Top Commands
SQLmap (URL)
sqlmap --url http://tbfc.net/login.php --tables --columns-
--tables ---> Check tables
-
--columns ---> Check columns
-
--url = Provide URL for the attack
-
--dbms = Tell SQLMap the type of database that is running
-
--dump = Dump the data within the database that the application uses
-
--dump-all = Dump the ENTIRE database
-
--batch = SQLMap will run automatically and won't ask for user input
SQLmap(BurpSuite ---> Very Good)
sqlmap -r filename-
Use Burpsuite to intercept a request (ex: https://website.com/inurl?id=ELEMENT (opens in a new tab))
-
Save the item
-
Use the comment to launch SQLmap
-
Screenshot
All Information ---> https://github.com/sqlmapproject/sqlmap (opens in a new tab)