Here's a cheat sheet for using SQLmap in Kali Linux:
Basic Usage:
sqlmap -u <url>Check for SQL Injection:
sqlmap -u <url> --dbsList All Databases:
sqlmap -u <url> --dbs-
List Tables of a Database:
sqlmap -u <url> -D <database name> --tables -
Dump Data of a Table:
sqlmap -u <url> -D <database name> -T <table name> --dump -
Check the Level of Injection:
sqlmap -u <url> --level=3 -
Use a Proxy:
sqlmap -u <url> --proxy=<proxy address> -
Provide Login Credentials:
sqlmap -u <url> --auth-type=<type> --auth-cred=<credentials> -
Tamper with Injection Point:
sqlmap -u <url> --tamper=<tamper script> Use a Config File:
sqlmap -c <config file>-
Brute Force an Authentication:
sqlmap -u <url> --auth-type=<type> --user=<user list> --password=<password list> -
Ignore Certificates:
sqlmap -u <url> --ignore-ssl-errors -
Use a Delay:
sqlmap -u <url> --delay=<delay time> -
Skip Crawling and Fingerprinting:
sqlmap -u <url> --skip-waf --crawl=0 --level=5 -
Use Multiple Threads:
sqlmap -u <url> --threads=<number of threads>
Please note that SQLmap should only be used for ethical and legal purposes, and with the permission of the target website's owner. Also, some of the options listed above may not be applicable or recommended in all situations.
