-b = get banner
-p = specifies test parameters
-g = Get the URL from Google, -g "inurl:aspx?id="
--gpage=GOOGLEPAGE = Specify Google Page Numbers
--union-check = Whether to support union injection
--union-cols = union query table record
--union-test = union statement test
--union-use = uses union injection
--proxy = proxy injection
--threads = using multithreading
--user-agent = custom user-agent
--referer=REFERER = HTTP referer header
--proxy=PROXY = Use proxy
--string = specifies keywords
--tor = creates an anonymous network of tor
--predict-output = common query output prediction
--keep-alive = uses a persistent HTTP(S) connection
--eval=EVALCODE = Pollution with HTTP parameters
-a,-all = query all
--hostname = hostname
--is-dba = is admin rights
--users = enumerates all users
--password = enumerates all user passwords
--roles = enumerates all user roles
--schema = enumeration DBMS mode
--count = retrieves the total number of entries
--dump = to dump the DBMS database table project, you need to develop the field name (column name)
--dump-all = dumps all table items in the DBMS database
--search = searches for a column, table, or database name
--exclude-sysdbs = Excludes the system database when enumerating tables
--sql-query=query = Execute SQL statement
--file-read=RFILE = read operation
--file--write=WFILE = write operation
--file--dest=DFILE = absolute path write
--reg-read = reads a Windows registry key value
--reg-add = adds a Windows registry key value data
--reg-del = deletes a Windows registry key value data
--reg-key=REGKEY = Windows registry key
--reg-value=REGVAL = Windows registry key
--reg-data=REGDATA = Key-value item data for the Windows registry
--reg-type=REGTYPE = Value type of the Windows registry key
--dump-format=DUMP = dump data format (CSV (default), HTML or SQLITE)
--hex = Use hexadecimal data retrieval
--output-dir=ODIR = directory path for custom output
--update = update Sqlmap
--purge-output = safely deletes the output directory of all content
--check-waf = heuristic check WAF/IPS/IDS protection
--os-pwn = bounce shell
--cookie=COOKIE = specifies HTTP cookie, pre-login
--random-agent = Use randomly selected User-Agent
--tamper=TAMPER = using the Sqlmap plugin
--level = test level (1-5), default is 1
--auth-type = Digest --auth-cred "testuser:testpass"
--auth-type = Basic --auth-cred "testuser:testpass"
--dbms "PostgreSQL"
* MySQL
* Oracle
* PostgreSQL
* Microsoft SQL Server
--os "Windows"
* Linux
* Windows
Enjoy! Follow us for more...
No comments:
Post a Comment