sqlmap

TLDR

Test a URL for SQL injection

$ sqlmap -u "[https://example.com/page?id=1]"

Test with increased detection level

$ sqlmap -u "[url?id=1]" --level [5] --risk [3]

Enumerate databases

$ sqlmap -u "[url?id=1]" --dbs

Dump a specific table

$ sqlmap -u "[url?id=1]" -D [database] -T [table] --dump

Test POST request with data

$ sqlmap -u "[url]" --data="[username=admin&password=test]"

Load request from file (captured from proxy)

$ sqlmap -r [request.txt]

Get an OS shell through SQL injection

$ sqlmap -u "[url?id=1]" --os-shell

Run in batch mode (no prompts)

$ sqlmap -u "[url?id=1]" --batch

SYNOPSIS

sqlmap [options] -u URL
sqlmap [options] -r REQUESTFILE_

sqlmap is an automated SQL injection and database takeover tool. It detects and exploits SQL injection vulnerabilities in web applications, supporting a wide range of database systems including MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and SQLite.
The tool uses various injection techniques: boolean-based blind, error-based, UNION query, stacked queries, time-based blind, and inline queries. It can enumerate databases, tables, columns, and dump data. Advanced features include OS access through database functions.
Detection levels (--level) control test thoroughness—higher levels test more injection points including cookies and headers. Risk levels (--risk) control whether potentially harmful tests (like heavy time delays) are used.

PARAMETERS

-u URL

Target URL with injectable parameter

-r FILE

Load HTTP request from file

--data DATA

POST data string

--cookie COOKIE

HTTP Cookie header value

-p PARAM

Testable parameter(s)

--level LEVEL

Test thoroughness (1-5, default: 1)

--risk RISK

Test risk level (1-3, default: 1)

--technique TECH

Injection techniques (B, E, U, S, T, Q)

--dbms DBMS

Force specific database type

--dbs

Enumerate databases

--tables

Enumerate tables

--columns

Enumerate columns

--dump

Dump table entries

-D DB

Target database

-T TABLE

Target table

-C COLUMNS

Target columns

--os-shell

Get interactive OS shell

--os-cmd CMD

Execute OS command

--batch

Non-interactive mode

--threads NUM

Concurrent requests (default: 1)

-v LEVEL

Verbosity level (0-6)

--wizard

Interactive wizard for beginners

CAVEATS

Only use with explicit authorization—unauthorized testing is illegal. High level/risk settings can cause false positives or server issues. Some injection types may modify database data. Web application firewalls may block or rate-limit requests. Results should be verified manually for accuracy.

HISTORY

sqlmap was created by Daniele Bellucci and Bernardo Damele A. G. with development starting in 2006. It became one of the most widely used penetration testing tools for SQL injection. The project is open-source, written in Python, and continues active development. sqlmap is included by default in Kali Linux and other security-focused distributions.