Sqlmap in Depth Part 1

This article is based upon ethical hacking, we can discuss how to use sqlmap tip in depth. You know that 65% of bug bounty hunters used this tool. It’s an open-source tool & it’s Pre-installed in kali, parrot etc.

Overview

  • –crawl
  • –batch
  • –technique=”BEUSTQ”
  • –threads
  • –risk
  • –level
  • -v
  • –current-user
  • –current-db
  • –hostname
  • –dbs
  • –mobile
  • —tamper
  • –user-agent
  • –proxy

crawl

Crawl the website starting from the target URL

In sqlmap –crawl is used for the crawl parameter. By default 1.

[email protected]$ sqlmap -u ‘http://www.site.com/’ –crawl [default 1-3]

Batch

Never ask for user input, use the default behaviour

–batch used for default answers

[email protected]$ sqlmap -u ‘http://www.site.com/’ –crawl –batch

Technique

SQL injection techniques to use (default “BEUSTQ”)

if want to use a particular technique then you can use –technique=”[specific technique”

List Of Technique

  • B: Boolean-Based Blind
  • E: Error-base
  • U: Union Query-Based
  • S: Stacked Queries
  • T: Time-Based Blind
  • Q: Inline Queries
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –technique=”U”

Threads

Max number of concurrent HTTP(s) requests (default 1

If you work on a big website then you can use –threads [default 1] you can use up to 10. its works too fast…

[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –threads [default 1-10]

Risk

Risk of tests to perform (1-3, default 1)

In sqlmap 3 types of risk factors. some time vulnerability doesn’t found if you can use –risk then sqlmap used different types of payloads. By default value 1 you can be used up to 3.

[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –risk 3

Level

Level of tests to perform (1-5, default 1)

By default, sqlmap will test all GET and POST parameters specified, however in some cases you might want to test additional entry points such as HTTP headers. It is possible to specify it with specific options, but the most straightforward technique is to use the –level option. There are 5 levels available in sqlmap (default being level 1). Level 2 adds HTTP Cookie header testing, level 3 adds HTTP User-Agent/Referer headers. Level 5 of the –level option includes testing Host headers. I know this question is old but I wanted to add that.

[email protected]$ sqlmap -u ‘http://testphp.vulnweb.com/’ –batch –risk 3 –level 3

sqlmap Depth:

Verbosity

Verbosity level: 0-6 (default 1)

If sqli injection perform any website so we can see that’s details using -v

List Of Verbosity

  • 0: Show only python tracebacks , error & critical messages
  • 1: Show also information and & warning messages
  • 2: Show also debug message
  • 3: Show also payloads injected
  • 4: Show also HTTP requests
  • 5: Show also HTTP responses’ headers
  • 6: Show Also HTTP responsses’ page content
[email protected]$ sqlmap -u ‘http://www.site.com/article.php?id=1’ –batch –risk 3 –level 3 -v 5

Thanks for reading! I hope this helps, if you need part 2, comment below I’ll make it ASAP.

If you can read more link

Tags: , , , , , , ,

BOBBYTN

ℂ|𝔼ℍ𝕧𝟙𝟙 | 𝔹𝕦𝕘 𝕙𝕦𝕟𝕥𝕖𝕣 | ℂ𝕪𝕓𝕖𝕣 𝕊𝕖𝕔𝕦𝕣𝕚𝕥𝕪 ℝ𝕖𝕤𝕖𝕒𝕣𝕔𝕙𝕖𝕣 | 𝔼𝕥𝕙𝕚𝕔𝕒𝕝 ℍ𝕒𝕔𝕜𝕖𝕣 | 𝕄𝕒𝕤𝕥𝕖𝕣 𝕚𝕟 𝕊𝕠𝕔𝕚𝕒𝕝 𝔼𝕟𝕘𝕚𝕟𝕖𝕖𝕣𝕚𝕟𝕘...

Leave a Reply