必记
- -u URL, –url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1“)
- -r REQUESTFILE Load HTTP request from a file
- -m BULKFILE Scan multiple targets given in a textual file
- –cookie=COOKIE HTTP Cookie header value (e.g. “PHPSESSID=a8d127e..”)
- –mobile Imitate smartphone through HTTP User-Agent header
- –random-agent Use randomly selected HTTP User-Agent header value
- –proxy=PROXY Use a proxy to connect to the target URL
`的使用
–dbms=DBMS Force back-end DBMS to provided value
–prefix=PREFIX Injection payload prefix string
–suffix=SUFFIX Injection payload suffix string
–technique=TECH.. SQL injection techniques to use (default “BEUSTQ”)
–batch Never ask for user input, use the default behavior
意外情况
–level=LEVEL Level of tests to perform (1-5, default 1)
–risk=RISK Risk of tests to perform (1-3, default 1)
–second-url=SEC.. Resulting page URL searched for second-order response
–chunked Use HTTP chunked transfer encoded (POST) requests
–hpp Use HTTP parameter pollution method
–tamper=TAMPER Use given script(s) for tampering injection data
结尾
–is-dba Detect if the DBMS current user is DBA
–dbs Enumerate DBMS databases
–current-user Retrieve DBMS current user
–current-db Retrieve DBMS current database
-D -T -C –dump
–os-shell Prompt for an interactive operating system shell
网站time
–delay=DELAY Delay in seconds between each HTTP request
–timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
–time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
sqlmap 参数分类
能够发包 –> 构造http请求
- -u
- -r
- –data
- -m
- –cookie
-u “url” –cookie
-r cookie
-u –cookie=” “ –data=” “
提高测试效率
-p
--dbms
应对特殊参数情况
time tamper
数据解决
–dbs
1 | -D xxx --tables |
–is-dba –currxxxx-user