Sqlmap Cheatsheet 1.0 Page 2

ADVERTISEMENT

Enumeration
: (enumerate the back-end database, structure and data contained)
Fingerprint
:
-f, --fingerprint
perform an extensive DBMS version fingerprint
-a, --all
retrieve everything
-b
retrieve banner
Brute Force
: --common-tables/--common-columns check common tables/columns
--is-dba
check if user is DBA
User-defined function injection
:
--current-user/--current-db/--hostname
retrieve DBMS current user/database/hostname
--udf-inject inject custom functions --shared-lib=SHLIB local path of the shared lib
--users/--passwords
enumerate DBMS users / users password hashes
File system access
:
--privileges/--roles
enumerate DBMS users privileges/roles
--file-read=RFILE/--file-write=WFILE read/write local file on the DBMS file system
--dbs/--tables/--columns/--schema
enumerate DBMS dbs/tables/columns/schema
--file-dest=DFILE
back-end DBMS absolute filepath to write to
--count
retrieve num of entries for table(s)
--search search column(s), table/db name
Operating system access
:
--dump-all
dump all DBMS dbs tables entries
--dump
dump DBMS db table entries
--os-cmd=OSCMD
execute an operating system command
-U USER
DBMS user to enumerate
--exclude-sysdbs exclude system dbs
prompt for an interactive operating system shell
--comments
retrieve DBMS comments
-X EXCLUDECOL table column(s) to not enum
--os-shell
prompt for an OOB shell, meterpreter or VNC
-D DB
/
-T TBL
/
-C COL
DBMS database to enumerate / tables / columns
--os-pwn
--os-smbrelay
one click prompt for an OOB shell, meterpreter or VNC
--where=DUMPWHERE
use WHERE condition while table dumping
--os-bof
stored procedure buffer overflow exploitation
--start=LIMITSTART/--stop=LIMITSTOP
first/last query output entry to retrieve
--priv-esc
database process user privilege escalation
--first=FIRSTCHAR/--last=LASTCHAR
first/last query output word character to retrieve
--msf-path=MSFPATH/--tmp-path=TMPPATH local Metasploit/Remote tmp path
--sql-file=SQLFILE
execute SQL statements from given file(s)
--sql-shell
prompt for an interactive SQL shell
Windows registry access
:
--sql-file=FILE
execute SQL statements from given file(s)
--reg-read/--reg-add/--reg-del
read/write/delete a win registry key value
General
:
--reg-key=REGKEY
win registry key
--reg-value=REGVAL win reg key value
-s SESSIONFILE load session from .sqlite file
-t TRAFFICFILE
log all HTTP traffic
--reg-data=REGDATA win reg key data
--reg-type=REGTYPE win reg key value type
--batch
never ask for input
--eta
display for each eta
Miscellaneous
:
--save
save options to a configuration INI file
--update
update sqlmap
-z MNEMONICS
use short mnemonics (e.g. "flu,bat,ban,tec=EU")
--charset=CHARSET
force character encoding used for data retrieval
--alert=ALERT
run host OS command(s) when SQL injection is found
--crawl=CRAWLDEPTH
crawl the website starting from the target URL
--answers=ANSWERS
set question answers (e.g. "quit=N,follow=N")
--csv-del=CSVDEL
delimiting character used in CSV output (default ",")
--check-waf/--identify-waf
WAF/IPS/IDS protection
--dump-format=DU..
format of dumped data (CSV (default), HTML or SQLITE)
--cleanup
clean up the DBMS from sqlmap specific UDF and tables
--flush-session
flush session files for current target
SQLMap v1.0
--dependencies
check for missing (non-core) sqlmap dependencies
--forms
parse and test forms on target URL
--gpage=GOOGLEPAGE
Use Google dork results from specified page number
--fresh-queries
ignore query results stored in session file
--mobile
imitate smartphone through HTTP User-Agent header
--hex
use DBMS hex function(s) for data retrieval
--page-rank
display page rank (PR) for Google dork results
--output-dir=ODIR
custom output directory path
--purge-output
safely remove all content from output directory
--parse-errors
parse and display DBMS error messages from responses
--smart
conduct through tests only if positive heuristic(s)
--pivot-column=P..
pivot column name
--disable-coloring
--beep
if sql injection is found.
--scope=SCOPE
regexp to filter targets from provided proxy log
wizard interface for beginner users
--wizard
--test-filter=TE..
select tests by payloads and/or titles (e.g. ROW)
2/2

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Form Uo-1-1.0 - Ucc-1 Financing Statement - Connecticut Secretary Of State - 2010 Form Uo-1-1.0 - Ucc-1 Financing Statement - Connecticut Secretary Of State - 2010 Legal
Form Lcf 1-1.0 - Application For Registration Llc Form Lcf 1-1.0 - Application For Registration Llc Life
Form Cis-1-1.0 - Form For A Certificate Of Incorporation Form Cis-1-1.0 - Form For A Certificate Of Incorporation Legal
Form Cfas-1-1.0 - Application For Certificate Of Authority - Foreign Corporation Form Cfas-1-1.0 - Application For Certificate Of Authority - Foreign Corporation Legal
Form Cfas-1-1.0 - Application For Certificate Of Authority Foreign Corporation Form Cfas-1-1.0 - Application For Certificate Of Authority Foreign Corporation Legal
Form Cis-1-1.0 - Instructions For Completion Of The Certificate Form Cis-1-1.0 - Instructions For Completion Of The Certificate Legal
Form Cxm-1-1.0 - Appointment Of Attorney For Service Of Process Amusements/circuses, Fireworks And Vendors (cigarettes) Form Cxm-1-1.0 - Appointment Of Attorney For Service Of Process Amusements/circuses, Fireworks And Vendors (cigarettes) Legal
Form Cxm-1-1.0 - Appointment Of Statutory Agent For Service Form - 2011 Form Cxm-1-1.0 - Appointment Of Statutory Agent For Service Form - 2011 Legal
Form Acm-1-1.0 - Appointment Of Attorney For Service Of Process Real Estate - 2010 Form Acm-1-1.0 - Appointment Of Attorney For Service Of Process Real Estate - 2010 Legal
Form Cos-1-1.0 - Organization And First Report Stock Or Non-stock Corporations Form Cos-1-1.0 - Organization And First Report Stock Or Non-stock Corporations Legal

Related Categories

Parent category: Education
Download
Go
Page of 2