This article is based upon ethical hacking, we can discuss how to use sqlmap tip in depth. You know that 65% of bug bounty hunters used this tool. It’s an open-source tool & it’s Pre-installed in kali, parrot etc.
Crawl the website starting from the target URL
In sqlmap –crawl is used for the crawl parameter. By default 1.
[email protected]$ sqlmap -u ‘http://www.site.com/’ –crawl [default 1-3]
Never ask for user input, use the default behaviour
–batch used for default answers
[email protected]$ sqlmap -u ‘http://www.site.com/’ –crawl –batch
SQL injection techniques to use (default “BEUSTQ”)
if want to use a particular technique then you can use –technique=”[specific technique”
List Of Technique
- B: Boolean-Based Blind
- E: Error-base
- U: Union Query-Based
- S: Stacked Queries
- T: Time-Based Blind
- Q: Inline Queries
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –technique=”U”
Max number of concurrent HTTP(s) requests (default 1
If you work on a big website then you can use –threads [default 1] you can use up to 10. its works too fast…
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –threads [default 1-10]
Risk of tests to perform (1-3, default 1)
In sqlmap 3 types of risk factors. some time vulnerability doesn’t found if you can use –risk then sqlmap used different types of payloads. By default value 1 you can be used up to 3.
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –risk 3
Level of tests to perform (1-5, default 1)
By default, sqlmap will test all GET and POST parameters specified, however in some cases you might want to test additional entry points such as HTTP headers. It is possible to specify it with specific options, but the most straightforward technique is to use the –level option. There are 5 levels available in sqlmap (default being level 1). Level 2 adds HTTP Cookie header testing, level 3 adds HTTP User-Agent/Referer headers. Level 5 of the –level option includes testing Host headers. I know this question is old but I wanted to add that.
[email protected]$ sqlmap -u ‘http://testphp.vulnweb.com/’ –batch –risk 3 –level 3
Verbosity level: 0-6 (default 1)
If sqli injection perform any website so we can see that’s details using -v
List Of Verbosity
- 0: Show only python tracebacks , error & critical messages
- 1: Show also information and & warning messages
- 2: Show also debug message
- 3: Show also payloads injected
- 4: Show also HTTP requests
- 5: Show also HTTP responses’ headers
- 6: Show Also HTTP responsses’ page content
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –risk 3 –level 3 -v 5
Thanks for reading! I hope this helps, if you need part 2, comment below I’ll make it ASAP.
If you can read more link