SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Features of SQLMap
- It is highly compatible
- Could bypass WAF(web application firewall) with tamper scripts
- Ease to use, beginner-friendly
- Could test thousands of payloads automatically without user interaction.
Use of SQLMap
- Fire up the terminal and type, sqlmap --help.
- There are many different ways to use it, such as:
- Using the URL of the target website.
- Using the Request (can be captured using BurpSuite) of the website.
SQLMap Help |
Understanding different options
- -v (verbose): gives you the details about the current process which is going on.
- -u (URL): This is the most important option, it is used to specify the target URL on which we want to hunt.
REQUEST
Alternatively, you can paste the entire request in a text file and
could scan that in the SQLMap using the -r flag. It is quite
intelligent to identify the parameters automatically and scan for SQLi.
- --data: It tests the SQL injection on the post parameter.
- --cookie: Let sqlmap use cookies.
- --random-agent: Automatically change the user-agent after a specified period of time to a randomly selected one, thus hiding the real user-agent.
- --proxy: This would let us connect to a proxy and stay anonymous.
INJECTION
- -p: A URL can contain more than 2 to 3 parameters, in that case, we can use this option to target a specific parameter.
- --dbms: If the database is known for the application, you could specify that and sqlmap will use the payloads according to that database.
DETECTION
- --level: level of the tests to perform, ranges from 1-5 (default 1).
- --risk: risks of the test to perform, ranges from 1-3 (default 1). This would give sqlmap permission to use some heavy SQL queries.
GENERAL
- --batch: This would automate the sqlmap and never asks for user input, it uses the default behaviour.
ENUMERATION CHEATSHEET
TAMPER SCRIPTS
Tamper Scripts are used to Bypass WAF
FEW EXAMPLES
- sqlmap -u “https://www.example.com?productId=1” --random-agent --dbs --level=5 --risk=3
- sqlmap -u “https://www.example.com?productId=1” --threads=10
- sqlmap -u “https://www.example.com?productId=1” -v 3
- sqlmap -u “https://www.example.com?productId=1” –batch
- sqlmap -u “https://www.example.com?productId=1” --risk=3 --level=5
- sqlmap -u “https://www.example.com?productId=1” --crawl=5 --crawl-exclude="logout" --forms
You might also be interested in,
- Other OWASP Top 10 Vulnerabilities
- Concept of SQL Injection
- Intercepting Request using BurpSuite to use it in SQLMap
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment