注入之王:sqlmap的使用教程
sqlmap -h
可在终端输入sqlmap -h,sqlmap -hh查看帮助
┌──(kali㉿localhost)-[~]
└─$ sqlmap -h
___
__H__
___ ___["]_____ ___ ___ {1.6.7#stable}
|_ -| . ['] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V... |_| https://sqlmap.orgUsage: python3 sqlmap [options]
Options:
-h, --help Show basic help message and exit
-hh Show advanced help message and exit
--version Show program's version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)Target:
At least one of these options has to be provided to define the
target(s)-u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")
-g GOOGLEDORK Process Google dork results as target URLsRequest:
These options can be used to specify how to connect to the target URL--data=DATA Data string to be sent through POST (e.g. "id=1")
--cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--random-agent Use randomly selected HTTP User-Agent header value
--proxy=PROXY Use a proxy to connect to the target URL
--tor Use Tor anonymity network
--check-tor Check to see if Tor is used properlyInjection:
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts-p TESTPARAMETER Testable parameter(s)
--dbms=DBMS Force back-end DBMS to provided valueDetection:
These options can be used to customize the detection phase--level=LEVEL Level of tests to perform (1-5, default 1)
--risk=RISK Risk of tests to perform (1-3, default 1)Techniques:
These options can be used to tweak testing of specific SQL injection
techniques--technique=TECH.. SQL injection techniques to use (default "BEUSTQ")
Enumeration:
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables-a, --all Retrieve everything
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--passwords Enumerate DBMS users password hashes
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate
-C COL DBMS database table column(s) to enumerateOperating system access:
These options can be used to access the back-end database management
system underlying operating system--os-shell Prompt for an interactive operating system shell
--os-pwn Prompt for an OOB shell, Meterpreter or VNCGeneral:
These options can be used to set some general working parameters--batch Never ask for user input, use the default behavior
--flush-session Flush session files for current targetMiscellaneous:
These options do not fit into any other category--wizard Simple wizard interface for beginner users
[!] to see full list of options run with '-hh'
hh显示高级帮助消息并退出
- version显示程序的版本号并退出
-v详细的详细级别:0-6(默认为1)目标:
必须至少提供这些选项之一来定义
目标-u URL,- url=URL目标URL(如"http://www.site.com/vuln.php?id=1”)
-g GOOGLEDORK将GOOGLEDORK结果作为目标URL处理请求:
这些选项可用于指定如何连接到目标URL-DATA =要通过POST发送的数据字符串(例如“id=1”)
- cookie=COOKIE HTTP Cookie头值(例如“PHPSESSID=a8d127e ..”)
-random-代理使用随机选择的HTTP用户代理头值
- proxy=PROXY使用代理连接到目标URL
tor使用Tor匿名网络
-检查tor检查Tor是否使用正确
这些选项可用于指定要测试的参数,
提供定制的注入负载和可选的篡改脚本-p TESTPARAMETER可测试参数
- dbms=dbms强制后端DBMS使用提供的值检测:
这些选项可用于定制检测阶段-LEVEL =要执行的测试的级别(1-5,默认为1)
-RISK =风险要执行的测试的风险(1-3,默认为1)技术:
这些选项可用于调整特定SQL注入的测试
技术-技术=科技..要使用的SQL注入技术(默认为“BEUSTQ”)
枚举:
这些选项可用于枚举后端数据库
中包含的管理系统信息、结构和数据
桌子-一-所有人取回所有东西
-b,- banner检索DBMS横幅
- current-user检索DBMS当前用户
- current-db检索DBMS当前数据库
- passwords枚举DBMS用户的密码散列
- tables枚举DBMS数据库表
以上为options
例子::
sqlmap -u "http://www.fanfan.com" --level 3 --risk4 --os-shell