Usage:
Syntax: python sqlmap.py [options]
Options:
-h, --help Displays brief help for the program
-hh Displays full help for the program
--version Displays the version of the program
-v VERBOSE Verbosity level: 0-6 (default 1)
Goals:
-d DIRECT Connect directly to the database
-u URL, --url=URL Target URL (e.g. " ")
-l LOGFILE Log from Burp or WebScarb proxy to a file
-m BULKFILE Scan against the list of targets specified in the passed file
-r REQUESTFILE Load HTTP request from file
-g GOOGLEDORK Use Google dork output as target urls (site:, inurl:, intext
-c CONFIGFILE Load settings from INI configuration file.
Requests:
--data=DATA Data string to be sent by POST request
--param-del=PDEL Notation used to separate parameter values
--cookie=COOKIE http cookie header
--cookie-del=CDEL Notation used to separate cookie values
--load-cookies=A.. File containing cookies in Netscape/wget format
--drop-set-cookie Ignore the Set-Cookie header in the response
--user-agent=AGENT User-Agent HTTP header
--random-agent Use random HTTP User-Agent header
--host=HOST HTTP Host header
--referer=REFERER HTTP Referer header
--headers=HEADERS Extra headers (i.e. "Accept-Language: fr\nETag: 123")
--auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM)
--auth-cred=ACRED HTTP authentication data (nameassword)
--auth-private=A.. Private PEM key file for HTTP authentication
--proxy=PROXY HTTP proxy to connect to target URL
--proxy-cred=PCRED HTTP proxy authentication data (nameassword)
--ignore-proxy Ignore system proxy settings
--tor Use TOR to connect
--tor-port=TORPORT Specify a TOR proxy port other than the default
--tor-type=TORTYPE Specify TOR proxy type (HTTP (default), SOCKS4 or SOCKS5)
--check-tor Check if TOR is being used properly
--delay=DELAY Delay in seconds between each HTTP request
--timeout=TIMEOUT Time to wait in seconds before resetting the connection (30 by default)
--retries=RETRIES Number of retries on timeout (3 by default)
--randomize=RPARAM Random value for given parameters
--safe-url=SAFURL URL frequently visited during testing
--safe-freq=SAFREQ Test requests between two accesses to the given safe URL
--skip-urlencode Skip payload data encoding
--force-ssl Force SSL/https
--hpp Use HPP query parameter pollution
--eval=EVALCODE Execute Python code before request (i.e. "import hashlib;id2=hashlib.md5(id).hexdigest()")
Optimization:
The following options can be used to improve the performance of sqlmap
-o Enable all optimizations
--predict-output Predict common outgoing headers
--keep-alive Use a persistent HTTP(S) connection
--null-connection Get page size without http response body
--threads=THREADS Maximum number of simultaneous http(s) requests (default - 1)
Injections:
These options can be used to specify which options to use for payload checking, injections, and untrusted scripts
-p TESTPARAMETER Test parameters
--skip=SKIP Skip test for given parameters
--dbms=DBMS Force(?) background DBMS to be used
--dbms-cred=DBMS.. DBMS authentication data (userassword)
--os=OS Use server DBMS OS for given values
--invalid-bignum Use large numbers to detect invalid values
--invalid-logical Use logical operations to determine invalid values
--invalid-string Use random strings to detect invalid values
--no-cast Disable payload
--no-escape Disable line escaping
--prefix=PREFIX Payload in prefix string
--suffix=SUFFIX Payload in suffix string
--tamper=TAMPER Use script to fake injection data
Detection:
These options can be used to customize detection levels
--level=LEVEL Test level (1-5, default 1)
--risk=RISK Risk of testing (0-3, default 1)
--string=STRING String to match if query returns TRUE
--not-string=NOT.. String to match if query returns FALSE
--regexp=REGEXP Regexp to match when query is TRUE
--code=CODE HTTP code when request is TRUE
--text-only Compare pages based on text content
--titles Compare pages based on their titles
Methods:
These options can be used to customize the test methods for a particular SQL injection
--technique=TECH SQL injection method to use (default "BEUSTQ")
--time-sec=TIMESEC DB response delay in seconds (default 5)
--union-cols=UCOLS Column range to test with UNION query SQL injection
--union-char=UCHAR Designation for using brute force the number of columns
--union-from=UFROM Table to use in the FROM part of a UNION query
--dns-domain=DNS.. Domain name used for DNS exfiltration attack
--second-order=S.. URL of the final page found for the second-order request
Prints:
-f, --fingerprint Obtain extended data about the DBMS version by fingerprint
Enumeration:
These options can be used to enumerate server database management systems for information, structures and data contained in tables. Moreover, you can run your own SQL queries
-a, --all Get all
-b, --banner Get DBMS text banner (official name, version number)
--current-user Get current DBMS user
--current-db Get the database in use
--hostname Get the hostname of the DBMS server
--is-dba Determine if we are Admin or not
--users List DBMS users
--passwords List password hashes of DBMS users
--privileges List privileges
--roles List user roles
--dbs List databases in DBMS
--tables List current database tables
--columns List the columns of the current database
--schema List DBMS schemas
--count Get number of records in tables
--dump Dump the records of the current database table
--dump-all Dump all tables from databases to DBMS
--search Search columns, tables and/or database names
--comments Get DBMS comments
-D DB Database in DBMS to enumerate
-T TBL DBMS table to enumerate
-C COL DBMS table column to enumerate
-X EXCLUDECOL Don't list subsequent columns
-U USER DBMS user to enumerate
--exclude-sysdbs Exclude DBMS system databases when listing tables
--where=DUMPWHERE Use WHERE if table is hidden
--start=LIMITSTART Retrieve the first record of the query result
--stop=LIMITSTOP Retrieve the last record of the query result
--first=FIRSTCHAR Extract the first character of a word in the query result
--last=LASTCHAR Extract the last character of a word in the query result
--sql-query=QUERY SQL queries to be executed
--sql-shell Call interactive SQL shell
--sql-file=SQLFILE Execute SQL queries from file(s)
Brute force:
Options to run Brute Force
--common-tables Check for common tables
--common-columns Check for common columns
User Defined Functions:
These options can be used to create custom functions
--udf-inject Inject user defined SQL
--shared-lib=SHLIB Local shared library path
File system access:
These parameters can be used to access the server database management when accessing the FS
--file-read=RFILE Read file from server DBMS FS
--file-write=WFILE Write file to FS
--file-dest=DFILE Absolute path to write the file to the server DBMS
Operating system access:
These options can be used to access server database management when accessing the server OS
--os-cmd=OSCMD Execute command in OS command shell
--os-shell Call an interactive OS shell
--os-pwn Call your own out-of-band shell, meterpeter or VNC
--os-smbrelay Quick call to OBB, meterpeter or VNC
--os-bof Exploit buffer overflow
--priv-esc Elevate the privileges of user processes working with the database
--msf-path=MSFPATH Local path, Metasploit Framework installations
--tmp-path=TMPPATH Absolute path to temporary directory
Windows registry access:
These options can be used to access the Windows registry of the server OS
--reg-read Read the value of a registry key
--reg-add Write registry key value
--reg-del Delete registry key value
--reg-key=REGKEY Registry key
--reg-value=REGVAL Registry key value
--reg-data=REGDATA Registry key value data
--reg-type=REGTYPE Registry key value type
General:
These options can be used to set some general options
-s SESSIONFILE Load saved session from file (.sqlite)
-t TRAFFICFILE Write all HTTP traffic to a file
--batch Do not prompt for user input, default behavior
--charset=CHARSET Set charset for retrieved data
--crawl=CRAWLDEPTH Crawl a website starting from the given URL
--csv-del=CSVDEL Separate characters in CSV output (default is ",")
--dump-format=DU.. Data dump format (CSV (default), HTML or SQLITE)
--eta Show estimated time for each output
--flush-session Ignore current target's session files
--forms Parse and test forms on the given URL
--fresh-queries Ignore the results of queries stored in the session file
--hex Use DBMS hash functions for fetched data
--output-dir=ODIR Custom path for outgoing data
--parse-errors Parse and print errors
--pivot-column=P.. Primary (key) column name
--save Save settings to INI configuration file
--scope=SCOPE Regular for filtering targets from the provided proxies in the file
--test-filter=TE.. Select tests based on payload or headers (e.g. ROW)
--update Update SQLmap
Syntax: python sqlmap.py [options]
Options:
-h, --help Displays brief help for the program
-hh Displays full help for the program
--version Displays the version of the program
-v VERBOSE Verbosity level: 0-6 (default 1)
Goals:
-d DIRECT Connect directly to the database
-u URL, --url=URL Target URL (e.g. " ")
-l LOGFILE Log from Burp or WebScarb proxy to a file
-m BULKFILE Scan against the list of targets specified in the passed file
-r REQUESTFILE Load HTTP request from file
-g GOOGLEDORK Use Google dork output as target urls (site:, inurl:, intext
-c CONFIGFILE Load settings from INI configuration file.
Requests:
--data=DATA Data string to be sent by POST request
--param-del=PDEL Notation used to separate parameter values
--cookie=COOKIE http cookie header
--cookie-del=CDEL Notation used to separate cookie values
--load-cookies=A.. File containing cookies in Netscape/wget format
--drop-set-cookie Ignore the Set-Cookie header in the response
--user-agent=AGENT User-Agent HTTP header
--random-agent Use random HTTP User-Agent header
--host=HOST HTTP Host header
--referer=REFERER HTTP Referer header
--headers=HEADERS Extra headers (i.e. "Accept-Language: fr\nETag: 123")
--auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM)
--auth-cred=ACRED HTTP authentication data (name
assword)--auth-private=A.. Private PEM key file for HTTP authentication
--proxy=PROXY HTTP proxy to connect to target URL
--proxy-cred=PCRED HTTP proxy authentication data (name
assword)--ignore-proxy Ignore system proxy settings
--tor Use TOR to connect
--tor-port=TORPORT Specify a TOR proxy port other than the default
--tor-type=TORTYPE Specify TOR proxy type (HTTP (default), SOCKS4 or SOCKS5)
--check-tor Check if TOR is being used properly
--delay=DELAY Delay in seconds between each HTTP request
--timeout=TIMEOUT Time to wait in seconds before resetting the connection (30 by default)
--retries=RETRIES Number of retries on timeout (3 by default)
--randomize=RPARAM Random value for given parameters
--safe-url=SAFURL URL frequently visited during testing
--safe-freq=SAFREQ Test requests between two accesses to the given safe URL
--skip-urlencode Skip payload data encoding
--force-ssl Force SSL/https
--hpp Use HPP query parameter pollution
--eval=EVALCODE Execute Python code before request (i.e. "import hashlib;id2=hashlib.md5(id).hexdigest()")
Optimization:
The following options can be used to improve the performance of sqlmap
-o Enable all optimizations
--predict-output Predict common outgoing headers
--keep-alive Use a persistent HTTP(S) connection
--null-connection Get page size without http response body
--threads=THREADS Maximum number of simultaneous http(s) requests (default - 1)
Injections:
These options can be used to specify which options to use for payload checking, injections, and untrusted scripts
-p TESTPARAMETER Test parameters
--skip=SKIP Skip test for given parameters
--dbms=DBMS Force(?) background DBMS to be used
--dbms-cred=DBMS.. DBMS authentication data (user
assword)--os=OS Use server DBMS OS for given values
--invalid-bignum Use large numbers to detect invalid values
--invalid-logical Use logical operations to determine invalid values
--invalid-string Use random strings to detect invalid values
--no-cast Disable payload
--no-escape Disable line escaping
--prefix=PREFIX Payload in prefix string
--suffix=SUFFIX Payload in suffix string
--tamper=TAMPER Use script to fake injection data
Detection:
These options can be used to customize detection levels
--level=LEVEL Test level (1-5, default 1)
--risk=RISK Risk of testing (0-3, default 1)
--string=STRING String to match if query returns TRUE
--not-string=NOT.. String to match if query returns FALSE
--regexp=REGEXP Regexp to match when query is TRUE
--code=CODE HTTP code when request is TRUE
--text-only Compare pages based on text content
--titles Compare pages based on their titles
Methods:
These options can be used to customize the test methods for a particular SQL injection
--technique=TECH SQL injection method to use (default "BEUSTQ")
--time-sec=TIMESEC DB response delay in seconds (default 5)
--union-cols=UCOLS Column range to test with UNION query SQL injection
--union-char=UCHAR Designation for using brute force the number of columns
--union-from=UFROM Table to use in the FROM part of a UNION query
--dns-domain=DNS.. Domain name used for DNS exfiltration attack
--second-order=S.. URL of the final page found for the second-order request
Prints:
-f, --fingerprint Obtain extended data about the DBMS version by fingerprint
Enumeration:
These options can be used to enumerate server database management systems for information, structures and data contained in tables. Moreover, you can run your own SQL queries
-a, --all Get all
-b, --banner Get DBMS text banner (official name, version number)
--current-user Get current DBMS user
--current-db Get the database in use
--hostname Get the hostname of the DBMS server
--is-dba Determine if we are Admin or not
--users List DBMS users
--passwords List password hashes of DBMS users
--privileges List privileges
--roles List user roles
--dbs List databases in DBMS
--tables List current database tables
--columns List the columns of the current database
--schema List DBMS schemas
--count Get number of records in tables
--dump Dump the records of the current database table
--dump-all Dump all tables from databases to DBMS
--search Search columns, tables and/or database names
--comments Get DBMS comments
-D DB Database in DBMS to enumerate
-T TBL DBMS table to enumerate
-C COL DBMS table column to enumerate
-X EXCLUDECOL Don't list subsequent columns
-U USER DBMS user to enumerate
--exclude-sysdbs Exclude DBMS system databases when listing tables
--where=DUMPWHERE Use WHERE if table is hidden
--start=LIMITSTART Retrieve the first record of the query result
--stop=LIMITSTOP Retrieve the last record of the query result
--first=FIRSTCHAR Extract the first character of a word in the query result
--last=LASTCHAR Extract the last character of a word in the query result
--sql-query=QUERY SQL queries to be executed
--sql-shell Call interactive SQL shell
--sql-file=SQLFILE Execute SQL queries from file(s)
Brute force:
Options to run Brute Force
--common-tables Check for common tables
--common-columns Check for common columns
User Defined Functions:
These options can be used to create custom functions
--udf-inject Inject user defined SQL
--shared-lib=SHLIB Local shared library path
File system access:
These parameters can be used to access the server database management when accessing the FS
--file-read=RFILE Read file from server DBMS FS
--file-write=WFILE Write file to FS
--file-dest=DFILE Absolute path to write the file to the server DBMS
Operating system access:
These options can be used to access server database management when accessing the server OS
--os-cmd=OSCMD Execute command in OS command shell
--os-shell Call an interactive OS shell
--os-pwn Call your own out-of-band shell, meterpeter or VNC
--os-smbrelay Quick call to OBB, meterpeter or VNC
--os-bof Exploit buffer overflow
--priv-esc Elevate the privileges of user processes working with the database
--msf-path=MSFPATH Local path, Metasploit Framework installations
--tmp-path=TMPPATH Absolute path to temporary directory
Windows registry access:
These options can be used to access the Windows registry of the server OS
--reg-read Read the value of a registry key
--reg-add Write registry key value
--reg-del Delete registry key value
--reg-key=REGKEY Registry key
--reg-value=REGVAL Registry key value
--reg-data=REGDATA Registry key value data
--reg-type=REGTYPE Registry key value type
General:
These options can be used to set some general options
-s SESSIONFILE Load saved session from file (.sqlite)
-t TRAFFICFILE Write all HTTP traffic to a file
--batch Do not prompt for user input, default behavior
--charset=CHARSET Set charset for retrieved data
--crawl=CRAWLDEPTH Crawl a website starting from the given URL
--csv-del=CSVDEL Separate characters in CSV output (default is ",")
--dump-format=DU.. Data dump format (CSV (default), HTML or SQLITE)
--eta Show estimated time for each output
--flush-session Ignore current target's session files
--forms Parse and test forms on the given URL
--fresh-queries Ignore the results of queries stored in the session file
--hex Use DBMS hash functions for fetched data
--output-dir=ODIR Custom path for outgoing data
--parse-errors Parse and print errors
--pivot-column=P.. Primary (key) column name
--save Save settings to INI configuration file
--scope=SCOPE Regular for filtering targets from the provided proxies in the file
--test-filter=TE.. Select tests based on payload or headers (e.g. ROW)
--update Update SQLmap
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding