Skip to content

Latest commit

 

History

History
59 lines (45 loc) · 1.97 KB

README.md

File metadata and controls

59 lines (45 loc) · 1.97 KB

paoloo/sqlmap

GitHub issues Docker Pulls

Docker image for sqlmap

Created using Alpine linux, the current version of this image is 21MB.

Grab it from dockerhub:

		$ docker pull paoloo/sqlmap

and use it with:

	$ docker run --rm -it -v /tmp/sqlmap:/root/.sqlmap/ paoloo/sqlmap --url www.example.com/?id=1

and the report will be found at /tmp/sqlmap.

If you want to modify and/or build this image:

		$ git clone [email protected]:paoloo/dockered-sqlmap.git
		$ chmod +x buildv2.sh
		$ ./buildv2.sh

Ths script will do everything to build the docker image contained in docker hub.

On older version, you would have to:

		$ git clone [email protected]:paoloo/dockered-sqlmap.git
		$ cd dockered-sqlmap/
		$ docker build -t paoloo/sqlmap .

You can create a bash wrapper for docker run commands in you .bashrc or similar:

sqlmap(){
docker run --rm -it \
  -v /tmp/sqlmap:/root/.sqlmap/ \
  paoloo/sqlmap "$@"
}

SQLMAP EXAMPLES

  • to find basic vulnerabilities

$ docker run --rm -it -v /tmp/sqlmap:/root/.sqlmap/ paoloo/sqlmap --url "http://www.site.com/checkout.php?id=10"

  • to deeply inspect found exploitable point and get databasename

$ docker run --rm -it -v /tmp/sqlmap:/root/.sqlmap/ paoloo/sqlmap --url "http://www.site.com/checkout.php?id=10" --dbs

  • list tables from found databas databasename

$ docker run --rm -it -v /tmp/sqlmap:/root/.sqlmap/ paoloo/sqlmap --url "http://www.site.com/checkout.php?id=10" -D databasename --tables

  • dump table tablename from database databasename

$ docker run --rm -it -v /tmp/sqlmap:/root/.sqlmap/ paoloo/sqlmap --url "http://www.site.com/checkout.php?id=10" -D databasename -T tablename --dump

Enjoy