creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Anthropic-Cybersecurity-Skills/skills/exploiting-sql-injection-with-sqlmap/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.1 KiB
Raw Permalink Blame History

API Reference: sqlmap Automation Agent

Dependencies

Library Version Purpose
sqlmap >=1.7 SQL injection detection and exploitation (subprocess)

CLI Usage

# Detection scan
python scripts/agent.py --url "https://target.com/page?id=1" --param id --action detect

# Enumerate databases
python scripts/agent.py --url "https://target.com/page?id=1" --action dbs

# List tables
python scripts/agent.py --url "https://target.com/page?id=1" --action tables --database target_db

# Dump table rows
python scripts/agent.py --url "https://target.com/page?id=1" --action dump \
  --database target_db --table users

# Check privileges
python scripts/agent.py --url "https://target.com/page?id=1" --action privs

Functions

find_sqlmap() -> str

Searches common paths for the sqlmap binary.

run_detection_scan(sqlmap_bin, url, param, request_file, cookie, tamper) -> dict

Runs sqlmap --batch --random-agent and parses output for injectability, DB type, and techniques.

enumerate_databases(sqlmap_bin, url, param, cookie) -> list

Runs sqlmap --dbs and extracts database names from output.

enumerate_tables(sqlmap_bin, url, database, param, cookie) -> list

Runs sqlmap -D db --tables and parses table names.

dump_table(sqlmap_bin, url, database, table, columns, limit, param, cookie) -> dict

Runs sqlmap -D db -T tbl --dump --start=1 --stop=N.

check_privileges(sqlmap_bin, url, param, cookie) -> dict

Runs --current-user --current-db --is-dba to assess DB privileges.

sqlmap Flags Used

Flag Purpose
--batch Non-interactive mode
--random-agent Randomize User-Agent header
-p Specify injectable parameter
--tamper Apply WAF bypass tamper scripts
--dbs Enumerate databases
--tables Enumerate tables
--dump Extract table data
--is-dba Check DBA privileges

Output Schema

{
  "action": "detect",
  "url": "https://target.com/page?id=1",
  "result": {
    "injectable": true,
    "database": "MySQL",
    "techniques": ["boolean-based", "UNION query"]
  }
}
Reference in New Issue View Git Blame Copy Permalink