Sqlmap – crawl and discover SQL injections

I use these command line switches to automate the process, I’ve had some good results.

python sqlmap.py -u http://example.com --forms --batch --crawl=10 --cookie=jsessionid=12345 --level=5 --risk=3

Explanation

-u = URL

--forms = Parse and test forms

--batch = non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers

--crawl = how deep you want to crawl a site

--cookie = put cookie in here if you want to do an authenticated scan

--level = different levels of tests, 1 is default and 5 is the most

--risk = different risk of tests, 1 is default and 3 is the most

Leave a Reply