ZeroTrace OSINT
SQLMap Builder
Build SQL-injection test commands with payload preview, technique selection, and DBMS targeting.
SQLMap automates the detection and exploitation of SQL-injection vulnerabilities. The builder lets you configure the test parameters — target URL, technique, DBMS, level / risk — and shows you what the constructed test payload will look like before you commit to running.
What you configure
| Section | Options |
|---|---|
| Target | URL, request file, raw HTTP, or POST body |
| Parameters to test | Specific parameter names, all, or skip-list |
| Technique | B (boolean blind), E (error-based), U (UNION), S (stacked queries), T (time-based blind), Q (inline query) |
| DBMS hint | MySQL, Postgres, MSSQL, Oracle, SQLite, ... or auto-detect |
| Level | 1 (basic) through 5 (exhaustive) |
| Risk | 1 (safe) through 3 (potentially destructive) |
| Authentication | Cookie, basic auth, NTLM, custom headers |
| Tamper scripts | WAF-evasion transformations |
| Output / database actions | Just detect, dump tables, dump specific columns, etc. |
Payload preview
For the technique + DBMS combination you select, the builder shows what the constructed test payload looks like:
Technique B (boolean blind), DBMS MySQL:
' AND 1=1-- - ' AND 1=2-- -Technique T (time-based), DBMS MySQL:
' AND SLEEP(5)-- -
This is signal that helps you understand what SQLMap is actually going to send to the target — particularly useful when discussing scope with target owners ("here are the payloads we will send during this test").
Risk and Level guidance
The builder explains the trade-offs:
- Level 1, Risk 1 — basic detection only. Will not modify data. Will not trigger most WAFs. Misses many real vulnerabilities.
- Level 5, Risk 3 — exhaustive. Tries every payload SQLMap knows. May modify data via INSERT/UPDATE/DELETE payloads. Will trigger every WAF.
A clear callout warns when Risk 3 is selected — destructive payloads can corrupt the target database. Reserve for engagements where the target owner has accepted the risk in writing.
SQLMap is a real exploitation tool. Generated commands run against a target produce attempted exploitation traffic — not "scanning." Use only against systems you own or have explicit written authorisation to test. Many countries treat unauthorised SQL-injection probing as an offence even when no data is exfiltrated.
Generated command
sqlmap -u "https://example.com/page?id=1" --technique=BT --dbms=mysql --level=2 --risk=1 --batch
The --batch flag is added by default to avoid interactive prompts; toggle off if you prefer SQLMap to ask you about each step.
Save as profile
Common test configurations save as profiles — "first-look detection", "deep blind on MySQL targets", "Postgres-focused with WAF tampers".
Pivots
SQLMap output (when you run the command and review the result) does not pivot directly — the next step is typically to write the finding into your engagement report or, with authorisation, to develop targeted further tests.
Sources
- The flag-explanation and DBMS-payload catalog are bundled.
- No external sources are queried.