sqlmap -u

To scan a URL, we use the following command:
        sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1"
Once a SQL has been detected, we can choose yes (Y) to skip other types of payloads:

Once SQL has been detected, we can list the database names using the --dbs flag:

We have the databases now; similarly, we can use flags such as --tables and --columns to get table names and column names:

To check whether the user is a database administrator, we can use the --is-dba flag:

The sqlmap command has a lot of flags. We can use the following table to see the different types of flags and what they do:

7. The sqlmap command has a lot of flags. We can use the following table to see the different types of flags and what they do:

Flag	Operation
--tables	Dumps all table names
-T	Specifies a table name to perform an operation on
--os-cmd	Executes an operating system command
--os-shell	Prompts a command shell to the system
-r	Specifies a filename to run the SQL test on
--dump-all	Dumps everything
--tamper	Uses a tamper script
--eta	Shows estimated time remaining to dump data
--dbs=MYSql,MSSQL,Oracle	We can manually choose a database and perform injection for specific database types only
--proxy	Specifies a proxy