Monthly Archives: September 2014

Sqlmap – crawl and discover SQL injections

I use these command line switches to automate the process, I’ve had some good results.
python sqlmap.py -u http://example.com –forms –batch –crawl=10 –cookie=jsessionid=12345 –level=5 –risk=3
Explanation
-u = URL

–forms = Parse and test forms

–batch = non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers

–crawl = how deep you want to crawl a site

–cookie […]