The Practical Guide to sqlmap for SQL Injection

Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.

Christophe · April 22, 2021

Duration: 5h 45mins

Difficulty: Beginner to Intermediate

Topics Covered:

  • What sqlmap is conceptually and in practice
  • Home lab environments to practice what you’re learning safely
  • How the sqlmap code is structured and how to find what you’re looking for (ie: payloads and settings)
  • How to use every one of sqlmap’s options
  • How to use sqlmap’s verbosity levels to troubleshoot and to look under the hood
  • Configure targets via URLs, logfiles, bulkfiles, and request files (from Burp/ZAP or other proxies)
  • Manipulate headers, parameters, methods, data
  • Manipulate and use cookies to successfully craft commands or to test for sqli vulnerability (HTTP Cookies)
  • Configure proxies and Tor to use sqlmap anonymously
  • Write custom Python code to modify requests on the fly
  • Pick and use tamper scripts correctly (for WAF bypass and evading security controls)
  • Fine-tune the exact parameters you want to attack
  • Fine-tune the exact SQL injection techniques you want to use
  • Fingerprint, enumerate, and takeover features and functionality
  • Niche, advanced, and general options
  • Understand how (and when) to use --level and --risk and how it affects your results
  • Understand what each enumeration option does and how to use them effectively to extract data from the database (db names, schema, tables, users, passwords, etc)
  • How to use user-defined function injection (database takeover)
  • How to use file, OS, and Windows registry access (system takeover)
  • Run sqlmap as an API
  • WAF identification and bypass
  • Find and exploit SQL injection vulnerabilities

Recommended Pre-requisites:

  • Experience with SQL (you should know what SQL is)
  • Experience working with web applications (you should understand how apps use databases)
  • Experience working with databases (at least a high-level understanding of how databases work)
  • Knowledge of different database engines (ie: you should know what MySQL means and that there are different DBMSs)
  • Knowledge of the different SQL injection techniques

Lacking some of these pre-requisites? Enroll in our free Injection Attacks course. Not sure if you’re ready for a full-length sqlmap course? Enroll in our free Beginner’s Guide to sqlmap.

About Instructor


18 Courses

Not Enrolled

Course Includes

  • 61 Lessons
  • 1 Quiz
  • Course Certificate