SQLMap

Presentation

To quote its github, which explains everything better than I could ever do, sqlmap is "an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers", which is more a less a very creative euphemism for "doing this manually sounds like a biblical punishment and thank god this piece of software is here to do it for me"

Basic use

Like any CLI based tool, sqlmap has a plethora of arguments and options. The most important are listed below ;

-u "<URL>" 
-p "<PARAM TO TEST>" 
--user-agent=SQLMAP 
--random-agent 
--threads=10 
--risk=3 #MAX
--level=5 #MAX
--dbms="<KNOWN DB TECH>" 
--dump=dumps tables
--os="<OS>"
--technique="UB" #Use only techniques UNION and BLIND in that order (default "BEUSTQ")
--batch #Non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers
--auth-type="<AUTH>" #HTTP authentication type (Basic, Digest, NTLM or PKI)
--auth-cred="<AUTH>" #HTTP authentication credentials (name:password)
--proxy=http://127.0.0.1:8080
--union-char "GsFRts2" #Help sqlmap identify union SQLi techniques with a weird union char

Standard injection via request

The -r parameter can be used to ask sqlmap to bruteforce the parameters of a request we specified. As an example ;

sqlmap -r request.txt --dbms=mysql --dump

If our request looks something like this ;

Then sqlmap will try various sql injections (boolean/time based, etc..) on the searchitem parameter.