, beginner-friendly
  • Could test thousands of payloads automatically without user interaction.

Use of SQLMap

  • Fire up the terminal and type, sqlmap --help.
  • There are many different ways to use it, such as:
    • Using the URL of the target website.
    • Using the Request (can be captured using BurpSuite) of the website.
SQLMap Help

Understanding different options

  • -v (verbose): gives you the details about the current process which is going on.
  • -u (URL): This is the most important option, it is used to specify the target URL on which we want to hunt.


Alternatively, you can paste the entire request in a text file and could scan that in the SQLMap using the -r flag. It is quite intelligent to identify the parameters automatically and scan for SQLi.
  • --data: It tests the SQL injection on the post parameter.
  • --cookie: Let sqlmap use cookies.
  • --random-agent: Automatically change the user-agent after a specified period of time to a randomly selected one, thus hiding the real user-agent.
  • --proxy: This would let us connect to a proxy and stay anonymous.


  • -p: A URL can contain more than 2 to 3 parameters, in that case, we can use this option to target a specific parameter.
  • --dbms: If the database is known for the application, you could specify that and sqlmap will use the payloads according to that database.


  • --level: level of the tests to perform, ranges from 1-5 (default 1).
  • --risk: risks of the test to perform, ranges from 1-3 (default 1). This would give sqlmap permission to use some heavy SQL queries.


  • --batch: This would automate the sqlmap and never asks for user input, it uses the default behaviour. 



Tamper Scripts are used to Bypass WAF


  • sqlmap -u “https://www.example.com?productId=1” --random-agent --dbs --level=5 --risk=3
  • sqlmap -u “https://www.example.com?productId=1” --threads=10
  • sqlmap -u “https://www.example.com?productId=1” -v 3
  • sqlmap -u “https://www.example.com?productId=1” –batch
  • sqlmap -u “https://www.example.com?productId=1” --risk=3 --level=5
  • sqlmap -u “https://www.example.com?productId=1” --crawl=5 --crawl-exclude="logout" --forms

You might also be interested in, 
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment