OFFSITE.DARK
← Tools
  • web
  • injection

Market

SQLMap

Overview

sqlmap automates detection and exploitation of SQL injection. It supports boolean, error, union, stacked, and time-based blind techniques across MySQL, PostgreSQL, Oracle, MSSQL, SQLite, and others.

Detection pipeline: parameter fuzzing → DBMS fingerprint → enumeration (databases, tables, columns) → data dump → file read/write → OS shell via UDF/xp_cmdshell when privileges allow.

Tamper scripts mutate payloads to evade WAFs (space2comment, between, randomcase). `--level` and `--risk` control test depth and dangerous payloads. Session pickle files resume long runs.

Always obtain authorization; `--os-shell` and `--file-write` are destructive. Use `--batch` for non-interactive CI with predefined answers.

Primary use cases

  • Confirming and exploiting SQLi found during manual web testing
  • Dumping credential tables for password analysis
  • Reading config files via LOAD_FILE or stacked queries
  • Second-order injection testing with `-p` and `--second-url`
  • WAF bypass tuning with tamper script chains

Key commands

Basic GET parameter test

sqlmap -u 'https://target/item?id=1' --batch --dbs

POST request from Burp save file

sqlmap -r request.txt -p username --level 3 --risk 2

Dump specific table

sqlmap -u 'https://target/item?id=1' -D appdb -T users --dump

Tamper for WAF evasion

sqlmap -u 'https://target/item?id=1' --tamper=space2comment,between --random-agent

Notable modules / features

  • Direct connection (-d) for DB creds without HTTP
  • SQL shell, OS shell, Metasploit integration (--os-pwn)
  • Automatic Tor/proxy rotation (--tor)
  • Enumeration: users, passwords, roles, UDF injection

Detection / defense notes

  • Parameterized queries / ORM; never concatenate user input
  • Least-privilege DB accounts; disable xp_cmdshell and file privileges
  • WAF + query allowlists; log SQL errors server-side only
  • Detect sqlmap User-Agent and timing-based scan patterns

Related tools

  • Burp SuiteHTTP/S intercepting proxy. Repeater, Intruder, scanner, and extension API for web app testing.
  • niktoWeb server scanner. Tests for outdated software, dangerous files, and misconfigs.
  • NucleiTemplate scanner. YAML checks for CVEs, misconfigs, and exposed services at scale.
→ official site