Sqlmap使用手册（自用）_force back-end dbms to provided value-优快云博客

本文链接：https://blog.youkuaiyun.com/ZripenYe/article/details/119782222

常用命令

-u 后面加URL，直接扫，可以爆漏洞
–dbs 列出所有的数据库
–current-db 显示当前数据库
-D 指定数据库
–tables 列出所有表
-T 指定表
–columns 列出所有字段名
-C 指定字段
–dump 列出字段内容
–dump_all 列出所有字段内容

其他命令：

测试注入点权限：

–privileges
–privileges -U sa 指定用户sa的权限

执行Shell命令：

–os-cmd=“net user”
–os-shell 系统交互的shell

执行SQL命令

–sql-shell
–sql-query=“sql”

POST提交方式：

–data “post 参数”

注入http请求

-r head.txt --dbs （head.txt是http报文）

将注入语句写入指定页面（专治伪静态）：

-u “http://www.123.com/2*.html” 使用的是*

sqlmap内容：

Options:
-h, --help Show basic help message and exit
-hh Show advanced help message and exit
–version Show program’s version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)

Target:
At least one of these options has to be provided to define the
target(s)

-u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
-d DIRECT           Connection string for direct database connection
-l LOGFILE          Parse target(s) from Burp or WebScarab proxy log file
-m BULKFILE         Scan multiple targets given in a textual file
-r REQUESTFILE      Load HTTP request from a file
-g GOOGLEDORK       Process Google dork results as target URLs
-c CONFIGFILE       Load options from a configuration INI file

Request:
These options can be used to specify how to connect to the target URL

-A AGENT, --user..  HTTP User-Agent header value
-H HEADER, --hea..  Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
--method=METHOD     Force usage of given HTTP method (e.g. PUT)
--data=DATA         Data string to be sent through POST (e.g. "id=1")
--param-del=PARA..  Character used for splitting parameter values (e.g. &)
--cookie=COOKIE     HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--cookie-del=COO..  Character used for splitting cookie values (e.g. ;)
--live-cookies=L..  Live cookies file used for loading up-to-date values
--load-cookies=L..  File containing cookies in Netscape/wget format
--drop-set-cookie   Ignore Set-Cookie header from response
--mobile            Imitate smartphone through HTTP User-Agent header
--random-agent      Use randomly selected HTTP User-Agent header value
--host=HOST         HTTP Host header value
--referer=REFERER   HTTP Referer header value
--headers=HEADERS   Extra headers (e.g. "Accept-Language: fr\nETag: 123")
--auth-type=AUTH..  HTTP authentication type (Basic, Digest, Bearer, ...)
--auth-cred=AUTH..  HTTP authentication credentials (name:password)
--auth-file=AUTH..  HTTP authentication PEM cert/private key file
--ignore-code=IG..  Ignore (problematic) HTTP error code (e.g. 401)
--ignore-proxy      Ignore system default proxy settings
--ignore-redirects  Ignore redirection attempts