Introduction:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
目前版本:{1.1.8.6#dev}
用法: sqlmap.py [操作]
Options:
-h, –help 查看帮助
–version 查看版本
-u URL, –url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”) #常用参数表示指定url地址。
-g GOOGLEDORK Process Google dork results as target URLs #接触google搜索引擎来爬取,需要梯子。
Request:[请求]
These options can be used to specify how to connect to the target URL
–data=DATA Data string to be sent through POST #常用语post注入参数
–cookie=COOKIE HTTP Cookie header value #cookie注入的值
–random-agent Use randomly selected HTTP User-Agent header value #随机浏览器头
–proxy=PROXY Use a proxy to connect to the target URL #代理设置,常用#重点。
–tor Use Tor anonymity network #使用T0R 也就是匿名安全网络,保护自己。
–check-tor Check to see if Tor is used properly
Injection:[注入]
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s)
–dbms=DBMS Force back-end DBMS to this value #强制指定后端数据库类型,这种情况是确保已经知道数据库类型如(oracle/MSYQL/MSMYSQL)
Detection:[检测]
These options can be used to customize the detection phase
–level=LEVEL Level of tests to perform (1-5, default 1) #安全级别
–risk=RISK Risk of tests to perform (1-3, default 1)
Techniques:[技巧]
These options can be used to tweak testing of specific SQL injection
techniques
–technique=TECH SQL injection techniques to use (default “BEUSTQ”)
Enumeration:[枚举]
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables. Moreover you can run your own SQL statements
顺序:数据库-表-列-字段
-a, –all Retrieve everything
-b, –banner Retrieve DBMS banner#寻找数据库系统的头信息
–current-user Retrieve DBMS current user#寻找数据库系统的有效用户
–current-db Retrieve DBMS current database#寻找数据中有效数据库
–passwords Enumerate DBMS users password hashes#枚举数据库中的密码
–tables Enumerate DBMS database tables#枚举数据库中的表
–columns Enumerate DBMS database table columns#枚举数据库的列
–schema Enumerate DBMS schema#枚举数据库中的schema(对象的集合)
–dump Dump DBMS database table entries#转储数据库的信息
–dump-all Dump all DBMS databases tables entries #转储数据库中的所有信息
-D DB DBMS database to enumerate #枚举数据库dbms
-T TBL DBMS database table(s) to enumerate#枚举数据库dbms的表
-C COL DBMS database table column(s) to enumerate#枚举数据库dbms表中的列
–is-dba 当前用户权限
–dbs 所有数据库
Operating system access: [操作系统访问]
These options can be used to access the back-end database management
system underlying operating system
–os-shell Prompt for an interactive operating system shell #反弹shell,需要对应权限方可。
–os-pwn Prompt for an OOB shell, Meterpreter or VNC #连接shell并用VNC模式
General:[通用]
These options can be used to set some general working parameters
–batch Never ask for user input, use the default behaviour #不用输入,使用默认行为(一般用于自动化扫描大量注入点)
–flush-session Flush session files for current target #清除所有session
Miscellaneous:[其他]
–sqlmap-shell Prompt for an interactive sqlmap shell#启用一个交互式的shell
–wizard Simple wizard interface for beginner users #新手向导模式
案例演示:(改演示站点目前已经失效~)
D:\sqlmap>c:\Python27\python.exe sqlmap.py -u http://www.kanghu1.net/Feedback_new.asp?ArticleID=1892 –is-dba
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
