Cheatography
https://cheatography.com
A cheat sheet of the commands used to operate SQLmap
This is a draft cheat sheet. It is a work in progress and is not finished yet.
Basic Commands
-u URL, --url=URL |
Target URL (e.g. "http://www.site.com/vuln.php?id=1") |
--data=DATA |
Data string to be sent through POST (e.g. "id=1") |
--random-agent |
Use randomly selected HTTP User-Agent header value |
-p TESTPARAMETER |
Testable parameter(s) |
--level=LEVEL |
Level of tests to perform (1-5, default 1) |
--risk=RISK |
Risk of tests to perform (1-3, default 1) |
|
|
Enumeration Commands
-a, --all |
Retrieve everything |
-b, --banner |
Retrieve DBMS banner |
--current-user |
Retrieve DBMS current user |
--current-db |
Retrieve DBMS current database |
--passwords |
Enumerate DBMS users password hashes |
--dbs |
Enumerate DBMS databases |
--tables |
Enumerate DBMS database tables |
--columns |
Enumerate DBMS database table columns |
--schema |
Enumerate DBMS schema |
--dump |
Dump DBMS database table entries |
--dump-all |
Dump all DBMS databases tables entries |
--is-dba |
Detect if the DBMS current user is DBA |
-D <DB NAME> |
DBMS database to enumerate |
-T <TABLE NAME> |
DBMS database table(s) to enumerate |
-C COL |
DBMS database table column(s) to enumerate |
|
|
Operating System Commands
--os-shell |
Prompt for an interactive operating system shell |
--os-pwn |
Prompt for an OOB shell, Meterpreter or VNC |
--os-cmd=OSCMD |
Execute an operating system command |
--priv-esc |
Database process user privilege escalation |
--os-smbrelay |
One-click prompt for an OOB shell, Meterpreter or VNC |
|
