DOKK / manpages / debian 12 / sqlmap / sqlmap.1.en

User Commands

NAME

sqlmap - automatic SQL injection tool

SYNOPSIS

python3 sqlmap [options]

DESCRIPTION

: ___
: __H__

___ ___[)]_____ ___ ___: {1.4.8#stable}

|_ -| . ["] | .'| . | |___|_ [(]_|_|_|__,| _|

|_|V...: |_| http://sqlmap.org

OPTIONS

-h, --help: Show basic help message and exit
-hh: Show advanced help message and exit
--version: Show program's version number and exit
-v VERBOSE: Verbosity level: 0-6 (default 1)

: Target:
: At least one of these options has to be provided to define the target(s)

-u URL, --url=URL: Target URL (e.g. "http://www.site.com/vuln.php?id=1")
-g GOOGLEDORK: Process Google dork results as target URLs

: Request:
: These options can be used to specify how to connect to the target URL

--data=DATA: Data string to be sent through POST (e.g. "id=1")
--cookie=COOKIE: HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--random-agent: Use randomly selected HTTP User-Agent header value
--proxy=PROXY: Use a proxy to connect to the target URL
--tor: Use Tor anonymity network
--check-tor: Check to see if Tor is used properly

: Injection:
: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts

-p TESTPARAMETER: Testable parameter(s)
--dbms=DBMS: Force back-end DBMS to provided value

: Detection:
: These options can be used to customize the detection phase

--level=LEVEL: Level of tests to perform (1-5, default 1)
--risk=RISK: Risk of tests to perform (1-3, default 1)

: Techniques:
: These options can be used to tweak testing of specific SQL injection techniques

--technique=TECH..: SQL injection techniques to use (default "BEUSTQ")

: Enumeration:
: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables

-a, --all: Retrieve everything
-b, --banner: Retrieve DBMS banner
--current-user: Retrieve DBMS current user
--current-db: Retrieve DBMS current database
--passwords: Enumerate DBMS users password hashes
--tables: Enumerate DBMS database tables
--columns: Enumerate DBMS database table columns
--schema: Enumerate DBMS schema
--dump: Dump DBMS database table entries
--dump-all: Dump all DBMS databases tables entries
-D DB: DBMS database to enumerate
-T TBL: DBMS database table(s) to enumerate
-C COL: DBMS database table column(s) to enumerate

: Operating system access:
: These options can be used to access the back-end database management system underlying operating system

--os-shell: Prompt for an interactive operating system shell
--os-pwn: Prompt for an OOB shell, Meterpreter or VNC

: General:
: These options can be used to set some general working parameters

--batch: Never ask for user input, use the default behavior
--flush-session: Flush session files for current target

: Miscellaneous:
: These options do not fit into any other category

--sqlmap-shell: Prompt for an interactive sqlmap shell
--wizard: Simple wizard interface for beginner users

August 2020

sqlmap v1.4.8