sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
用法: [操作]
-h, –help 查看帮助
–version 查看版本
-u URL, –url=URL Target URL (e.g. “”) #常用参数表示指定url地址。
-g GOOGLEDORK Process Google dork results as target URLs #接触google搜索引擎来爬取,需要梯子。
These options can be used to specify how to connect to the target URL
–data=DATA Data string to be sent through POST #常用语post注入参数
–cookie=COOKIE HTTP Cookie header value #cookie注入的值
–random-agent Use randomly selected HTTP User-Agent header value #随机浏览器头
–proxy=PROXY Use a proxy to connect to the target URL #代理设置,常用#重点。
–tor Use Tor anonymity network #使用T0R 也就是匿名安全网络,保护自己。
–check-tor Check to see if Tor is used properly
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s)
–dbms=DBMS Force back-end DBMS to this value #强制指定后端数据库类型,这种情况是确保已经知道数据库类型如(oracle/MSYQL/MSMYSQL)
These options can be used to customize the detection phase
–level=LEVEL Level of tests to perform (1-5, default 1) #安全级别
–risk=RISK Risk of tests to perform (1-3, default 1)
These options can be used to tweak testing of specific SQL injection
–technique=TECH SQL injection techniques to use (default “BEUSTQ”)
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables. Moreover you can run your own SQL statements
-a, –all Retrieve everything
-b, –banner Retrieve DBMS banner#寻找数据库系统的头信息
–current-user Retrieve DBMS current user#寻找数据库系统的有效用户
–current-db Retrieve DBMS current database#寻找数据中有效数据库
–passwords Enumerate DBMS users password hashes#枚举数据库中的密码
–tables Enumerate DBMS database tables#枚举数据库中的表
–columns Enumerate DBMS database table columns#枚举数据库的列
–schema Enumerate DBMS schema#枚举数据库中的schema(对象的集合)
–dump Dump DBMS database table entries#转储数据库的信息
–dump-all Dump all DBMS databases tables entries #转储数据库中的所有信息
-D DB DBMS database to enumerate #枚举数据库dbms
-T TBL DBMS database table(s) to enumerate#枚举数据库dbms的表
-C COL DBMS database table column(s) to enumerate#枚举数据库dbms表中的列
–is-dba            当前用户权限
  –dbs            所有数据库
Operating system access: [操作系统访问]
These options can be used to access the back-end database management
system underlying operating system
–os-shell Prompt for an interactive operating system shell #反弹shell,需要对应权限方可。
–os-pwn Prompt for an OOB shell, Meterpreter or VNC #连接shell并用VNC模式
These options can be used to set some general working parameters
–batch Never ask for user input, use the default behaviour #不用输入,使用默认行为(一般用于自动化扫描大量注入点)
–flush-session Flush session files for current target #清除所有session
–sqlmap-shell Prompt for an interactive sqlmap shell#启用一个交互式的shell
–wizard Simple wizard interface for beginner users #新手向导模式
D:\sqlmap>c:\Python27\python.exe -u –is-dba