sqlmap 命令

必记

• -u URL, —url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1“)
• -r REQUESTFILE Load HTTP request from a file
• -m BULKFILE Scan multiple targets given in a textual file
• —cookie=COOKIE HTTP Cookie header value (e.g. “PHPSESSID=a8d127e..”)
• —mobile Imitate smartphone through HTTP User-Agent header
• —random-agent Use randomly selected HTTP User-Agent header value
• —proxy=PROXY Use a proxy to connect to the target URL

`的使用

• —dbms=DBMS Force back-end DBMS to provided value

• —prefix=PREFIX Injection payload prefix string

• —suffix=SUFFIX Injection payload suffix string

• —technique=TECH.. SQL injection techniques to use (default “BEUSTQ”)

• —batch Never ask for user input, use the default behavior

意外情况

• —level=LEVEL Level of tests to perform (1-5, default 1)

• —risk=RISK Risk of tests to perform (1-3, default 1)

• —second-url=SEC.. Resulting page URL searched for second-order response

• —chunked Use HTTP chunked transfer encoded (POST) requests

• —hpp Use HTTP parameter pollution method

• —tamper=TAMPER Use given script(s) for tampering injection data

结尾

• —is-dba Detect if the DBMS current user is DBA

• —dbs Enumerate DBMS databases

• —current-user Retrieve DBMS current user

• —current-db Retrieve DBMS current database

• -D -T -C —dump

• —os-shell Prompt for an interactive operating system shell

网站time

• —delay=DELAY Delay in seconds between each HTTP request

• —timeout=TIMEOUT Seconds to wait before timeout connection (default 30)

• —time-sec=TIMESEC Seconds to delay the DBMS response (default 5)

---

sqlmap 参数分类

能够发包 —> 构造http请求

• -u
• -r
• —data
• -m
• —cookie

-u “url” —cookie
-r cookie
-u —cookie=” “ —data=” “

提高测试效率

-p --dbms

应对特殊参数情况

time tamper

数据解决

—dbs

-D xxx --tables
-D xxx -T xxx --columns
-D xxx -T xxx -C xxx,xxx --dump 

—is-dba —currxxxx-user